NSA Proof Smartphone?

blackphoneFriends, I’m sure you all know that the NSA is reading your mail, listening in on your conversations and monitoring your activity on this very website.  I ran across an article about an upcoming smartphone called Blackphone aims to put privacy in your hands, protecting you from anyone wanting to snoop into your private data — even the NSA.  A Switzerland-based join venture between Silent Circle and Geeksphone, the project is backed by several important figures in the fields of computer security, including Phil Zimmermann, creator of data encryption protocol PGP (Pretty Good Privacy).  Blackphone is powered by a “security-oriented” Android build called PrivatOS. It’s carrier- and vendor-independent, and enables users to make and receive secure phone calls and video chats, exchange secure texts as well as transfer and store files.  Exact specifications of the phone haven’t been revealed, but Silent Circle CEO Mike Janke claims it’ll be a “high-end” smartphone.  The No. 1 priority of Blackphone isn’t its specs, however: It’s protecting users’ privacy, claims Zimmerman.  See the Video here.

“Blackphone provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect,” said Zimmermann.

The two companies behind the project make an interesting match. Silent Circle is a U.S.-based company focused on encryption; Geeksphone is a Spanish company behind Firefox OS developer devices.  Blackphone will be unveiled at the Mobile World Congress (MWC) in Barcelona on Feb. 24.

SOURCE – Mashable.com

UPDATE – 02/26/14 – Blackphone Unveils Super-Secure Smartphone at MWC

UPDATE – 02/27/14 – Take a closer look at the Batphone; I mean Blackphone

Tor remains resistant to the NSA…

The U.S. National Security Agency has repeatedly tried to compromise Tor, the government-funded online anonymity tool, but has had little success, according to a new report in the U.K.’s Guardian.

The NSA has tried multiple strategies for defeating Tor, with its most successful method focused on attacking vulnerable software on users’ computers, including the Firefox browser, according to the report, published Friday. In the Firefox attack, NSA agents have been able to gain “full control” of targets’ computers, said the report, citing documents given to the Guardian by former NSA contractor Edward Snowden.  tor_nsaNSA documents provided by Snowden, which the Guardian began  publishing in June, say the agency is collecting bulk phone records in  the U.S. as well as Internet communications overseas.  But in many cases, the NSA has been frustrated in its efforts to  target Tor users, an irony because the open-source project is largely  funded by the U.S. Department of Defense, the NSA’s parent agency, and  the U.S. Department of State.

“We will never be able to de-anonymize all Tor users all the time,” according to one NSA document quoted by the Guardian. “With  manual analysis we can de-anonymize a very small fraction of Tor users.”  The NSA has had “no success de-anonymizing a user in response” to a  specific request, the document said.

Tor is “the king of high-secure, low-latency internet anonymity,” the report quotes another NSA document as saying.  Tor routes Internet traffic through a number of relays as a way  to keep communications anonymous. The State Department promotes the  software to activists in countries with strong censorship regimes,  including Iran and China.  An NSA spokeswoman referred a request for comments on the story to a previous statement from the agency:

“In carrying out its signals intelligence mission, NSA collects  only those communications that it is authorized by law to collect for  valid foreign intelligence and counterintelligence purposes, regardless  of the technical means used by those targets or the means by which they  may attempt to conceal their communications. … It should hardly be  surprising that our intelligence agencies seek ways to counteract  targets’ use of technologies to hide their communications.  “Throughout history, nations have used various methods to protect  their secrets, and today terrorists, cybercriminals, human traffickers  and others use technology to hide their activities,” the statement  continued. “Our intelligence community would not be doing its job if we  did not try to counter that.”

NSA efforts to compromise “anonymous online communication” is  justified, U.S. Director of National Intelligence James Clapper said in a  statement released late Friday.

SOURCE – Infoworld

Interesting Read – How does the NSA break SSL?

Lavabit fights the good fight…

The U.S. government in July obtained a search warrant demanding that Edward Snowden’s e-mail provider, Lavabit, turn over the private SSL keys that protected all web traffic to the site, according to to newly unsealed documents.  The July 16 order came after Texas-based Lavabit refused to circumvent its own security systems to comply with earlier orders intended to monitor a particular Lavabit user’s metadata, defined as “information about each communication sent or received by the account, including the date and time of the communication, the method of communication, and the source and destination of the communication.”  lavabitThe records in the case, which is now being argued at the 4th U.S. Circuit Court of Appeals, were unsealed by a federal judge in Alexandria, Virginia. They confirm much of what had been suspected about the conflict between the pro-privacy e-mail company and the federal government, which led to Lavabit voluntarily closing in August rather than compromise the security it promised users.  The filings show that Lavabit was served on June 28 with a so-called “pen register” order requiring it to record, and provide the government with, the e-mail “from” and “to” lines on every e-mail, as well as the IP address used to access the mailbox. Because they provide only metadata, pen register orders can be obtained without “probable cause” that the target has committed a crime.

“The privacy of … Lavabit’s users are at stake,” Lavabit attorney Jesse Binnall told Hilton. “We’re not simply speaking of the target of this investigation. We’re talking about over 400,000 individuals and entities that are users of Lavabit who use this service because they believe their communications are secure. By handing over the keys, the encryption keys in this case, they necessarily become less secure.”

I love this next part… Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type!  I love this guy!

“To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote.  The court ordered Levison to provide a more useful electronic copy. By August 5, Lavabit was still resisting the order, and the judge ordered that Levison would be fined $5,000 a day beginning August 6 until he handed over electronic copies of the keys.  On August 8, Levison shuttered Lavabit, making any attempt at surveillance moot. Still under a gag order, he posted an oblique message saying he’d been left with little choice in the matter.

“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit,” Levison wrote at the time. “After significant soul searching, I have decided to suspend operations.”

Lavabit has raised approximately $30,000 in an online fundraising drive to finance its appeal to the 4th Circuit. Today the appeals court extended the deadline for opening briefs to October 10.  Friends, your absolute right to privacy is under attack.  Spread the word, donate or help out any way you can and helo Lavabit fight the good fight!

SOURCE – Wired

UPDATE – Lavabit to Briefly Reinstate Services for Data Recovery

Schneier – “The NSA has destroyed the fundamental fabric of the Internet…”

The U.S. National Security Agency’s efforts to defeat encrypted Internet communications, detailed in recent news stories, are an attack on the security of the Internet and on users’ trust in the network, some security experts said.  The NSA and intelligence agencies in allied countries have found ways to circumvent much of the encryption used on the Internet, according to stories published by The New York Times, ProPublica and the Guardian. The NSA, the British GCHQ and other spy agencies have used a variety of means to defeat encryption, including supercomputers, court orders and behind-the-scenes agreements with technology companies, according to the news reports.

bruce_schneierThe reports, relying on documents provided by former NSA contractor Edward Snowden, show that many tech companies are collaborating with the spy agencies to “destroy privacy,” said cryptographer and security specialist Bruce Schneier. “The fundamental fabric of the Internet has been destroyed.”  Digital rights group the Center for Democracy and Technology echoed some of Schneier’s concerns, with CDT senior staff technologist Joseph Lorenzo Hall calling the NSA’s encryption circumvention efforts “a fundamental attack on the way the Internet works.”

But Matthew Green, a cryptographer and research professor at Johns Hopkins University, suggested Microsoft is due for scrutiny on encryption security, if encryption has been compromised, as the recent news stories suggest. Most commercial encryption code uses a small number of libraries, with Microsoft CryptoAPI being among the most common, he wrote in a blog post.  The good news for privacy-minded Internet users is that security researchers questioned whether the foundations of cryptography itself have been compromised. Some encryption protocols are vulnerable, but it’s likely that the NSA is attacking the software that encryption is implemented with or relying on human mistakes, Green wrote.

Friends, as Bruce Schneier said, “trust no one…” and as the Villainous VooDoo said, “the only digital privacy you can expect is that which you make for yourself…

UPDATE – 09/23/13 – “NSA Spying Is Making Us Less Safe…”NSA surveillance: A guide to staying secure

Encryption App Silent Circle Shuts Down…

The communications encryptions firm ‘Silent Circle’ chose to shut down it’s e-mail service as one if its competitors ‘Lavabit’ recently shut down it’s core email service.  Lavabit cited that he had been the subject of a U.S. government investigation and gag order.  It appears the NSA came knocking and instead of fighting for our disappearing privacy rights, Lavabit decided to fold.  Silent-Circle-screenshot5Co-founder and CTO Jon Callas said in a blog post Friday that Silent Circle’s e-mail service had “always been something of a quandary for us.” This, in spite of the fact that one of Silent Circle’s other co-founder is Phil Zimmermann, inventor of the popular e-mail encryption software PGP.  Electronic mail uses standard internet protocols that cannot have the same security guarantees that real-time communication has, Callas said. “Email as we know it with SMTP, POP3, and IMAP cannot be secure.”

“We’ve been thinking about this for some time, whether it was a good idea at all. Yesterday, another secure email provider, Lavabit, shut down their system lest they ‘be complicit in crimes against the American people.’ We see the writing on the wall, and we have decided that it is best for us to shut down Silent Mail.”  Callas said Silent Circle had not received subpoenas, warrants or anything other similar request from any government. The company had been debating what to do about its email service for weeks, and up until Friday was ready to phase the service out so that it would continue for existing customers. “It is always better to be safe than sorry,” Callas said.  What he meant was “…better whipped and submissive than free…”

Friends, this is truly sad.  On a daily basis, I see our rights and liberties evaporating due to the efforts of our government and it’s agencies that LIE to us and SPY on us, all under the banner of Social Reform.  This post show that a society that fears and distrusts it’s own leaders cannot thrive.  Had enough yet?

UPDATE – 08/15/13 – Monterey-based Privato Security sped up the launch of its email service.  “I think it is a golden opportunity for us,” CEO Neal Smith, 68, said Tuesday.  Privato works by sending an email to a cloud server, an Internet-based storage system, where it stays — heavily encrypted — until the recipient downloads it, instantly deleting it from the server.  Check it out.

UPDATE – 08/16/13 – NBC reports that senior US Attorney James Trump sent Lavabit founder Ladar Levison and his lawyer a veiled arrest threat when Levison shut down his private email service (used by NSA leaker Edward Snowden) rather than comply with a secret order to spy on his customers.  More interesting reading on the subject here.

UPDATE – 08/23/13 – Ladar Levison, the owner of the now-shuttered encrypted email service used by Edward Snowden said that he will continue to defend online security free of government surveillance, hopefully with success in courts or a possible move of his company overseas.

UPDATE – 08/29/13 – Usage for Tor doubles in wake of secure email shutdowns.

UPDATE – 09/16/13 – Interesting reading on the subject.

  • Ads