Germany, France demand golden key AND strong encryption just when you thought politicians had clued in to basic reality

Germany, France demand golden key AND strong encryption just when you thought politicians had clued in to basic reality
By Rick Falkvinge

In a new level of dumb, Germany and France are demanding strong encryption for all citizens at the same time as they demand this strong encryption to be breakable. They also demand messaging providers of end-to-end encryption to provide police with keys they don’t have, and for terrorists to stop using freely available strong encryption without a messaging provider. You really couldn’t sound dumber if you tried.

Just as the NSA got hacked and a golden key (unlocking all backdoored encryption) would have leaked to the world, and that same world clued in to what a monumentally stupid idea it is to have general backdoors to encryption (not to mention that it’s a contradiction in terms in the first place), Germany and France present a joint proposal that demand strong encryption and the non-existence of strong encryption at the same time.

The joint proposal called on the European Commission to […] “expand government powers to compel companies to allow access to encrypted messages” […] and present solutions that “enable effective investigation … while at the same time protecting the digital privacy of citizens by ensuring the availability of strong encryption.” … The joint proposal called for the continued general availability of encryption, but wants a law to allow law enforcement to compel messaging companies to cooperate… the German government’s plan has overall called for strong protections for end-to-end encryption in online communications.

To anybody with the slightest amount of technical understanding, this is calling for A and not-A at the same time, being completely oblivious as to not only what you’re asking for, but also that the two things you’re both demanding are completely in contradiction with each other.

In any kind of bell-curve normality, the best guess is that this is all a performance art school project and will turn out to be a joke in a day or two. As it stands now, German and French interior ministers Thomas de Maiziere and Bernard Cazeneuve appear to be doing an impersonation of Internet Explorer as it comes to the encryption debate:


Internet Explorer "Browsers" comicGermany and France appear to be doing an impersonation of Internet Explorer in this comic.


What’s really depressing about this is that we’re talking about Germany and France, who are supposed to be the two biggest powerhouses of the world’s largest economy, and they’re demanding the following, based on the observation that “terrorists” (which can mean anything today) have access to strong cryptography messaging, and with a particular focus on the terror attacks in France:

  • Expand government powers to compel messaging services, which the terrorists don’t use, to provide end-to-end cryptographic keys on demand, which the messaging services don’t have by definition, and which weren’t used in France in any case (the attackers communicated in cleartext over burner phones).
  • While negating the ability to use strong encryption, ensure the continued general possibility to use strong encryption.
  • Throw in lots of buzzwords like “Islamic State” and “Terrorism” to throw reporters off the scent from asking the obvious during the press conference.

This ties well in with my column last week about just how clueless politicians are. Privacy remains your own responsibility.

Sources: Wall Street Journal (subscription), Law360 (subscription).

The post Germany, France demand golden key AND strong encryption just when you thought politicians had clued in to basic reality appeared first on Privacy Online News.

August 24, 2016 at 12:08PM
via Privacy Online News

Provoking nuclear war by media

Provoking nuclear war by media

In describing the exoneration of one of the West’s demons, John Pilger argues that a western media campaign to demonise and goad Russia is leading inexorably to war.

August 23, 2016 at 12:00AM
via – the films and journalism of John Pilger

French minister: Apps like Telegram must be decrypted for legal probes

French minister: Apps like Telegram must be decrypted for legal probes
By Jennifer Baker

(credit: Tim Ellis)

Laws mandating encryption backdoors have been demanded by French and German ministers who met on Tuesday.

France’s interior minister Bernard Cazeneuve and his German counterpart Thomas de Maizière, speaking at a joint press conference, called for EU legislation that would force firms to hand over crypto keys to police investigations in order to “truly arm our democracies on the issue of encryption.”

Cazeneuve—while claiming to support “the principle of encryption”—said that “exchanges made via applications like Telegram must be able to be identified and used in legal proceedings.”

Read 9 remaining paragraphs | Comments

August 23, 2016 at 12:40PM
via Ars Technica UK

U.S. Customs and Border Protection Wants to Know Who You Are on Twitter—But It’s a Flawed Plan

U.S. Customs and Border Protection Wants to Know Who You Are on Twitter—But It’s a Flawed Plan
By Sophia Cope

U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers’ privacy, and would have a wide-ranging impact on freedom of expression—all while doing little or nothing to protect Americans from terrorism.

Customs and Border Protection, an agency within the Department of Homeland Security, has proposed collecting social media handles from visitors to the United States from visa waiver countries. EFF submitted comments both individually and as part of a larger coalition opposing the proposal.

CBP specifically seeks “information associated with your online presence—Provider/Platform—Social media identifier” in order to provide DHS “greater clarity and visibility to possible nefarious activity and connections” for “vetting purposes.”

In our comments, we argue that would-be terrorists are unlikely to disclose social media identifiers that reveal publicly available posts expressing support for terrorism.

But this plan would be more than just ineffective. It’s vague and overbroad, and would unfairly violate the privacy of innocent travelers. Sharing your social media account information often means sharing political leanings, religious affiliations, reading habits, purchase histories, dating preferences, and sexual orientations, among many other personal details.

Or, unwilling to reveal such intimate information to CBP, many innocent travelers would engage in self-censorship, cutting back on their online activity out of fear of being wrongly judged by the U.S. government. After all, it’s not hard to imagine some public social media posts being taken out of context or misunderstood by the government. In the face of this uncertainty, some may forgo visiting the U.S. altogether.

The proposed program would be voluntary, and for international visitors. But we are worried about a slippery slope, where CBP could require U.S. citizens and residents returning home to disclose their social media handles, or subject both foreign visitors and U.S. persons to invasive device searches at ports of entry with the intent of easily accessing any and all cloud data.

This would burden constitutional rights under the First and Fourth Amendments. CBP already started a social media monitoring program in 2010, and in 2009 issued a broad policy authorizing border searches of digital devices. We oppose CBP further invading the private lives of innocent travelers, including Americans.

August 22, 2016 at 07:46PM
via Deeplinks

NSA: “We must know everything” – a reminder

NSA: “We must know everything” – a reminder
By Rick Falkvinge

The NSA has been out of the newsflow for a while, until some unknown hacker group decided to copy their tools and offer them for sale at one million bitcoin – a sum that’s basically fantasy and unobtainable, a sum that exchange rates can’t support in liquidity. Still, it’s a healthy reminder that the United States NSA is very much just as active, as healthy, and as malicious as it was when Snowden first presented proof of its toxic and arrogant behavior.

The story of the NSA, GCHQ, FRA, BND, and others is a peculiar one. Most governments will go diehard for these three goals:

  • Protect the fundamental rights of people, citizens in particular: rights such as the right to property, privacy, secrecy of correspondence, et cetera.
  • Support a strong technology and Internet industry with strong encryption available for the smallest startup to the biggest giants.
  • Support law enforcement by wiretapping everybody breaking the law or potentially breaking the law, all the time, to eradicate everything the government decides is a crime this particular week.

Yes, seriously. A government will claim with a straight face that all these three goals are perfectly achievable at the same time. There is absolute-zero understanding that these three goals are completely mutually exclusive, and that they need transparent and clear prioritization between them at the highest level.

And because we need a reminder of what kind of beast the NSA still is, they actually built a room called the “Information Dominance Center” with huge screens in the shape of the bridge from the starship Enterprise, complete down to a futuristic and artificial “whoosh” sound from automatic doors as they open and close. All at taxpayers expense, all intended to violate your rights – and have gleeful fun while doing it.

Photo from NSA's Information Dominance Center. Photo via the architects, via the Intercept.
Photo from NSA’s Information Dominance Center. Photo via the architects, via Glenn Greenwald writing for the Guardian.

PBS writes of this particular room in a post that’s now offline;

“When he was running the Army’s Intelligence and Security Command, Alexander brought many of his future allies down to Fort Belvoir for a tour of his base of operations, a facility known as the Information Dominance Center. It had been designed by a Hollywood set designer to mimic the bridge of the starship Enterprise from Star Trek, complete with chrome panels, computer stations, a huge TV monitor on the forward wall, and doors that made a ‘whoosh’ sound when they slid open and closed. Lawmakers and other important officials took turns sitting in a leather ‘captain’s chair’ in the center of the room and watched as Alexander, a lover of science-fiction movies, showed off his data tools on the big screen.

“‘Everybody wanted to sit in the chair at least once to pretend he was Jean-Luc Picard,’ says a retired officer in charge of VIP visits.”

Seriously, somebody building a room like this just so they get to sit in that captain’s chair on taxpayer dollar is just a chronically-furious small white lapcat away from a perfect Bond villain.

What’s odd is how quickly this change in attitude came about after the end of the Cold War. During the 1970s and 1980s, when the nuclear tension between the Soviet and the West was at its peak, what pretty much defined the west was that we respected the liberty and privacy of our citizens. It was part of our very identity. We were not them, and they, that was the people who listened to their citizens’ every conversation. “Everything you say can and will be used against you”, kind of, except it’s really everything you say, at any time.

“So how do you feel about the government? Please speak clearly into the flower pot.”
— In Soviet Russia, The Flowers Look At You 

Somehow, this attitude got embraced by the West wholeheartedly the moment the Cold War ended. How did that happen?

Oh and by the way, there’s just one final detail: the quote in the title, “We must know everything”, is not from the United States NSA. It’s from Erich Mielke, who built the East German Stasi – the Ministerium für Staatssicherheit, a name that just happens to translate to National Security Agency. (Well, lexically it’s State Security Ministry, but adapting the words for their meaning in US English, it becomes National Security Agency.)

Your privacy remains your own responsibility.

The post NSA: “We must know everything” – a reminder appeared first on Privacy Online News.

August 20, 2016 at 05:02PM
via Privacy Online News

UK Court: ISPs have to block *trademark* infringements in addition to copyright infringements

UK Court: ISPs have to block *trademark* infringements in addition to copyright infringements
By Rick Falkvinge

In a world first, a UK Appeals court has ruled court rules that ISPs have an obligation to censor sites that infringe trademarks off the Internet, building on previous rulings that say the same thing about censoring sites that help people share regular movies and music outside the monopoly channels. The lawsuit against the ISPs was brought by a lumber of luxury brand owners like Cartier, Mont Blanc, and others, against the five largest ISPs in the United Kingdom. As a result, ISPs in the UK must block access to entire sites at the request of luxury brands when said brands consider goods sold there infringing.

As reported by the National Jeweler this week, the case of some major luxury brands demanding ISPs to defend their brand by blocking competing sites selling similar or counterfeit goods – a world first – has been ruled on by an appeals court, in favor of the luxury brands who want put the burden on ISPs to prevent correspondence regarding off-brand and counterfeit goods. While ISPs aren’t given a burden to proactively search out and prevent communication with sites that sell off-brand merchandise, the ISPs are still required to pretty much censor any correspondence on request from brand holders, preventing access to entire sites.

It’s really amazing to see the old world try to pretend the Internet does not exist in rulings like this one. It’s just a few years ago in the UK that ISPs were burdened with censoring websites off the net if they were considered (by somebody, on accusation) to infringe copyright monopolies. Now, this already-bad precedent expands to trademarks, a field of even murkier disputes.

Notice that the ruling talks about entire sites. In other words, this practically means that wholesale sites like Amazon and Alibaba can be censored off the net at the whim of some deluded brand holder who thinks somebody else’s product somewhere on the wholesale site is too similar to theirs – we’ve all seen the weirdest trademark cases in court, and this isn’t even allowed to go to court, this is censorship-on-accusation. (Why didn’t at least Amazon fight this ruling?)

In the ruling, the judge (Lord Kitchin) basically wrote that everybody can be burdened with upholding exclusive rights like trademarks and copyrights on behalf of the monopoly holders – costs, chilling effects, liberty erosion, and downstream effects be damned:

“The class of persons against whom an injunction may issue is not limited to wrongdoers […] Once an ISP has become aware that its services are being used by third parties to infringe an intellectual property right, then it becomes subject to a duty to take proportionate measures to prevent or reduce such infringements even though it is not itself liable for them.”

Can you imagine such a ruling being applied to the telephone network, which a court would be assumed to understand? Or the postal service? That the communications provider had to selectively prevent correspondence that a third party wanted to prevent, if said third party considered the correspondence harmful to their business model? Of course not. It would be absolutely asinine. Our children aren’t inheriting the rights of our parents, and the importance of Analog Equivalent Rights is growing stronger by the day.

It’s hard to not see the connection to when UK press reported an extension of copyright exclusive rights into furniture and how the UK press was delightfully and gleefully writing how these exclusive rights enforcement would “stop cheap Chinese knock-offs”, while at the same time forcing people to buy the same goods at a 20,000% markup and ban people from manufacturing their own using 3D printing technologies that are just around the corner. own.

Meanwhile, using a VPN will allow you to completely ignore this ruling from the old world. The old world has no power on the Internet. It just thinks it has, which – like a wounded predator – makes it dangerous.

The post UK Court: ISPs have to block *trademark* infringements in addition to copyright infringements appeared first on Privacy Online News.

August 20, 2016 at 11:12AM
via Privacy Online News

How the NSA snooped on encrypted Internet traffic for a decade

How the NSA snooped on encrypted Internet traffic for a decade
By Dan Goodin

Enlarge (credit: NSA)

In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company’s now-decommissioned line of PIX firewalls.

The discovery is significant because the attack code, dubbed BenignCertain, worked on PIX versions Cisco released in 2002 and supported through 2009. Even after Cisco stopped providing PIX bug fixes in July 2009, the company continued offering limited service and support for the product for an additional four years. Unless PIX customers took special precautions, virtually all of them were vulnerable to attacks that surreptitiously eavesdropped on their VPN traffic. Beyond allowing attackers to snoop on encrypted VPN traffic, the key extraction also makes it possible to gain full access to a vulnerable network by posing as a remote user.

BenignCertain’s capabilities were tentatively revealed in this blog post from Thursday, and they were later confirmed to work on real-world PIX installations by three separate researchers. Before the confirmation came, Ars asked Cisco to investigate the exploit. The company declined, citing this policy for so-called end-of-life products. The exploit helps explain documents leaked by NSA contractor Edward Snowden and cited in a 2014 article that appeared in Der Spiegel. The article reported that the NSA had the ability to decrypt more than 1,000 VPN connections per hour.

Read 9 remaining paragraphs | Comments

August 20, 2016 at 08:31AM
via Ars Technica UK