Electronic Frontier Foundation

EFF Unveils Plan For Ending Mass Surveillance 203

Posted by Soulskill
from the hopeful-but-doubtful dept.
An anonymous reader writes: The Electronic Frontier Foundation has published a detailed, global strategy for ridding ourselves of mass surveillance. They stress that this must be an international effort — while citizens of many countries can vote against politicians who support surveillance, there are also many countries where the citizens have to resort to other methods. The central part of the EFF's plan is: encryption, encryption, encryption. They say we need to build new secure communications tools, pressure existing tech companies to make their products secure against everyone, and get ordinary internet-goers to recognize that encryption is a fundamental part of communication in the surveillance age.

They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."
United States

Plan C: The Cold War Plan Which Would Have Brought the US Under Martial Law 263

Posted by samzenpus
from the gentlemen-you-can't-fight-in-here-this-is-the-war-room dept.
v3rgEz writes with this story of a top secret Cold War plan which would have brought the U.S. under martial law. Starting on April 19, 1956, the federal government practiced and planned for a near-doomsday scenario known as Plan C. When activated, Plan C would have brought the United States under martial law, rounded up over ten thousand individuals connected to 'subversive' organizations, implemented a censorship board, and prepared the country for life after nuclear attack. There was no Plan A or B....Details of this program were distributed to each FBI field office. Over the following months and years, Plan C would be adjusted as drills and meetings found holes in the defensive strategy: Communications were more closely held, authority was apparently more dispersed, and certain segments of the government, such as the U.S. Attorneys, had trouble actually delineating who was responsible for what. Bureau employees were encouraged to prepare their families for the worst, but had to keep secret the more in-depth plans for what the government would do if war did break out. Families were given a phone number and city for where the relocated agency locations would be, but not the exact location.
Privacy

Omand Warns of "Ethically Worse" Spying If Unbreakable Encryption Is Allowed 374

Posted by samzenpus
from the don't-make-it-hard-for-us dept.
Press2ToContinue writes In their attempts to kill off strong encryption once and for all, top officials of the intelligence services are coming out with increasingly hyperbolic statements about why this should be done. Now, a former head of GCHQ, Sir David Omand has said: "One of the results of Snowden is that companies are now heavily encrypting [communications] end to end. Intelligence agencies are not going to give up trying to get the bad guys. They will have to get closer to the bad guys. I predict we will see more close access work." According to The Bureau of Investigative Journalism, which reported his words from a talk he gave earlier this week, by this he meant things like physical observation, bugging rooms, and breaking into phones or computers. "You can say that will be more targeted but in terms of intrusion into personal privacy — collateral intrusion into privacy — we are likely to end up in an ethically worse position than we were before." That's remarkable for its implied threat: if you don't let us ban or backdoor strong encryption, we're going to start breaking into your homes.
Communications

A Call That Made History, 100 Years Ago Today 51

Posted by timothy
from the bet-he-was-slammed-for-texting-too dept.
alphadogg writes These days, making a call across the U.S. is so easy that people often don't even know they're talking coast to coast. But 100 years ago Sunday, it took a hackathon, a new technology and an international exposition to make it happen. The first commercial transcontinental phone line opened on Jan. 25, 1915, with a call from New York to the site of San Francisco's Panama-Pacific International Exposition. Alexander Graham Bell made the call to his assistant, Thomas Watson. Just 39 years earlier, Bell had talked to Watson on the first ever phone call, in Boston, just after Bell had patented the telephone.
Communications

WhatsApp vs. WhatsApp Plus Fight Gets Ugly For Users 190

Posted by timothy
from the for-your-convenience-we-have-disabled-convenience dept.
BarbaraHudson writes WhatsApp is locking out users for 24 hours who use WhatsApp Plus to access the service. The company claims they brought in the temporary ban to make users aware that they are not using the correct version and their privacy could be comprised using the unofficial WhatsApp Plus. "Starting today, we are taking aggressive action against unauthorized apps and alerting the people who use them." Is this a more aggressive rerun of "This site best viewed with Internet Explorer"?
Privacy

Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes 290

Posted by timothy
from the shoot-anything-that-looks-like-a-blob dept.
mi writes At least 50 U.S. law enforcement agencies have secretly equipped their officers with radar devices that allow them to effectively peer through the walls of houses to see whether anyone is inside. The device the Marshals Service and others are using, known as the Range-R, looks like a sophisticated stud-finder. Its display shows whether it has detected movement on the other side of a wall and, if so, how far away it is — but it does not show a picture of what's happening inside. The Range-R's maker, L-3 Communications, estimates it has sold about 200 devices to 50 law enforcement agencies at a cost of about $6,000 each. Other radar devices have far more advanced capabilities, including three-dimensional displays of where people are located inside a building, according to marketing materials from their manufacturers. One is capable of being mounted on a drone. And the Justice Department has funded research to develop systems that can map the interiors of buildings and locate the people within them.
Communications

NJ Museum Revives TIROS Satellite Dish After 40 Years 28

Posted by timothy
from the zip-zooming-along dept.
evanak writes TIROS was NASA's Television Infrared Observation Satellite. It launched in April 1960. One of the ground tracking stations was located at the U.S. Army's secret "Camps Evans" Signals Corps electronics R&D laboratory. That laboratory (originally a Marconi wireless telegraph lab) became the InfoAge Science Center in the 2000s. [Monday], after many years of restoration, InfoAge volunteers (led by Princeton U. professor Dan Marlowe) successfully received data from space. The dish is now operating for the first time in 40 years! The received data are in very raw form, but there is a clear peak riding on top of the noise background at 0.4 MHz (actually 1420.4 MHz), which is the well-known 21 cm radiation from the Milky Way. The dish was pointing south at an elevation of 45 degrees above the horizon.
Google

Google Pondering $1 Billion Investment In SpaceX's Satellite Internet 100

Posted by Soulskill
from the go-big-or-go-home dept.
mpicpp writes with a report that Google is close to finalizing an investment in SpaceX to fund the rocket company's vision for satellite-based, low-cost internet access. According to The Information (paywalled), Google is one of many investors for this round of fundraising. The Wall Street Journal (also paywalled) reports Google's investment at $1 billion. They add, "It is likely to take years to establish designs and potentially set up a specialized satellite-making facility. But SpaceX already has some important building blocks. Industry officials said the company builds its own navigation and flight-control systems for spacecraft, which could provide some elements for satellites. There also are synergies between parts SpaceX makes today for solar arrays on spacecraft and such devices intended for satellites."
Censorship

Microsoft Outlook Users In China Hit With MITM Attack 35

Posted by samzenpus
from the right-back-at-you dept.
DavidGilbert99 writes A month after it blocked Google's Gmail, the Chinese government now stands accused of hacking Microsoft's Outlook email service, carrying out man-in-the-middle attack to snoop on private conversations. From ZDNet: " On Monday, online censorship watchdog Greatfire.org said the organization received reports that Outlook was subject to a man-in-the-middle (MITM) attack in China....After testing, Greatfire says that IMAP and SMTP for Outlook were under a MITM attack, while the email service's web interfaces were not affected.
Hardware Hacking

Insurance Company Dongles Don't Offer Much Assurance Against Hacking 199

Posted by timothy
from the best-hanging-from-rearview-mirror dept.
According to a story at Forbes, Digital Bond Labs hacker Corey Thuen has some news that should make you think twice about saving a few bucks on insurance by adding a company-supplied car-tracking OBD2 dongle: It’s long been theorised that [Progressive Insurance's Snapshot and other] such usage-based insurance dongles, which are permeating the market apace, would be a viable attack vector. Thuen says he’s now proven those hypotheses; previous attacks via dongles either didn’t name the OBD2 devices or focused on another kind of technology, namely Zubie, which tracks the performance of vehicles for maintenance and safety purposes. ... He started by extracting the firmware from the dongle, reverse engineering it and determining how to exploit it. It emerged the Snapshot technology, manufactured by Xirgo Technologies, was completely lacking in the security department, Thuen said. “The firmware running on the dongle is minimal and insecure. It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies basically it uses no security technologies whatsoever.”
Mars

Elon Musk's Proposed Internet-by-Satellite System Could Link With Mars Colonies 105

Posted by timothy
from the in-case-you're-on-mars dept.
MojoKid writes You have to hand it to Elon Musk, who has occasionally been referred to as a real life "Tony Stark." The man helped to co-found PayPal and Tesla Motors. Musk also helms SpaceX, which just recently made its fifth successful trip the International Space Station (ISS) to deliver supplies via the Dragon capsule. The secondary mission of the latest ISS launch resulted in the "successful failure" of the Falcon 9 rocket, which Musk described as a Rapid Unscheduled Disassembly (RUD) event. In addition to his Hyperloop transit side project, Musk is eyeing a space-based Internet network that would be comprised of hundred of micro satellites orbiting roughly 750 miles above Earth. The so-called "Space Internet" would provide faster data speeds than traditional communications satellites that have a geosynchronous orbit of roughly 22,000 miles. Musk hopes that the service will eventually grow to become "a giant global Internet service provider," reaching over three billion people who are currently either without Internet service or only have access to low-speed connections. And this wouldn't be a Musk venture without reaching for some overly ambitious goal. The satellite network would truly become a "Space Internet" platform, as it would form the basis for a direct communications link between Earth and Mars. It's the coming thing.
The Internet

Republican Bill Aims To Thwart the FCC's Leaning Towards Title II 182

Posted by timothy
from the belief-in-authority dept.
SpzToid writes U.S. congressional Republicans on Friday proposed legislation that would set "net neutrality" rules for broadband providers, aiming to head off tougher regulations backed by the Obama administration. Republican lawmakers hope to counter the Federal Communications Commission's vote on Feb. 26 for rules that are expected to follow the legal path endorsed by President Barack Obama, which Internet service providers (ISPs) and Republicans say would unnecessarily burden the industry with regulation. Net neutrality activists, now with Obama's backing, have advocated for regulation of ISPs under a section of communications law known as Title II, which would treat them more like public utilities. The White House on Thursday said legislation was not necessary to settle so-called "net neutrality" rules because the Federal Communications Commission had the authority to write them.
Communications

Obama: Gov't Shouldn't Be Hampered By Encrypted Communications 562

Posted by timothy
from the some-animals-more-equal-than-others-by-jingo dept.
According to an article at The Wall Street Journal, President Obama has sided with British Prime Minister David Cameron in saying that police and government agencies should not be blocked by encryption from viewing the content of cellphone or online communications, making the pro-spying arguments everyone has come to expect: “If we find evidence of a terrorist plot and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem,” Obama said. He said he believes Silicon Valley companies also want to solve the problem. “They’re patriots.” ... The president on Friday argued there must be a technical way to keep information private, but ensure that police and spies can listen in when a court approves. The Clinton administration fought and lost a similar battle during the 1990s when it pushed for a “clipper chip” that would allow only the government to decrypt scrambled messages.
Communications

FCC May Permit Robocalls To Cell Phones -- If They Are Calling a Wrong Number 217

Posted by timothy
from the all-numbers-will-be-wrong-numbers dept.
An anonymous reader writes There have been plenty of false rumors about cell phones being opened up to telemarketers, but now the FCC is actually considering it. From the article: "Consumers have long had the support of government to try to control these calls, chiefly through the Telephone Consumer Protection Act, which actually allows consumers to file lawsuits and collect penalties from companies that pepper them with robocalls or text messages they didn't agree to receive. But now the Federal Communications Commission is considering relaxing a key rule and allowing businesses to call or text your cellphones without authorization if they say they called a wrong number. The banking industry and collections industry are pushing for the change." In one case recently, AT&T called one person 53 times after he told them they had a wrong number...and ended up paying $45 million to settle the case. Around 40 million phone numbers are "recycled" each year in the U.S. Twice, I've had to dump a number and get a new one because I was getting so many debt collection calls looking for someone else. Apparently the FCC commissioners may not be aware of the magnitude of the "wrong number" debt collection calls and aren't aware that lots of people still have per-minute phone plans. Anyone can file comments on this proposal with the FCC.
Encryption

US/UK Will Stage 'Cyber-Attack War Games' As Pressure Against Encryption Mounts 77

Posted by Soulskill
from the do-you-want-to-play-a-game? dept.
An anonymous reader writes: British prime minister David Cameron is currently visiting Washington to discuss the future of cyber-security in Britain and North America. The leaders have announced that their respective intelligence agencies will mount ongoing cyber-attack "war games" starting this summer in an effort to strengthen the West's tarnished reputation following the Sony hacking scandal. Somewhat relatedly, a recently-leaked Edward Snowden document show the NSA giving dire warnings in 2009 of the threat posed by the lack of encrypted communications on the internet.
Space

Virgin Galactic To Launch 2,400 Comm. Satellites To Offer Ubiquitous Broadband 123

Posted by samzenpus
from the space-web dept.
coondoggie writes Virgin Galactic's Richard Branson this week said he wants to launch as many as 2,400 small satellites in an effort to set up a constellation capable of bringing broadband communications through a company called OneWeb to millions of people who do not have it. He said he plans to initially launch a low-earth-orbit satellite constellation of 648 satellites to get the project rolling.
Wireless Networking

Where Cellular Networks Don't Exist, People Are Building Their Own 104

Posted by Soulskill
from the teach-a-man-to-mobile-and-he'll-tweet-for-the-rest-of-his-life dept.
New submitter TechCurmudgeon writes: According to a story at Wired, towns in Mexico that aren't served by the nation's telecom monopoly are taking matters in their own hands with the help of a non-profit and open source technology. "Strategically ignored by Mexico's major telecoms, Yaee is putting itself on the mobile communications grid with the help of a Oaxaca-based telecommunications non-profit called Rhizomatica." A locally-made tower is the backbone of Yaee's first cellular network. The town's network is composed of two antennas and an open-source base station from a Canadian company called NuRAN. Once Yaee gets the tower installed and the network online, its 500 citizens will, for the first time, be able to make cell phone calls from home, and for cheaper rates than almost anywhere else in Mexico.
Data Storage

The Importance of Deleting Old Stuff 177

Posted by Soulskill
from the you-don't-need-meeting-notes-from-2006 dept.
An anonymous reader writes: Bruce Schneier has codified another lesson from the Sony Pictures hack: companies should know what data they can safely delete. He says, "One of the social trends of the computerization of our business and social communications tools is the loss of the ephemeral. Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. ... Everything is now digital, and storage is cheap — why not save it all?

Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company. They published old documents. They published everything they got their hands on."

Schneier recommends organizations immediately prepare a retention/deletion policy so in the likely event their security is breached, they can at least reduce the amount of harm done. What kind of retention policy does your organization enforce? Do you have any personal limits on storing old data?
United Kingdom

UK Prime Minister Says Gov't Should Be Capable of Reading Any Communications 329

Posted by Soulskill
from the in-the-case-of-security-v-freedom dept.
Dr_Barnowl writes: The BBC reports that UK Prime Minister David Cameron has vowed to introduce a "comprehensive piece of legislation" aimed at there being no "means of communication ... we cannot read," in the aftermath of the Charlie Hebdo attacks in Paris. While he didn't mention encryption specifically, the only logical means by which this could occur would be by the introduction of compulsory key escrow, and the banning of forms of encryption which do not use it. While the UK already essentially has a legal means to demand your encryption keys (and imprison you indefinitely if you don't comply), this would fall short if you have a credible reason for not having the key any more (such as using an OTR plugin for your chosen chat program).

The U.S. tried a similar tack with Clipper in the 90s. As we all know, terrorists with any technical chops are unlikely to be affected, given the vast amount of freely available, military-grade crypto now available, and the use of boring old cold war tradecraft. Ironically, France used to ban the use of strong cryptography but has largely liberalized its regime since 2011.
Privacy

FBI Access To NSA Surveillance Data Expands In Recent Years 52

Posted by timothy
from the simply-shocked dept.
itwbennett writes The FBI's access to email and other data collected from overseas targets in the NSA's Prism program has been growing since 2008, according to a 2012 U.S. Department of Justice inspector general's report declassified last Friday by the DOJ in response to a Freedom of Information Act request by the New York Times. Here are some of the milestones mentioned in the report: In 2008, the FBI began reviewing email accounts targeted by the NSA through the Prism program. In October 2009, the FBI requested that information collected under the Prism program be 'dual routed' to both the NSA and the FBI so that the FBI 'could retain this data for analysis and dissemination in intelligence reports.' And in April 2012, the FBI began nominating email addresses and phone numbers that the NSA should target in it surveillance program, according to the document.