Tag Archives: cryptography

Tech and Privacy Experts Erupt Over Leaked Encryption Bill

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

A draft of a highly anticipated Senate encryption bill was leaked to The Hill late on Thursday night, sparking a swift backlash from technology and privacy groups even before the legislation has been introduced.

The bill is co-sponsored by Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the chairman and ranking Democrat on the Senate Intelligence Committee. Both senators are leading advocates for encryption “backdoors” that would allow law enforcement and intelligence agencies to read secure messages. Some government officials, led by FBI Director James Comey, say such access is needed because criminals and terrorists are increasingly using encryption to dodge surveillance as they plot crimes and attacks. But tech and privacy advocates say there’s nothing to prevent cybercriminals and hackers from exploiting the same backdoors.

The Burr-Feinstein bill would require companies to respond to court orders for data by providing decrypted information or giving the government “such technical assistance as is necessary to obtain such information or data in an intelligible format.” The bill covers virtually every company involved with providing secure internet services, from device manufacturers and the makers of encrypted chat apps to “any person who provides a product or method to facilitate a communication or the processing or storage of data.” The bill does not lay out the penalties for refusing to comply with such court orders, as Apple recently did when it rejected the FBI’s request to help unlock an iPhone belonging to one of the San Bernardino shooters. An Apple lawyer declined to comment on the bill during a conference call with reporters on Friday.

Cryptography experts and privacy advocates immediately and overwhelmingly condemned the bill. “I could spend all night listing the various ways that Feinstein-Burr is flawed & dangerous. But let’s just say, ‘in every way possible,'” wrote Matt Blaze, a prominent cryptographer and professor at the University of Pennsylvania, in a tweet late on Thursday night. Julian Sanchez, a privacy and technology expert at the libertarian Cato Institute, responded similarly:

Advocates charge that the bill’s broad language will act as a dragnet, making nearly every tech company that provides an encrypted service subject to decryption requests that smaller companies may be unable to handle. “It will force companies that have implemented the strongest security measures to backtrack in order to poke holes in their own systems, and will prevent others from developing those systems in the first place,” said Amie Stepanovich, the US policy director for the digital freedom advocacy group Access Now, in a statement.

Reuters reported on Thursday that the White House would not support the bill, in keeping with its pledge last year not to demand any laws mandating backdoors into encryption. But White House deputy press secretary Eric Schultz insisted the report was wrong and that the bill was still under review. “The idea that we’re going to withhold support for a bill that’s not introduced yet is inaccurate,” he told reporters aboard Air Force One.

Continued: 

Tech and Privacy Experts Erupt Over Leaked Encryption Bill

Posted in alternative energy, Anchor, Casio, Cyber, Everyone, FF, G & F, GE, LG, ONA, Radius, solar, Uncategorized, Venta | Tagged , , , , , , , , | Comments Off on Tech and Privacy Experts Erupt Over Leaked Encryption Bill

NSA Paid Security Company to Adopt Weakened Encryption Standards

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

A few months ago, we learned via the Snowden leaks that the NSA had been busily at work trying to undermine public cryptography standards. One in particular was a random number generator used for creating encryption keys in RSA’s BSafe software. But Reuters reports there’s more to the story:

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

….Most of the dozen current and former RSA employees interviewed said that the company erred in agreeing to such a contract, and many cited RSA’s corporate evolution away from pure cryptography products as one of the reasons it occurred.

But several said that RSA also was misled by government officials, who portrayed the formula as a secure technological advance. “They did not show their true hand,” one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption.

Well, look. There are a very limited number of reasons that the NSA would be so eager for you to use their encryption software that they’d be willing to pay you $10 million to do it. Surely someone at RSA must have had some inkling of what was going on.

Probably more than an inkling, if I had to guess. But this certainly goes to show just how serious and relentless the NSA has been about crippling the public use of cryptography. The president’s surveillance commission recommended on Friday that this stop, and since trustworthy encryption is critical to trust in the internet as a whole, it would sure be nice of President Obama put a stop to this.

Source: 

NSA Paid Security Company to Adopt Weakened Encryption Standards

Posted in FF, GE, LG, ONA, PUR, Uncategorized, Venta | Tagged , , , , , , , , , | Comments Off on NSA Paid Security Company to Adopt Weakened Encryption Standards