Posts Tagged privacy

Choosing A Strong Password Is Easier Than You Think

From EFF:

Randomly-generated passphrases offer a major security upgrade over user-chosen passwords. Estimating the difficulty of guessing or cracking a human-chosen password is very difficult. It was the primary topic of my own PhD thesis and remains an active area of research. (One of many difficulties when people choose passwords themselves is that people aren’t very good at making random, unpredictable choices.)

Measuring the security of a randomly-generated passphrase is easy. The most common approach to randomly-generated passphrases (immortalized by XKCD) is to simply choose several words from a list of words, at random. The more words you choose, or the longer the list, the harder it is to crack. Looking at it mathematically, for k words chosen from a list of length n, there are kn possible passphrases of this type. It will take an adversary about kn/2 guesses on average to crack this passphrase. This leaves a big question, though: where do we get a list of words suitable for passphrases, and how do we choose the length of that list?

In general choosing four five-letter words is better than one long word with number substitutions and some weird characters thrown in. It’s easier to remember and vastly harder for a computer to guess.

, , , , , , ,

No Comments

How Did The FBI Break Into iPhone?

From the EFF:

In addition, this new method of accessing the phone raises questions about the government’s apparent use of security vulnerabilities in iOS and whether it will inform Apple about these vulnerabilities. As a panel of experts hand-picked by the White House recognized, any decision to withhold a security vulnerability for intelligence or law enforcement purposes leaves ordinary users at risk from malicious third parties who also may use the vulnerability. Thanks to a lawsuit by EFF, the government has released its official policy for determining when to disclose security vulnerabilities, the Vulnerabilities Equities Process (VEP).

, , , , , , ,

No Comments

The Apple Case Could Violate The Thirteenth Amendment

If Apple is compelled to create a program that doesn’t exist for the government, that would be a type of slavery.

From Reason.com:

Instead, the DOJ has obtained the most unique search warrant I have ever seen in 40 years of examining them. Here, the DOJ has persuaded a judge to issue a search warrant for A THING THAT DOES NOT EXIST, by forcing Apple to create a key that the FBI is incapable of creating.

There is no authority for the government to compel a nonparty to its case to do its work, against the nonparty’s will, and against profound constitutional values. Essentially, the DOJ wants Apple to hack into its own computer product, thereby telling anyone who can access the key how to do the same.

If the courts conscripted Apple to work for the government and thereby destroy or diminish its own product, the decision would constitute a form of slavery, which is prohibited by our values and by the Thirteenth Amendment.

, , , , , , , , , , , , ,

No Comments

Apple, Privacy and the FBI

It’s way more complicated than the pundits are saying. To be fully informed read these articles.

From the EFF:

…the FBI’s demands reflect a familiar pattern of security agencies leveraging the most seemingly compelling situations—usually the aftermath of terror attacks—to create powers that are later used more widely and eventually abused. The government programs monitoring the telephone system and Internet, for example, were created in the wake of the 9/11 attacks. Those programs came to undermine the rights of billions of people, doing more damage to our security than the tragic events that prompted their creation.

ArsTechnica discusses Fifth Amendment issues:

But the Fifth Amendment goes beyond the well-known right against compelled self-incrimination. The relevant part for the Apple analysis is: “nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.”

The idea here is that the government is conscripting Apple to build something that it doesn’t want to do. That allegedly is a breach of its “substantive due process.” The government is “conscripting a company’s employees to become agents for the government,” as one source familiar with Apple’s legal strategy told Ars. The doctrine of substantive due process, according to Cornell University School of Law, holds “that the 5th and 14th Amendments require all governmental intrusions into fundamental rights and liberties be fair and reasonable and in furtherance of a legitimate governmental interest.”

Reason discusses the political battle over encryption:

This incident is only the latest conflict in a years-long encryption and security war waging between privacy- and security-minded groups and the law enforcement community. As more communications are digitized, authorities have been calling for industry assistance to build so-called government “backdoors” into secure technologies by hook or by crook.

Those in law enforcement fear a scenario where critical evidence in a terrorism or criminal case is beyond the reach of law enforcement because it is protected by strong encryption techniques that conceal data from anyone but the intended recipient. Hence, leaders at agencies like the Department of Justice, the Department of Homeland Security, and the National Security Agency, along with President Obama, have weighed in against strong encryption.

, , , , ,

No Comments

Fourth Amendment Should Cover Your Digital Life

From Fox News:

In an era of constant political gamesmanship and gridlock, getting things done in Congress is never easy. That was never clearer than the last Congress’ failure to pass long overdue reforms to an antiquated that today threatens the very thing it was intended to protect – the privacy of Americans’ digital communications and records.

A bipartisan group of more than 270 members of the House of Representatives co-sponsored legislation with the same underlying objective — to update the Electronic Communications Privacy Act (ECPA). And yet, these bills were left to die without a vote.

 

, , , , , ,

No Comments

Your Apps Are Following You

From The Wall Street Journal:

Computer scientists at Carnegie Mellon University concluded that a dozen or so popular Android apps collected device location – GPS coordinates accurate to within 50 meters – an average 6,200 times, or roughly every three minutes, per participant over a two-week study period.

The researchers recruited 23 users of Android version 4.3 from Craigslist and the Carnegie Mellon student body. Participants were allowed to use their own choice of apps after installing software that noted app requests for a variety of personal information; not only location but also contacts, call logs, calendar entries, and camera output. They weren’t told the purpose of the study and were screened to weed out people who had a technical background or strong views about privacy.

 

, , , , , , ,

No Comments

Google Backtracks on Default Encryption for Devices

From ArsTechnica:

In short, devices are required to support encryption, but it’s still up to OEMs to actually enable it; this is exactly what Google was doing in KitKat and older versions (PDF, see section 9.9). Full-disk encryption is expected to become a requirement in some future Android version, but it remains optional in Lollipop despite Google’s earlier statements.

 

, , , , ,

No Comments

Silent Circle Raises $50 Million

From ArsTechnica:

Terms of the buyout deal with Spanish smartphone maker Geeksphone, the phone’s hardware manufacturer, were not disclosed. Silent Circle said Thursday that it has raised $50 million and plans on showing off an encrypted “enterprise privacy ecosystem” at World Mobile Congress next week. A BlackPhone tablet is on the way, too.

“Silent Circle has brought tremendous disruption to the mobile industry and created an integrated suite of secure enterprise communication products that are challenging the status quo,” Mike Janke, cofounder and chairman of the Silent Circle board, said in a statement. “This first stage of growth has enabled us to raise approximately $50M to accelerate our continued rapid expansion and fuel our second stage of growth.”

 Silent Circle’s Enterprise Platform

, , , , , ,

No Comments

Mozilla Working To Make Privacy Easier

The company that makes the Firefox web browser has a new privacy initiative.

Today, we are excited to announce a new strategic initiative at Mozilla called Polaris. Polaris is a privacy initiative built to pull together our own privacy efforts along with other privacy leaders in the industry. Polaris is designed to allow us to collaborate more effectively, more explicitly and more directly to bring more privacy features into our products. We want to accelerate pragmatic and user-focused advances in privacy technology for the Web, giving users more control, awareness and protection in their Web experiences. We want to advance the state of the art in privacy features, with a specific focus on bringing them to more mainstream audiences.

 

, , , , ,

No Comments

Fourth Amendment Negated By AOL Terms of Service

From TechDirt:

The ACLU’s Jameel Jaffer alerts us to a district court ruling in NY that effectively says that by merely agreeing to AOL’s terms of service, you’ve waived your 4th Amendment rights. The case is the United States v. Frank DiTomasso, where DiTomasso is accused of producing child porn — with most of the evidence used against him coming from AOL. DiTomasso argues that it was obtained via an unconstitutional search in violation of the 4th Amendment, but judge Shira Scheindlin rejects that, by basically saying that AOL’s terms of service make you effectively waive any 4th Amendment right you might have in any such information.

All the more reason to use services like Silent Circle and encrypt your email.

, , , ,

No Comments

Italy Gives Google Privacy Ultimatum

From The Guardian:

Google has been given 18 months by the Italian data regulator to change how it handles and stores user data.

Users will now have to grant permission before the firm creates a profile on them, and Google has to honour requests to delete data within two months (although it will have an additional six months to remove the content from backups). Google will also have to explicitly inform users that the profiles it creates on them are for commercial purposes.

, , , , ,

No Comments

Phone Wiping Fails on Android Phones

From CNET.com:

Avast — known for its security software on Windows, Mac, and Android — purchased 20 Android smartphones from eBay, which has around 80,000 used smartphones for sale at any given time. Among the data that Avast employees recovered from the phones were more than 40,000 photos — including 250 nude male selfies — along with 750 emails and text messages, 250 contacts, the identities of four phones’ previous owners, and one completed loan application.

, , , ,

No Comments

Silent Circle Moves To Switerland

From the Silent Circle Blog:

Switzerland – the land of Privacy, Neutrality and now Silent Circle (not to mention great cheese, chocolate and watches). We are very much an international firm. We have employees scattered among 9 countries, data centers in Canada and Switzerland, and we count customers from over 130 countries with a heavy concentration of Global 1000 enterprise customers outside of North America. We decided to move our Headquarters from the Caribbean island of Nevis to Switzerland and move a lot of our customer service, finance, sales and operations into this new large office.

It was very important for us to remain a “Global Neutral Privacy Provider”, as well as a political and religious agnostic company. Switzerland has the world’s most robust privacy laws, fantastic business and financial resources and an incredible business-friendly atmosphere. In addition to being the world’s center for Human Rights, Global freedom of speech and an innovative technology hub, Switzerland is our perfect home. This move was a logical an easy decision for us. With over 75% of our customer base outside of North America and our Joint Venture company Blackphone also headquartered in our joint new office space in Switzerland – it was a natural move.

We will continue to grow our North America office in Washington, DC as well as our London office, but most of our new growth will take place in our new headquarters. So, if you find yourself in Europe or close to Switzerland, we are only a short hop or train ride away – so please do stop into our new Headquarters office to say hi.

, , ,

No Comments

EFF Calls On Companies To Enhance Security

From the Electronic Frontier Foundation:

How to Protect Your Users from NSA Backdoors: An Open Letter to Technology Companies

As security researchers, technologists, and digital rights advocates, we are deeply concerned about collaboration between government agencies and technology companies in undermining users’ security. Among other examples, we are alarmed by recent allegations that RSA, Inc. accepted $10 million from NSA to keep a compromised algorithm in the default setting of a security product long after its faults were revealed. We believe that covert collusion with spy agencies poses a grave threat to users and must be mitigated with commitment to the following best practices to protect users from illegal surveillance: Read the rest of this entry »

, , , , ,

No Comments

You Can Have Privacy on the Net

Two members of the Electronic Frontier Foundation talk about how it is possible over at Slate:

Despite all of the awareness-raising around surveillance that has taken place over the last year, many individuals feel disempowered, helpless to fight back. Efforts such as the February 11 initiative the Day We Fight Back aim to empower individuals to lobby their representatives for better regulation of mass surveillance. But legislation and policy are only part of the solution. In order to successfully protect our privacy, we must take an approach that looks at the whole picture: our behavior, the potential risks we face in disclosing data, and the person or entity posing those risks, whether a government or company. And in order to successfully fight off the feeling of futility, we must understand the threats we face.

, , , ,

No Comments