It was reassuring to hear Apple engineers threaten to quit their jobs rather than hack the iPhone. Now comes another encouraging post from the engineers who work at the Tor Project. In a statement issued on Mike Perry’s Tor Blog it is reported that Tor Engineers would rather resign than compromise the integrity of the Tor network. Fortunately, Tor is open source and its code can be reviewed and verified by outside experts. This makes malicious code hard to hide. Tor is used by people all over the world to communicate sensitive information in a secure way. Without it, those fighting for freedom in very dangerous countries would have one less tool with which to accomplish their work of bringing the truth to light. We should all salute the integrity and determination of those working on and sustaining the Tor network.
Well, its official now. President Obama is all for a key escrow concept that undermines privacy and security. He may not have used that term but that is exactly what he wants. At the same time, the FBI is also proving to the world that it is not content with just that one Apple iPhone in the San Bernardino case. A leaker has revealed that it is now going after WhatsApp. WhatsApp offers an instant messaging application with end to end encryption. This gives WhatsApp the ability to ensure customer privacy and inadvertently evade court ordered wiretaps. There are very few details of the WhatsApp situation because the whole case is under seal. The only thing they will say is that it isn’t a terrorism case. Which goes to show, this isn’t just about terrorism, its about the government’s insatiable appetite to get whatever the hell it wants.
Specifically, President Obama said:
“You cannot take an absolutist view on this,” Obama said at the South by Southwest festival in Austin, Texas. “If your argument is strong encryption no matter what, and we can and should create black boxes, that I think does not strike the kind of balance we have lived with for 200, 300 years, and it’s fetishizing our phones above every other value.”
“The question we now have to ask is, if technologically it is possible to make an impenetrable device or system, where the encryption is so strong there’s no key, there’s no door at all, then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot?” Obama said. “If in fact you can’t crack that at all, government can’t get in, then everybody’s walking around with a Swiss bank account in their pocket.”
The Obama Administration’s schizophrenic position on encryption stems from its desire to be all things to all people: strong on encryption on the one hand while wanting some kind of key escrow program on the other. I don’t see how anything other than a key escrow program will satisfy the government a this point. The FBI position in the WhatsApp case illustrates the same points. Only a key escrow program will give the government what they want while pretending to promote strong encryption and safe communications and data storage. In fact, a requirement that companies be able to provide all customer data to the government could end up outlawing Tor and all encryption with perfect forward secrecy. Make no mistake, key escrow undermines strong encryption and violates people’s fundamental right to privacy. Some things are so private and personal that they should be beyond the government’s reach – one of those things is our computer hard drives. In this day and age computer storage is an extension of the person – people pour their lives and souls in their computers. Whether that is a smart thing to do or not is irrelevant – it is a reality we must live with. If, in the future, there is technology that can hack your brain, do you want a court order to be the only thing standing between you and a machine that can rape your brain and lay all your private thoughts and emotions bare for all the world to see? I don’t, but that is where this is headed. I hate to say it, but maybe it’s time for big US Tech companies to consider moving their operations offshore (and taking their jobs with them) to locations that are more privacy friendly. In the future I plan to add some pages to this site detailing easy steps anyone can take to safeguard their privacy – Tor, VPNs, encryption applications, disk cleaners, etc.
Here are the relevant links:
With so many setbacks in the fight for privacy and encryption it appears we finally have two Congressmen willing to fight to keep smartphone encryption strong. Congressmen Ted Lieu and Blake Farenthold have introduced legislation that will stop states from passing bills that require device manufacturers to install crypto backdoors into their products. The idea of individual states requiring such backdoor access from device manufactures (who sell their products all over the world) is sheer stupidity on its face. But stupidity has never stopped misguided lawyer politicians. What is even more remarkable is that Congress actually has four members that have computer science backgrounds. I thought the total would be closer to zero. I’ve always assumed people with high levels of technical education or training would run screaming from the insanity of Washington. I guess that is my cynical side showing. Anyway, representative Lieu is one of those members. The bill is called the “Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016.” Read the full article at Arstechnica and let your congressional representative know you support this bill.
Here is another reminder why people who are concerned about their privacy are not being paranoid but reasonable in light of what is going on. This story highlights the warrantless surveillance being done by the police in Anaheim, California. They are using something called a DRTBox (DirtBox), developed by a Boeing subsidiary, to listen in on cell phone calls using spoofed cell towers. They can capture cell phone calls and text. These DRTs (Digital Receiver Technology) are flown in planes (maybe drones) over cities where they can pick up tens of thousands of phone signals from miles around. They basically trick your phone into connecting to their fake “tower” by using a strong signal (phones will connect to the strongest tower). DRTs also collect unique hardware numbers (IMEI) so they can track each individual phone. Even better, they can crack encryption keys. Most of the new cellular technology like LTE uses strong encryption. But your phone will still fall back to the older GSM technology if 3G and 4G connections are not available. GSM is easily crackable. By jamming 3G and 4G signals they can force your phone to use GSM and crack the encryption. They can quickly determine who you are, where you are, and what you are saying. It just goes to show that people who use application level encryption like Signal, PGP, and Redphone for example aren’t paranoid crooks but normal people behaving rationally in the age of mass state surveillance.
I don’t normally write about economic issues, but this story in The Telegraph caught my attention. I’ve always wondered how Western countries could go on acquiring more and more debt without consequence decade after decade. Continued stimulus in the form of low interest rates seemed to me to be fueling bubble after bubble in the economy. At some point it seems like people would realize that there is nothing backing up all this debt. Printed money without anything of value backing it seems worthless to me. At some point there has to be a reckoning when investors seriously assess how much all these debt backed assets are worth. My thought was that sooner or later there would be another crash and governments would be unable to throw more money at the problem and push the financial reckoning into the distant future. In short, we would have to face economic reality and it would hurt. William White, the Swiss-based chairman of the OECD’s review committee says is going to happen sooner rather than later and it will be very painful. Here told The Telegraph “”It will become obvious in the next recession that many of these debts will never be serviced or repaid, and this will be uncomfortable for a lot of people who think they own assets that are worth something.” In my opinion, this will be worse than 2008 because there are no more bullets left in the gun so to speak. The Fed and other Central Banks can’t lower interest rates forever and government’s are in too much debt to launch major spending sprees on infrastructure. China could be the catalyst that starts the collapse. Read the article and decide for yourself.
Our government desperately wants tech companies to stop using end to end encryption in their apps and services without providing some kind of back door for law enforcement. They want you to believe that terrorists are using WhatsApp, iPhones and other technology with encryption capabilities to communicate secretly. Technologists have long said that forcing these companies to weaken their encryption won’t stop terrorists. Such weakened encryption will only hurt innocent people while the terrorists move on to other technology. Well, there is a story in TechCrunch that proves the point. It seems ISIS has developed its own encrypted app called “Alrawi” in order to communicate secretly. In order to stop this kind of communication the tech companies would have to further weaken the security and privacy of their operating systems. The calls by government for more back doors will only grow louder and louder. It is a race to the bottom for internet security. Read the story here.
The Washington Post ran a story that seems to sum up in one neat package the direction in which our society is headed in the new age of surveillance. It illustrates the confluence of social media, government tracking, corporate data mining, and computer logic. There is simply too much juicy data laying around not to tie it all together in new and creative ways. The city of Fresno, CA has been evaluating a system that will assign a threat score to any person the police encounter. The system pulls data from a myriad of sources like traffic cams, license plate readers, special police cameras around the city, police body cams, social media postings, public records data, and cell phone metadata. The data is analyzed by a software called (eerily enough) “Beware.” Of course, the software is proprietary so no one can independently verify how it works or how it calculates a person’s score. Each person run through the system gets a score – green, yellow, or red. They don’t need a warrant to do this. People are protesting and the police department is considering its options. A system like this is ripe for abuse and violates the privacy of everyone it targets. But that won’t stop companies from trying to push this software on police departments around the country (there is too much money to be made). So, beware of “Beware.” I’m sure it is coming to a city near you! Read the story for yourself at the Washington Post.
Here is an interesting article from Motherboard regarding FBI hacks of over 1,300 computers using only one specific warrant. The takeaway is the that just because you are on the dark web doesn’t mean you are safe from discovery. The FBI has used various techniques over the years to identify TOR users including infecting their machines with malware and exploiting software vulnerabilities (like flash exploits). They group these hacking techniques into something called “network investigative techniques” or NIT. There are many vulnerabilities in software some of which are not yet generally known. Being anonymous on the Internet is not as easy as it may sound. Here is the link – http://motherboard.vice.com/read/the-fbis-unprecedented-hacking-campaign-targeted-over-a-thousand-computers
Random Thought – you know those ridiculous privacy policies we all have to read before we can install an app or any other piece of software? We all know no one reads that crap unless they’re a lawyer. Well, I understand the legal requirements for a detailed policy written in legalese. But I have an idea – from now on why not make the companies publish a brief blurb (several bullet points) outlining what info they will collect and whether it will be sold to third parties. This can serve as a summary of the more detailed policy. You can use that information to decide if you want to read the rest of the policy. Of course, they can still say you must read and accept the whole policy, but at least you’ll know quickly what personal details they are going to be be getting our of your phone, computer, or tablet and who is going to get their hands on it. Oh, and will Android please let us selectively choose which access permissions we want each app to have??? The requirement that we accept all their “access requirements” or don’t get the app really sucks. My flashlight app does NOT need to know my location or contacts for crying out loud! I know they do this to make money, but if I knew which personal details about me they were going to collect and sell I’d probably be willing to pay a little for the app in exchange for no personal data being collected in the first place. Just a thought…
Hello, I’m Jim and this is my new site. The site is under construction. Please check back soon. This blog will be about free speech and privacy in the digital age (or whatever else I feel liking writing about).