Archive | IT security

Facebook turning WhatsApp to the Dark Side of the Force?

Under the new user agreement, WhatsApp will share the phone numbers of people using the service with Facebook, along with analytics such as what devices and operating systems are being used. Previously, no information passed between the two, a stance more in line with WhatsApp’s original sales pitch as a privacy oasis.

Wired: WhatsApp’s Privacy Cred Just Took a Big Hit »

“Only at the end do you realize the power of the Dark Side.”

0

Mixed messages on encryption

In a new level of dumb, Germany and France are demanding strong encryption for all citizens at the same time as they demand this strong encryption to be breakable. They also demand messaging providers of end-to-end encryption to provide police with keys they don’t have, and for terrorists to stop using freely available strong encryption without a messaging provider. You really couldn’t sound dumber if you tried.

Falkvinge: Germany, France demand golden key AND strong encryption just when you thought politicians had clued in to basic reality »

0

Prepare for the next crypto war

Last winter it looked as if there was going to be an international initiative against encryption. However, after some public attention, President Obama announced that there were no such plans – at present. Shortly after that, there was a brawl between Apple and the FBI, ending with the FBI withdrawing its subpoena for Apple to build software to give backdoor access to an iPhone. (The FBI cracked it by other methods.) Meanwhile, the UK is slowly moving towards some sort of ban on encryption.

Now, it seems this issue will get new attention. Last week the French called for a global initiative to “deal with” encryption. Apparently, they are trying to get Germany aboard on such an initiative. If so, we can expect the issue to become a hot topic in the EU shortly.

As most politicians are somewhat ignorant when it comes to IT and the Internet – we can expect some ill-conceived proposals.

It would be very difficult for politicians to ban user managed end-to-end encryption like PGP. That should reasonably not be up for discussion. (But you never know when it comes to the EU.)

My guess is politicians (and law enforcement) will take aim at popular communication apps like Whatsapp and Telegram – and to demand backdoors to smartphones and other encrypted hardware.

Cracking communication apps and installing backdoors is still a terrible idea. These techniques will – sooner or later – end up in the wrong hands. And government having access to citizens communications is still a very unpleasant concept.

However, this will not prevent terrorists and criminals from communicating securely and covertly – if they really want to.

/ HAX

France in global call to “deal with” messaging apps »
How the Government Is Waging Crypto War 2.0 »

1

EU to adopt EU-US Privacy Shield shotrly

Privacy Shield—the much maligned replacement to the Safe Harbour deal between the European Union and the US—looks set to be approved by national representatives on Friday, Ars understands.

The scheme, which will allow the transfer of personal data from the EU to the US despite privacy and data protection concerns, has faced an uphill battle. Brussels officials who negotiated the deal on behalf of the EU have been desperate to push it through in the face of criticism from the European Data Protection Supervisor, national data protection authorities, and the European Parliament, in order to give some legal certainty to companies that rely on transatlantic data flows. (…)

The agreement is expected to be formally adopted by the European Commission next Monday, followed by the deal being inked by justice commissioner Vera Jourová and US secretary of commerce Penny Pritzker on Tuesday.

Jennifer Baker in Ars Technica: Privacy Shield to be dragged across finish line—sources »

0

Silicon Valley on mass surveillance: Enough is enough

Washington Post:

Like many Silicon Valley start-ups, Larry Gadea’s company collects heaps of sensitive data from his customers.

Recently, he decided to do something with that data trove that was long considered unthinkable: He is getting rid of it.

The reason? Gadea fears that one day the FBI might do to him what it did to Apple in their recent legal battle: demand that he give the agency access to his encrypted data. Rather than make what he considers a Faustian bargain, he’s building a system that he hopes will avoid the situation entirely.

WP: What’s driving Silicon Valley to become ‘radicalized’ »

0

Governments vs. WhatsApp

In other words, there is no central repository of plain-text messages that the company can access to comply with a court subpoena. Nor is there a “universal key” that can be used as a government backdoor to decrypt information. When a user sends a message on WhatsApp, he or she can feel fairly confident that no confidence man in the middle lurks between them and the intended recipient of a message. Such security is a very strong selling point in this age of constant data breaches and headache-inducing identity thefts.

Reason: Why We Should All Care About Brazil’s War on WhatsApp »

0

A closer look at Hacking Team

Here is an interesting piece in Foreign Policy: Fear this man »

It’s about the Italian firm Hacking Team and its founder and CEO, David Vincenzetti. The article gives an interesting and chilling glimpse into the commercial side of providing governments with IT tools for surveillance – that also is being used by authoritarian regimes for oppression and disinformation.

“Privacy is very important,” Vincenzetti says on a recent February morning in Milan, pausing to sip his espresso. “But national security is much more important.”

0