Search the Community
Showing results for tags 'edward snowden'.
Found 4 results
By Edward Snowden In every country of the world, the security of computers keeps the lights on, the shelves stocked, the dams closed, and transportation running. For more than half a decade, the vulnerability of our computers and computer networks has been ranked the number one risk in the US Intelligence Community’s Worldwide Threat Assessment – that’s higher than terrorism, higher than war. Your bank balance, the local hospital’s equipment, and the 2020 US presidential election, among many, many other things, all depend on computer safety. And yet, in the midst of the greatest computer security crisis in history, the US government, along with the governments of the UK and Australia, is attempting to undermine the only method that currently exists for reliably protecting the world’s information: encryption. Should they succeed in their quest to undermine encryption, our public infrastructure and private lives will be rendered permanently unsafe. In the simplest terms, encryption is a method of protecting information, the primary way to keep digital communications safe. Every email you write, every keyword you type into a search box – every embarrassing thing you do online – is transmitted across an increasingly hostile internet. Earlier this month the US, alongside the UK and Australia, called on Facebook to create a “backdoor”, or fatal flaw, into its encrypted messaging apps, which would allow anyone with the key to that backdoor unlimited access to private communications. So far, Facebook has resisted this. If internet traffic is unencrypted, any government, company, or criminal that happens to notice it can – and, in fact, does – steal a copy of it, secretly recording your information for ever. If, however, you encrypt this traffic, your information cannot be read: only those who have a special decryption key can unlock it. I know a little about this, because for a time I operated part of the US National Security Agency’s global system of mass surveillance. In June 2013 I worked with journalists to reveal that system to a scandalised world. Without encryption I could not have written the story of how it all happened – my book Permanent Record – and got the manuscript safely across borders that I myself can’t cross. More importantly, encryption helps everyone from reporters, dissidents, activists, NGO workers and whistleblowers, to doctors, lawyers and politicians, to do their work – not just in the world’s most dangerous and repressive countries, but in every single country. When I came forward in 2013, the US government wasn’t just passively surveilling internet traffic as it crossed the network, but had also found ways to co-opt and, at times, infiltrate the internal networks of major American tech companies. At the time, only a small fraction of web traffic was encrypted: six years later, Facebook, Google and Apple have made encryption-by-default a central part of their products, with the result that today close to 80% of web traffic is encrypted. Even the former director of US national intelligence, James Clapper, credits the revelation of mass surveillance with significantly advancing the commercial adoption of encryption. The internet is more secure as a result. Too secure, in the opinion of some governments. Donald Trump’s attorney general, William Barr, who authorised one of the earliest mass surveillance programmes without reviewing whether it was legal, is now signalling an intention to halt – or even roll back – the progress of the last six years. WhatsApp, the messaging service owned by Facebook, already uses end-to-end encryption (E2EE): in March the company announced its intention to incorporate E2EE into its other messaging apps – Facebook Messenger and Instagram – as well. Now Barr is launching a public campaign to prevent Facebook from climbing this next rung on the ladder of digital security. This began with an open letter co-signed by Barr, UK home secretary Priti Patel, Australia’s minister for home affairs and the US secretary of homeland security, demanding Facebook abandon its encryption proposals. If Barr’s campaign is successful, the communications of billions will remain frozen in a state of permanent insecurity: users will be vulnerable by design. And those communications will be vulnerable not only to investigators in the US, UK and Australia, but also to the intelligence agencies of China, Russia and Saudi Arabia – not to mention hackers around the world. End-to-end encrypted communication systems are designed so that messages can be read only by the sender and their intended recipients, even if the encrypted – meaning locked – messages themselves are stored by an untrusted third party, for example, a social media company such as Facebook. The central improvement E2EE provides over older security systems is in ensuring the keys that unlock any given message are only ever stored on the specific devices at the end-points of a communication – for example the phones of the sender or receiver of the message – rather than the middlemen who own the various internet platforms enabling it. Since E2EE keys aren’t held by these intermediary service providers, they can no longer be stolen in the event of the massive corporate data breaches that are so common today, providing an essential security benefit. In short, E2EE enables companies such as Facebook, Google or Apple to protect their users from their scrutiny: by ensuring they no longer hold the keys to our most private conversations, these corporations become less of an all-seeing eye than a blindfolded courier. It is striking that when a company as potentially dangerous as Facebook appears to be at least publicly willing to implement technology that makes users safer by limiting its own power, it is the US government that cries foul. This is because the government would suddenly become less able to treat Facebook as a convenient trove of private lives. The true explanation for why the US, UK and Australian governments want to do away with end-to-end encryption is less about public safety than it is about power: E2EE gives control to individuals and the devices they use to send, receive and encrypt communications, not to the companies and carriers that route them. This, then, would require government surveillance to become more targeted and methodical, rather than indiscriminate and universal. What this shift jeopardises is strictly nations’ ability to spy on populations at mass scale, at least in a manner that requires little more than paperwork. By limiting the amount of personal records and intensely private communications held by companies, governments are returning to classic methods of investigation that are both effective and rights-respecting, in lieu of total surveillance. In this outcome we remain not only safe, but free. To justify its opposition to encryption, the US government has, as is traditional, invoked the spectre of the web’s darkest forces. Without total access to the complete history of every person’s activity on Facebook, the government claims it would be unable to investigate terrorists, drug dealers money launderers and the perpetrators of child abuse – bad actors who, in reality, prefer not to plan their crimes on public platforms, especially not on US-based ones that employ some of the most sophisticated automatic filters and reporting methods available. • Edward Snowden is former CIA officer and whistleblower, and author of Permanent Record. He is president of the board of directors of the Freedom of the Press Foundation Source
steven36 posted a topic in Security & Privacy News“Do not send to those who tout secure drops, Tor, crypto-comms – these are traceable, diagrammable via basic net transmission tech.” –Cryptome It’s been more than six years since Edward Snowden went public. After all the breathless headlines, Hollywood movies, book deals, Pulitzer prizes, and glossy primetime biopics. What, pray tell, has come of it? For the average American – bupkis. In fact, mass surveillance is actually growing by leaps and bounds. Such that those who wish to salvage the remnants of their individual privacy will be forced to make some tough choices in the years ahead. Ed Snowden, holed up in Russia, has faded into history. At the forefront of the Snowden disclosures, the news outlet known as The Intercept has officially shuttered its archives. They made their moulah and moved on. And what of the considerable streak of confidential sources who’ve been thrown in the pokey? The editors aren’t talking much about how that happened. In fact they seem more interested in selling people email servers in a box. Hey, is this web page supposed to be an advertisement or an article? In the era of social media it can be hard to tell the difference. History offers a glimpse behind the curtain. During the early days of the Cold War it was common practice for the political leaders in the Soviet Union to purge the KGB every so often. Because over time Russian spymasters accrued enough political dirt and power that they threatened to take over. With the ascendance of Vladimir Putin one might argue that the rebranded KGB finally succeeded. In a similar manner, American intelligence escaped the Snowden revelations largely unscathed. That, dear reader, ought to tell you something. Sure there was lots of grandstanding and feigned outrage. Sure CEOs made bold statements of renunciation (ahem, after being caught in bed with spies). Keeping the kayfabe alive, as Jesse Ventura might say. Rest assured, claims Apple CEO Tim Cook, your iPhone would never ever spy on you. Yeah, and the relationship between Silicon Valley and government spies is completely adversarial, they can’t stand each other. Just like the blood feud Andre the Giant and Hulk Hogan back in the late 1980s. Uh-huh, just like that. A total farce which the media enables because that’s what they’re paid to do. But ultimately what matters is concrete institutional change. And there’s been zero of that, as in nada. Because genuine privacy threatens advertising revenue, quarterly returns, and spy power. And the elites want to keep the money train chugging along. Perhaps it no surprise then that the legislative response to Snowden was so watered down that one former spy chief publicly lampooned it. Let’s hear three cheers for state capture. You can almost hear Otis Pike weeping in his grave. Most advocates prefer to end their op-eds on a hopeful note. But sometimes hope is just a lightweight form of denial. The kind of “hope” that keeps Silicon Valley in business. Though it’s painful to concede, the spies at Fort Meade hit the nail on the head: we’re mostly zombies who pay for our own surveillance. Please go back and re-read the previous sentence. Short of a massive political upheaval things aren’t going to change. Which means that, for the immediate future, the really big changes will have to take place on a personal level. And so we arrive at the “tough choices” mentioned at the beginning. Members of the establishment often whine about discussing tradecraft because they believe that doing so might aid and abet terrorists. But the truth is that the channel of useful information is actually flowing in the opposite direction. From wanted fugitives to the public. The kernel of an approach can be found out in the field. Where poor security is fatal. Hunted by the world’s most formidable military, the head of ISIS is still alive thanks to solid operations security, also known as OPSEC. Abu Bakr al-Baghdadi is definitely a leader who appreciates OPSEC. According to the New York Times, “he eschews all electronic devices, which could identify his location, and probably communicates through a series of couriers.” The key to staying vertical, then, is the process surrounding the couriers. How they’re compartmented, screened, and arranged to create a resilient communication network. No doubt al-Baghdadi is aware that a flawed courier scheme was a significant factor in the downfall of Osama bin Laden. Edward Snowden likes to promote strong cryptography. Leaving people with the notion that staying under the radar is a matter of leveraging a technical quick fix. But recent history shows that trusting your life to an allegedly secure communication platform is an act of faith. And not an advisable one, especially when state sponsored operators enter the picture. Achieving higher levels of security requires a disciplined process which is anything but a quick fix and which often entails giving up technology. Even cartel bosses learn this lesson: security technology fails. Both my design and by accident. Spies win either way. Source
steven36 posted a topic in Security & Privacy NewsAn unexpected declaration by whistleblower Edward Snowden filed in court this week adds a new twist in a long-running lawsuit against the National Security Agency’s surveillance programs. The case, filed by the Electronic Frontier Foundation a decade ago, seeks to challenge the government’s alleged illegal and unconstitutional surveillance of Americans, who are largely covered under the Fourth Amendment’s protections against warrantless searches and seizures. It’s a big step forward for the case, which had stalled largely because the government refused to confirm that a leaked document was authentic or accurate. News of the surveillance broke in 2006 when an AT&T technician Mark Klein revealed that the NSA was tapping into AT&T’s network backbone. He alleged that a secret, locked room — dubbed Room 641A — in an AT&T facility in San Francisco where he worked was one of many around the U.S. used by the government to monitor communications — domestic and overseas. President George W. Bush authorized the NSA to secretly wiretap Americans’ communications shortly after the September 11 terrorist attacks in 2001. Much of the EFF’s complaint relied on Klein’s testimony until 2013, when Snowden, a former NSA contractor, came forward with new revelations that described and detailed the vast scope of the U.S. government’s surveillance capabilities, which included participation from other phone giants — including Verizon (TechCrunch’s parent company). Snowden’s signed declaration, filed on October 31, confirms that one of the documents he leaked, which the EFF relied heavily on for its case, is an authentic draft document written by the then-NSA inspector general in 2009, which exposed concerns about the legality of the Bush’s warrantless surveillance program — Stellar Wind — particularly the collection of bulk email records on Americans. The draft top-secret document was never published, and the NSA had refused to confirm or deny the authenticity of the 2009 inspector general report, ST-09-0002 — despite that it’s been public for many years. Snowden, as one of the few former NSA staffers who can speak more freely than former government employees about the agency’s surveillance, confirmed that the document is “authentic.” “I read its contents carefully during my employment,” he said in his declaration. “I have a specific and strong recollection of this document because it indicated to me that the government had been conducting illegal surveillance.” Snowden left his home in Hawaii for Hong Kong in 2013 when he gave tens of thousand of documents to reporters. His passport was cancelled as he travelled to Moscow to take another onward flight. He later claimed political asylum in Russia, where he currently lives with his partner. U.S. prosecutors charged Snowden with espionage. EFF executive director Cindy Cohn said that the NSA’s refusal to authenticate the leaked documents “is just another step in its practice of falling back on weak technicalities to prevent the public courts from ruling on whether our Constitution allows this kind of mass surveillance of hundreds of millions of nonsuspect people.” The EFF said in another filing that the draft report “further confirms” the participation of phone companies in the government’s surveillance programs. The case continues — though, a court hearing has not been set. Source
vissha posted a topic in Security & Privacy NewsSnowden Leaks Reveal NSA Snooped On In-Flight Mobile Calls NSA, GCHQ intercepted signals as they were sent from satellites to ground stations. GCHQ and the NSA have spied on air passengers using in-flight GSM mobile services for years, newly-published documents originally obtained by Edward Snowden reveal. Technology from UK company AeroMobile and SitaOnAir is used by dozens of airlines to provide in-flight connectivity, including by British Airways, Virgin Atlantic, Lufthansa, and many Arab and Asian companies. Passengers connect to on-board GSM servers, which then communicate with satellites operated by British firm Inmarsat. "The use of GSM in-flight analysis can help identify the travel of a target—not to mention the other mobile devices (and potentially individuals) onboard the same plane with them," says a 2010 NSA newsletter. A presentation, made available by the Intercept, contains details of GCHQ's so-called "Thieving Magpie" programme. GCHQ and the NSA intercepted the signals as they were sent from the satellites to the ground stations that hooked into the terrestrial GSM network. Initially, coverage was restricted to flights in Europe, the Middle East, and Africa, but the surveillance programme was expected to go global at the time the presentation was made. GCHQ's Thieving Magpie presentation explains how in-flight mobile works. Ars has asked these three companies to comment on the extent to which they were aware of the spying, and whether they are able to improve security for their users to mitigate its effects, but was yet to receive replies from Inmarsat or AeroMobile at time of publication. A SitaOnAir spokesperson told Ars in an e-mail: The Thieving Magpie presentation explains that it is not necessary for calls to be made, or data to be sent, for surveillance to take place. If the phone is switched on, and registers with the in-flight GSM service, it can be tracked provided the plane is flying high enough that ground stations are out of reach. The data, we're told, was collected in "near real time," thus enabling "surveillance or arrest teams to be put in place in advance" to meet the plane when it lands. Using this system, aircraft can be tracked every two minutes while in flight. If data is sent via the GSM network, GCHQ's presentation says that e-mail addresses, Facebook IDs, and Skype addresses can all be gathered. Online services observed by GCHQ using its airborne surveillance include Twitter, Google Maps, VoIP, and BitTorrent. Meanwhile, Le Monde reported that "GCHQ could even, remotely, interfere with the working of the phone; as a result the user was forced to redial using his or her access codes." No source is given for that information, which presumably is found in other Snowden documents, not yet published. As the French newspaper also points out, judging by the information provided by Snowden, the NSA seemed to have something of a fixation with Air France flights. Apparently that was because "the CIA considered that Air France and Air Mexico flights were potential targets for terrorists." GCHQ shared that focus: the Thieving Magpie presentation uses aircraft bearing Air France livery to illustrate how in-flight GSM services work. Ars asked the UK's spies to comment on the latest revelations, and received the usual boilerplate response from a GCHQ spokesperson: It is longstanding policy that we do not comment on intelligence matters. So that's OK, then. Source