Technophobic Court Warns Against Open Source Software

From the EFF:

Should we fear open source software? Of course not. But that hasn’t stopped federal courts from issuing bizarre warnings like this:

The court would like to make CM/ECF filers aware of certain security concerns relating to a software application or .plug-in. called RECAP … Please be aware that RECAP is “open-source” software, which can be freely obtained by anyone with Internet access and modified for benign or malicious purposes … .

To understand this strange edict, we need to review the history of RECAP and why it might be unpopular with court officials . . .

Read the whole thing for all the gory details. 

Technologically Illiterate Court Claims Use of Open Wifi Is Wiretapping

While government agencies illegally and routinely spy on our everyday communications without repercussion, a court has ruled that sniffing open wifi signals may be considered wiretapping.  From Tech Dirt:

A couple years ago, we were disappointed to see a judge take the technologically wrong stance that data transmitted over WiFi is not a "radio communication," thereby making sniffing of unencrypted WiFi signals potentially a form of wiretapping. Indeed, based on that, the court eventually ruled that Google's infamous WiFi sniffing could be a violation of wiretap laws. This is wrong on so many levels... and tragically, an appeals court has now upheld the lower court's ruling.

There are serious problems with this. Under no reasonable view is WiFi not a radio communication first of all. That's exactly what it is. Second, sniffing unencrypted packets on an open network is a perfectly normal thing to do. The data is unencrypted and it's done on a network that is decidedly open. It's like saying it's "wiretapping" for turning on your radio and having it catch the signals your neighbor is broadcasting. That's not wiretapping. Third, even the court here admits that based on this ruling, parts of the law don't make any sense, because it renders those parts superfluous. Generally speaking, when a court ruling would render a part of a law completely superfluous, it means that the court misinterpreted the law . . . 

Coming Soon: Wireless Charging

From Tech Crunch:

Wireless power. It’s less sci-fi sounding than it once was, thanks to induction charging like that based on the Qi standard, but that’s still a tech that essentially requires contact, if not incredibly close proximity. Magnetic resonance is another means to achieve wireless power, and perfect for much higher-demand applications, like charging cars. But there’s been very little work done in terms of building a solution that can power your everyday devices in a way that doesn’t require thought or changing the way we use our devices dramatically. That’s where Cota by Ossia comes in.

The startup is the brainchild of physicist Hatem Zeine, who decided to focus on delivering wireless power in a way that was commercially viable, both for large-scale industrial applications and for consumer use . . . 

Verizon Lawsuit Against Open Internet in Court Today

From Ars Technica:

In December 2010, the Federal Communications Commission adopted the Open Internet Order, enshrining the concept of "network neutrality"—that Internet Service Providers must treat all data on the Internet equally—into law. . . .

ISPs don't like this, naturally, but Verizon has objected most strenuously of all. The company sued to halt the Open Internet Order, and after a couple of years worth of legal filings the case is now set to be decided by the US Court of Appeals for the District of Columbia Circuit.

Verizon and the FCC on Monday will each get 20 minutes to make their oral arguments . . . 

Google Seeks to Get in Ahead of NSA Scheme to Undermine Internet Encryption

From The Washington Post:

Google is racing to encrypt the torrents of information that flow among its data centers around the world in a bid to thwart snooping by the NSA and the intelligence agencies of foreign governments, company officials said Friday.

The move by Google is among the most concrete signs yet that recent revelations about the National Security Agency’s sweeping surveillance efforts have provoked significant backlash within an American technology industry that U.S. government officials long courted as a potential partner in spying programs.

Google’s encryption initiative, initially approved last year, was accelerated in June as the tech giant struggled to guard its reputation as a reliable steward of user information amid controversy about the NSA’s PRISM program . . . 

Netizen Self-Defense Against the NSA Adversary

Bruce Schneier literally wrote the book on Applied Cryptography.  In an article for the Guardian, provides some advice for those who are concerned about privacy and security and explains what measures he takes in order to secure his information.  From the Guardian:

I have five pieces of advice:

1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.

2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you're much better protected than if you communicate in the clear.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn't. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good.

4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.

5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about.

Is Any Private Data Safe from the Prying Eyes of Government?

Apparently not.  From the Guardian:

US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – "the use of ubiquitous encryption across the internet".