PRIVACY by DESIGN
the THREAT of SILENCE
Groundbreaking new encryption app set to revolutionize privacy and freak out the feds
by Ryan Gallagher / Feb. 4, 2013
For the past few months, some of the world’s leading cryptographers have been keeping a closely guarded secret about a pioneering new invention. Today, they’ve decided it’s time to tell all. Back in October, the startup tech firm Silent Circle ruffled governments’ feathers with a “surveillance-proof” smartphone app to allow people to make secure phone calls and send texts easily. Now, the company is pushing things even further—with a groundbreaking encrypted data transfer app that will enable people to send files securely from a smartphone or tablet at the touch of a button. (For now, it’s just being released for iPhones and iPads, though Android versions should come soon.) That means photographs, videos, spreadsheets, you name it—sent scrambled from one person to another in a matter of seconds. “This has never been done before,” boasts Mike Janke, Silent Circle’s CEO. “It’s going to revolutionize the ease of privacy and security.” True, he’s a businessman with a product to sell—but I think he is right.
The technology uses a sophisticated peer-to-peer encryption technique that allows users to send encrypted files of up to 60 megabytes through a “Silent Text” app. The sender of the file can set it on a timer so that it will automatically “burn”—deleting it from both devices after a set period of, say, seven minutes. Until now, sending encrypted documents has been frustratingly difficult for anyone who isn’t a sophisticated technology user, requiring knowledge of how to use and install various kinds of specialist software. What Silent Circle has done is to remove these hurdles, essentially democratizing encryption. It’s a game-changer that will almost certainly make life easier and safer for journalists, dissidents, diplomats, and companies trying to evade state surveillance or corporate espionage. Governments pushing for more snooping powers, however, will not be pleased.
By design, Silent Circle’s server infrastructure stores minimal information about its users. The company, which is headquartered in Washington, D.C., doesn’t retain metadata (such as times and dates calls are made using Silent Circle), and IP server logs showing who is visiting the Silent Circle website are currently held for only seven days. The same privacy-by-design approach will be adopted to protect the security of users’ encrypted files. When a user sends a picture or document, it will be encrypted, digitally “shredded” into thousands of pieces, and temporarily stored in a “Secure Cloud Broker” until it is transmitted to the recipient. Silent Circle, which charges $20 a month for its service, has no way of accessing the encrypted files because the “key” to open them is held on the users’ devices and then deleted after it has been used to open the files. Janke has also committed to making the source code of the new technology available publicly “as fast as we can,” which means its security can be independently audited by researchers.
The cryptographers behind this innovation may be the only ones who could have pulled it off. The team includes Phil Zimmermann, the creator of PGP encryption, which is still considered the standard for email security; Jon Callas, the man behind Apple’s whole-disk encryption, which is used to secure hard drives in Macs across the world; and Vincent Moscaritolo, a top cryptographic engineer who previously worked on PGP and for Apple. Together, their combined skills and expertise are setting new standards—with the results already being put to good use. According to Janke, a handful of human rights reporters in Afghanistan, Jordan, and South Sudan have tried Silent Text’s data transfer capability out, using it to send photos, voice recordings, videos, and PDFs securely. It’s come in handy, he claims: A few weeks ago, it was used in South Sudan to transmit a video of brutality that took place at a vehicle checkpoint. Once the recording was made, it was sent encrypted to Europe using Silent Text, and within a few minutes, it was burned off of the sender’s device. Even if authorities had arrested and searched the person who transmitted it, they would never have found the footage on the phone. Meanwhile, the film, which included location data showing exactly where it was taken, was already in safe hands thousands of miles away—without having been intercepted along the way—where it can eventually be used to build a case documenting human rights abuses.
One of the few people to have tested the new Silent Circle invention is Adrian Hong, the managing director of Pegasus Strategies, a New York-based consulting firm that advises governments, corporations, and NGOs. Hong was himself ensnared by state surveillance in 2006 and thrown into a Chinese jail after getting caught helping North Korean refugees escape from the regime of the late Kim Jong Il. He believes that Silent Circle’s new product is “a huge technical advance.” In fact, he says he might not have been arrested back in 2006 “if the parties I was speaking with then had this [Silent Circle] platform when we were communicating.” But while Silent Circle’s revolutionary technology will assist many people in difficult environments, maybe even saving lives, there’s also a dark side. Law enforcement agencies will almost certainly be seriously concerned about how it could be used to aid criminals. The FBI, for instance, wants all communications providers to build in backdoors so it can secretly spy on suspects. Silent Circle is pushing hard in the exact opposite direction—it has an explicit policy that it cannot and will not comply with law enforcement eavesdropping requests. Now, having come up with a way not only to easily communicate encrypted but to send files encrypted and without a trace, the company might be setting itself up for a serious confrontation with the feds. Some governments could even try to ban the technology. Janke is bracing himself for some “heat” from the authorities, but he’s hopeful that they’ll eventually come round. The 45-year-old former Navy SEAL commando tells me he believes governments will eventually realize that “the advantages are far outweighing the small ‘one percent’ bad-intent user cases.” One of those advantages, he says, is that “when you try to introduce a backdoor into technology, you create a major weakness that can be exploited by foreign governments, hackers, and criminal elements.” If governments don’t come round, though, Silent Circle’s solution is simple: The team will close up shop and move to a jurisdiction that won’t try to force them to comply with surveillance. “We feel that every citizen has a right to communicate,” Janke says, “the right to send data without the fear of it being grabbed out of the air and used by criminals, stored by governments, and aggregated by companies that sell it.”
In this video obtained by the Guardian, Raytheon’s ‘principal investigator’ Brian Urch explains how the Rapid Information Overlay Technology (Riot) software uses photographs on social networks. These images sometimes contain latitude and longitude details – automatically embedded by smartphones within so-called ‘exif header data’. Riot pulls out this information, analysing not only the photographs posted by individuals, but also the location where these images were taken
Software that tracks people on social media created by defence firm
by Ryan Gallagher / 10 February 2013
A multinational security firm has secretly developed software capable of tracking people’s movements and predicting future behaviour by mining data from social networking websites. A video obtained by the Guardian reveals how an “extreme-scale analytics” system created by Raytheon, the world’s fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare. Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients. But the Massachusetts-based company has acknowledged the technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analysing “trillions of entities” from cyberspace. The power of Riot to harness popular websites for surveillance offers a rare insight into controversial techniques that have attracted interest from intelligence and national security agencies, at the same time prompting civil liberties and online privacy concerns. The sophisticated technology demonstrates how the same social networks that helped propel the Arab Spring revolutions can be transformed into a “Google for spies” and tapped as a means of monitoring and control. Using Riot it is possible to gain an entire snapshot of a person’s life – their friends, the places they visit charted on a map – in little more than a few clicks of a button. In the video obtained by the Guardian, it is explained by Raytheon’s “principal investigator” Brian Urch that photographs users post on social networks sometimes contain latitude and longitude details – automatically embedded by smartphones within “exif header data.” Riot pulls out this information, showing not only the photographs posted onto social networks by individuals, but also the location at which the photographs were taken.
“We’re going to track one of our own employees,” Urch says in the video, before bringing up pictures of “Nick,” a Raytheon staff member used as an example target. With information gathered from social networks, Riot quickly reveals Nick frequently visits Washington Nationals Park, where on one occasion he snapped a photograph of himself posing with a blonde haired woman. “We know where Nick’s going, we know what Nick looks like,” Urch explains, “now we want to try to predict where he may be in the future.” Riot can display on a spider diagram the associations and relationships between individuals online by looking at who they have communicated with over Twitter. It can also mine data from Facebook and sift GPS location information from Foursquare, a mobile phone app used by more than 25 million people to alert friends of their whereabouts. The Foursquare data can be used to display, in graph form, the top 10 places visited by tracked individuals and the times at which they visited them. The video shows that Nick, who posts his location regularly on Foursquare, visits a gym frequently at 6am early each week. Urch quips: “So if you ever did want to try to get hold of Nick, or maybe get hold of his laptop, you might want to visit the gym at 6am on a Monday.”
Mining from public websites for law enforcement is considered legal in most countries. In February last year, for instance, the FBI requested help to develop a social-media mining application for monitoring “bad actors or groups”. However, Ginger McCall, an attorney at the Washington-based Electronic Privacy Information Centre, said the Raytheon technology raised concerns about how troves of user data could be covertly collected without oversight or regulation. “Social networking sites are often not transparent about what information is shared and how it is shared,” McCall said. “Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search.”
Raytheon, which made sales worth an estimated $25bn (£16bn) in 2012, did not want its Riot demonstration video to be revealed on the grounds that it says it shows a “proof of concept” product that has not been sold to any clients. Jared Adams, a spokesman for Raytheon’s intelligence and information systems department, said in an email: “Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation’s rapidly changing security needs. “Its innovative privacy features are the most robust that we’re aware of, enabling the sharing and analysis of data without personally identifiable information [such as social security numbers, bank or other financial account information] being disclosed.”
In December, Riot was featured in a newly published patent Raytheon is pursuing for a system designed to gather data on people from social networks, blogs and other sources to identify whether they should be judged a security risk. In April, Riot was scheduled to be showcased at a US government and industry national security conference for secretive, classified innovations, where it was listed under the category “big data – analytics, algorithms.” According to records published by the US government’s trade controls department, the technology has been designated an “EAR99” item under export regulations, which means it “can be shipped without a licence to most destinations under most circumstances”.
Convergence is Moxie Marlinspike‘s attempt to introduce fresh thinking into the debate about PKI, certificate authorities, and trust. A hint of what was in the works was in a blog post published in April (SSL And The Future Of Authenticity); the project was launched at Black Hat US in August.
Moxie advertises the project as a way of dispensing with certificate authorities (“An agile, distributed, and secure strategy for replacing Certificate Authorities”). At the first glance that’s true. You get a browser add-on (only Firefox for the time being) that, once activated, completely replaces the existing CA infrastructure. Whenever you visit an SSL site your browser will talk to two or more remote parties (notaries) and ask them to check the site’s certificate for you. If they both see the same certificate you decide to trust the site.
But when you dig deeper into the project, you realise that it consists of two parts. The first, and more important, part is the ability to delegate trust decisions from your browser to another party that’s remote to you. That means that you are no longer forced to accept the decisions of the browser vendors, but you can make your own. That ability is, for me, the most thrilling aspect of the project. The second part of the project is the current backend implementation that makes trust decisions. The approach is great in its simplicity: if you can see the same certificate from several different locations you conclude that it must be the correct certificate. We mustn’t rush, however. We’ve just been given the ability to choose whom to trust, and it’s too soon to settle on any one implementation.
In an in-depth interview, Megaupload founder Kim Dotcom discusses the investigation against his now-defunct file-storage site, his possible extradition to the US, the future of Internet freedoms and his latest project Mega with RT’s Andrew Blake – full transcript http://on.rt.com/jmqkl5
PRIVACY by DESIGN
by Alexander Reed Kelly / Jul 24, 2012
Nicholas Merrill wants to change the world. So he tells me over rice and beans at Lupe’s East LA Kitchen in Soho, roughly a dozen blocks from where the World Trade Center once stood. He is perfectly serious. At 39 years old, with thick blond hair, a goatee the color of shaved carrots and the zeal of an idealist half his age, he describes his plan to rework the Internet landscape to protect the privacy and speech rights of individuals and organizations. Merrill achieved national fame in August 2010 when he was partially released from a gag order forbidding him to discuss with anyone the details of a secret demand for information sent to him by the FBI six years earlier. When he got the order, Merrill was running a small telecommunications company in New York City, providing Internet access to political organizations such as the progressive radio show “Democracy Now!” and the New York Civil Liberties Union, as well as a number of corporate clients. The letter, hand delivered to Merrill’s office by an FBI agent, demanded that he give up private records detailing some of his clients’ online activities and speak of the order to no one, including presumably his lawyer.
The FBI has issued nearly 300,000 “national security letters” to banks, telecommunication companies and other organizations since the Patriot Act expanded their use in 2001. The agency maintains that each request pertains to potential threats to the United States, though it appears that no single letter has yet prevented a terrorist attack. Official challenges to the practice seem to number in the single digits, but as they have been filed mostly in secret, their exact number is impossible to know. We do know, however, that Merrill’s case is among them. Merrill challenged the constitutionality of the national security letter’s prohibition on talking, and during a years-long court battle, Congress amended the law to allow recipients such as Merrill to discuss the letters with their lawyers. In 2007 Merrill penned an anonymous letter about his experience for The Washington Post. When his gag order was lifted, he was allowed to discuss the issue with the public openly. But for Merrill, these victories were not enough.
Out of his experience with the FBI, Merrill conceived of The Calyx Institute—a nonprofit “research, education and legal support group” with two objectives. First, to inform the public and shape policy conversations about privacy and freedom of expression on the Internet; and second, to provide the basis for an affordable, state of the art Internet service provider, a for-profit subsidiary that would use the institute’s own security software to protect users’ digital privacy from the prying eyes of identity thieves, data-mining businesses and governments. In addition to agitating for privacy rights through Calyx, Merrill says his ISP would protect every piece of information a user’s computer or telephone sends out—browsing activity, emails, instant messages, phone calls, text messages, etc.—by scrambling the data in a process known as encryption, which makes the information unreadable to whoever might capture it. (The current practice of most telecommunication companies is not to encrypt data at all.) And here’s where Merrill’s innovation comes in: His ISP would not possess the “keys” that are needed to unscramble the data. Only his customers would.
This is a potentially revolutionary idea for the telecommunications industry. In 2005, The New York Times reported that major Internet and telephone companies—later revealed to include AT&T, Verizon and Sprint—helped the Bush administration spy on Americans in the years after 9/11 by simply handing over customer records. This would be impossible under Merrill’s model. Law enforcement agencies would have to go to individuals directly or spend vast amounts of time and resources trying to unscramble the encryptions. As federal law enforcement has enjoyed virtually unlimited access to customer records over the last decade, it would seem unlikely that lawmakers would be willing to permit what Merrill proposes. But government agencies at the regional, local and federal levels stand to gain from Merrill’s innovation as well. “Privacy and cybersecurity are two sides of the same coin,” he explains, suggesting that he can keep officials’ data safer than it currently is. “I’m not at war with the FBI,” he says. “I’m for their mission. I want them to catch criminals. I just don’t want them to undercut the rule of law or undermine the Constitution.”
Merrill’s potential clientele extends even beyond government and those on whom it spies. Businesses, including big banks and defense contractors, have an interest in protecting trade secrets. Hospitals house sensitive patient records. Lawyers need to ensure client-attorney confidentiality. Journalists want to guarantee they can protect the identities of anonymous sources. And celebrities would like to feel safe from the compulsive prying of some tabloids. In addition to these realities, there is evidence of widespread and growing concern about identity theft and privacy on social media sites. Merrill says these trends suggest there are aspects of privacy that existing companies have ignored, and for which a new, profitable market could be made. If he can prove this is so with the success of his ISP, he believes he can pressure the industry’s giants to adopt the same practices. If he succeeds, he will have rewritten the industry’s standard practice using market forces trusted and cherished by capitalists, and will have left a stalled Congress and the courts in his dust.
Merrill already has a broad base of support from people in business and government. So far, he has assembled a board of advisers that boasts an Apple executive, a retired National Security Agency analyst and a Republican congressman, as well as civil rights lawyers, digital security experts and privacy activists. Before he can make his ISP a reality though, Merrill has to raise more than $1 million. This is a major hurdle, in personal and legal respects. Out of concern that a prevailing interest in profits drove the major telecom companies to go along with the Bush and now the Obama spying program, Merrill wants to incorporate his business as a nonprofit. “From my point of view, keeping it as a nonprofit would help eliminate financial incentives to screw over customers,” Merrill says. But the Internal Revenue service won’t grant an Internet service provider nonprofit status. So Merrill is being forced to tangle with the very market forces he fears.
To that end, he has been advised to seek help from the technology-minded venture capitalist community of Northern California. And there lies a personal problem. Today’s venture capitalists are almost all economic libertarians—people who think government should leave them and their money alone. Although Merrill’s privacy designs appeal directly to their desire for personal freedom, his humanitarian ambitions do not. “They want to understand that it’s a business,” he says. An airtight business plan could get Merrill the startup money he needs, but it could also mean the loss of control over his company. And that’s something Merrill is not willing give up. “I’m worried that I will one day hit a fork in the road and have to choose one path or the other,” he says between sips from his Jarritos soda, with his plate scraped clear. “That I’ll have to choose between what’s good for business and what’s the right thing to do. All these telecos and Internet service providers, they hit that and did what’s good for business. And that’s what I’m concerned about, that if you become a for-profit business and care more about money than principle, you’ll be co-opted. And I’m trying to stay true to my principles no matter what, because that’s the whole purpose of this.”