Home » Posts tagged 'encryption'

Tag Archives: encryption

Olduvai
Click on image to purchase

Olduvai III: Catacylsm
Click on image to purchase

Post categories

Post Archives by Category

The FBI Can Access Your Personal Data in 15 Minutes

(Click on image for higher resolution)

The Federal Bureau of Investigations (FBI) can legally access your “secure messaging app content,” according to a new report by The Epoch Times.  In fact, it would only take officers about 15 minutes to access the contents of iMessages to collect metadata from WhatsApp. Our phones and personal electronic devices can provide agents with our location, contacts, pictures, search history, and more. Numerous people believe that encryption is one-dimensional and their messages are secure.

There are different forms of encryption and ways to bypass poorly encrypted software. People believed iMessage was secure due to Apple’s encryption, but automatic cloud backups are not encrypted and can be accessed. WhatsApp only began offering encryption backup in September, and the feature is not the default setting. The FBI document noted that search warrants could provide them with backup encryption keys as well.

Signal, Telegram, and WeChat are a bit more secure, but the FBI can still determine data logs or when the user logged into the service. Some may shrug and say they have nothing to hide and, therefore, nothing to fear. The problem is that the government can and will twist any information provided to them in order to win or develop a court case. Also, the FBI is not a beacon of ethics, and no one wants to have their personal information publicized. Since the majority of the world is not a threat to national security or a predator, sharing this much information with the government without a subpoena is asinine. All it would take is 15 minutes for someone’s private life to become public government information.

Quantum Computers Will Make Even “Strong” Passwords Worthless

The race is on to perfect quantum computing. It will make your bank passwords and all existing security methods useless.

The Hutch Report has a fascinating 44-page PDF on Quantum Computing.

If perfected, existing methods of encryption will cease to work. Your bank account password and passwords to cryptocurrencies will easily be hackable.

The ability to break the RSA coding system will render almost all current channels of communication insecure.

This is a national security threat.

The benefits are also huge: Quantum computers will be superior at hurricane detection, airplane design, and in searching DNA for markers to help find cures for diseases such as Autism, Alzheimer’s, Huntington’s, and Parkinson’s.

Classical Computers

Classical computers use strings of 0’s and 1’s with a single digit a “bit” and strings of bits a “byte”. A bit is either a one or a zero.

Excerpts from the Hutch report now follow. I condensed 44 pages to a hopefully understandable synopsis of the promise and problems of quantum computing.

Quantum Background

Quantum computing does not use bits, but uses qubits which can be one, zero, or both zero and one at the same time. This state or capability of being both is called superposition. Where it gets even more complex is that qubits also exhibit a property called entanglement. Entanglement is an extraordinary behaviour in quantum physics in which particles, like qubits, share the same state simultaneously even when separated by large distance.

As comparison a classic computer using bits of zero and one can only store one state at a time and can represent 2n states where n is the number of bits. In the case of two bits, this would be 2*2 which is four states: 00, 01, 10, 11.

A normal computer would require four operations to examine each state. Two qubits could store the four states at one time. When the number of states are low there is not a major processing difference. As the number of possible state combinations increases, the difference in processing time between quantum computers using qubits and a classic computer using classic bits, increases exponentially. The following chart depicts this well showing that 20 qubits can represent simultaneously over 1 million permutations of classical bits.

…click on the above link to read the rest of the article…

The Human Rights Risks of Encryption ‘Back Doors’

The Human Rights Risks of Encryption ‘Back Doors’ 

a katz / Shutterstock

One fact that has received little attention in the current encryption debate is that many categories of individuals rely on strong encryption for their own security. These include sexual and gender-based rights activists, domestic violence victims, journalists and their sources, and human rights defenders. Strong encryption is necessary to protect fundamental human rights; as one technologist puts it, encryption saves lives.

Encryption, a process of scrambling communications to make them private, is frequently discussed simply as a privacy issue. But the same process that keeps banks’ communications secure is also, for many, a safeguard of many human rights including the right to life. For those who rely on secure communications in sensitive situations, the issue goes far beyond privacy.

Experts agree that “secure back doors”—which would give law enforcement secret access to digital storage or communications—are scientifically impossible. That explains the uproar over a federal magistrate judge’s recent decision ordering Apple to create a backdoor to an iPhone. On Feb. 25, Apple moved to vacate that decision and warned that the FBI is seeking a “dangerous power” in the case.

Back doors are wholly unnecessary for security. Law enforcement agencies already use hacking tools to track electronic communications and circumvent encryption. Information-sharing programs reportedly exist with intelligence agencies, which use keyloggers to record encrypted messages before they are sent. National Security Agency (NSA) supercomputers can even number-crunch to break some encoded messages. And encryption does not shield the “to” and “from” lines of messages—also known as metadata. The problem is not a lack of tools, but intelligence failures in analyzing existing information—perhaps one reason former NSA head Michael Hayden rejects the FBI’s position on back doors.

…click on the above link to read the rest of the article…

FBI vs. Apple Establishes a New Phase of the Crypto Wars

For over two decades, the battle between privacy-minded technologists and the U.S. government has primarily been over encryption. In the 1990s, in what became known as the Crypto Wars, the U.S. tried to limit powerful encryption — calling it as dangerous to export as sophisticated munitions — and eventually lost.

After the 2013 Snowden revelations, as mainstream technology companies started spreading encryption by putting it in popular consumer products, the wars erupted again. Law enforcement officials, led by FBI Director James Comey, loudly insisted that U.S. companies should build backdoors to break the encryption just for them.

That won’t happen because what these law enforcement officials are asking for isn’t possible (any backdoor can be used by hackers, too) and wouldn’t be effective (because encryption is widely available globally now). They’ve succeeded in slowing the spread of unbreakable encryption by intimidating tech companies that might otherwise be rolling it out faster, but not much else.

Indeed, as almost everyone else acknowledges, unbreakable encryption is here to stay.

Tech privacy advocates continue to remain vigilant about encryption, actively pointing out the inadequacies and impossibilities of the anti-encryption movement, and jumping on any sign of backsliding.

But even as they have stayed focused on defending encryption, the government has been shifting its focus to something else.

The ongoing, very public dispute between Apple and the FBI, in fact, marks a key inflection point — at least as far as the public’s understanding of the issue.

You might say we’re entering the Post-Crypto phase of the Crypto Wars.

Think about it: The more we learn about the FBI’s demand that Apple help it hack into a password-protected iPhone, the more it looks like part of a concerted, long-term effort by the government to find new ways around unbreakable encryption — rather than try to break it.

…click on the above link to read the rest of the article…

Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key

RECENTLY BOUGHT A WINDOWS COMPUTER? MICROSOFT PROBABLY HAS YOUR ENCRYPTION KEY

One of the excellent features of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key – which can be used to unlock your encrypted disk – to Microsoft’s servers, probably without your knowledge and without an option to opt-out.

During the “crypto wars” of the nineties, the National Security Agency developed an encryption backdoor technology – endorsed and promoted by the Clinton administration – called the Clipper chip, which they hoped telecom companies would use to sell backdoored crypto phones. Essentially, every phone with a Clipper chip would come with an encryption key, but the government would also get a copy of that key – this is  known as key escrow – with the promise to only use it in response to a valid warrant. But due to public outcry and the availability of encryption tools like PGP, which the government didn’t control, the Clipper chip program ceased to be relevant by 1996. (Today, most phone calls still aren’t encrypted. You can use the free, open source, backdoorless Signal app to make encrypted calls.)

The fact that new Windows devices require users to backup their recovery key on Microsoft’s servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts (you can skip to the bottom of this article to learn how) – something that people never had the option to do with the Clipper chip system. But they can only delete it after they’ve already uploaded it to the cloud.

…click on the above link to read the rest of the article…

The Paris Attacks Are Being Used to Justify Agendas They Have Nothing to Do With

The Paris Attacks Are Being Used to Justify Agendas They Have Nothing to Do With 

Georgie Pauwels / CC BY 2.0

The aftermath of the Paris terrorist attacks has “devolved into a dark and dishonest debate” in which governments consider banning encryption and barring Syrian refugees from entering their countries—even though the attackers were neither Syrian nor refugees and there’s no evidence they used encryption to communicate, Trevor Timm writes at The Guardian.

First, there’s the loud “we need to ban encryption” push that immediately spawned hundreds of articles and opinions strongly pushed by current and former intelligence officials the day or two after the attacks, despite the government quietly admitting there was no evidence that the attackers used encryption to communicate. It was a masterful PR coup: current and former intelligence officials got to sit through a series of fawning interviews on television where they were allowed to pin any of their failures on Edward Snowden and encryption – the bedrock of privacy and security for hundreds of millions of innocent people – with virtually no pushback, or any critical questions about their own conduct.

The entire encryption subject became a shiny scapegoat while the truth slowly trickled in: as of Tuesday, it was clear that American and/or French intelligence agencies had seven of the eight identified attackers on their radar prior to the attacks. The attackers used Facebook to communicate. The one phone found on the scene showed the terrorists had coordinated over unencrypted SMS text messages – just about the easiest form of communication to wiretap that exists today. (The supposed ringleader even did an interview in Isis’s English magazine in February bragging that he was already in Europe ready to attack.) …

As dishonest as the “debate” over encryption has been, the dark descension of the Republican party into outright racism and cynically playing off the irrational fears of the public over the Syrian refugee crisis has been worse.

…click on the above link to read the rest of the article…

The War on Encryption and Bitcoin – Nothing to Do with Terrorism, Everything to Do with State Control

The War on Encryption and Bitcoin – Nothing to Do with Terrorism, Everything to Do with State Control

– James Madison, Founding Father and 4th President of these United States

Politicians and intelligence agencies throughout the Western world are currently engaged in an all out, shameless propaganda campaign to exploit the recent terror attacks in Paris to convince the citizenry that it should relinquish privacy for absolutely no reason.

The primary targets of the post-attack push have been encryption generally, and Bitcoin specifically. Of course, you don’t need me to tell you that these are two sides of the same coin. Both strong encryption for communication, and Bitcoin for transferring value, provide a level of freedom and dynamism outside of the oligarch-controlled, centrally planned, feudal global economic system. As such, these two tools must be demonized and eradicated to the extent possible.

Yesterday, in the post, Government is Lying – New Study Shows No Increase in Use of Encryption by Jihadists Since Snowden Revelations, I explained in detail how the whole push against encryption is based on total lies and fear-mongering. The key points were as follows:

  1. Terrorists have not increased their use of encryption since the Snowden revelations.
  2. The cat is already out of the bag when it comes to encryption software, and there’s nothing government can do to stop terrorists from using it.

…click on the above link to read the rest of the article…

The Big Secret That Makes the FBI’s Anti-Encryption Campaign a Big Lie

The Big Secret That Makes the FBI’s Anti-Encryption Campaign a Big Lie

To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy.

But that’s just not true.

In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it’s called hacking.

Hacking — just like kicking down a door and looking through someone’s stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant.

And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects’ devices. Doing so gives them the same access the suspects have to communications — before they’ve been encrypted, or after they’ve been unencrypted.

Government officials don’t like talking about it — quite possibly because hacking takes considerably more effort than simply asking a telecom provider for records. Robert Litt, general counsel to the Director of National Intelligence, recently referred to potential government hacking as a process of “slow uncertain one-offs.”

But they don’t deny it, either. Hacking is “an avenue to consider and discuss,” Amy Hess, the assistant executive director of the FBI’s Science and Technology branch, said at an encryption debate earlier this month.

The FBI “routinely identifies, evaluates, and tests potential exploits in the interest of cyber security,” bureau spokesperson Christopher Allen wrote in an email.

Hacking In Action

There are still only a few publicly known cases of government hacking, but they include examples of phishing, “watering hole” websites, and physical tampering.

Phishing involves an attacker masquerading as a trustworthy website or service and luring a victim with an email message asking the person to click on a link or update sensitive information.

…click on the above link to read the rest of the article…

FBI says that citizens should have no secrets that the government can’t access: the Orwellian cyber police state has arrived

FBI says that citizens should have no secrets that the government can’t access: the Orwellian cyber police state has arrived

The police and surveillance state predicted in the forward-looking 1940s classic “1984” by George Orwell, has slowly, but steadily, come to fruition. However, like a frog sitting idly in a pan of steadily-warming water, too many Americans still seem unaware that the slow boil of big government is killing their constitutional liberties.

The latest sign of this stealth takeover of civil rights and freedom was epitomized in recent Senate testimony by FBI Director James Comey, who voiced his objections to civilian use of encryption to protect personal data – information the government has no automatic right to obtain.

As reported by The New American, Comey testified that he believes the government’s spy and law enforcement agencies should have unfettered access to everything Americans may store or send in electronic format: On computer hard drives, in so-called i-clouds, in email and in text messaging – for our own safety and protection. Like many in government today, Comey believes that national security is more important than constitutional privacy protections or, apparently, due process. After all, aren’t criminals the only ones who really have anything to hide?

In testimony before a hearing of the Senate Judiciary Committee entitled “Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy” Comey said that in order to stay one step ahead of terrorists, as well as international and domestic criminals, Uncle Sam’s various spy and law enforcement agencies should have access to available technology used to de-encrypt protected data. Also, he believes the government should be the final arbiter deciding when decryption is necessary.

What could go wrong there?

Find more articles on the police state at PoliceState.news

Learn more: http://www.naturalnews.com/050653_police_state_national_security_FBI.html#ixzz3i8PWQ4tC

 

EXCLUSIVE: Edward Snowden Explains Why Apple Should Continue To Fight the Government on Encryption

EXCLUSIVE: Edward Snowden Explains Why Apple Should Continue To Fight the Government on Encryption

As the Obama administration campaign to stop the commercialization of strong encryption heats up, National Security Agency whistleblower Edward Snowden is firing back on behalf of the companies like Apple and Google that are finding themselves under attack.

“Technologists and companies working to protect ordinary citizens should be applauded, not sued or prosecuted,” Snowden wrote in an email through his lawyer.

Snowden was asked by The Intercept to respond to the contentious suggestion — made Thursday on a blog that frequently promotes the interests of the national security establishment — that companies like Apple and Google might in certain cases be found legally liable for providing material aid to a terrorist organization because they provide encryption services to their users.

In his email, Snowden explained how law enforcement officials who are demanding that U.S. companies build some sort of window into unbreakable end-to-end encryption — he calls that an “insecurity mandate” — haven’t thought things through.

“The central problem with insecurity mandates has never been addressed by its proponents: if one government can demand access to private communications, all governments can,” Snowden wrote.

“No matter how good the reason, if the U.S. sets the precedent that Apple has to compromise the security of a customer in response to a piece of government paper, what can they do when the government is China and the customer is the Dalai Lama?”

Weakened encryption would only drive people away from the American technology industry, Snowden wrote. “Putting the most important driver of our economy in a position where they have to deal with the devil or lose access to international markets is public policy that makes us less competitive and less safe.”

Snowden entrusted his archive of secret documents revealing the NSA’s massive warrantless spying programs all over the world to journalists in 2013. Two of those journalists — Glenn Greenwald and Laura Poitras — are founding editors of The Intercept.

…click on the above link to read the rest of the article…

 

 

Microsoft Gives Details About Its Controversial Disk Encryption

Recently, I wrote a guide explaining how to encrypt your laptop’s hard drive and why you should do so. For the benefit of Windows users, I gave instructions for turning on BitLocker, Microsoft’s disk encryption technology.

This advice generated an immediate backlash in the comments section underneath the post, where readers correctly pointed out that BitLocker has been criticized by security experts for a number of real and potential shortcomings. For example, BitLocker’s source code is not available for inspection, which makes it particularly vulnerable to “backdoors,” security holes intentionally placed to provide access to the government or others. In addition, BitLocker’s host operating system, Microsoft Windows, provides an algorithm for generating random numbers, including encryption keys, that is known to have been backdoored by government spies, and which the company’s own engineers flagged as potentially compromised nearly eight years ago. BitLocker also lost a key component for hardening its encryption, known as the “Elephant diffuser,” in the latest major version of Windows. And Microsoft has reportedly worked hand-in-glove with the government to provide early access to bugs in Windows and to customer data in its Skype and Outlook.com products.

Even having known about these issues, I still believed BitLocker was the best of several bad options for Windows users; I’ll explain my reasoning on this later.

But in the meantime, something interesting has happened: Microsoft, after considerable prodding, provided me with answers to some longstanding questions about BitLocker’s security. The company told me which random number generator BitLocker uses to generate encryption keys, alleviating concerns about a government backdoor in that subsystem; it explained why it removed the Elephant diffuser, citing worries over performance and compatibility that will appease some, but certainly not all, concerned parties; and it said that the government-compromised algorithm it bundles with Windows to generate encryption keys is, by default, not used at all.

…click on the above link to read the rest of the article…

Latest Privacy Revelations Show It’s Up to Canadians to Protect Themselves

Latest Privacy Revelations Show It’s Up to Canadians to Protect Themselves

The most important self-help step? Get into encryption

Another week, another revelation originating from the seemingly unlimited trove of Edward Snowden documents. Last week, the CBC reported that Canada was among several countries whose surveillance agencies actively exploited security vulnerabilities in a popular mobile web browser used by hundreds of millions of people. Rather than alerting the company and the public that the software was leaking personal information, they viewed the security gaps as a surveillance opportunity.

In the days before Snowden, these reports would have sparked a huge uproar. More than half a billion people around the world use UC Browser, the mobile browser in question, suggesting that this represents a massive security leak. At stake was information related to users’ identity, communication activities, and location data — all accessible to telecom companies, network providers, and surveillance agencies.

Yet coming on the heels of global revelations of surveillance of network exchange points and internet giants along with Canadian disclosures of daily mass surveillance of millions of internet downloads and airport wireless networks, nothing surprises anymore. Instead, there is a resigned belief that privacy on the network has been lost to surveillance agencies who use every measure at their disposal to monitor or gather virtually all communications.

While the surveillance stories become blurred over time, there is an important distinction with the latest reports. The public has long been told that sacrificing some privacy may be part of a necessary trade-off to provide effective security. However, by failing to safeguard the security of more than 500 million mobile users, the Five Eyes surveillance agencies — Canada, the U.S., U.K., Australia, and New Zealand — have sent the message that the public must perversely sacrifice their personal security as well.

 

…click on the above link to read the rest of the article…

From the Very Creation of the Internet, U.S. Spy Agencies Fought to Block Encryption

From the Very Creation of the Internet, U.S. Spy Agencies Fought to Block Encryption

American spy agencies have intentionally weakened digital security for many decades. This breaks the functionality of our computers and of the Internet. It reduces functionality and reduces security by – for example – creating backdoors that malicious hackers can get through.

The spy agencies have treated patriotic Americans who want to use encryption to protect their privacy as extremists … or even terrorists.

As Gizmodo’s Matt Novak points out, this attack started at the very birth of the internet:

In the 1970s, civilian researchers at places like IBM, Stanford and MIT were developing encryption to ensure that digital data sent between businesses, academics and private citizens couldn’t be intercepted and understood by a third party. This concerned folks inthe U.S. intelligence community who didn’t want to get locked out of potentially eavesdropping on anyone, regardless of their preferred communications method. Despite their most valiant efforts, agencies like the NSA ultimately lost out to commercial interests. But it wasn’t for lack of trying.

***

When the NSA got wind of the research developments at IBM, Stanford and MIT in the 1970s they scrambled to block publication of their early studies. When that didn’t work, the NSA sought to work with the civilian research community to develop the encryption. As Stowsky writes, “the agency struck a deal with IBM to develop a data encryption standard (DES) for commercial applications in return for full pre-publication review and right to regulate the length, and therefore the strength of the crypto algorithm.”

…click on the above link to read the rest of the article…

 

 

ENCRYPTING YOUR LAPTOP LIKE YOU MEAN IT

ENCRYPTING YOUR LAPTOP LIKE YOU MEAN IT

Time and again, people are told there is one obvious way to mitigate privacy threats of all sorts, from mass government surveillance to pervasive online tracking to cybercriminals: Encryption. As President Obama put itearlier this year, speaking in between his administration’s attacks on encryption, “There’s no scenario in which we don’t want really strong encryption.” Even after helping expose all the ways the government can get its hands on your data, NSA whistleblower Edward Snowden still maintained, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”

But how can ordinary people get started using encryption? Encryption comes in many forms and is used at many different stages in the handling of digital information (you’re using it right now, perhaps without even realizing it, because your connection to this website is encrypted). When you’re trying to protect your privacy, it’s totally unclear how, exactly, to start using encryption. One obvious place to start, where the privacy benefits are high and the technical learning curve is low, is something called full disk encryption. Full disk encryption not only provides the type of strong encryption Snowden and Obama reference, but it’s built-in to all major operating systems, it’s the only way to protect your data in case your laptop gets lost or stolen, and it takes minimal effort to get started and use.

If you want to encrypt your hard disk and have it truly help protect your data, you shouldn’t just flip it on; you should know the basics of what disk encryption protects, what it doesn’t protect, and how to avoid common mistakes that could let an attacker easily bypass your encryption.

 

…click on the above link to read the rest of the article…

Olduvai IV: Courage
In progress...

Olduvai II: Exodus
Click on image to purchase

Click on image to purchase @ FriesenPress