« First...102030...2,2362,2372,2382,2392,240...2,2502,2602,270...Last »

Exclusive: WikiLeaks Editor Sarah Harrison on Helping Edward Snowden, Being Forced to Live in Exile – Video

Posted on by


Exclusive: WikiLeaks Editor Sarah Harrison on Helping Edward Snowden, Being Forced to Live in Exile
http://www.democracynow.org - In the latest revelations from documents leaked by National Security Agency whistleblower Edward Snowden, the Washington Post h...

By: democracynow

Read the original:
Exclusive: WikiLeaks Editor Sarah Harrison on Helping Edward Snowden, Being Forced to Live in Exile - Video

Edward Snowden and the NSA Can Both Be Right

Posted on by

TIME Politics Congress Edward Snowden and the NSA Can Both Be Right US National Security Agency (NSA) whistleblower Edward Snowden speaks to European officials via videoconference during a parliamentary hearing on improving the protection of whistleblowers, at the Council of Europe in Strasbourg, eastern France, on June 24, 2014. Frederick FlorinAFP/Getty Images Two reports raise the possibility that on balance, both the NSA collection programs and Snowdens revelations have done more to advance the public good than to harm it

The yearlong debate over the leak of National Security Agency documents by former contractor Edward Snowden has divided the world into two camps. One sees Snowden as a patriotic public servant and believes the NSA programs he revealed are unjustified threats to civil liberties. The other sees Snowden as a traitor and views the NSA programs as necessary for national security.

Two reports this week raise a third possibility: that on balance, both the NSA collection programs and Snowdens revelations have done more to advance the public good than to harm it.

On July 1, the independent agency charged with overseeing U.S. intelligence and counterterrorism programs to ensure they dont infringe on privacy and civil liberties found the core of the NSAs Internet collection programs did neither. In a 196-page report, the Privacy and Civil Liberties Oversight Board found both the NSAs collection of Internet traffic from service providers, and the agencys tapping of undersea cables, complied with the Constitution and Congresss privacy protections for U.S. persons, and were therefore legal. It further found that the programs were valuable (two board members called them extremely valuable) for foreign intelligence and counterterrorism:

Presently, over a quarter of the NSAs reports concerning international terrorism include information based in whole or in part on Section 702 collection.

On the other side of the equation, the PCLOB report comes less than a week after Adm. Michael Rogers, the head of the NSA, told the New York Times that while the damage done by Snowden was real, he did not believe the sky is falling as a result. Earlier in June, Director of National Intelligence James Clapper told the Washington Post that we think that a lot of what [Snowden] looked at, he couldnt pull down, and that it doesnt look like [Snowden] took as much as first thought.

Taken together, the reports raise the possibility that the NSA programs continue to contribute to U.S. national security and that the damage done by Snowdens leaks is offset by the public awareness of and debate about surveillance.

There are, of course, qualifiers to such a best-of-both-worlds view. For starters, the PCLOB report raised concerns about how the NSA, CIA and FBI search the data once it is collected from the Internet and recommended in some cases curtailing those searches. In January, the PCLOB found that the NSAs telephone metadata records program was effectively illegal and should be ended. And no one can seriously look at the Snowden revelations without considering the possibility that they damaged national security. A large majority of security experts recently polled by National Journal believe the damage caused by the leaks is greater than the public value of Snowdens revelations.

But the PCLOB said it had not seen any evidence of bad faith or misconduct in either the NSAs Internet collection program or the telephone metadata program: for all the speculative fear of a dystopian future, no one has been maliciously targeted, and the programs havent been hijacked by a malevolent Nixonian seeking political advantage. At the same time, Snowdens revelations have initiated a broad, bipartisan public debate over government surveillance, and he has advanced the idea that in the digital age, privacy is always in play (including the commercial collection and sale of data on virtually every household in the country, as the Federal Trade Commission recently reported).

This may all sound Panglossian, but it fits with the conclusions of the late Senator Daniel Patrick Moynihan, scourge of secrecy, who believed there were many things that should be made secret, but then released as soon as the immediate need has passed. Standing at the threshold of the digital age in 1997, Moynihan declared:

See the original post here:
Edward Snowden and the NSA Can Both Be Right

Secret code indicates NSA tracks privacy tool users

Posted on by

IDG News Service - A NSA spying tool is configured to snoop on an array of privacy programs used by journalists and dissidents, according to an analysis of never-before-seen code leaked by an unknown source.

The code, published as part of investigation by two German broadcasters on Thursday, contains tracking specifications for XKeyScore, a powerful NSA program that collects and sorts intercepted data.

XKeyScore came to light in documents leaked by former NSA contractor Edward Snowden, but some observers believe the latest information -- which adds greater detail on how the agency monitors people trying to protect their privacy online -- may have not come from the documents he passed to journalists.

The broadcasters, Norddeutscher Rundfunk and Westdeutscher Rundfunk, did not reveal their source for the code but claimed in a report that former NSA employees and experts "are convinced that the same code or similar code is still in use today,"

The report describes how the code enables XKeyScore to track users connected to The Onion Router, known as TOR, a network that encrypts data traffic through random servers in order to obscure identification of a web surfer.

TOR, a project initially started by the U.S. Navy, is considered a critical privacy enhancing tool and one that has hampered NSA surveillance in the past.

The report contends the NSA is monitoring two TOR servers in Germany. One is run by Sebastian Hahn, a 28-year-old computer science student at the University of Erlangen. The server, known as a Directory Authority, a critical part of TOR's infrastructure, supplies a list of relays in the network to computers connecting to the network.

The NSA's collection of metadata about people connecting to the server puts those people at risk, the report quoted Hahn as saying.

The NSA also tracks the use of non-public TOR relays, which are supplied to users upon request in countries known to actively block TOR relays, such as in China and Iran, the report said.

Other rules in the code indicate the agency is tracking people who visit public websites for privacy-related projects including the TOR Project; Tails, a privacy-focused portable operating system; and the Linux Journal website, the report alleged.

See original here:
Secret code indicates NSA tracks privacy tool users

This simple app lets anyone be an encryption expert

Posted on by

Encryption is hard. When NSA leaker Edward Snowden wanted to communicate with journalist Glenn Greenwald via encrypted email, Greenwald couldn't figure out the venerable crypto program PGP even after Snowden madea 12-minute tutorial video.

Nadim Kobeissi wants to bulldoze that steep learning curve. At theHOPE hacker conferencein New York later this month he'll release a beta version of an all-purpose file encryption program called MiniLock, a free and open-source browser plugin designed to let even Luddites encrypt and decrypt files with practically uncrackable cryptographic protection in seconds.

"The tagline is that this is file encryption that does more with less," says Kobeissi, a 23-year old coder, activist and security consultant. "It's super simple, approachable, and it's almost impossible to be confused using it."

Kobeissi's creation, which he says is in an experimental phase and shouldn't yet be used for high security files, may in fact be the easiest encryption software of its kind. In an early version of the Google Chrome plugin tested by Wired, we were able to drag and drop a file into the program in seconds, scrambling the data such that no one but the intended recipient -- in theory not even law enforcement or intelligence agencies -- could unscramble and read it. MiniLock can be used to encrypt anything from video email attachments to photos stored on a USB drive, or to encrypt files for secure storage on Dropbox or Google Drive.

Like the older PGP, MiniLock offers so-called "public key" encryption. In public key encryption systems, users have two cryptographic keys, a public key and a private one. They share the public key with anyone who wants to securely send them files; anything encrypted with that public key can only be decrypted with their private key, which the user guards closely.

Kobeissi's version of public key encryption hides nearly all of that complexity. There's no need to even register or log in -- every time MiniLock launches, the user enters only a passphrase, though MiniLock requires a strong one with as many as 30 characters or a lot of symbols and numbers. From that passphrase, the program derives a public key, which it calls a MiniLock ID, and a private key, which the user never sees and is erased when the program closes. Both are the same every time the user enters the passphrase. That trick of generating the same keys again in every session means anyone can use the program on any computer without worrying about safely storing or moving a sensitive private key.

"No logins, and no private keys to manage. Both are eliminated. That's what's special," says Kobeissi. "Users can have their identity for sending and receiving files on any computer that has MiniLock installed, without needing to have an account like a web service does, and without needing to manage key files like PGP."

In fact, MiniLock uses a flavour of encryption that had barely been developed when PGP became popular in the 90s: elliptic curve cryptography. Kobeissi says that crypto toolset allows for tricks that haven't been possible before; PGP's public keys, which users have to share with anyone who wants to send them encrypted files, often fill close to a page with random text. MiniLock IDs are only 44 characters, small enough that they can fit in a tweet with room to spare. And elliptic curve crypto makes possible MiniLock's feature of deriving the user's keys from his or her passphrase every time it's entered rather than storing them. Kobeissi says he's saving the full technical explanation of MiniLock's elliptic curve feats for hisHOPE conference talk.

Despite all those clever features, MiniLock may not get a warm welcome from the crypto community. Kobeissi'sbest-known previous creation is Cryptocat, a secure chat program that, like MiniLock, made encryptionso easy that a five-year-old could use it. But it also suffered fromseveral serious security flawsthat led many in the security community todismiss it as useless or worse, a trap offering vulnerable users an illusion of privacy.

But the flaws that made Cryptocat into the security community's whipping boy have been fixed, Kobeissi points out. Today the program been downloaded close to 750,000 times, and in asecurity ranking of chat programs by the German security firm PSW Grouplast month it tied for first place.

See original here:
This simple app lets anyone be an encryption expert


« First...102030...2,2362,2372,2382,2392,240...2,2502,2602,270...Last »