Archive for the ‘Privacy and Security’ Category

Julia Reda is a member of the European Parlement. In a recent publication she writes about an important subject that has just become part of a recommendation by the European Commission: “automated upload filters” should be used, according to the Commission, to stop illegal uploads and copyright infringement.

Click to read the full communication by Julia Reda

Julia Reda first clearly states what that means:

Installing censorship infrastructure that surveils everything people upload and letting algorithms make judgement calls about what we all can and cannot say online is an attack on our fundamental rights.

I agree with that: in a democracy, there is no place for preemptive censorship.

In addition, she gives 9 clear reasons why it is silly to think that that automated filters will be able to achieve what the Commission wants: those filters don’t work very well. Unless you think cats can sing pop songs, or unless you’re OK with the voice of war victims in Syria being stifled, etc…


Read Full Post »

A while ago my iPad played up, forcing me to reinstall it through iTunes. Since I do not keep much data on the device itself, this wasn’t much of a problem, except for the time lost with a bit of tinkering and figuring out how to do it correctly – it was the first time I had to resort to this measure.

In the course of the procedure I was asked to enter my “iCloud Security Code“. I take great care to register all my passwords, as I explained in “Minding your own password business“. But my files showed no knowledge of such a code. Strange: could I have forgotten to write it down?

Searching on the Internet helped to clarify things. Matthew Green is a well-known cryptographer, and his article titled “Is Apple’s Cloud Key Vault a crypto backdoor?” not only tells you that the iCloud security Code is (usually) identical to you iPad passcode. It is, in fact, a rather comprehensive yet clear overview of how Apple handles your passcodes and crypto keys in the iCloud Keychain. Good reading material for when you have a clear mind ;-)

Read Full Post »

I have used the Signal – Private Messenger app for a long time – I even remember that it was originally called ‘TextSecure’.

Luckily for me, the app also includes support for ‘normal’ (unsecure!) SMS messages, because only a very limited number of friends and acquaintances were willing to follow me. Perhaps this news will change their minds:

Without any fanfare, the Senate Sergeant at Arms recently told Senate staffers that Signal, widely considered by security researchers and experts to be the most secure encrypted messaging app, has been approved for use.

Source: ZDNet

So the US Senate is allowed to use this app – will the Open Whisper Systems crew be proud and see this as a compliment?

Read Full Post »

In a blog post titled “Securing our Digital Economy“, the president and CEO of the Internet Society writes:

The truth is that economies can only function within a secure and trusted environment.

Which brings us to encryption. […]

Encryption is a technical building block for securing infrastructure, communications and information. It should be made stronger and universal, not weaker.

Stronger encryption? I’m all for it. Do I really have to explain that government-enforced “backdoors” in encryption tools will only weaken those tools – and the trust they are supposed to deliver?

Source: Shutterstock

Read Full Post »

Bruce Schneier says: “The Internet of Things Will Turn Large-Scale Hacks into Real World Disasters“.

Security engineers are working on technologies that can mitigate much of this risk, but many solutions won’t be deployed without government involvement. This is not something that the market can solve. Like data privacy, the risks and solutions are too technical for most people and organizations to understand; companies are motivated to hide the insecurity of their own systems from their customers, their users, and the public; the interconnections can make it impossible to connect data breaches with resultant harms; and the interests of the companies often don’t match the interests of the people.

Read Full Post »

I have been a user of TextSecure (now Signal) on Android for many years. Not that I have much to hide, nor do I have many family members or friends that use the same application to profit from the message encryption – no, just as a matter of principle. But it was only recently that I could peer into the mind of the man who created the tool: Moxie Marlinspike (this pseudonym would not look out of place in a cyberpunk novel). So thanks, Wired, for this opportunity to “Meet Moxie Marlinspike, the Anarchist Bringing Encryption to All of Us“.

Just as knives can be used to stage a terrorist attack, so can any tool be used for good as well as for bad. Does that mean we have to cripple the tool, which is what some people are asking when talking about encryption? From the Wired article:

Marlinspike follows this remark with a statement that practically no one else in the privacy community is willing to make in public: that yes, people will use encryption to do illegal things. And that may just be the whole point. “I actually think that law enforcement should be difficult,” Marlinspike says, looking calmly out at the crowd. “And I think it should actually be possible to break the law.”

Up to a degree, I concur with that statement. Of course, it does not mean that any law is there to be broken all day long, every time it is possible. But how can you make better laws, if the existing ones cannot be broken? Laws are just one of the tools humans use to organise their lives. When society evolves, e.g. because of fundamental changes in technology, laws have to change as well… Let’s just make sure we pick the right law to break.

(View his talk on Vimeo by clicking on the image)

(View his talk on Vimeo by clicking on the image)

PS. Marlinspike is not a prolific blogger, but the writing on his blog is nevertheless a good way to get an idea of how he thinks. Recommended reading – not just about encryption.

Read Full Post »

I like the NYMAG.COM article titled “I, Snowbot”. In it, the author describes the current life of Edward Snowden. The (long) text manages to include themes like telepresence, encryption and ethics, and is very much worth reading – even if you do not agree with Snowden and everything he did.

I agree with this quote, by the way:

Surveillance is ultimately not about safety. Surveillance is about power. Surveillance is about control.
Edward Snowden

Is the Snowbot part of the team, or isn't he?

Is the Snowbot part of the team, or isn’t he?

His telepresence in the USA, where he is a wanted criminal, is special, of course: as a ‘robot’, he can go where he wants… Strange for a man who never leaves Moskow, and strange too, I guess, for US law enforcement. But hey, that’s the force of the Internet – digital disruption, anyone?

Read Full Post »

Older Posts »