TechnoBuffalo

What the CIA WikiLeaks Dump Tells Us: Encryption Works New York Times NEW YORK If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works, and the industry should use more of it. Documents purportedly outlining a massive CIA surveillance program suggest ... No, the CIA hasn't cracked Signal and WhatsApp's encryptionTechnoBuffalo These messaging apps are safe from all of the CIA's known hacking toolsBGR all 8 news articles »

Read the original post:
What the CIA WikiLeaks Dump Tells Us: Encryption Works - New York Times

The WikiLeaksstashof CIA hacking documents shows tools used by the CIA to hack individual cell-phones and devices. There are no documents yet that suggest mass snooping efforts on a very large scale. Unlike the NSA which has a collect it all attitude towards internet traffic and content the CIA seems to be more interested in individual hacking.

This suggests that the CIA can not decipher the modern encrypted communication it adversaries use. It therefore has to attack their individual devices.

But it does not mean that the CIA can not engage in mass snooping.

The New York Timesdescriptionis wrong:

Some technical experts pointed out that while the documents suggest that the C.I.A. might be able to compromise individual smartphones, there was no evidence that the agency could break the encryption that many phone and messaging apps use.If the C.I.A. or the National Security Agency could routinely break the encryption used on such apps as Signal, Confide, Telegram and WhatsApp, then the government might be able to intercept such communications on a large scale and search for names or keywords of interest. But nothing in the leaked C.I.A. documents suggests that is possible.

Instead, the documents indicate that because of encryption, the agency must target an individual phone and then can intercept only the calls and messages that pass through that phone. Instead of casting a net for a big catch, in other words,C.I.A. spies essentially cast a single fishing line at a specific target, and do not try to troll an entire population.

The difference between wholesale surveillance and targeted surveillance is huge, said Dan Guido, a director at Hack/Secure, a cybersecurity investment firm. Instead of sifting through a sea of information, theyre forced to look at devices one at a time.

Snake-oil alert: Right diagnosis, wrong conclusion and therapy.

If the CIA breaks into an individual Samsung Galaxy 7 it can record what is typed on the screen, and whatever gets transferred via the microphone, camera and loudspeaker. No encryption can protect against that. But why should the CIA break into only one Galaxy 7?

It is wrong to conclude that the CIA can therefore not intercept such communications on a large scale. It can. Easily.

If you can break into one individual Samsung Galaxy 7 you can break into all of them. This can be automated.

The CIA also breaks into internet routers and network infrastructure systems. By watching the network traffic flowing by the CIA (and NSA) systems can see who uses encrypted communication. They can then launch programs to silently take over the communicating devices. Then the communication can be recorded from the devices and read in the clear. There is nothing at all that prohibits this to take place on a massive scale.

The reaction to the Snowden leaks about gigantic NSA snooping on internet lines led to an increased use of encryption. Suddenly everyone used HTTPS for web traffic and the user numbers of Signal, Telegram, WhatsApp and other encrypting communication applications exploded.

But encrypted traffic still sticks out. One can detect an encrypted skype call by watching the network traffic on this or that telecom network. One can detect what kind of end-devices are taking part in a specific call. With a library of attack tools for each of the usual end-devices (Iphone, Android, Windows, Mac) the involved end-devices can be silently captured and the call can be recorded without encryption.

The Times writes: Instead of casting a net for a big catch, in other words, C.I.A. spies essentially cast a single fishing line at a specific target, and do not try to troll an entire population.

It is right in one sense. There is not one central point in the river of traffic where one casts the net. But it is wrong in to conclude that the CIA or other services would then use a single fishing line. What hinders them from using hundreds of fishing lines? Thousands? Hundred-thousands?

Wide use on encryption simply moves the snooping efforts from the networks towards the end-devices. It might be a little more expensive to snoop on hundred-thousands of end-devices than on a few network backbones but budget or manpower restriction are not a problem the NSA and CIA have had in recent decades.

To tell users that it encryption really restricts the CIA and NSA is nonsense. Indeed it is irresponsible.

The sellers of encryption are peddling snake-oil. The dude from a cybersecurity investment firm the Times quotes is just selling his rancid wares.

Your neighbor snoops on your open WLAN traffic? Yes, chat encryption might prevent him from copying your session with that hot Brazilian boy or girl. But it does not prevent professionals from reading it. For that you would need secure devices on both ends of the communication. Good luck finding such.

See the original post here:
Snake-Oil Alert Encryption Does Not Prevent Mass-Snooping - Center for Research on Globalization

Archives: By Topic Select a Topic 113th Congress 114th Congress 1267 terrorist sanctions 1997 Mine Ban Treaty 2001 AUMF 2002 AUMF 2016 Presidential Electio 9/11 Commission Review Aamer v. Obama Abdirahman Sheik Mohamud Abdullah al-Shami Abu Ghaith Abu Ghraib Abu Khattala Abu Omar Abu Wa'el Dhiab Abu Zubaydah v. Poland Accountability ACLU ACLU v. CIA ACLU v. Clapper ACLU v. DOJ act of state Adam Schiff Additional protocol I Adnan Syed Adobe Afghanistan Africa African Commission on Hum African Court of Human an African Court of Justice African Union African Union Mission in African Union Regional Ta Aggression Ahmad Al Faqi Al Mahdi Ahmed Ghailani Ahmed Godane Ahmed Warsame Airstrikes Ajam v. Butler Akbar Akhtar Muhammad Mansur Al Bahlul IV Symposium Al Qaeda Al Shabaab Al Shumrani Al-Bahlul al-Iraqi Al-Janko v. Gates Al-Libi Al-Maqaleh v. Hagel Al-Nashiri Al-Nashiri v. Poland Al-Shimari v Caci et al. Al-Skeini v. United Kingd Al-Zahrani v. Rodriguez Alexander Litvinenko Algeria Ali v. Obama Alien Tort Statute All Writs Act Ambassador Robert Ford Ambassador Stephen Rapp Amends Amerada Hess American Law Institute American Samoa American Society of Inter Americans Amicus Brief amnesty Amnesty International Amos Guiora and Ibrahim al-Qosi Andrew Kleinfeld Andy Wright Angela Merkel Anonymity Ansar Dine Anthony Kennedy Anti-Muslim discriminatio Anti-Terrorism Act (ATA) Anti-Torture Amendment Antonin Scalia Anwar al-Awlaki AP I AP II APA Appellate Jurisdiction Apple AQAP AQIM Arab Spring armed attack armed conflict Armed Opposition Groups Arms Control army field manual Artesia Article 51 Article II Article III Ash Carter Ashraf Ghani Aspen Publishers Assad Assassination Ban Associated Forces asylum Atomic Energy Act atrocities prevention Attacks on Cultural Herit Attorney General attribution Auden AUMF AUMFs Australia authorization for the use Automated Searches Automated Weapons Autonomous Weapons Autonomous Weapons System Avril Haines Ba Odah v. Obama back doors Bagram Air Force Base Bankovic v. Belgium Baraawe Barack Obama Barbara Tuchman Barrel Bombs Barton Gellman Bashar al-Assad Bashir Belfast Peace Agreement Belgium Belhaj v. Straw Bemba Ben Emmerson Ben Wittes Benghazi Bernand Kleinman Bill Banks Bimenyimana Biodefense Bioterror Bivens Suit Black Sites Blackwater Blue Ribbon Study Panel o BND Boasberg body cameras Boim v. Holy Land Foundat Boko Haram Bond v. US Book Reviews Books We've Read Bosnia-Herzegovina Botnets Boumediene v. Bush Brad Heath Brazil Brett Kavanaugh Brexit Brian Egan British Library Bruce Ackerman Brussels Attacks BSA bulk collection Burkina Faso Burundi Bush Administration CAAF CALEA California Call for Papers Cambodia Cameron Munter Canada Canadian Security Intelli Canadian Supreme Court Cardozo Law Review Carly Fiorina Carnegie Mellon Universit Castro v. DHS CAT Ceasefire Cell Site Location Inform cell tracking Censorship Center for Civilians in C Center for Constitutional Center for Democracy and Center for National Secur Center for Naval Analysis Central African Republic Central District of Calif cert petitions Cessation of Hostilities Chad Chapter VII Charles Taylor Charleston Church Shootin Charlie Hebdo Charlie Savage Chatham House mini forum Chelsea Manning Chemical Weapons Chilcot Report Chile China Chivalry Chris Jenks Church Commission CIA CIDT CISA Civil Liberties Civil service Civilian Casualties Civilian-Military divide Civilian-Military relatio Claire McCaskill Clapper Clapper v. Amnesty Intern Clarence Thomas Classified Information Clipper Chip Cluster Munitions CMCR collective self-defense Colombia Colvin v. Syria combat troops Comey Commission on the Wartime Committee Against Torture Committee on the Eliminat Common Article 1 Common Article 3 Community Outreach Compliance with Court Ord Complicity Computer Security Inciden Conflict of interest Conflicts of Interest Congress congressional authorizati Congressional Hearing Congressional Hearings Congressional Investigati Congressional Oversight Consolidated Appropriatio Conspiracy Constitution constitutional law Contempt Content Continuous Combat Functio Convention Against Tortur Convention on Cluster Mun Convention on Conventiona Corporate Liability corporations Corruption Council of Europe Council on Foreign Relati Countering Violent Extrem Counterinsurgency counterintelligence Counterterrorism Court of Appeals for the Court of Military Commiss Courts Martial Couture-Rouleau Covert Action CQ Roll Call crime crime of aggression Crimea Crimes Against Humanity criminal trial Critical Infrastructure Cross-Border Data Request cross-ruffing Cruel cryptography CSIS Cuba Cully Stimson Customary International L CVE CWC Cy Vance Cyber Cyber Bonds Cyber Warfare Cyberattacks Cybersecurity Cybersecurity Act of 2015 Daily News Daily News Roundup Dan Markel Data Data Localization Data Protection Data Sharing David Barron David Ellis David Golove David Hicks David Kaye David Kris David Medine David Miranda David Sentelle David Tatel DC Circuit DC District Court DDoS DEA Deborah Pearlstein Deep Web Defense Directive 2310.01 Defense Select Committee Democracy Democratic Republic of Co Denmark Department of Defense Department of Homeland Se Department of Justice Department of State deradicalization detainee treatment Detention Detention Review Boards development Device Encryption DHS DIA Dianne Feinstein Diarmuid O'Scannlain Diplomacy diplomatic assurances Direct Participation in H Disinformation Dissent Dissent Channel Cable Distinction Division 30 Djibouti DNC DNC Hack DOD DoD Directive 2310.01E DOD Directive 5230.09 DOD Instruction 5230.29 DOJ Domestic Surveillance Dominic Ongwen Donald Trump Dreyer drone court Drone Papers Drones Drones Report due process Duncan Hunter Dustin Heard Dylann Roof Early Edition Ebola ECHR Economic Espionage ECPA ECPA Reform Editors' Picks EDNY Edward Snowden EFF v. DoJ Effective Control Egypt el salvador Electronic Frontier Found Elena Kagan Email Privacy Act Emergency Powers Emoluments Clause Empirical Research Encryption End-to-End Encryption Enemy Belligerents Engines of Liberty EO 12333 EPIC Eric Garner Eric Holder Espionage Act Ethics EU Data Retention Directi Europe European Commission European Convention on Hu European Convention on Na European Court of Human R European Court of Justice European Parliament European Union Evan Liberty event Events evidence Executive Order 12333 Executive Order 13470 Executive Order 13567 Executive Orders Executive Power Executive Privilege extradition Extrajudicial Release Extraordinary African Cha Extraordinary Renditions Extraterritoriality F Facebook FARC Fast & Furious Fatou Bensouda FBI FBI Director FBI v. Apple Featured Federal Communications Co Federal Courts federal program Federal Trade Commission federalism Feminism Ferguson Fifth Amendment Filartiga financing First Amendment FISA FISA Amendments Act of 20 FISA Improvements Act FISA Reform FISC Five Eyes Florence Hartmann FOIA force-feeding Foreign Affairs Foreign Claims Act Foreign Fighters Foreign Law Foreign Policy Foreign Sovereign Immunit foreign sovereign immunit Foreign Surveillance foreign terrorist fighter Foreign Terrorist Organiz Forever War Fourth Amendment Fourth Circuit France Frank Wolf Fred Korematsu Freedom of Association freedom of expression Freedom of the Press FSIA FTC fugitive Gabor Rona Gabriel Schoenfeld Gag Order Garcetti v. Ceballos Gaza GCHQ Gender General Warrants Geneva Conventions genocide Geoff Corn George W. Bush Georgia Gerald Seib Germany Gideon v. Wainwright GJIL Summit Glenn Greenwald Going Dark golden key golden number Google Goran Hadi Government Shutdown Greece Group of Governmental Exp Guantanamo Guardian Guatemala Guest Post Guide to Torture Report Gulf War Guns of August Guns of September Habeas Habre hacking Hae Min Lee Hagel Haiti Hamdan Hamdi v. Rumsfeld Hamid Karzai Handschu Agreement Harold Koh Harvard Law Review Harvard Law School Hassan v. City of New Yor Hate Crimes Hate Speech Hatim v. Obama Heikkila v. Barber Helms Amendment Hernandez v. United State Hezbollah Hicks High commissioner for hum High-Value Detainee Inter Hillary Clinton Hoffman report Holder v. Humanitarian La Holidays Holocaust Holy See Hossam Bahgat Hostage Act Hostile Intent House Armed Forces Commit House Committee on Foreig House Demolitions House Judiciary House lawsuit House Permanent Select Co House Un-American Activit HPSCI HTTPS Huawei Human Right Law human rights Human Rights Committee Human Rights Council Human Rights First Human Rights Law Human Rights Watch Human Shields human trafficking Humanitarian Intervention Humanitarian Law Humanitarian relief opera Hussain v. Obama Hybrid Justice IACHR Ibrahim v. DHS Ibrahim v. US ICC ICCPR ICRAC ICRC ictr ICTY IDF IHL IHR immigration Imminent Threat Immunity immunity for official act Imran Khan Incendiary Weapons India individual self-defense Information Sharing inhuman and degrading tre injury in fact INS v. St. Cyr Inspector General Insular Cases Insurance Intelligence activities Intelligence and Security intelligence community Intelligence Community Di Intelligence Reform International Arm International Armed Confl International Convention international court International Court of Ju International Courts International Criminal Co International Criminal La International Law International Law Commiss International Right to En International Right to Pr internet Internet freedom Internet of Things Interrogation Investigatory Powers Bill Investigatory Powers Trib Iqbal Iran Iran Negotiations Act Iran Nuclear Agreement Re Iran nuclear deal Iran nuclear negotiations Iran Nuclear Negotiations Iraq Iraqi Kurdistan Irek Hamidullan Ireland ISAF ISIL ISIL AUMF Islam Islamic Islamic State Israel Italy Jack Goldsmith James Clapper James Comey James Foley James Risen Jamie Orenstein Jamshid Muhtorov Janice Rogers Brown Jason Smith Jean Pierre Bemba Jeffrey Brand Jeh Johnson Jennifer Granick Jeremy Ridgeway Jerry Brown Jim Sensenbrenner Joe Biden John Bellinger John Brennan John Gleeson John Kerry John McCain John Reed John Walker Lindh John Yoo Joint Committee on Human joint criminal enterprise Jon Cornyn Jonathan Horowitz Jones v. UK Jordan Joseph McCarthy Joshua Arap Sang Journalist journalists JSOC Judge Bates Judge Raymond Randolph Judicial Appointments Judicial Review Judith Rogers Junaid Hussain Jus ad Bellum jus cogens violations jus in bello Just Security Just Security anniversary Just Security Candidates Just Security interns Just Security internship Just security jobs Just War Justice Against Sponsors Justin Raimondo Karen Greenberg Karen LeCraft Henderson Katz v. United States Kazemi v. Iran Keith Alexander Kennedy v. Mendoza-Martin Kenneth Dahl Kenya Kevin Heller Khadr Khalid Sheikh Mohammed Khouzam Killer Robots Kiobel v. Royal Dutch Pet Kiyemba v. Obama Klayman v. Obama Korean landmines Korematsu Korematsu v. United State Kristen Gillibrand KSM Kunduz Kyrgyzstan Laird vs Tatum Lakhdar Brahimi landmines Latif v. Holder Laurence Silberman Lavabit Law enforcement Law Enforcement Hacking Law of Armed Conflict Law of War Manual Law of War Manual Forum Law of War Manual. ICRC Lawfare Lawful Hacking Laws of War Leak Investigations Leaks Lebanon Legal Adviser Legal Adviser, DoS legal offices Legal Services Corp. v. V Letters to the Editor Lewis Kaplan Lex Specialis LGBT Libertarianism Libya Limburg Lindsey Graham Lithuania Livestream Logan Act Lord Peter Goldsmith Lords Resistance Army LTTE Luban Lujan v. Defenders of Wil Luther v. Borden Mac Thornberry Magistrate Judges Maher Arar Mahmoud Abbas Majid Khan Mali Manmohan Singh Mar-a-Lago Marco Rubio Marcy Wheeler Margo Brodie Marine Corps Mark Martins Mark VIsger Marketplace of Ideas Marne Marsha Berzon Martin Luther King Jr. Marty Lederman Material Support Matt Blaze Matthew Waxman Mauritania Mavi Marmara MCA McCain-Feinstein Amendmen McCarthyism McClatchy Mdecins Sans Frontire Media Media Shield Law Medical Personnel membership Memorial Day Mercenaries Merrick Garland Meshal v. Higgenbotham Metadata Mexico Michael Brown Michael Flynn Michael Ratner Michael Weiss Michel Foucault Microsoft Microsoft v. DOJ Microsoft Warrants Case Middle East midterm elections midterms Migrant migration Mike Rogers Military Military aid Military Commissions Military Extraterritorial Military Justice Review G military justice system Military Objective Minimization Procedures Ministry of Defense v. Ra Mitch McConnell MLAT Mohamed v. Jeppesen Datap Mohammed v. MOD Monday Reflection Money Monsanto Montreaux Document Mootness Mosaic Theory Mosul Munitions murder Muslim ban Muslim Brotherhood Mustafa al-Shamiri Mutual Legal Assistance namibia narco-trafficking Nasr v. Italy Nathalie Weizmann National Archives National Institute of Sta national security National Security Council National Security Lawyeri National Security Letters NATO Nawaz Sharif NCIS NCTC NDAA NDU Speech negotiations Network Investigative Tec New York Times New York Times v. DOJ Nicholas Lewin Nicholas Merrill Nicholas Slatten Niger Nigeria No-Fly List Non-international Armed C non-refoulement non-self-executing treati Nonproliferation Treaty Noor Uthman Muhammed Norms Watch North Korea Northern Ireland Notice NSA NSA Reform NSLs Nuclear Nuclear Weapons Nuremberg NYPD Obama administration occupation October Office of Legal Counsel Office of the Director of official act immunity OLC Drone Memo Oman Omar al-Bashir Omar Khadr Oona Hathaway Operation Operation Barkhane Operation Inherent Resolv Operation Protective Edge Operation Storm of Resolv Opinion Poll OPM Organization for Security Organization for the Proh Orin Kerr Osama bin Laden OTP Strategic Plan Ottawa Convention Ottawa shootings Oversight Oversight v. Holder Pakistan Palestine Palmer Raids Panetta Panetta Review Paris Attacks Paris Climate Accord parli Particularity Partition Parwan Patrick Leahy Patrio Patriot Act Paul Slough Paul Wolfson PCLOB Peace Talks Peacekeeping Pen Registers Pentagon Pentagon Papers perfidy Periodic Review Boards Periodic Review Boards (P persecution Peter Burke Peter Margulies Peter Raven-Hansen Philippines Pinochet Plea Agreement PMC PNSDA Poland Police militarization political question doctri Posse Comitatus Power Wars Symposium PPD-28 PPD-30 PPG PRB Pre-publication Review Pr President Obama President's NDU Spee President's Review G Presidential Campaign 201 Presidential Policy Guida Presidential Powers Presidential Review Board Presidents Day PRISM Privacy Private Military and Secu private military contract proportionality protected persons Provisional measures Public Surveys Q+A Qualified Immunity Queen's Speech R2P Rachel Kleinfeld racial discrimination Radovan Karadi Ramzi Bin al-Shibh Rand Paul Raner Collins Ranger School Ransomware rape Rasul v. Bush Ray Mabus Raza v. City of New York Readers' Guide Reagan Real Estate Recusal Red Scare reddit Reengagement Assessment refugee Refugee Crisis Religion remedies Rendition Rep. Adam Schiff Republic of Korea Resolution 2170 Responsibility to Protect Restis Restis v. United Against Rewards for Justice Rex Tillerson Reyaad Khan Rhetoric Richard Burr Richard Leon Right to Be Forgotten Right to Life Right to Privacy Right to Truth Riley v. California Robert Gates Robert H. Jackson Robert Litt Robert Sack Rodriguez v. Swartz Rogue Justice Rome Statute Ron Wyden Roof Knocking Rosenberg vs Pasha Rothstein v. UBS AG Roy Cohn Royce Lamberth Rule 41 Rules of Engagement Rumsfeld v. Padilla Russia Rwanda Ryan Vogel Saddam Hussein SAFE Act of 2015 Safe Harbor safe zones Sahel Salahi Saleh v. Titan Corp Salim v. Mitchell Samantar v. Yousuf San Bernardino Shooting sanctions Sarah Cleveland Sarah Koenig SASC Saudi Arabia Schengen Zone Schlesinger v. Councilman Schrems Scotland Scott Shane SCOTUS SDNY Second Circuit Secrecy Secret Law Secret Service Section 215 Section 702 Security security agreement Security Assistance security clearance self-defense Senate Senate Armed Services Com Senate Foreign Relations Senate HSGAC Senate Intelligence Commi Senate Judiciary Committe Senegal Separation of powers Serdar Mohammed v. SSD Serial Service Providers Sexual Assault Sexual Violence Seymour Hersh SFRC SGBV Sgt. Bowe Bergdahl Sharia shooting Siege Warfare signals collection Silicon Valley Sir John Chilcot SJC Slahi slavery Smith v. Maryland Smith v. Obama Snooper's Charter Snowden Snowden Treaty social Social Media Solicitor General Somalia Sonia Sotomayor Sony South Africa South Ossetia South Sudan Special Forces special rapporteur Spying Sri Lanka SSCI SSCI Report SSCI Torture Report standing Stanley McChrystal Starvation state immunity State of the Union State Responsibility state secrets state secrets privilege State v. Andrews Statehood Staten Island Status of Forces Agreemen status-based immunity statute of limitations StellarWind Stephen Williams Steve Dycus Stimson Center StingRays Stored Communications Act Sudan Sunshine Week superior responsibility Supreme Court Supreme Court of Canada Surveillance Suspension Clause Sustainable Development G Sweden Syria Syrian opposition Syrian refugees Szabo v. Hungary TACT 2000 Tadic Tahir-ul-Qadri Taliban Taliban Sources Project Tallinn Manual target Targeted Killing Targeting Decisions Taylor v. KBR Teaching Technology Ted Cruz term limits terrorism terrorist Terrorist Expatriation Ac Third Circuit Thomas Ambro Thomas Griffith Thomas Lubanga Dyilo Tim Kaine Tim Starks Title III Tony Blair Tor Tor Browser torture Torture Report trafficking transitional justice Transparency transparency reports Treasury Department Treaties Treaty Implementation Treaty Law Trump Trump Administration Trump Administrations truth commission Tuaua Tunisia Turkey Turkmen Turkmenv.Hasty Turner v. Safley Tweet Roll Twitter UANI UDHR Uganda Uhuru Kenyatta Uighurs UK UK Elections UK High Court UK Parliament UK Supreme Court UK Terrorism Act 2000 Ukraine Umm Sayyaf UN Assistance Mission in UN Charter UN High Commissioner for UN High Commissioner on H UN Human Rights Committee UN Security Council Uniform Code of Military United Kingdom United Nations United Nations General As United Nations Human Righ United Nations Human Righ United States ex rel. Acc United States v. Graham United States v. Moalin Universal Declaration of Universal Jurisdiction Universal Periodic Review Unlawful Combatants UNSC UNSC Resolution 1441 UNSC Resolution 2178 UNSC Resolution 2249 unwilling or unable US AID US Army US Holocaust Museum and M US v. al-Darbi US v. al-Shibh US v. Garcia US v. Khadr US v. Mehanna US v. Mohammed US v. Warshak USA Freedom USA Freedom Act Use of Force USS Cole Vance v. Terrazas Verdugo-Urquidez Veterans Veterans Day Veto Victor Restis Video Vietnam Vladimir Putin Vojislav eelj voluntary manslaughter Vulnerabilities Equities war War Crimes War Crimes Act war memorial War on Drugs War on Terror War Powers War Powers Resolution Warafi warrant canary Warsame Wartime Contracts Washington Post Wassenaar Arrangement Waziristan weapons Weapons of Mass Destructi Weekly Recap West Bank Westgate WhatsApp Whistleblowing White House Wikimedia v. NSA William Bradford William Ruto William Samoei Ruto Wiretap Women Women in combat Women's Rights Wong Kim Ark Yahoo Year End 2015 Year End 2016 Yemen Yezidis Yugoslavia Zakharov v. Russia Zehalf-Bibeau Zero-Day Vulnerabilities Zimbabwe Zivotofsky v. Clinton Zivotofsky v. Kerry

Surely without a hint of irony, just a day after WikiLeaks dumped a vault-load of documents detailing the Central Intelligence Agencys use of hacking tools and software exploits, FBI Director James Comey told an audience at a Boston College conference on cybersecurity that [t]here is no such thing as absolute privacy in America. Comeys elevator pitch in support of his claim was that there is no place outside of judicial reach, citing the fact that even time-tested testimonial privileges of the spousal, clergypenitent, and attorneyclient sort can be pierced by judges in appropriate circumstances. Comeys argument, which hes made at a steady drumbeat for several years now, is that sure, privacy is important, but law-enforcement access is paramount. The government and judges, not technology, should decide when the government can get to your private information.

If only things were that simple. Comey has at various times tried to disclaim any desire to have Congress mandate backdoors to encryption-enabled devices and services, even getting himself laughed off of C-SPAN when he suggested that his approach would provide a front door instead. When it comes to encryption, doors are doors, andas Julian Sanchez comprehensively explained more than two years ago, at the dawn of the Crypto Wars sequelthey are a truly terrible idea. To briefly recapitulate Julians post: it is damn near impossible to create a security vulnerability that can only be exploited by the good guys; there are lots of governments out there that no freedom-loving person would classify as the good guys (an observation that takes on a chilling new cast in light of recent events); any backdoor or retention mandate both implicitly assumes and, if it is to be effective, must effectivelyencouragecentralized over decentralized computing and communications architectures; and even if encryption really is law enforcements digital-age bte noire, it is a small price to pay in the Golden Age of Surveillance.

So what does this all have to do with the Vault 7 leak? Its a fair question. Software exploits of the type disclosed by Wikileaks and encryption backdoors might both technically be lines of computer code, but the stakes surrounding each are distinct. For the reasons Julian put forward (and more), encryption backdoors should be a complete non-starter. Mandating backdoors would present a grave security threat to critical internet infrastructure. As a quartet of leading security researchers put it in a highly regarded paper in 2014, mandating built-in encryption backdoors amounts to intentionally and systematically creating a set of predictable new vulnerabilities that despite best efforts will be exploitable by everyone.

When law enforcement or intelligence agencies exploit existing security vulnerabilities, things are perhaps less clear cut. Unlike with backdoors, not every exploit of a software vulnerability poses a systemic risk. (While a backdoor to the iPhone would put a hole in every pocket, the targeted deployment of an exploit would not.) Still, many vulnerability exploits have widespread consequences, putting internet security at risk. As the security quartet put it, the danger of proliferation means each use of an exploit, even if it has previously run successfully, increases the risk that the exploit will escape the targeted device. Call it the Jurassic Park Rule of Internet Security:

Jim, the kind of control youre attempting simply is . . . its not possible. If there is one thing the history of internet security has taught us its that vulnerabilities will not be contained. Vulnerabilities break free, they expand to new territories and crash through barriers, painfully, maybe even dangerously, but, uh . . . well, there it is. . . . Im simply saying that vulnerabilities . . . find a way.

For example, despite reportedly rigorous testing before deployment, the Stuxnet worm used by the United States and Israel to attack an Iranian nuclear facility unexpectedly spread to non-target computers. And when the government sits on a zero-day exploit to be able to exploit it later, there is always the chance that an adversary is doing the same thing. These risks are, for the most part, inherently unknowable beforehand.

While its true that there are unknown risks associated with both exploits and encryption backdoors, only the latter amount to deliberately introduced vulnerabilities. Nevertheless, Comey has been quite skeptical of the notion that giving the government a golden key into the encrypted devices of millions of users would present a broad threat to the security of the internet. His theory, after all, is that the governmentwith judges as gatekeeperwill use such a key responsibly and with oversight. But Vault 7 is a visceral reminder that the public cant trust the government to keep this stuff safehell, not even the government can trust the government to do so. And backdoors present an even more cut-and-dried case than exploits.

Even if an exploit or a backdoor is yours and yours alone for now, your monopoly is either a chimera, or it will be short-lived. And the consequences of spillover can beas Jeff Goldblum learned the hard wayequally unpredictable and devastating. While WikiLeaks did not publish any malicious code this week, it did claim that the contents of Vault 7 have been circulating among former U.S. government hackers and contractors in an unauthorized manner.

What happens when a highly weaponized suite of hacking tools makes its way into the broader internet? I hope we are not about to find outbut if we are, I suspect that Comey and his colleagues at the FBI are unlikely to be happy with what they find. Heres hoping the experience gives them pause the next time they ponder whether their solution to the threat of absolute privacy is really such a good one after all.

Image: Darin McCollister/Getty.

Continue reading here:
Encryption Backdoors, Vault 7, and the Jurassic Park Rule of Internet Security - Just Security

This list of five of the best encryption software on the market includes examples of platforms that enable a cutting edge, interactive experience by harnessing the storage capabilities of the cloud, and special decoy, deterrent features.

Also included in our list are systems that might be less high-tech and intuitive to use, but will equip a user with high-level, industry standard protection by incorporating multiple encryption methods. Some examples in this list are rooted in a specific operating system, while there are also systems included that provide maximum mobility.

Price is also factored into this list of the best options, with some of the free options presenting extremely effective safeguards from the free version of the system.

In contrast to systems such as Veracrypt, the only free element of this encryption software is the trial, however the product is widely considered robust, with capabilities to support small teams and individuals within a business setting.

AxCrypt was launched in 2001 with the intention of addressing the sharing of confidential data over the Internet, and to find security solutions for Internet services while aiming to make an easy to use design and appearance.

The specs behind the software include 128-bit or 256-bit advanced encryption standard (AES), and differs to some of the competition in that the software utilises cloud storage. This will mean the protection you receive with the product sill also span files saved on Dropbox or Google Drive.

A high level of interaction and control is made available with the software, as encrypted files can be accessed through a smartphone app. The software can also be used widely on a global scale, as advanced multilingual abilities are integrated within the software; some of these are Korean, Portuguese and Swedish.

More:
Best encryption software: Top 5 - Computer Business Review