New Snowden Documents Reveal the NSA’s War on Internet Security and Tools to Protect Yourself

The NSA’s headquarters in Fort Meade, Maryland. (photo: DPA/NSA)

Der Spiegel | Reader Supported News | December 29, 2014

US and British intelligence agencies undertake every effort imaginable to crack all types of encrypted Internet communication. The cloud, it seems, is full of holes. The good news: New Snowden documents show that some forms of encryption still cause problems for the NSA.

hen Christmas approaches, the spies of the Five Eyes intelligence services can look forward to a break from the arduous daily work of spying. In addition to their usual job — attempting to crack encryption all around the world — they play a game called the “Kryptos Kristmas Kwiz,” which involves solving challenging numerical and alphabetical puzzles. The proud winners of the competition are awarded “Kryptos” mugs.

Encryption — the use of mathematics to protect communications from spying — is used for electronic transactions of all types, by governments, firms and private users alike. But a look into the archive of whistleblower Edward Snowden shows that not all encryption technologies live up to what they promise.

One example is the encryption featured in Skype, a program used by some 300 million users to conduct Internet video chat that is touted as secure. It isn’t really. “Sustained Skype collection began in Feb 2011,” reads a National Security Agency (NSA) training document from the archive of whistleblower Edward Snowden. Less than half a year later, in the fall, the code crackers declared their mission accomplished. Since then, data from Skype has been accessible to the NSA’s snoops. Software giant Microsoft, which acquired Skype in 2011, said in a statement: “We will not provide governments with direct or unfettered access to customer data or encryption keys.” The NSA had been monitoring Skype even before that, but since February 2011, the service has been under order from the secret US Foreign Intelligence Surveillance Court (FISC), to not only supply information to the NSA but also to make itself accessible as a source of data for the agency.

Read more

Brazil’s Controversial Plan to Extricate the Internet From US Control

English: President Lula, President of the United States, Barack Obama, and the chief minister of the Casa Civil, Dilma Rousseff, greet it during meeting in the White House. Português: Presidente Lula, o presidente dos Estados Unidos, Barack Obama, e a ministra-chefe da Casa Civil, Dilma Rousseff, cumprimentam-se durante encontro na Casa Branca. (Photo credit: Wikipedia)

Amanda Holpuch | Guardian UK | Reader Supported News | September 22, 2013

President Rousseff expected to bring the conversation about the continued role of US-based supernetworks to the UN this month.

When Brazilian president Dilma Rousseff postponed her official visit to the US in protest of National Security Agency spying activities on Tuesday, it seemed like a routine bit of diplomatic posturing.

But another one of her proposals could perhaps be more significant: a set of measures intended to extricate the internet in Brazil from under the influence of the US and its tech giants.

Some are claiming the country is embarking on a course that will cut itself off from the internet. To international policy experts however, Rousseff’s proposals offer a more open and comprehensive discussion of issues that have been quietly brewing in the internet community.

“The hope that Brazil has is that the measures would curb the control the US has in terms of infrastructure and that maybe it will be a pressure for the United States to change its practices that came to knowledge after the Snowden leak,” said Marilia Maciel, a researcher who works on Internet security policy at Brazil’s Fundacao Getulio Vargas.

Read more

Dear Stupid, Stupid NSA

National Security Agency Seal (Photo credit: DonkeyHotey)

David Meyer | Business Week | Reader Supported News | September 8, 2013

Dear stupid, stupid NSA,

I’ve got to hand it to you: As an agency set up with the task of breaking codes and spying on people, you seem to be doing a pretty sterling job.

You and your counterparts in the U.K., Australia, Canada, and New Zealand (and possibly elsewhere) are able to monitor most of the communications flowing around the world. You appear to have successfully subverted the American Web services that everyone uses, and you’ve used the value and size of the U.S. market to bring all manner of Internet backbone providers and hardware vendors on-side too.

Now we also know that you have-in your own words-some capabilities against the encryption in TLS/SSL, HTTPS, SSH, VPNs, VoIP, WEBMAIL, and other network communication technologies. So even if it takes a fair amount of effort (unlike your indiscriminate data-trawling techniques), that’s basic Internet security out the window then. Nicely done.

Read more

Computer bill named for Aaron Swartz sent to Congress

New Yorker unveils open source whistleblower system designed by activist Aaron Schwartz

Agence France-Presse | Raw Story | May 15, 2013

The New Yorker magazine on Wednesday unveiled a new online system for anonymous whistleblower tips, based on technology developed by the late Internet activist Aaron Swartz and a former hacker.

The system called Strongbox was unveiled amid an uproar in the news media over the US government seizure of phone logs from the Associated Press, in a probe of a news leak which officials said threatened national security.

“This morning, The New Yorker launched Strongbox, an online place where people can send documents and messages to the magazine, and we, in turn, can offer them a reasonable amount of anonymity,” senior editor Amy Davidson said.

Read more

In Case You Missed It: Congress Takes Your Internet Privacy

Kristina Chew | Care2 | Truthout | April 20, 2013

To the disappointent of advocates for civil liberties and internet freedom, the controversial Cyber Intelligence and Protection Act (CISPA) passed the U.S. House of Representatives on Thursday by a vote of 288-127. 196 Republicans voted for the measure and almost half the House Democrats.

Few would dispute that cybersecurity is not a concern. A rapid flurry of recent cyberattacks of government and corporate websites has highlighted the issue. But as Internet security experts argue, CISPA approaches the problem in a wrongheaded manner, allowing companies to share information to make their networks more secure but at a cost to users’ rights.

To protect the U.S. against hackers, CISPA allows companies, including internet service providers, to share information, the better to coordinate efforts in the event of a cyberattack. But CISPA is vague about precisely what sort of information will be shared. As a result, “in theory everything from e-mails to medical records could end up being shipped to intelligence agencies, even if it is not needed,” the Economist points out.

Read more