Many Internet companies encrypt messages before they are stored on their servers, but they are typically able to decrypt them when necessary—for example, in the case of a court order. With Open Whisper’s technology, WhatsApp won’t be able to read its customers’ messages under any circumstances, a feature known as “end-to-end” encryption.
That will make it much harder for anyone—including criminals, intelligence agencies and law enforcement—to read WhatsApp messages without permission, said Moxie Marlinspike, founder of Open Whisper Systems. “End-to-end encryption ensures that the messages you send can only be read by their intended recipients,” he said.
The encryption technology will be turned on by default, so WhatsApp users won’t have to change any settings to enable it, Mr. Marlinspike said.
Q: What is the difference between USA and USB?
A: One connects to all of your devices and accesses the data, the other is a hardware standard.
(via Boing Boing)
The Intercept is reporting that the Tim Cook lashed out at the Obama administration delegation that travelled to the west coast last week to open so-called “back doors” in the major tech companies.
Apple CEO Tim Cook lashed out at the high-level delegation of Obama administration officials who came calling on tech leaders in San Jose last week, criticizing the White House for a lack of leadership and asking the administration to issue a strong public statement defending the use of unbreakable encryption.
The White House should come out and say “no backdoors,” Cook said. That would mean overruling repeated requests from FBI director James Comey and other administration officials that tech companies build some sort of special access for law enforcement into otherwise unbreakable encryption. Technologists agree that any such measure could be exploited by others.
But Attorney General Loretta Lynch responded to Cook by speaking of the “balance” necessary between privacy and national security – a balance that continues to be debated within the administration.
Good for Tim Cook. He seems to be determined to undermine the vast surveillance state that has been indiscriminately collecting private information of Americans.
Yesterday, at midnight, the NSA shuttered its massive telephone metadata collection program. This program never resulted in any increase in security and no plots were stopped by reason of the program.
“That program hasn’t prevented or even contributed to preventing a single attack in the [nearly] 15 years that it’s been in operation,” says Elizabeth Goitein, the co-director of the Liberty and National Security Program at the Brennan Center for Justice.
Think tank reports on the program have backed her up. “There does not appear to be a case in which…bulk phone records played an important role in stopping a terrorist attack,” wrote Marshall Erwin in a January 2014 report from the Hoover Institution, a conservative think tank. His counterparts at the nonpartisan but liberal-leaning New America Foundation found the same thing in a study that was released in the same month as Erwin’s report. “Surveillance of American phone metadata has had no discernible impact on preventing acts of terrorism,” wrote national security journalist Peter Bergen and three others in the New America study.
Under a new program, telephone metadata will be collected and held by the telecommunications companies and the NSA will be required to seek permission of a court to access any of the company’s data and must also name specific targets. However, another NSA program will allow the agency to continue to collect American’s telephone metadata if it is done outside the US.
With the government’s authority to operate the bulk telephony metadata program quickly coming to an end, this case is perhaps the last chapter in the judiciary’s evaluation of this particular program’s compatibility with the Constitution. It will not, however, be the last chapter in the ongoing struggle to balance privacy rights and national security interests under our Constitution in an age of evolving technological wizardry.
— US District Richard J. Leon of the District Court for the District of Columbia, concluding that the current telephone metadata record collection program run by the NSA is most likely unconstitutional. More details here.
Portions of the Obama administration seemingly will not give up on its quest to continue mass surveillance of US citizens without warrants. According to the Washington Post, work continues to breach legal encryption.
An Obama administration working group has explored four possible approaches tech companies might use that would allow law enforcement to unlock encrypted communications — access that some tech firms say their systems are not set up to provide.
The group concluded that the solutions were “technically feasible,” but all had drawbacks as well.
The approaches were analyzed as part of a months-long government discussion about how to deal with the growing use of encryption in which no one but the user can see the information. Law enforcement officials have argued that armed with a warrant they should be able to obtain communications, such as e-mails and text messages, from companies in terrorism and criminal cases.
Senior officials do not intend to advance the solutions as “administration proposals” — or even want them shared outside the government, according to a draft memo obtained by The Washington Post.
They fear blowback.
The administration’s fears of blowback are real. The massive surveillance state apparatus that has been built is a direct threat to privacy and any breach technologies that may be created would certainly result in outrage not only in the US but around the world. Strong encryption should be treated as a human right. Perhaps they will come to their senses.
- White House considered bypassing encryption with malware disguised as updates (theverge.com)
- Has White House finally got the message about strong encryption? Welcome shift seen in speeches and policy memo (cpj.org)
- Here’s the Obama administration’s rejected plan for encryption backdoors (dailydot.com)
A decade of fear-mongering has brought power and wealth to those who have been most skillful at hyping the terrorist threat. Fear sells. Fear has convinced the White House and Congress to pour hundreds of billions of dollars — more money than anyone knows what to do with — into counterterrorism and homeland security programs, often with little management or oversight, and often to the detriment of the Americans they are supposed to protect. Fear is hard to question. It is central to the financial well-being of countless federal bureaucrats, contractors, subcontractors, consultants, analysts, and pundits. Fear generates funds.
FCC Commissioners have called for an expansion of strong data encryption, in a direct challenge to the demands of the FBI and NSA to require so-called “back door” encryption keys that would allow the government to breach encrypted communications. Most encryption experts believe that any insertion of such back doors would place at risk virtually all encrypted data. If the government uses the back doors, the bad guys can do the same.
According to FTC Commissioner Terrell McSweeny, encryption is absolutely necessary if the so-called Internet of Things is ever to become a reality. Writing for HuffPo, McSweeny praises the steps that companies like Apple have taken to provide end-to-end encryption and notes that encrypting devices is one of the only way to secure smartphones, tablets, and laptops against the loss of potentially critical information if the device is physically stolen. In her Op/ed, Sweeny notes:
If consumers cannot trust the security of their devices, we could end up stymieing innovation and introducing needless risk into our personal security. In this environment, policy makers should carefully weigh the potential impact of any proposals that may weaken privacy and security protections for consumers.
Compare that against Cyrus Vance’s comments from earlier this summer:
This defendant’s appreciation of the safety that the iOS 8 operating system afforded him is surely shared by criminal defendants in every jurisdiction in America charged with all manner of crimes, including rape, kidnapping, robbery, promotion of child pornography, larceny, and presumably by those interested in committing acts of terrorism. Criminal defendants across the nation are the principal beneficiaries of iOS 8, and the safety of all American communities is imperiled by it.
- U.N. privacy watchdog slams anti-encryption ‘Times’ op-ed (dailydot.com)
The Washington Post has published an editorial written by three former governmental security officials who (now) fully support end-to-end encryption.
Mike McConnell is a former director of the National Security Agency and director of national intelligence. Michael Chertoff is a former homeland security secretary and is executive chairman of the Chertoff Group, a security and risk management advisory firm with clients in the technology sector. William Lynn is a former deputy defense secretary and is chief executive of Finmeccanica North America and DRS Technologies.
The three men, now firmly ensconsed in the private sector, believe that an encryption “back-door” is not worth the risk of privacy rights.
We recognize the importance our officials attach to being able to decrypt a coded communication under a warrant or similar legal authority. But the issue that has not been addressed is the competing priorities that support the companies’ resistance to building in a back door or duplicated key for decryption. We believe that the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring.
First, such an encryption system would protect individual privacy and business information from exploitation at a much higher level than exists today. As a recent MIT paper explains, requiring duplicate keys introduces vulnerabilities in encryption that raise the risk of compromise and theft by bad actors. If third-party key holders have less than perfect security, they may be hacked and the duplicate key exposed. This is no theoretical possibility, as evidenced by major cyberintrusions into supposedly secure government databases and the successful compromise of security tokens held by a major information security firm. Furthermore, requiring a duplicate key rules out security techniques, such as one-time-only private keys.
Second, a requirement that U.S. technology providers create a duplicate key will not prevent malicious actors from finding other technology providers who will furnish ubiquitous encryption. The smart bad guys will find ways and technologies to avoid access, and we can be sure that the “dark Web” marketplace will offer myriad such capabilities. This could lead to a perverse outcome in which law-abiding organizations and individuals lack protected communications but malicious actors have them.
Finally, and most significantly, if the United States can demand that companies make available a duplicate key, other nations such as China will insist on the same. There will be no principled basis to resist that legal demand. The result will be to expose business, political and personal communications to a wide spectrum of governmental access regimes with varying degrees of due process.
- Former national security officials: The fear over ubiquitous data encryption is overblown (uk.businessinsider.com)
- Former Heads of NSA and Homeland Security Back End-to-End Encryption (matthewaid.com)
The NSA has agreed to purge its existing data, going back five years, collected under its massive national telephone metadata program. The purge will occur November 29.
Four months from now, at the same time that the National Security Agency finally abandons the massive domestic telephone dragnet exposed by whistleblower Edward Snowden, it will also stop perusing the vast archive of data collected by the program.
The NSA announced on Monday that it will expunge all the telephone metadata it previously swept up citing Section 215 of the U.S.A Patriot Act.
Until this announcement was made, it was unclear whether the most recent five-year data trove would be used going forward.
You can read the official notice from the Office of the Director of National Intelligence here.
- NSA: We’ll stop looking at old U.S. phone records in November (mashable.com)
- NSA will destroy millions of American calling records ‘as soon as possible’ (theguardian.com)
It looks like a battle between the FISA court, which has authorized the NSA to resume bulk collection of telephone meta-data, and the Second Circuit Court of Appeals, which has ruled that the collection program is illegal.
Excerpt from a report in The New York Times:
In a 26-page opinion made public on Tuesday, Judge Michael W. Mosman of the surveillance court rejected the challenge by FreedomWorks, which was represented by a former Virginia attorney general, Ken Cuccinelli, a Republican. And Judge Mosman said the Second Circuit was wrong, too.
“Second Circuit rulings are not binding” on the surveillance court, he wrote, “and this court respectfully disagrees with that court’s analysis, especially in view of the intervening enactment of the USA Freedom Act.”
When the Second Circuit issued its ruling that the program was illegal, it did not issue any injunction ordering the program halted, saying it would be prudent to see what Congress did as Section 215 neared its June 1 expiration. Jameel Jaffer, an A.C.L.U. lawyer, said on Tuesday that the group would now ask for one.
That process has begun.
— The Obama administration announces that it is shutting down (at least temporarily) the collection telephone metadata as legal authorization lapses.
It should be noted that Section 215 of the Patriot act covers multiple topics. A review of FISA court orders shows that of the 180 orders issued last year under Section 215 only five related to the telephone metadata program. The other 175 orders would remain in place.
Certainly the government is collecting that [other] data, but we don’t know how they’re doing it, we don’t know at what scale they’re doing it, and we don’t know with which authority they’re doing it. And I think it is a farce to say that we’re having a debate about the surveillance authority when really, we’re just debating this very narrow usage of the statute.
While a lot can happen before the expiration of the Patriot Act on June 1, it looks like Congress (or at the least the House) are prepared for major reductions in US domestic spying and surveillance.
After more than a decade of wrenching national debate over the intrusiveness of government intelligence agencies, a bipartisan wave of support has gathered to sharply limit the federal government’s sweeps of phone and Internet records.
On Thursday, a bill that would overhaul thePatriot Act and curtail the so-called metadata surveillance exposed by Edward J. Snowden was overwhelmingly passed by the House Judiciary Committee and was heading to almost certain passage in that chamber this month.
An identical bill in the Senate — introduced with the support of five Republicans — is gaining support over the objection of Senator Mitch McConnell, Republican of Kentucky, who is facing the prospect of his first policy defeat since ascending this year to majority leader.
The push for reform is the strongest demonstration yet of a decade-long shift from a singular focus on national security at the expense of civil liberties to a new balance in the post-Snowden era.
Under the bipartisan bills in the House and Senate, the Patriot Act would be changed to prohibit bulk collection, and sweeps that had operated under the guise of so-called National Security Letters issued by the F.B.I. would end. The data would instead be stored by the phone companies themselves, and could be accessed by intelligence agencies only after approval of the secret Foreign Intelligence Surveillance Act court.
The legislation would also create a panel of experts to advise the FISA court on privacy, civil liberties, and technology matters, while requiring the declassification of all significant FISA court opinions.
More details from the Times here.
- America’s Librarians ‘inimically against’ PATRIOT Act Extension (reason.com)
- USA Freedom Act, NSA-reform legislation, heads to Congress (dailydot.com)
- Patriot Act Renewal Divides GOP Establishment From Libertarian Conservatives (washington.cbslocal.com)
- Jacob Sullum on the Need to Control NSA Snooping (reason.com)
USA Today is reporting that the government started collecting data on citizens’ international telephone calls a decade prior to 9/11.
For more than two decades, the Justice Department and the Drug Enforcement Administration amassed logs of virtually all telephone calls from the USA to as many as 116 countries linked to drug trafficking, current and former officials involved with the operation said. The targeted countries changed over time but included Canada, Mexico and most of Central and South America.
Federal investigators used the call records to track drug cartels’ distribution networks in the USA, allowing agents to detect previously unknown trafficking rings and money handlers. They also used the records to help rule out foreign ties to the bombing in 1995 of a federal building in Oklahoma City and to identify U.S. suspects in a wide range of other investigations.
The Justice Department revealed in January that the DEA had collected data about calls to “designated foreign countries.” But the history and vast scale of that operation have not been disclosed until now.
How Americans can ever trust the government to protect their privacy, and comply with the Constitution, is a real puzzle. Secret data collection by the government is apparently unstoppable in the current political environment. Shameful.
Update: The EFF has agreed to represent Human Rights Watch, a civil liberties group, in a lawsuit challenging the legality of the DEA’s massive data collection program.
Human Rights Watch, a nonpartisan organization that fights human rights abuses across the globe, filed suit against the U.S. Drug Enforcement Administration late Tuesday for illegally collecting records of its telephone calls to certain foreign countries as part of yet another government bulk surveillance program. The group is represented by the Electronic Frontier Foundation (EFF), which has launched a series of legal challenges against unconstitutional government surveillance.
“The DEA’s program of untargeted and suspicionless surveillance of Americans’ international telephone call records—information about the numbers people call, and the time, date, and duration of those calls—affects millions of innocent people, yet the DEA operated the program in secret for years,’’ said EFF Staff Attorney Nate Cardozo. “Both the First and Fourth Amendment protect Americans from this kind of overreaching surveillance. This lawsuit aims to vindicate HRW’s rights, and the rights of all Americans, to make calls overseas without being subject to government surveillance.”
- NSA surveillance blueprint: DEA tracked US phone calls years before 9/11 (rt.com)
- The Drug War, Not Terrorism, Brought Us Mass Surveillance (reason.com)
- U.S. secretly tracked billions of calls for decades (wnd.com)
- Under Clinton, with the help of Janet Reno and Eric Holder! (debatepolitics.com)
- Human Rights Watch Sues US Government Over DEA’s Massive Surveillance Program Which Chills Their Work (dissenter.firedoglake.com)
- New lawsuit says DEA phone surveillance was illegal (usatoday.com)
According to the New York Times, the NSA is collecting huge numbers of images of people collected through the agency’s massive surveillance systems. It is collecting “millions” of images per day.