Crypto and Privacy Links
The privacy links are for nostalgia buffs
(but not anymore, since some degree of privacy is now possible).
New links are added to the top of the list.
- Windows 10:
- ‘Incredibly intrusive’: Windows 10 spies on you by default
- ‘Don’t spy on me!’ How to opt out of Windows 10’s intrusive defaults
- Windows 10 Shares Wi-Fi Passwords With Your Contacts — Here's How to Disable It
- Alex Krasodomski: The focus on terror has distorted the debate on encryption
- Robots to replace border police? To speed up lines at airports, French firm [Thales] to scan your irises
[Thales] has the French state as a major shareholder. ... "Today, it’s testing at the border, tomorrow it could be facial recognition deployed in public places," Dave Maass, Electronic Frontier Foundation, said. "Today, the photos taken are being kept segregated from other departments and agencies, tomorrow they could be shared for a whole host of other purposes."
- Patrick Wallace: Encryption and the Consequences of Public Policy
- David Cameron Wants To Ban Encryption
- UK internet firms warn of more mass surveillance
- Backdoor demands cause PGP founder to quit US
- Jolly Roger’s Security Guide for Beginners
- Is your VPN Legit or Shit?
- Tails — privacy for anyone anywhere
- The Tor Project — Anonymity Online
- Surveillance Self-Defense (Tips, Tools and How-tos for Safer Online Communications) from EFF.
- Alfredo Lopez (2015-04-21): The Encryption Debate is Really About How Best to Spy on You
Nobody is saying the obvious: cracking encryption to steal data is unconstitutional and illegal and this debate is taking place at a moment when massive movements of protest are convering the streets of our cities organized through social media and cell-phone communications. ... Both the First and Fourth Amendments to the Constitution make absolutely clear that the government cannot do mass data capture. There is no fuzziness about that in the document’s wording. Data from citizens can only be captured with a court-approved search warrant and then only when the object of the data seizure is specifically described in the warrant. ... Privacy, the constitutional principle written to protect movements and citizen organizing (among other things), has been washed down the legal drain. The only protection we have is to encrypt what we send and constitutionally we have an absolute right to do so.
- Computer Processes, Spyware, and Adware — Alphabetical Directory
- Marshall Honorof (2015-04-15): How to Decrypt Files Seized by CoinVault Ransomware
- Lee Munson (2015-04-13): The NSA wants a multi-part encryption key for 'front door' access to your data
- Bruce Schneier's new book: Data and Goliath — The Hidden Battles to Collect Your Data and Control Your World (reviewed by EFF)
- Australia's 2015 data retention law (passed March 2015)
- Malcolm Turnbull says access to journalists' metadata 'a special case'
The Greens senator Scott Ludlam said the last-minute amendments to protect journalists “did nothing to protect the 23 million other Australians who will still be exposed to out of control warrantless surveillance”.
- Data retention laws pass Federal Parliament
- Australian government minister: Dodge new data retention law like this
- Malcolm Turnbull explains how people can avoid having metadata collected
- Greens' Scott Ludlam provides tips on how to hide metadata from government
- Washington 'real danger' of cyber warfare, not China or N. Korea — WikiLeaks
- Spyware Warrior —"Waging the war against spyware". Has a page with a lot of crypto links.
- Hack gave U.S. and British spies access to billions of phones
U.S. and British spies hacked into the world's biggest maker of phone SIM cards [Gemalto], allowing them to potentially monitor the calls, texts and emails of billions of mobile users around the world, an investigative news website reported.
- Britain’s “War on Terror” Insanity Continues — David Cameron Declares War on Encryption
- Is the attack on Charlie Hebdo a reason for air travel surveillance?
In a speech today in Strasbourg opening the current session of the European Parliament, the President of the European Council (the executive branch of the European Union, comprised of national governments) invoked the attack on the satirical cartoonists of Charlie Hebdo as a reason for popularly-elected EU legislators to put aside their previous objections and enact a comprehensive EU-wide mandate for surveillance and profiling of airline passengers on the basis of Passenger Name Record (PNR) data from airline reservations.
- Travel Surveillance, Traveler Intrusion
- Cryptohippie's Guide To Online Privacy
- Trevor Timm (2014-11-15): First Snowden. Then tracking you on wheels. Now spies on a plane. Yes, surveillance is everywhere
US government-owned airplanes that can cover most of the continental United States are covertly flying around the country, spying on tens of thousands of innocent people’s cellphones. It sounds like a movie plot, but in a remarkable report published on Thursday, the Wall Street Journal exposed that these spy planes are part of an actual mass surveillance program overseen by the Justice Department (DOJ). And it’s been kept secret from the public for years.
- UN Votes to Protect Privacy in Digital Age
- A Guide for Guarding Personal Information in the Workplace — "Key Principles for a Solid Plan for Information Security"
- Susan Stellin (New York Times, 2013-10-21): Security Check Now Starts Long Before You Fly
At the heart of the expanded effort is a database called the Automated Targeting System ... [which] is used to decide who is placed on the no-fly list — thousands of people the United States government has banned from flying — and the selectee list, an unknown number of travelers who are required to undergo more in-depth screening ... The T.S.A. also maintains a PreCheck disqualification list, tracking people accused of violating security regulations, including disputes with checkpoint or airline staff members. Much of this personal data is widely shared within the Department of Homeland Security and with other government agencies ... and in some cases, [with] private companies for purposes unrelated to security or travel.
- James Kanter (New York Times, 2013-10-21): Rules Shielding Online Data From N.S.A. and Other Prying Eyes Advance in Europe
- Burner Phone
The simplest, most anonymous, and most affordable disposable cell phone ever manufactured. Made for people who value security and privacy.
- Glimmerglass Intercepts Undersea Cable Traffic for Spy Agencies
- NSA Prism: Why I'm boycotting US cloud tech — and you should too
- CryptoCloud: Leave Surveillance Behind — Forever
- Alexander Hanff:
- 2013-06-10: PRISM — Where do we go from here?
- 2013-06-13: PRISM-Break List is dangerously misleading
- 2013-06-22: Still trust DuckDuckGo?
- Julian Assange (2013-07-09): How cryptography is a key weapon in the fight against empire states
What began as a means of retaining individual freedom can now be used by smaller states to fend off the ambitions of larger ones
- The Guardian (2013-06-21): Mastering the internet: how GCHQ set out to spy on the world wide web
Project Tempora — the evolution of a secret programme to capture vast amounts of web and phone data
- EFF Answers Your Questions About Border Searches — Advice on safeguarding your laptop and digital devices from warrantless searches at the U.S. border.
- Glenn Greenwald and Ewen MacAskill (UK Guardian, 2013-06-07): NSA Prism program taps in to user data of Apple, Google and others
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian. The NSA access is part of a previously undisclosed program called PRISM, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
- Glenn Greenwald (UK Guardian, 2013-06-06): NSA collecting phone records of millions of Verizon customers daily
The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April. ... Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.
But at the very least they can know who you're calling and they can track your movements. Whenever you switch on your cellphone they know instantly where you are.
- Data Leak Shakes Notion of Secret Offshore Havens and, Possibly, Nerves
[Some rich people who hide their money to avoid paying taxes on it] are suddenly very anxious after the leak of 2.5 million files detailing the offshore bank accounts and shell companies of wealthy individuals and tax-averse companies. ... [The] the enormous size of the data dump obtained by the International Consortium of Investigative Journalists ... has punched a big hole in the secrecy that surrounds what the Tax Justice Network estimates are assets worth at least $21 trillion held in offshore havens.
- Encryption Learning Center — links to articles on various aspects of encryption and security.
- Peter Lee: US digs in for cyber warfare
In the United States, providing government law enforcement with back-door access to networks, aka 'lawful intercept', is a legal requirement for digital telecom, broadband Internet, and voice-over-IP service and equipment providers under the CALEA (Communications Assistance to Law Enforcement Act) law. The Federal Bureau of Investigation (FBI) is currently lobbying the US administration and the Federal Communications Commission to require that social-media providers such as Facebook provide similar access so that chats and instant messaging can also be monitored in real time or extracted from digital storage.
- Australia Moves to Massively Expand Internet Surveillance
The Australian government has proposed sweeping changes to its surveillance and national security laws. The government's wish list includes mandatory data retention, surveillance of social networks, criminalization of encryption, and lower thresholds for warrants.
Under the guise of expanding "the fight against terrorism" the Australian spooks wish to "establish an offence for failure to assist in the decryption of communications". So if you have some proprietary commercial information which you encrypt and send in a file to a colleague, and if you refuse a request by the Australian government to allow them to decrypt that file, then you can be charged with the commission of a crime (proposed penalty as yet unstated but could be imprisonment).
- Senate panel criticizes anti-terrorism data-sharing centers
A federal domestic security effort to help state and local law enforcement catch terrorists by setting up more than 70 information-sharing centers around the country has threatened civil liberties while doing little to combat terrorism, a two-year examination by a Senate subcommittee found.
And here is a link to the report itself.
- Dwayne Winseck: Big New Global Threat to the Internet or Paper Tiger?: the ITU and Global Internet Regulation, Part I
- John Feffer: The worm that turned on the US
Offensive cyber-tactics fall into five basic categories: using the Internet to win hearts and minds; denial of service attacks that effectively paralyze websites; electronic attacks on infrastructure such as nuclear power plants; sabotage through the sale of defective hardware or software; and operational attacks that accompany conventional battle plans ...
- James Bamford: The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)
TThe purpose of the NSA's "Utah Data Center" is "to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. ... Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails — parking receipts, travel itineraries, bookstore purchases ...
- Chris Crum: Social Discovery is BIG (and Creepy?) at SXSWThere's a new trend in social media and application development, and it's called ‘social discovery’.
The one thing social networking is NOT about, is “giving” people opportunities to connect better, unless that means better opportunity for exposure to product and data gathering by government. Once upon a time there were phone calls and actual face to face connecting. And then along came email which made it possible to connect quickly and cheaply with those who were far away and did that very well actually but unfortunately there was no place for marketing in private email exchanges so email had to be replaced.
Here’s my stand, I choose NO, so I don’t do Facebook, Twitter or any online social networking site because I know what the true purpose is, i.e., harvesting target info. I discourage my clients from this as well. Amazingly I survive quite well without being “connected” or “liked” and I am quite sure there is plenty of information about me available anyway. I’m such a relic I do my interacting the old fashioned way with people I have intimate relationships; I communicate one on one, face to face, by phone and the now archaic tool of email. There is no substitute for this kind of interaction with humans. None. It seems to me that the more knowledge has increased, the more information we have, the less we really know because not only has the human touch thing been circumvented by digital technology, humanity itself is now systematically being counterfeited with a shallow reproduction. We are becoming programed holograms. The real deal, that unique part of humanity that has always been delightfully serendipitous, has now been replaced with a robotic, predictable, never allowed to step sideways, soul-less clone that lives for, acts and reacts, and by default witlessly worships, the god of commerce.
- Anick Jesdanun: 5 ways to control your privacy on Google
- Recording Everything: Digital Storage as an Enabler of Authoritarian Governments
[Soon] it will become technologically and financially feasible for authoritarian governments to record nearly everything that is said or done within their borders — every phone conversation, electronic message, social media interaction, the movements of nearly every person and vehicle, and video from every street corner. Governments with a history of using all of the tools at their disposal to track and monitor their citizens will undoubtedly make full use of this capability once it becomes available.
- Carrier IQ Withdraws Legal Threat Against Security Researcher
[Security researcher Trevor] Eckhart said he'd discovered Carrier IQ's software secretly monitoring “many U.S. handsets sold on Sprint, Verizon, and more.” He estimated that it was running on more than 141 million handsets. Furthermore, as installed by carriers, the software oftentimes couldn't be removed, or could be removed only by advanced users willing to root their phones.
- Can the [U.S.] government take away my laptop?
Federal Customs and Border Patrol agents have the [legal] right [according to the 9th Circuit Court in San Francisco] to confiscate and examine electronic devices belonging to anyone entering the United States. The agents aren't required to have probable cause before searching someone's devices. And they can look for any evidence of any crime at all.
- Tighter oversight on border laptop searches
The procedures also allowed border agents to retain documents and devices for 'a reasonable period of time' to perform a thorough search 'on-site or at an off-site location.'
So if you enter the U.S. with a laptop you can expect federal agents to look through your personal files and maybe even take your laptop away for a few hours or days and perhaps even copy the entire hard drive. Better to stay far away.
- Digital Due Process — Modernizing surveillance laws for the digital age
The Electronic Communications Privacy Act ... is a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for both service providers and law enforcement agencies. ECPA can no longer be applied in a clear and consistent way, and, consequently, the vast amount of personal information generated by today's digital communication services may no longer be adequately protected.
- Cryptome.org is a respected website which for many years has served as an archive for documents relating to privacy and other matters. Its stated purpose is to make available to the public documents
that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those. Documents are removed from this site only by order served directly by a US court having jurisdiction. No court order has ever been served ...
- JR Raphael, PC World: The Google-NSA Alliance: Questions and Answers
- New Spy Software Coming On-Line: "Surveillance in a Box" Makes its Debut
- An Illustrated Guide to the Kaminsky DNS Vulnerability
This paper covers how DNS works: first at a high level, then by picking apart an individual packet exchange field by field. Next, we'll use this knowledge to see how weaknesses in common implementations can lead to cache poisoning.
- Former AT&T worker details federal Internet spying in S.F.
In an interview Tuesday [2007-11-06], he [Mark Klein] said the NSA set up a system that vacuumed up Internet and phone-call data from ordinary Americans with the cooperation of AT&T. Contrary to the government's depiction of its surveillance program as aimed at overseas terrorists, Klein said, much of the data sent through AT&T to the NSA was purely domestic.
- How to surf anonymously without a trace
Several ways to protect yourself from the feds and others
- Schneier on Security: Hackers Clone RFID Passports
- A Cost Analysis of Windows Vista Content Protection
- Wayne Madsen: Crypto AG: The NSA's Trojan Whore?
- Joris Evers and Declan McCullagh: Security risks of e-passports exposed
Radio tags used in everything from building access cards to highway toll cards to passports are surprisingly easy to copy and pose a grave security risk, researchers said this week.
"At security conferences researchers demonstrated that passports equipped with radio frequency identification (RFID) tags can be cloned with a laptop equipped with a $200 RFID reader and a similarly inexpensive smart card writer. In addition, they suggested that RFID tags embedded in travel documents could identify US passports from a distance, possibly letting terrorists use them as a trigger for explosives.
- Ingrid Melander: EU court rules airline data deal with U.S. illegal
- Ryan Singel: Whistle-Blower Outs NSA Spy Room (Also here and here.)
AT&T provided National Security Agency eavesdroppers with full access to its customers' phone calls, and shunted its customers' internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center, according to a former AT&T worker cooperating in the Electronic Frontier Foundation's lawsuit against the company.
- Eric Weiner: Wiretapping, European-Style
Think Bush's warrantless NSA surveillance is bad? Wait till you hear what the British government does.
- EFF's Class-Action Lawsuit Against AT&T for Collaboration with Illegal Domestic Spying Program
- William M. Arkin: NSA Expands, Centralizes Domestic Spying
The Stop Badware Coalition will seek to spotlight companies that make millions of dollars by tricking Web users into putting spyware, adware or other deceptive software on their machines ...
- Bruce Schneier on Project Shamrock
- How to Make an RFID Blocking Wallet
- The media must learn the difference between a wiretap and "Echelon" (What's Echelon?)
- Pam Dixon: Your Net Health: Why Some Cookies Can Be Hazardous, and How to Say No
- Cookie Central is a good source of information about cookies and has download links to software for protecting yourself against cookie intrusions.
Cookies are based on a two-stage process. First the cookie is stored in the user's computer without their consent or knowledge. ... This happens without any notification or user consent. As a result, personal information ... is formatted by the Web server, transmitted, and saved by the user's computer.
During the second stage, the cookie is clandestinely and automatically transferred from the user's machine to a Web server. Whenever a user directs her Web browser to display a certain Web page from the server, the browser will, without the user's knowledge, transmit the cookie containing personal information to the Web server.
- Doug Thompson: An enemy of the state
- Steve Jones: GCHQ — Government Communications HeadQuarters (Also here.)
Europe's most powerful intelligence gathering agency
- John Perry Barlow: Decrypting the Puzzle Palace
- Chapter 8, Chapter 9 and Chapter 10 of James Bamford's The Puzzle Palace: A Report on America's Most Secret Agency
- Techi Warehouse's :: Security :: page.
- Handbook for bloggers and cyber-dissidents
Practical advice and technical tips to help bloggers stay anonymous and to help web surfers circumvent censorship.
- Electronic Frontier Foundation decodes printer tracking dots
- Want to check your e-mail in Italy? Bring your passport.
An antiterror law makes Internet cafe managers check their clients' IDs and track the websites they visit.
- 4th Amendment & The People Under the Eaves — Echelon, Carnivore, CODIS and Privacy
- Andrew Kalukin: Automating Camera Surveillance
Recent developments in computer vision, robotics, and pattern matching increase the possibility of drastic social transformations. The dictatorship of Big Brother had one small limitation of power: it depended on the obedience and vigilance of subordinates to enforce control. The application of data mining methods to massive video data sets enables a sufficiently organized power to outmatch humans in carrying out surveillance.
- Zip File Password Cracking
- How Companies Can Track Your Movements on the Intenet
- John Dillon: Are the Feds Sniffing Your Re-Mail?
- Smile for the US Secret Service
- Jonathan Wheeler: US adopts National ID: Homeland Security Now In charge of Regulations for all US States Drivers Licenses and Birth Certificates
- J. Orlin Grabbe: In Praise of Hawala
- Privacy International
- Internet Explorer security warnings [link expired]
To summarise: absence or presence of digital signature in downloaded program DOES NOT indicate if downloaded program is safe or not. Vast majority of programs available on the net is useful, safe and NOT digitally signed.
- Charles Arthur: Microsoft's browser dominance at risk as experts warn of security holes
Last week researchers at the Internet Storm Centre discovered a malicious program that used a flaw in the [Internet Explorer] software to install itself on the user's PC when a particular pop-up ad appeared. It would then monitor the user's typing when they visited any of 50 bank sites, including Barclays Bank, Citibank and Deutsche Bank.
- Accenture's 'Virtual Border' Project
Accenture and its partners will need to link the vast amounts of data that biometric devices capture with legacy databases of immigration, customs, law-enforcement, and intelligence agencies. ... it also will need to analyze data to spot suspicious activities.
- James Lewis: RFID: Big Brother Gets Small (86 Kb PDF file)
To help counteract counterfeiting of the new currency, the EU is hoping to have a new RFID [radio frequency identification] tagging system in place by 2005. Each piece of currency will have a tag with a unique code which should be irreproducible by counterfeiters. ... [T]his also means that the governments would also be able to track the money when it is not being used in illegal transactions. This would mean that any money you had in your possession could be used to track you, no matter which EU country that you were in.
- Declan McCullagh: Howard Dean's 'smart ID' plan
[Dean] called for state drivers' licenses to be transformed into a kind of standardized national ID card for Americans. ... Dean also suggested that computer makers such as Apple Computer, Dell, Gateway and Sony should be required to include an ID card reader in PCs — and Americans would have to insert their uniform IDs into the reader before they could log on.
- Infiltration of files seen as extensive — Senate panel's GOP staff pried on Democrats
Republican staff members of the US Senate Judiciary Commitee infiltrated opposition computer files for a year, monitoring secret strategy memos and periodically passing on copies to the media ...
- Reuters: U.S. Says Deal Reached with EU on Air Passengers [link expired and article not available by search]
Washington has requested non-U.S. airlines to hand over up to 39 pieces of data for each passenger, including credit card details, home address and phone number.
- Europe approves air passenger data transfers to US
The key comment in Mr Bolkestein's statement is that the Commission has made its 'political judgement' in favour of transfer in the hope that any privacy problem will be in the meantime resolved. In short, the statement should be seen as a mechanism to boot the privacy problems into the long grass whilst allowing the US authorities access to the data they want.
- Statewatch — monitoring the state and civil liberties in the European Union
- EFF's Privacy, Security, Crypto & Surveillance
- Netsurfer Focus on Cryptography and Privacy
- Adam Back's Crypto Pages
- Declan McCullagh's Politech
- Raymond Ker: The New McCarthyism
- Drug Enforcement Takes Control of Domain Names, Threatens Privacy
- Mark Ward: The hidden dangers of documents
Your Microsoft Word document can give readers more information about you than you might think.
If concerned, open your MS Word document with a text editor such as Notepad, which shows everything.
- Chapter 8, Signals Intelligence, from Jeffrey T. Richelson's The U.S. Intelligence Community
Another reconnaissance project involving submarines ... involved implanting a device to intercept the signals transmitted along a Soviet underwater cable in the Sea of Okhotsk, between the Kamchatka Peninsula and the eastern Soviet coastline. A combined Navy-NSA team, operating from a submarine, installed a miniaturized waterproof eavesdropping device — a large tape pod that fit over the Soviet cable, through which key Soviet military and other communications flowed. The pod had a wraparound attachment that intercepted the cable traffic by "induction" ... The Sea of Okhotsk operation continued until 1981, when former NSA employee Ronald Pelton sold the Soviets information about the operation.
- Carl Ellison's website includes Attempt versus Succeed — a discussion of the right of a US citizen to attempt to keep secrets, even from the government.
- Towards A European Framework for Digital Signatures And Encryption, a report on encryption policy released in 1997 by the European Commission (a Word/Wordpad document).
- Brian J. Bocketti: United States Encryption Export Policy: Turning the Corner
- Eckpunkte der deutschen Kryptopolitik (Bonn, 1999-06-02)
English translation: Key Elements of Germany's Encryption Policy
- Cryptography World
TA website "designed to help you understand the basics of cryptography ... [and to provide] access to a series of resources to help you apply, and implement, cryptographic solutions.
- Tom White: Head for the Hills, the End Is Nigh
- The Beginning of the End of Freedom on the Internet
- Nat Hentoff: We'll All Be Under Surveillance
Without any official public notice, and without any congressional hearings, the Bush administration — with an initial appropriation of $200 million — is constructing the Total Information Awareness System. It will extensively mine government and commercial data banks, enabling the FBI, the CIA, and other intelligence agencies to collect information that will allow the government ... 'to essentially reconstruct the movements of citizens.' This will be done without warrants from courts, thereby making individual privacy as obsolete as the sauropods of the Mesozoic era.
- Identity-based Internet idea shelved [webpage (re)moved]
[A] Pentagon research agency ... considered but rejected ... tagging Internet data with unique personal markers to prevent anonymous use of some parts of the Internet. ... The plan, known as eDNA ... would have divided the Internet into secure 'public network highways' where a user would need to be identified, and 'private network alleyways' which do not require identification. ... [The proposal] read in part: 'We envisage that all network and client resources will maintain traces of user eDNA so that the user can be uniquely identified as having visited a Web site, having started a process or having sent a packet. 'This way, the resources and those who use them form a virtual 'crime scene' that contains evidence about the identity of the users, much the same way as a real crime scene contains DNA traces of people.'
So it seems that, for the authors of this proposal, accessing a website, or using the internet for any purpose at all, makes one a virtual criminal. What will they think of next?
- CNN: Crypto expert: Microsoft products leave door open to NSA
But it's even worse ... there's a "third key" ...
- Duncan Campbell: How NSA access was built into Windows
- Windows XP vulnerable to 'serious' attacks [webpage (re)moved]
Microsoft's newest version of Windows, billed as the most secure ever, contains several serious flaws that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software.
- Microsoft issues patch for "serious" XP hole
Microsoft may have touted Windows XP as the most secure operating system it has made, but the company on Thursday released a bug fix for a security hole that could leave some people's systems open to malicious attack.
- FBI wants access to worm's pilfered data
The FBI is asking for access to a massive database that contains the private communications and passwords of the victims of the Badtrans Internet worm. Badtrans spreads through security flaws in Microsoft mail software and transmits everything the victim types. ... [T]he worm replicates by sending copies of itself to all other email addresses found on the host's machine, and installs a keystroke-logger capable of stealing passwords ... The FBI wants indiscriminant access to the illegally extracted passwords and keystrokes of over two million people without so much as a warrant.
- Judge Demands Documents on FBI Computer Spy System [webpage (re)moved]
A federal judge on Friday [2001-09-07] ordered prosecutors to show him documents next week describing how a classified FBI computer spying system works, saying their argument the system should be kept secret from defense attorneys was "gobbledygook." ... During its 1999 investigation [of Nicodemo Scarfo], the FBI obtained a search warrant to secretly install a "key logger device" on the computer ... The government is resisting the disclosure, claiming the system is classified and that revealing it would endanger national security. But when prosecutors presented an affidavit on Friday from a high-level Justice Department official exhorting the system's classified status, U.S. District Court Judge Nicholas Politan said it was gibberish. ... " It says the guides (that define classified material) are even secret. ..." he said.
- The story about Crypto AG — with many annotated links.
- Researchers fault independent review of Carnivore
Carnivore is a software program that monitors packets of data passing through an Internet service provider's network. Officials at the FBI and the DOJ have said the surveillance system can only be legally deployed to monitor alleged criminal activity under a court order, but privacy advocates are worried that the software could lead to widespread and random surveillance of e-mail messages.
- Carnivore review confirms extended abilities of FBI sniffing software
The concern for privacy advocates ... is the potential for broad-sweeping data collection if the software isn't configured properly. ... According to the report, Carnivore will collect all e-mails in a packet delivered to an Internet service provider if its filters aren't set properly.
- UK Internet 'spy' plan condemned
In a report to the British government, spy agencies MI5 and MI6 and the police jointly request new legislation requiring communication service providers (CSPs) to log their traffic and keep the details for seven years. The proposals, drawn up by the National Criminal Intelligence Service (NCIS), suggest that the log would help the fight against cybercrime, paedophile rings, terrorism and drug trafficking.
- U.K. e-mail snooping bill passed
The surveillance bill granting the U.K. government sweeping powers to access e-mail and other encrypted Internet communications passed its final vote in the House of Commons on Wednesday and is set to become law on October 5 .
- The Wiretapping of Executives From Multinational Companies [webpage (re)moved]
S46 of the [UK Regulation of Investigatory Powers] Bill simply authorises 'any person by means of the exercise of a statutory power' to demand the key which will unlock the encryption." — A reason for multinationals to go elsewhere?
Hackers know the weaknesses in your system. Shouldn't you?
- Surveillance bill under fire
The critics say the legislation, if passed, could lead to innocent people being sent to jail simply because they have lost their data encryption codes.
- Cryptography's Role in Securing the Information Society
- Crypt Newsletter
- Center for Democracy and Technology: Encryption Issues
- Duncan Campbell: Coded Message
(For more articles of interest see Duncan Campbell's web site.)
- The University of Arizona has the following crypto web pages:
- Cryptography and Liberty 1999: An International Survey of Encryption Policy
- CNN: Business manager linked to prostitute through Hotmail hole
- Encryption Policy Resource Page
This web site is dedicted to educating Internet users, policy makers, and the public about the need to reform US encryption policy. On this site you will find a report by leading cryptographers and computer scientists which says that the U.S. Government encryption plan is risky and impractical.
- The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption.
The authors of this report conclude: "Key recovery systems are inherently less secure, more costly, and more difficult to use than similar systems without a recovery feature. The massive deployment of key-recovery-based infrastructures to meet law enforcement's specifications will require significant sacrifices in security and convenience and substantially increased costs to all users of encryption. Furthermore, building the secure infrastructure of the breathtaking scale and complexity that would be required for such a scheme is beyond the experience and current competency of the field, and may well introduce ultimately unacceptable risks and costs".
- Global Internet Liberty Campaign
- Simson Garfinkel and Gene Spafford: Who Do You Trust?
Chapter 27 of Practical UNIX and Internet Security.
- Telopolis (articles in German)
- Peter Gutmann: Security and Encryption-related Resources and Links
- Quadralay's Cryptography Archive
- David Wagner has a web page of cryptographic links: Link farms, Documents, Groups and communities, Tools and systems.
- Cryptography, Encryption and Stenography Many links.
Email Encryption End-to-End Cryptosystem ME6 Hermetic Stego Cryptography Hermetic Systems Home Page