The National Security Agency has some of the brightest minds working on its sophisticated surveillance programs, including its metadata collection efforts. But a new chat program designed by a middle-school dropoutin his spare time may turn out to be one of the best solutions to thwart those efforts.

Prompted by Edward Snowdens revelations about the governments intrusive surveillance activities, loosely knit citizen militias of technologists and security professionals have cropped up around the world to develop systems to protect us from government agencies out to identify us online and grab our communications.

John Brooks is now among them.

Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. The program, which he dubbed Ricochet, began as a hobby. But by the time he finished, he had a full-fledged desktop client that was easy to use, offered anonymity and encryption, and even resolved the issue of metadatathe to and from headers and IP addresses spy agencies use to identify and track communicationslong before the public was aware that the NSA was routinely collecting metadata in bulk for its spy programs. The only problem Brooks had with the program was that few people were interested in using it. Although hed made Ricochets code open source, Brooks never had it formally audited for security and did nothing to promote it, so few people even knew about it.

Ricochet is idiot-proof and anonymous.

Then the Snowden leaks happened and metadata made headlines. Brooks realized he already had a solution that resolved a problem everyone else was suddenly scrambling to fix. Though ordinary encrypted email and instant messaging protect the contents of communications, metadata allows authorities to map relationships between communicants and subpoena service providers for subscriber information that can help unmask whistleblowers, journalistss sources and others. Its not just these kind of people whose privacy is harmed by metadata, however; in 2012 it was telltale email metadata that helped unmask former CIA director and war commander General David Petraeus and unravel his affair with Paula Broadwall.

With metadata suddenly in the spotlight, Brooks decided earlier this year to dust off his Ricochet program and tweak it to make it more eleganthe knew hed still have a problem, however, getting anyone to adopt it. He wasnt a known name in the security world and there was no reason anyone should trust him or his program.

Enter Invisible.im, a group formed by Australian security journalist Patrick Gray. Last July, Gray announced that he was working with HD Moore, developer of the Metasploit Framework tool used by security researchers to pen-test systems, and with another respected security professional who goes by his hacker handle The Grugq, to craft a secure, open-source encrypted chat program cobbled together from parts of existing anonymity and messaging systemssuch as Prosody, Pidgin and Tor. They wanted a system that was highly secure, user friendly and metadata-free. Gray says his primary motivation was to protect the anonymity of sources who contact journalists.

At the moment, when sources contact a journalist, theyre going to leave a metadata trail, whether its a phone call record or instant message or email record [regardless of whether or not the content of their communication is encrypted], he says. And that data is currently accessible to authorities without a warrant.

When Brooks wrote to say hed already designed a chat program that eliminated metadata, Gray and his group took a look at the code and quickly dropped their plan to develop their own tool, in favor of working with Brooks to develop his.

View post:
Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying

Stuff.co.nz

John Key says journalist Glenn Greenwald got it wrong over mass surveillance taking place in New Zealand.

Prime Minister John Key cannot rule out that the United States National Security Agency is undertaking mass surveillance of New Zealanders' data but has rejected claims New Zealand spies would have access to such information.

"What I can say is the GCSB [Government Communications Security Bureau] does not have access to any information through XKeyscore or any other database, unless they basically comply with the New Zealand law, and the New Zealand law forbids that unless there is a warrant to do so," he said.

Asked whether that was an admission GCSB spies on occasion used the controversial XKeyscore programme, Key declined to elaborate.

"I don't talk about whatever programmes they have," he said.

* Beehive Live

* NZ spied on allies: Greenwald

*Opinion: We deserve answers on spying

* Opinion: Spy scandal impact on election far from certain

Original post:
NSA spying can't be ruled out: PM

There is no evidence that Edward Snowdens revelations about NSA spying inspired Islamic terror groups to hide their electronic communications behind more sophisticated encryption software, according to a new analysis that challenges other recent research and assertions by U.S. officials about the impact of the leaks.

The analysis by Flashpoint Global Partners, a private security firm, examined the frequency of releases and updates of encryption software by jihadi groups and mentions of encryption in jihadi social media forums to assess the impact of Snowdens information. It found no correlation in either measure to Snowdens leaks about the NSAs surveillance techniques, which became public beginning June 5, 2013.

Click Here to Read the Full Report

Evan Kohlmann, a Flashpoint partner who also is a NBC News terrorism consultant, acknowledged that there has been a flurry of releases of encryption software by al Qaeda and other Islamic terror groups, including ISIS, since Snowden went public, but said most have simply extended the existing scheme to new devices or technologies, such as cell phones, chat software and SMS messaging (texting).

Nothing has changed about the encryption methodologies that they use, he said. Its difficult to reconcile with the claim that they have dramatically improved their encryption technology since Snowden.

Follow NBC News Investigations on Twitter and Facebook.

Al Qaeda and its affiliates have developed and used different types of encryption software since at least 2007, beginning with a product known as Asrar al-Mujihideen (Secrets of the Mujahideen) that was released by administrators of a now-defunct al Qaeda web forum known as al-Ekhlaas, according to the Flashpoint analysis.

The software was quickly endorsed by al Qaeda affiliates like al Qaeda in the Arabian Peninsula (AQAP) and al-Shabab in Somalia. When al-Ekhlaas collapsed, a prominent online jihadi media unit called the Global Islamic Media Front (GIMF) took over its development and began strengthening its capabilities. It also introduced new products, including Asrar al-Dardashan (Secrets of Chatting) in February 2013, four months before the Guardian newspaper broke the first Snowden story.

The report appears certain to add fuel to the debate over what U.S. officials say was significant damage to national security caused by Snowdens disclosure of classified spying programs by the NSA.

U.S. government officials have consistently invoked the terrorist groups to dramatize the damage allegedly caused by the leaks.

Read more:
Snowden Leaks Didn't Make Al Qaeda Change Tactics: Report