Top Story

If you are using the Newspaper or Carousel optional homepage layout, add this label to a post to make it the top story on the homepage

Recent Articles

How to Set Up a Cheap Burner Phone

BY MICAH LEE
THE INTERCEPT

If you’re taking to the streets to demand justice for the victims of police brutality and homicide, you may want to leave your phone at home. No matter how peaceful your behavior, you are at risk of getting arrested or assaulted by police. Cops might confiscate your phone and search it regardless of whether or not they’re legally allowed to, or they might try to break it, especially if it contains photos or video of their violent or illegal actions.

At the same time, it’s a good idea to bring a phone to a protest so you can record what’s happening and get the message out on social media. Filming police is completely legal and within your rights, and it’s one of the few tools citizens have against police brutality. It’s also important to be able to communicate with others in real time or to find your friends in case you get separated.

To reconcile this tension — between wanting to protect your privacy and wanting to digitally document protests and police misdeeds — the safest option is to leave your primary phone, which contains a massive amount of private information about you, at home and instead bring a specially prepared burner phone to protests.

I discuss how to do this at length below, and in the video above.

What if I Can’t Afford a Burner Phone?

I bought a Nokia 1.3 smartphone for $99, as well as three months of prepaid phone service for $40. If this is too expensive for you, you may have other options:
•If you have an old phone collecting dust in a drawer, as long as it still works and the battery still holds a charge, you can use this as your burner phone rather than buying a new one. You just need a new SIM card, like one that comes with prepaid cell service. Make sure to factory reset the phone before getting ready to protest.
•There are even cheaper phones and prepaid service options than the ones I chose, and these can work fine as well.
•If you want to avoid paying for phone service for your second phone, depending on your current cell phone provider and what types of phones you have, you may be able to remove the SIM card from your main phone and insert it into your burner phone, and then put it back after the protest. This will cause all calls and texts to temporarily go to your burner phone instead of your main one. You’ll want to make sure the SIM card slot on the second phone can accommodate the size of the SIM card you have on your primary phone.

If a separate burner phone still isn’t an option and you decide you need to bring your primary phone, here are some steps to take to make it safer and less likely for your private data to end up in the hands of the police:
•Disable fingerprint and face unlock, and instead require typing a passcode or password to unlock your phone. This makes it take longer to get into your phone, but it also makes it considerably harder for police to get in without your consent.
•Make sure your passcode or password is not easily guessable. If you’re using a numeric passcode, it should be at least 6 digits, but longer is better.
•Set up a SIM PIN, which prevents police from removing the SIM card from your phone and inserting it into another, which would allow them to take over your phone number. Here are iPhone instructions and Android instructions for doing this. If you set a SIM PIN, you’ll need to type it every time you reboot your phone in addition to your passcode.
•If you’re using Android, make sure your phone’s storage is encrypted (all iPhones have encrypted storage). On most Android phones, you can look in the Settings app, under Security > “Encrypt phone” to find phone encryption settings.
•Disable every smartphone feature that isn’t necessary like Wi-Fi, Bluetooth, and location services. You can also keep your phone in airplane mode when you don’t need to use the network. This will make your phone leak less information that police can use to track you. Continue Reading →

Filed under: ,

Without encryption, we will lose all privacy. This is our new battleground.

BY EDWARD SNOWDEN
THE GUARDIAN

In every country of the world, the security of computers keeps the lights on, the shelves stocked, the dams closed, and transportation running. For more than half a decade, the vulnerability of our computers and computer networks has been ranked the number one risk in the US Intelligence Community’s Worldwide Threat Assessment – that’s higher than terrorism, higher than war. Your bank balance, the local hospital’s equipment, and the 2020 US presidential election, among many, many other things, all depend on computer safety.

And yet, in the midst of the greatest computer security crisis in history, the US government, along with the governments of the UK and Australia, is attempting to undermine the only method that currently exists for reliably protecting the world’s information: encryption. Should they succeed in their quest to undermine encryption, our public infrastructure and private lives will be rendered permanently unsafe. Continue Reading →

Filed under: ,

Edward Snowden’s App Turns a Smartphone into Security Equipment

BY SHELBY ROGERS
INTERESTING ENGINEERING

In today’s world, digital security can be just as important as physical security to those who find themselves constantly online. And in other parts of the world, “rogue” internet users like political activists, journalists, or even members of the average public risk their security each time they log onto the internet. However, one of the world’s most notorious informants Edward Snowden developed an app to improve security for the average person. Continue Reading →

Filed under:

Edward Snowden calls for global push to expand digital privacy laws

BY ED PILKINGTON
THE GUARDIAN

Edward Snowden has called for a global push to protect people’s rights to digital privacy, arguing that now the bare facts of mass data surveillance are known it is time to “assert our traditional and digital rights so that we can protect them”.

Speaking by video link from Russia where he has been granted asylum, the former National Security Agency contractor and whistleblower said efforts to protect privacy “will continue for many years”, culminating, he hoped, in a world in which governments could be relied upon to defend their citizens’ rights rather than “working against them”.

Snowden’s call for new international laws to protect data privacy was made at the launch in New York of the so-called “Snowden Treaty”, a fledgling campaign designed to apply pressure on governments around the world in the hope of generating new legal protections. The “treaty” idea, which is being disseminated with the help of the online campaigning network Avaaz, is intended to generate new safeguards both for personal data and for whistleblowers and journalists vulnerable to government prosecution.

A draft version of the putative treaty was circulated at the launch. It says governments signing up to the agreement would have to commit to ending mass surveillance and “the right to privacy in all future programs and policies. This will make the preservation of privacy a fundamental responsibility of governments, ensuring the protection of these fundamental human rights for generations to come.”

Snowden said in his video-link address that the debate sparked by his leaking of a vast hoard of NSA secret documents to journalist Glenn Greenwald and the Guardian had succeeded in changing public culture. “We can discuss things now that five years back would have gotten you labelled as a conspiracy theorist,” he said.

It was now established, he went on, that in the arena of basic individual liberties – what happens when we travel through a city, or talk to our friends, or browse for books online – we are being tracked and recorded. He said that whole populations were being “indexed into a sort of surveillance time machine that allows institutions, whether public or private, to empower themselves at the expense of the people.”

In the wake of his disclosures, Snowden said that there had been some legislative attempts to tighten up on privacy and rein in mass surveillance. But they were “just the first step – they don’t go anywhere near far enough”.

Meanwhile, countries were aggressively pressing to increase their surveillance powers. Not just traditional adversaries of the west such as Iran, China, Russia and North Korea, but also allies of the US such as Australia, Canada, the UK and France.

“What’s extraordinary is that in every case these policy proposals that work against the public are being billed as public safety programs. Yet mass surveillance has never made a concrete difference in any single terrorism investigation in the United States.”

The “Snowden Treaty” is the brainchild of David Miranda, who was detained and interrogated under the UK Terrorism Act at Heathrow airport for nine hours in August 2013 at the height of the Snowden leaks. Miranda, who is Greenwald’s partner, said that the new campaign was partly inspired by the efforts taken by big tech companies such as Apple, Facebook and Google to offer encryption services to their users.

“This is not a dream. If corporations are taking moves to protect themselves, then why can’t we?” he said.

Miranda said that several governments had been approached around the world, but he declined to name any that were showing interest. Continue Reading →

Filed under:

FBI Director Says Agents Need Access To Encrypted Data To Preserve Public Safety

BY DINA TEMPLE-RASTON
NATIONAL PUBLIC RADIO

FBI Director James Comey told senators on Wednesday that increased encryption on mobile devices is complicating the FBI’s job.

Comey, along with a roster of Obama administration officials, has been asking Silicon Valley companies for months for a solution that would allow law enforcement to monitor communications with a court order, while protecting the privacy of consumers. Technology companies like Apple and Google have resisted their entreaties, setting off a tense debate over encrypted data and a user’s right to own their own information.

After former NSA contractor Edward Snowden revealed, among other things, that the NSA and other agencies were siphoning off data and hacking into data centers, technology companies started building encrypted devices that essentially would cut them out of the process. The government couldn’t demand companies turn over information because the new technology would give them no way to comply with a court order — increasingly, they are introducing devices that can be opened only by the user, something known as “strong encryption.”

The FBI director said that is becoming a problem. “We cannot break strong encryption,” Comey told lawmakers on the Senate Intelligence Committee. “I think people watch TV and think the bureau can do lots of things. We cannot break strong encryption.”

To make his case, Comey gave senators specific examples in which encryption blocked the FBI from getting electronic information, even though agents had a warrant. He said he couldn’t come up with a specific number of such cases, but he did say it was coming up with increasing frequency.

Consider the case of Usaamah Rahim, a Boston man who was killed when FBI and Boston police sought to question him last month. Allegedly, he was a follower of the self-proclaimed Islamic State, also known as ISIS or ISIL. Comey said FBI agents knew that Rahim was contemplating an attack, but the agents who were tracking him electronically couldn’t see exactly what he was planning because he disappeared into an encrypted site — something the bureau calls “going dark.”

“ISIL does something al-Qaida would never imagine: they test people by tasking them,” Comey told the senators. “Kill somebody and we’ll see if you are really a believer. And these people react in a way that is very difficult to predict. What you saw in Boston is what the experts say is flash-to-bang being very close. You had a guy who was in touch in an encrypted way with these ISIL recruiters and we believe was bent on doing something on July 4th. He woke up one morning, June 2nd, and decided he was going to go kill somebody.”

In court documents filed last month, officials say that in a wiretapped phone conversation, Rahim said he wanted to “meet Allah” before July 4, when he and several other men allegedly wanted to attack Pam Geller, the New York woman who organized the Draw Muhammad contest in Garland, Texas. They were goaded to action, authorities say, by ISIS. Two other men have been arrested in connection with the case and are awaiting trial.

The FBI director said the encryption problem goes beyond terrorism cases. He said that encryption technology is affecting everything from child pornography to kidnapping. He talked about a Miami case in which a long-haul trucker kidnapped his girlfriend, held her captive in his truck, and drove her from state-to-state, sexually assaulting her. She eventually escaped and pressed kidnapping and sexual assault charges against him. The trucker claimed the sex had been consensual.

As it turns out, he had videotaped his assaults on his smartphone and the phone didn’t have the encryption enabled. The FBI got a warrant and the video was used as evidence and he was convicted. If there was one-key or end-to-end encryption on that phone, Comey said, the case might have ended differently.

End-to-end encryption means that law enforcement has to go directly to a target to get the data instead of turning to a company for a password or key. If there had been end-to-end encryption in the trucker case, the FBI might not have had access to the incriminating video.

Comey also addressed the concerns raised by an elite group of 14 security technologists who released a paper Tuesday night called “Keys Under Doormats: Mandating Insecurity by Requiring Government Access to all Data and Communications.” They concluded that governments can’t demand special access to encrypted data without putting critical infrastructure in peril. The paper offered the first in-depth technical analysis of the proposals the Obama administration has floated as alternatives to the end-to-end encryption regime.

Their concerns were three-fold. First, the report said, providing exceptional access would fly in the face of best practices now making the Internet more secure because it would be making exceptions. Second, the technologists said that building exceptional access into the system would create vulnerabilities.

“[N]ew technology features would have to be deployed … in telecommunications and Internet access services … Features to permit law enforcement exceptional access across a wide range of Internet and mobile computing applications could be particularly problematic because their typical use would be surreptitious — making security testing difficult and less effective.”

And finally, there is the hacker problem, they said. “If law enforcement’s keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege.”

This technologist group included pioneers in the field of public key cryptography like Whitfield Diffie and Ronald L. Rivest, who is the “R” in the RSA algorithm that has set the standard in public cryptography.

Comey seemed to distance himself from the ideas that the administration had previously been floated to deal with “going dark.” He said he was open to any ideas that technology companies might have to solve the encryption problem. The solution, he suggested, might be something that hasn’t even been discovered yet. Continue Reading →

Filed under:

Cyberattack deals crippling blow to Canadian government websites

BY STEVEN CHASE
GLOBE AND MAIL

A cyberattack crashed federal government websites and e-mail for nearly two hours Wednesday – an incident that raises questions about how capable Ottawa’s computer systems are of withstanding a sustained assault on their security.

The attack began some time after noon ET and individuals purporting to be part of the hackivist group Anonymous later claimed responsibility, saying they were protesting the passage of C-51, anti-terror legislation that gives new powers to intelligence and security agencies.

Over a couple of hours, the e-mail accounts of government employees stopped working and the Canadian government’s presence on the Internet temporarily disappeared. Dozens of websites for major federal departments were rendered inaccessible, from Industry, to Natural Resources, to Justice, to Foreign Affairs, Trade and Development.

It was the most high-profile cyber attack in this country since Chinese state-backed hackers broke into Canada’s premier scientific research agency last year. Sources told The Globe earlier this year those hackers were trying to use National Research Council computers as a conduit to reach the rest of the federal government.

The Harper government announced $58-million in the 2015 budget to improve Ottawa’s cyber security and guard against future hacking attacks.

During the Wednesday assault, cabinet ministers told Canadians to use the telephone to reach Ottawa.

Some time around 2 p.m. ET, the cyberattack subsided and normal operations resumed.

Treasury Board President Tony Clement said it could have been a lot worse.

“I think our imaginations could think of ways in which it could be worse, but obviously, this is inconvenient for the public and for government, and we don’t like to see it happen,” Mr. Clement said.

He said Canadian government security officials are analyzing what happened to prevent a recurrence.

“There’s always concern that this is part of a pattern, and I’m sure that our best security people and tech people are working on ways to make sure that that is not a template,” or model, for future attacks.

Mr. Clement described what happened as a denial-of-service attack that targeted computer servers for the gc.ca domain – the basis for many Canadian government websites. Continue Reading →

Filed under:

Congressman with computer science degree: Encryption back-doors are ‘technologically stupid’

By Andrea Peterson
The Washington Post

The debate over whether companies should be forced to build in ways for law enforcement to access communications protected by encryption took a tense turn this week in a congressional hearing.

On one side were law enforcement officials, including a high-ranking FBI official. On the other were tech-savvy members of the House Government Oversight and Reform Committee’s Information Technology subcommittee — two with computer science degrees.

“It is clear to me that creating a pathway for decryption only for good guys is technologically stupid,” said Rep. Ted Lieu (D-Calif.), who has a bachelor’s in computer science from Stanford University. “You just can’t do that.”

Tech companies have expanded their use of encryption, which protects many digital communications from prying eyes, in response to revelations about the government’s digital spying capabilities. Apple, for instance, nowautomatically encrypts new iPhones in a way that even the company can’t disable even if served with a warrant.

Such efforts have prompted law enforcement officials to urge Congress to mandate that companies create a way for them to access encrypted content. But encryption experts say building such back-doors would fundamentally undermine the security of people who rely on those products because it could create new vulnerabilities and give hackers a new target to attack.

And in a hearing Wednesday, several members of Congress took government officials to task.

Subcommittee Chair Will Hurd (R-Tex.), who also has a computer science degree and worked in information security after nearly a decade at the CIA, shared Lieu’s skepticism of the security of such back doors. As did Rep. Blake Farenthold (R-Tex.), who asked the panel of witnesses to raise their hands if they thought it was possible to build a technically secure back-door — often mockingly called a “golden key” — into modern encryption systems.

None of them did — including Amy Hess, executive assistant director of the FBI’s Science and Technology Branch, and Daniel F. Conley, the district attorney for Suffolk County in Massachusetts. Conley at one point argued that companies like Apple are protecting “those who rape, defraud, assault, or even kill” with their encryption policies. (Lieu later said he took “great offense” at this comment, which he called a “fundamental misunderstanding of the problem.”)

Rep. Jason Chaffetz (R-Utah), chairman of the Government Oversight and Reform Committee, also expressed concern about back doors.

“It’s impossible to build a back-door for just the good guys — if somebody at the Genius Bar could figure it out, so could the nefarious folks in a van down by the river,” he said.

In defending the FBI’s position, Hess said the government supports encryption — in fact, it relies on it to protect government computer networks from cyber threats. She also appeared to reference aproposal reportedly being explored by some academics and government officials to see if tech companies can create a backdoor, but then split the digital key that would unlock it into multiple parts. Under such a proposal, no one person or agency would hold all of the pieces, an approach some experts speculate could make such a backdoor harder to compromise.

“What we’re asking for is not to lower those standards by developing some type of lawful intercept or lawful access capability, but rather to be able to come up with a way we may be able to implement perhaps multiple keys or some other way to be able to securely access the information — or rather be provided with the information,” she said.

This answer didn’t seem to appease Chaffetz, who argued any sort of backdoor was akin to using a lock from a hardware store — where any locksmith would be able to open it.

“That’s the disconnect from what we hear from the FBI and the reality,” he said. “Do you create the hardest, strongest encryption possible — which means not having a key?” Continue Reading →

Filed under:

The Hidden Battles to Collect Your Data and Control Your World

BY BRUCE SCHNEIER
SCHNEIER.COM

Data and Goliath is a book about surveillance, both government and corporate. It’s an exploration in three parts: what’s happening, why it matters, and what to do about it. This is a big and important issue, and one that I’ve been working on for decades now. We’ve been on a headlong path of more and more surveillance, fueled by fear­–of terrorism mostly­–on the government side, and convenience on the corporate side. My goal was to step back and say “wait a minute; does any of this make sense?” I’m proud of the book, and hope it will contribute to the debate.

But there’s a big idea here too, and that’s the balance between group interest and self-interest. Data about us is individually private, and at the same time valuable to all us collectively. How do we decide between the two? If President Obama tells us that we have to sacrifice the privacy of our data to keep our society safe from terrorism, how do we decide if that’s a good trade-off? If Google and Facebook offer us free services in exchange for allowing them to build intimate dossiers on us, how do we know whether to take the deal?

There are a lot of these sorts of deals on offer. Waze gives us real-time traffic information, but does it by collecting the location data of everyone using the service. The medical community wants our detailed health data to perform all sorts of health studies and to get early warning of pandemics. The government wants to know all about you to better deliver social services. Google wants to know everything about you for marketing purposes, but will “pay” you with free search, free e-mail, and the like.

Here’s another one I describe in the book: “Social media researcher Reynol Junco analyzes the study habits of his students. Many textbooks are online, and the textbook websites collect an enormous amount of data about how­–and how often­–students interact with the course material. Junco augments that information with surveillance of his students’ other computer activities. This is incredibly invasive research, but its duration is limited and he is gaining new understanding about how both good and bad students study­–and has developed interventions aimed at improving how students learn. Did the group benefit of this study outweigh the individual privacy interest of the subjects who took part in it?”

Again and again, it’s the same trade-off: individual value versus group value.

I believe this is the fundamental issue of the information age, and solving it means careful thinking about the specific issues and a moral analysis of how they affect our core values.

You can see that in some of the debate today. I know hardened privacy advocates who think it should be a crime for people to withhold their medical data from the pool of information. I know people who are fine with pretty much any corporate surveillance but want to prohibit all government surveillance, and others who advocate the exact opposite.

When possible, we need to figure out how to get the best of both: how to design systems that make use of our data collectively to benefit society as a whole, while at the same time protecting people individually.

The world isn’t waiting; decisions about surveillance are being made for us­–often in secret. If we don’t figure this out for ourselves, others will decide what they want to do with us and our data. And we don’t want that. I say: “We don’t want the FBI and NSA to secretly decide what levels of government surveillance are the default on our cell phones; we want Congress to decide matters like these in an open and public debate. We don’t want the governments of China and Russia to decide what censorship capabilities are built into the Internet; we want an international standards body to make those decisions. We don’t want Facebook to decide the extent of privacy we enjoy amongst our friends; we want to decide for ourselves.” Continue Reading →

Filed under:

Citizen Four and the Canadian Surveillance Story

BY MICHAEL GEIST
2015-02-25

Citizen Four, Laura Poitras’ enormously important behind-the-scenes documentary film on Edward Snowden, won the Academy Award last night for best documentary. The film is truly a must-see for anyone concerned with privacy and surveillance. It not only provides a compelling reminder of the massive scale and scope of surveillance today, but it also exposes us to the human side of Snowden’s decision to leave his life behind in order to tell the world about secret surveillance activity. Canada is not mentioned in the film, but that is not because we have been immune to similar surveillance activity. In the months since the Snowden revelations began, there have been many Canadian-related stories including reports on G8/G20 spying, industrial spying in Brazil, the “airport wifi” surveillance program, and the massive Internet download surveillance program. Continue Reading →

Filed under:

Obama calls for public debate over encryption

BY DARLENE SUPERVILLE
WASHINGTON TIMES

President Barack Obama said Friday that he probably leans more toward strong computer data encryption than many in law enforcement, but added that he understands investigators’ concerns over the matter because of their need to protect people from attacks. He suggested having a “public conversation” about the issue because “the first time that attack takes place in which it turns out that we had a lead and we couldn’t follow up on it, the public’s going to demand answers.”

Obama was interviewed by the technology website Re/code after he addressed a White House summit on cybersecurity and consumer protection that was held at Stanford University. “And so this is a public conversation that we should end up having,” he said. “I lean probably further in the direction of strong encryption than some do inside of law enforcement. But I am sympathetic to law enforcement because I know the kind of pressure they’re under to keep us safe. Continue Reading →

Filed under: