Aletho News

ΑΛΗΘΩΣ

Paris attackers did not use encryption, according to reports

Privacy SOS | November 18, 2015

Even before the victims of the Paris attacks had been moved from the scene or their bodies identified, members of the US national security state began speculating that encryption was likely part of the reason the terrorists were able to plot and execute their deadly mission without getting caught. Former CIA director Mike Morrell was one of the many people who advanced this theory.

“I think what we’re going to learn is that these guys are communicating via these encrypted apps, this commercial encryption which is very difficult or nearly impossible for governments to break, and the producers of which don’t produce the keys necessary for law enforcement to read the encrypted messages,” he said.

Well, Morrell and his fellow deep state power-pushers appear to be wrong. New reports indicate that the attackers actually used text messages to communicate—plain text text messages.

But does it even matter? The point the spooks are trying to make is that encryption is too dangerous for a free society to tolerate. If bad guys use it to hurt us, it means law enforcement should be able to break encryption technology that billions of people on earth use to securely transfer money, communicate, and share sensitive data.

That’s absurd. Encryption is a tool. Like many tools, it can be used by people who have good motivations or bad ones. Every security specialist worth her salt says that weakening encryption, or installing “backdoors” for cops and spies, would actually put people at greater security risk. That’s because encryption is a security technology.

This time, when the spies tried to smear security technologies in the wake of these horrific murders, they were factually wrong—these attackers didn’t even encrypt their communications. But someday we will likely find evidence that other terrorists indeed did use encryption to plot their attack. It doesn’t matter. Those terrorists will probably also use cars, face to face communication, and walks in the woods to speak without risking that the prying ears of government agents can hear them. And furthermore, investigators in France—which last spring implemented broad new snooping powers—failed to intervene in the Paris plot when the attackers didn’t use encryption. In France, encryption was not the problem.

In the United States, the Fourth Amendment is supposed to protect us from unwarranted government intrusion into our private lives. That bedrock principle of American law makes it harder for police to figure out who is up to no good. That’s by design.

There may very well someday be a case where ISIS operatives use encryption tools to plan a nefarious attack. But when that day comes, the basic facts about encryption, security, and the law won’t have changed. Encryption protects the security of billions of transactions and communications every day—from hackers, foreign governments, and cops who skirt Fourth Amendment law by using stingrays to wiretap people’s private conversations.

When we are confronted with despicable acts like the Paris attacks, our response cannot be to throw our values out the window in a fearful stupor. There are people with bad intentions in the world, yes. But weakening our digital security in response to their violence has the ultimate effect of punishing ourselves. It won’t work, and it’s not smart. Remember that the next time you hear spies spewing fact-free hysteria before the blood has even dried.

November 19, 2015 Posted by | Corruption, Deception, Full Spectrum Dominance | , , , , | Leave a comment

Twenty-Year-Old Requirement For ‘Real-time, Full-time’ Eavesdropping On Canadian Mobiles Revealed

By Glyn Moody | Techdirt | September 23, 2013

Even if it now seems likely that Linus Torvalds wasn’t approached to add a backdoor to Linux, there are plenty of others that were asked and acquiesced, as this story from The Globe and Mail in Canada makes clear:

For nearly two decades, Ottawa officials have told telecommunications companies that one of the conditions of obtaining a licence to use wireless spectrum is to provide government with the capability to monitor the devices that use the spectrum. The Sept. 17 kickoff of the auction-countdown process will underscore that commitment, made out of sight of most Canadians because it is deemed too sensitive by the government.

The secret agreement apparently contains specific details of what telecom companies must provide:

“Real-time, full-time” eavesdropping on conversations is just one of the capabilities sought by police, according to the standards. Authorities also want records of call logs, texts, keystrokes and other data, including “the most accurate geographical location known.”

Communications made with encryption provided by the carrier must be decrypted:

Carriers that help their customers scramble communications must decrypt them. “Law enforcement requires that any type of encryption algorithm that is initiated by the service provider must be provided to the law-enforcement agency unencrypted.”

No doubt, many people might think phone companies should provide this kind of information, provided a properly executed court warrant is presented. What’s problematic here is that this has been going secretly on for 20 years, with no public oversight and with no debate about where to draw the line for such surveillance. That discussion would hardly compromise police operations, but would provide vital transparency and legitimacy. The fact that two decades after the practice started the Canadian people are finally hearing about this capability now is probably yet another beneficial knock-on effect of Edward Snowden’s leaks.

September 23, 2013 Posted by | Civil Liberties, Deception, Full Spectrum Dominance, Timeless or most popular | , , | Leave a comment

Will it work? German email companies adopt new encryption to foil NSA

RT | August 9, 2013

Communications sent between Germany’s two leading email providers will now be encrypted to provide better security against potential NSA surveillance. Experts say the move will do little to thwart well-equipped snoopers.

The “E-mail made in Germany” project has been set up in the wake of US surveillance revelations made by NSA whistleblower Edward Snowden. National Security Agency documents show that the agency intercepts 500 million phone calls, texts, and emails in Germany each month.

“Germans are deeply unsettled by the latest reports on the potential interception of communication data,” said Rene Obermann, head of Deutsche Telekom, the country’s largest email provider. “Now, they can bank on the fact that their personal data online is as secure as it possibly can be.”

Deutsche Telekom and United Internet, which operate about two-thirds of Germany’s primary email accounts, said that from now on they will use SSL (Secure Sockets Layer) – a modern, industry-standard form of encryption that scrambles signals as they are sent through cables, which is the point at which the NSA often intercepts communication. The companies will also employ exclusively German servers and internal cables when sending messages between each other.

Obermann told the media that no access to users’ email will now be possible without a warrant. However, experts claim the impact of the measure is likely to be mostly psychological and symbolic.

“This initiative helps to tackle the-day-to-day sniffing around on the communication lines but it still doesn’t prevent governments from getting information,” Stefan Frei, a research director at information security company NSS Labs, told Reuters.

As Snowden’s files revealed, the NSA specifically focuses on foreign servers – often with backing from the country that hosts them – when intercepting communication. The agency is also able to crack the SSL code, with and without help from the email operator. However, it is much harder to do so without an operator-issued “key.”

It is notable that Google and other leading companies implicated as willing participants in the PRISM surveillance program also offer SSL encoding with their email service.

“Of course the NSA could still break in if they wanted to, but the mass encryption of emails would make it harder and more expensive for them to do so,” said Sandro Gaycken, a professor of cyber security at Berlin’s Free University.

August 10, 2013 Posted by | Civil Liberties, Full Spectrum Dominance | , , , , , , , , | 3 Comments