cdzombak + nsa   29

Did you know that the NSA uses Uber Drivers and Soccer Moms to Spy on You?
In the United States there are thousands of otherwise normal citizens with camera equipped cars driving the streets spying on your every move. Each day your car’s license plate is often scanned more than a dozen times, in several locations, by several different scanners from several different companies. The most common scanners are deployed on private vehicles and are capable of scanning 1,800 plates per minute. This data from these scans is uploaded to several different national license plate databases and sold to banks and law enforcement organizations — including the NSA.
nsa  ALPR  surveillance 
7 weeks ago by cdzombak
On Encryption and Terrorists
In a way, we’re implementing a fundamental technological advancement not dissimilar from the invention of cars or airplanes. Ford and Toyota build automobiles so that the entire world can have access to faster transportation and a better quality of life. If a terrorist is suspected of using a Toyota as a car bomb, it’s not reasonable to expect Toyota to start screening who it sells cars to, or to stop selling cars altogether.
encryption  privacy  security  nsa  society  terrorism 
november 2015 by cdzombak
Keys Under Doormats - mandating insecurity by requiring government access to all data and communications
Twenty years ago, law enforcement organizations lobbied to require data and communication services to engineer their products to guarantee law enforcement access to all data. After lengthy debate and vigorous predictions of enforcement channels “going dark,” these attempts to regulate the emerging Internet were abandoned. In the intervening years, innovation on the Internet flourished, and law enforcement agencies found new and more effective means of accessing vastly larger quantities of data. Today we are again hearing calls for regulation to mandate the provision of exceptional access mechanisms. In this report, a group of computer scientists and security experts, many of whom participated in a 1997 study of these same topics, has convened to explore the likely effects of imposing extraordinary access mandates.

We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.

From some big, big names:
Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner
privacy  security  cryptography  encryption  government  culture  nsa  filteype:pdf 
august 2015 by cdzombak
How Worried Should We Be About the Alleged RSA-NSA Scheming? | Wired Opinion |
If the NSA sabotaged a secure random number generator in a widely used commercial library, it used an extremely blunt instrument. It wasn’t narrowly focused on a particular system used by its targets, or even any particular system at all. Indeed, just as we will have a hard time unraveling just what has been compromised, the NSA could not have predicted everything it will end up compromising. It is the doomsday nuclear option of cryptographic backdoors, forever contaminating whatever it comes into contact with … whether friend or foe.

There’s far more at stake here than NSA’s reputation or RSA’s and other U.S. business interests, however. We urgently need NSA and RSA to come clean with the public so we can begin to unravel the damage that’s been done to the basic mechanisms of trust in our online world.
rsa  nsa  cryptography 
december 2013 by cdzombak
A Few Thoughts on Cryptographic Engineering: How does the NSA break SSL?
You see, the NSA BULLRUN briefing sheet mentions that NSA has been breaking quite a few encryption technologies, some of which are more interesting than others. One of those technologies is particularly surprising to me, since I just can't figure how NSA might be doing it. In this extremely long post I'm going to try to dig a bit deeper into the most important question facing the Internet today.

Specifically: how the hell is NSA breaking SSL?
ssl  nsa  cryptography  privacy  tls 
december 2013 by cdzombak
'Tor Stinks' presentation – read the full document | World news |
One interesting slide:
Can we exploit nodes?
Probably not. Legal and technical challenges.
tor  privacy  nsa 
october 2013 by cdzombak
NSA Apparently Undermining Standards, Security, Confidence
In security, the worst case—the thing you most want to avoid—is thinking you are secure when you’re not. And that’s exactly what the NSA seems to be trying to perpetuate.
nsa  encryption  security  privacy 
september 2013 by cdzombak
NSA surveillance: how to stay secure | Bruce Schneier | World news |
"Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."
security  privacy  nsa  encryption  cryptography 
september 2013 by cdzombak
[cryptography] what has the NSA broken?
With today's disclosures, the question turns to -- what has the NSA broken?
I don't believe that NSA has a complete AES break. Call me foolish if you must, but it's just not consistent with what we know so far.
However, virtually nobody properly keys their ciphers with physical entropy. I suspect that correlated key PRNG attacks are almost certainly a significant part of the NSA/GCHQ crypto break.
encryption  nsa  security  privacy  cryptography 
september 2013 by cdzombak
N.S.A. Foils Much Internet Encryption -
A notably scary part of the article that should be noted for the people who trust such power in their hands:
Only a small cadre of trusted contractors were allowed to join Bullrun. It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources.
cryptography  nsa  security  encryption  privacy  via:andrewsardone 
september 2013 by cdzombak
Why We Published the Decryption Story - ProPublica
The story, we believe, is an important one. It shows that the expectations of millions of Internet users regarding the privacy of their electronic communications are mistaken. These expectations guide the practices of private individuals and businesses, most of them innocent of any wrongdoing. The potential for abuse of such extraordinary capabilities for surveillance, including for political purposes, is considerable. The government insists it has put in place checks and balances to limit misuses of this technology. But the question of whether they are effective is far from resolved and is an issue that can only be debated by the people and their elected representatives if the basic facts are revealed.
government  journalism  nsa  privacy  via:andrewsardone 
september 2013 by cdzombak
The US government has betrayed the internet. We need to take it back | Bruce Schneier | Comment is free | The Guardian
To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it.
internet  nsa  privacy  security  via:andrewsardone  encryption  cryptography 
september 2013 by cdzombak

Copy this bookmark: