This week in Techno-Liberty (March 21)

Learning digital security: A new project, the Digital Security Exchange, is dedicated to “helping the U.S. digital security community be more responsive to the needs of civil society groups and high-risk communities.” The introductory article, by Josh Levy, states that “digital security is largely a human problem, not a technical one.” It’s hard for people without much technical knowledge to understand. It will talk with high-risk groups and match trainers up with communities.
Continue reading This week in Techno-Liberty (March 21)

A bumpy week in government surveillance

William Binney (Wikimedia)It’s been quite a week. It may well be true that Trump was wiretapped, even if he was making it up. NSA whistleblower Bill Binney said, “I think the president is absolutely right. His phone calls, everything he did electronically, was being monitored.” Contrary to Trump’s charge, there’s no evidence Obama had anything to do with it. The intelligence agencies are a power of their own, apart from what any administration tells them to do.

Meanwhile, WikiLeaks claims that “the CIA lost control of the majority of its hacking arsenal.”

WikiLeaks says the archive appears to have been circulated among former government hackers and contractors, one of whom provided WikiLeaks with portions of it. The website says the CIA hacking division involved “more than 5,000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other ‘weaponized’ malware.”

These reports confirm the impression that not much changes in the intelligence world, regardless of who is in office. The “Deep State” goes on. It provides stability, but it creates power centers that no one can do much about. Whether the intelligence agencies barge ahead independent of executive control or Trump replaces the leadership of the intelligence agencies with people loyal to him, it’s bad.

The reports tells us that the intelligence agencies need to resort to exploiting security holes to get information. That’s good news, in a way. It confirms that they don’t have widely usable backdoors into systems. Encrypted applications such as Signal and WhatsApp are still secure, as far as I can tell.

It’s clear that the CIA has its own security problems. We should be glad it doesn’t have backdoor code, or there’s no telling who’d have it by now.

This breach just adds to the reasons to take security seriously. Whether it’s the CIA or some free-lance crook trying to get into your devices, you want to keep them out. This means the usual array of precautions: Use strong passwords, don’t run suspicious attachments, use security software, beware of USB sticks in the mail, set up a firewall, etc. There’s no reason to have high tech just for its own sake, especially considering how many “Internet of Things” devices have utterly sloppy security.

When doing anything on the Internet, remember the words of Barty Crouch, Jr., in Harry Potter and the Goblet of Fire: “CONSTANT VIGILANCE!” Especially against Barty Crouch, Jr.

The real problem exposed by the Cloudflare leak

The reporting about the Cloudflare leak had me puzzled. Apparently reliable reports said that its parser bug had leaked customer sites’ HTTPS data, including passwords. My immediate reaction was to wonder how this was even possible. You can’t pull data out of someone else’s HTTPS transactions without their private key. I asked about this in a comment on a Dreamwidth post that raised the matter, and was told I was being “belligerant” by asking. Hmm … At least one IT person doesn’t want me asking. Something interesting must be going on.
Continue reading The real problem exposed by the Cloudflare leak

How to be an anonymous source on the Net

“They shouldn’t be allowed to use sources unless they use somebody’s name,” declares Donald Trump. This is a clear call for sweeping censorship, and it makes anonymity more important than ever. If Congress rubber-stamps him, it will be more dangerous than ever.

When the free press is threatened, anonymous Internet accounts can keep the truth coming. It isn’t easy. You don’t know which ones are reliable and which are just grabbing for attention. Still, whistleblowers and leakers are sometimes our only source of the truth. Some put their names on their work and risk the fury of their governments. Others stay anonymous so they can stay where they are and keep the information coming.

Being anonymous is hard.
Continue reading How to be an anonymous source on the Net

Confide is eyes-only communication, but is it secure?

Screenshot from getconfide.comThe messaging app Confide got a big publicity boost from Donald Trump’s using it. It does seem like a useful thing for highly confidential communication, if it works well. (Also for evading public records requirements.) It lets you read a message only once, a line at a time, with no going back. But it’s valuable only if it’s really secure, and some people have disputed that.
Continue reading Confide is eyes-only communication, but is it secure?

What does Jefferson Sessions mean for tech liberties?

Yesterday the U.S. Senate voted to confirm Jefferson Sessions as Attorney General. This was a key appointment in Trump’s campaign to consolidate his power, and bad for liberties of all kind, including data privacy.

In general, he’s a vile person. Sessions “has been the fiercest, most dedicated, and most loyal promoter in Congress of Trump’s agenda.” Stephen Bannon says so. He isn’t going to stand in the way, as his Sally Yates did, when Trump issues illegal and unconstitutional orders.
Continue reading What does Jefferson Sessions mean for tech liberties?