| No Comments | No TrackBacks

Der Spiegel explains in detail how the NSA spies on smartphones:

For an agency like the NSA, the [smartphone] data storage units are a goldmine, combining in a single device almost all the information that would interest an intelligence agency: social contacts, details about the user's behavior and location, interests (through search terms, for example), photos and sometimes credit card numbers and passwords.

The piece denigrates "enthusiastic Apple customers and iPhone users" as "zombies," but admits that "there are no indications that the companies cooperated with the NSA voluntarily:"

The [NSA] document notes that there are small NSA programs, known as "scripts," that can perform surveillance on 38 different features of the iPhone 3 and 4 operating systems. They include the mapping feature, voicemail and photos, as well as the Google Earth, Facebook and Yahoo Messenger applications.

What other options are there? The article observes that "BlackBerry is faltering and is currently open to takeover bids:"

Security remains one of its top selling points with its most recent models, such as the Q10. If it now becomes apparent that the NSA is capable of spying on both Apple and BlackBerry devices in a targeted manner, it could have far-reaching consequences.

TPM notes that the NSA also spied on Google, Brazilian oil company Petrobas, and international funds-transfer organization SWIFT.

Cory Doctorow suggests using a dead-man's switch "to help fight back in the war on security:"

This service would allow you to register a URL by requesting a message from it, appending your own public key to it and posting it to that URL.

Once you're registered, you tell the dead man's switch how often you plan on notifying it that you have not received a secret order, expressed in hours. Thereafter, the service sits there, quietly sending a random number to you at your specified interval, which you sign and send back as a "No secret orders yet" message. If you miss an update, it publishes that fact to an RSS feed.

Such a service would lend itself to lots of interesting applications. Muck-raking journalists could subscribe to the raw feed, looking for the names of prominent services that had missed their nothing-to-see-here deadlines. Security-minded toolsmiths could provide programmes that looked through your browser history and compared it with the URLs registered with the service and alert you if any of the sites you visit ever show up in the list of possibly-compromised sites.

"The deliberate sabotage of computers," he continues, "is an act of depraved indifference to the physical security and economic and intellectual integrity of every person alive:"

If the law is perverted so that we cannot tell people when their security has been undermined, it follows that we must find some other legal way to warn them about services that are not fit for purpose.

Ars Technica asks, how does the NSA break Internet crypto? and author Dan Goodin purports to list "some of the more plausible scenarios." One way would be a backdoor "in a widely used design, say, in the cryptographic libraries included in Microsoft's Windows or Web server software, or the OpenSSL package that enables cryptographic functions in Apache and other Web servers."

"Another way to easily break encryption," he continues, "is to obtain the keys that encrypt and decrypt data [through] a combination of court orders, persuasion or threats to coerce them out of the holder [or] hack into the servers of large companies and steal them:"

Snowden and Schneier have both counseled people to trust the math that underlies cryptography. Of course, the challenge is ensuring that the software, hardware, or people implementing that math haven't been compromised, and that's becoming increasingly hard to gauge in this post-Snowden era.

No TrackBacks

TrackBack URL: http://www.cognitivedissident.org/mt/mt-tb.cgi/3599

Leave a comment

About this Entry

This page contains a single entry by cognitivedissident published on September 9, 2013 10:26 AM.

"the first honest Bible"? was the previous entry in this blog.

old age and civilization is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives


  • About
  • Contact
OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.031