Category Archives: internet

Is Silicon Valley taking a stand in favor of surveillance reform or simply assuming a posture?

Jeff Jarvis writes: Whose side are you on? That is the question MP Keith Vaz asked Alan Rusbridger last week when he challenged the Guardian editor’s patriotism over publishing Edward Snowden’s NSA and GCHQ leaks.

And that is the question answered today by eight tech giants in their letter to the White House and Congress, seeking reform of government surveillance practices worldwide. The companies came down at last on the side of citizens over spies.

Of course, they are also acting in their own economic (albeit enlightened) self-interest, for mass spying via the internet is degrading the publics’, clients’, and other nations’ trust in the cloud and its frequently American proprietors. Spying is bad for the internet; what’s bad for the internet is bad for Silicon Valley; and — to reverse the old General Motors saw — what’s bad for Silicon Valley is bad for America.

But in their letter, the companies stand first and firmly on principle. They propose that government limit its own authority, ending bulk collection of our communication. They urge transparency and oversight of surveillance, which has obviously failed thus far. And they argue against the balkanization of the net and the notion that countries may insist that data respect national borders.

Bravo to all that. I have been waiting for Silicon Valley to establish whether it collectively is a victim or a collaborator in the NSA’s web. I have wondered whether government had commandeered these companies to its ends. I have hoped they would use their power to lobby for our rights. And now I hope government — from Silicon Valley’s senator, NSA fan Dianne Feinstein, to president Obama — will listen.

This is a critical step in sparking real debate over surveillance and civil rights. It was nice that technology companies banded together once before to battle against the overreaching copyright regime known as SOPA and for our ability to watch Batman online. Now they must fight for our fundamental — in America, our constitutional — rights of speech and assembly and against unreasonable search and seizure. ‘Tis a pity it takes eight companies with silly names to do that. [Continue reading…]

The makeup of the band of corporate reformists seems to have been dictated by PowerPoint, which is to say, everyone named on the slides leaked by Snowden wants to salvage their reputation. But the problem with this type of appeal for reform is that it’s no different from the kind that might be made by any toothless advocacy group. Indeed, if these companies just want to present a wish-list of the kind of reform they claim they would like to see, then it’s pretty obvious that if no such reform is forthcoming then it will be back to business as usual.

The only thing about which we can be absolutely confident is that now, as always, corporations will act in accordance with what they determine are their own interests.

Facebooktwittermail

Do antivirus companies whitelist NSA malware?

Mathew J. Schwartz writes: Dear antivirus vendors: Are you aiding and abetting National Security Agency (NSA) spying?

That’s the subject of an open letter, sent in October to leading antivirus vendors, from 25 different privacy information security experts and organizations. The letter asks the vendors to detail whether they’ve ever detected state-sponsored malware or received a government request to whitelist state-sponsored malware, and how they would respond to any such requests in the future.

The letter, sent from Dutch digital rights foundation Bits of Freedom, requested that the firms respond by November 15. “Please let us know if you feel that you cannot, or cannot fully, answer any of the above questions because of legal constraints imposed upon you by any government,” it said.

“Since we learned that the NSA has surreptitiously weakened Internet security so it could more easily eavesdrop, we’ve been wondering if it’s done anything to antivirus products,” letter signatory Bruce Schneier, chief security technology officer of BT, said in a blog post. “Given that it engages in offensive cyberattacks — and launches cyberweapons like Stuxnet and Flame — it’s reasonable to assume that it’s asked antivirus companies to ignore its malware. We know that antivirus companies have previously done this for corporate malware.”

As of two weeks ago, however, only six security vendors — ESET, F-Secure, Kaspersky Lab, Norman Shark, Panda, and Trend Micro — had responded to the request for information. [Continue reading…]

Facebooktwittermail

Amazon’s ‘fulfillment centers’ more like ‘slave camps’

David Streitfeld writes: On its home territory, Amazon.com is routinely hailed as a jobs machine. Thanks to its warehouse building spree, it is hiring tens of thousands of workers, plus many more for the holidays. President Obama, speaking at the retailer’s Chattanooga, Tenn., warehouse in July, called Amazon “a great example of what’s possible.”

Referring to an Amazon program that offers tuition assistance to hourly workers, Mr. Obama said, “That’s the kind of approach that we need from America’s businesses.” He also celebrated the company’s achievement in general, saying, “I look at this amazing facility and you guys, you don’t miss a beat.”

The recession might have cut deeper in Europe, making the question of new jobs even more crucial, but the attitude there is much cooler toward Amazon and its high-tech ways. In Germany, there is continuing labor strife. France is erecting barriers against the company’s aggressive discounting. And in Britain, the warehouses that so impressed President Obama have been compared, in a February story in The Financial Times, with a “slave camp.”

That shocking charge resurfaced in the latest investigation, when a BBC reporter, Adam Littler, went to work briefly at Amazon’s Swansea warehouse. His report, broadcast this week on the show “Panorama,” showed him hustling to keep up with the demands of his hand-held scanner, which gave him only a few moments to find each product.

In his ten-and-a-half-hour night shift, Mr. Littler said: “I managed to walk or hobble nearly 11 miles, just short of 11 miles last night. I’m absolutely shattered.” He added, “We are machines, we are robots, we plug our scanner in, we’re holding it, but we might as well be plugging it into ourselves.”

Michael Marmot, a labor expert identified by the BBC as “one of Britain’s leading experts on stress at work,” told the show that with “the characteristics of this type of job, the evidence shows increased risk of mental illness and physical illness.” [Continue reading…]

In August, Democracy Now! interviewed Mother Jones reporter Mac McClelland on her undercover investigation:

Facebooktwittermail

Amazon’s brave new world

“Fulfillment,” in Amazon’s lexicon, is all about getting what you want and getting it now. It is the acme of the consumer age through which the maximum number of desires can be fulfilled in the minimum amount of time. And it is in the service of this debased expression of human existence, that Amazon dedicates all its efforts.

But Amazon’s commitment to fostering customer loyalty, creates the impression of a human interest, concealing the indifference that the company displays towards its own workers — workers who are treated so badly that they probably envy their counterparts at Walmart.

The fact that Amazon calls its warehouses “fulfillment centers” shows the degree to which as a company, Amazon views its employees as simply expendable cogs in a machine. And since the closest most Amazon customers ever come to a human interaction with the company comes indirectly via UPS deliverers, most of Amazon’s actual workers toil invisibly in conditions far removed from anything that could be defined as fulfilling. Adding insult to injury, these workers then get branded with job titles like “Pick Ambassador” — tokens of respect, clearly designed to obscure the lack of respect with which Amazon views its employees.

In 2011, the Allentown Morning Call reported on conditions inside Amazon’s Lehigh Valley warehouse:

Workers said they were forced to endure brutal heat inside the sprawling warehouse and were pushed to work at a pace many could not sustain. Employees were frequently reprimanded regarding their productivity and threatened with termination, workers said. The consequences of not meeting work expectations were regularly on display, as employees lost their jobs and got escorted out of the warehouse. Such sights encouraged some workers to conceal pain and push through injury lest they get fired as well, workers said.

During summer heat waves, Amazon arranged to have paramedics parked in ambulances outside, ready to treat any workers who dehydrated or suffered other forms of heat stress. Those who couldn’t quickly cool off and return to work were sent home or taken out in stretchers and wheelchairs and transported to area hospitals. And new applicants were ready to begin work at any time.

An emergency room doctor in June called federal regulators to report an “unsafe environment” after he treated several Amazon warehouse workers for heat-related problems. The doctor’s report was echoed by warehouse workers who also complained to regulators, including a security guard who reported seeing pregnant employees suffering in the heat.

In a better economy, not as many people would line up for jobs that pay $11 or $12 an hour moving inventory through a hot warehouse. But with job openings scarce, Amazon and Integrity Staffing Solutions, the temporary employment firm that is hiring workers for Amazon, have found eager applicants in the swollen ranks of the unemployed.

Many warehouse workers are hired for temporary positions by Integrity Staffing Solutions, or ISS, and are told that if they work hard they may be converted to permanent positions with Amazon, current and former employees said. The temporary assignments end after a designated number of hours, and those not hired to permanent Amazon jobs can reapply for temporary positions again after a few months, workers said.

Temporary employees interviewed said few people in their working groups actually made it to a permanent Amazon position. Instead, they said they were pushed harder and harder to work faster and faster until they were terminated, they quit or they got injured. Those interviewed say turnover at the warehouse is high and many hires don’t last more than a few months.

From Jeff Bezos’s point of view, Amazon represents nothing less than the nature of the future and in saying this he is expressing a kind of technological determinism — the latest face of unstoppable progress.

But what he is articulating is more importantly a philosophy of commerce in which human interaction is seen as redundant or a form of inefficiency.

Sure, he wants to cultivate strong relationships, but these aren’t relationships between people; they are relationships between customers and an amorphous corporate entity towards which we are meant to turn for the fulfillment of all our needs.

Finally, just in case anyone took the bait of the promise of goods delivered by drones (a prospect that should be viewed as skeptically as the chances of Santa Claus climbing down a chimney), James Ball lists a few of the logistical problems:

It’s all well and good for the unmanned vehicles to fly to a particular GPS site, but how does it then find the package’s intended recipient? How is the transfer of the package enacted? What stops someone else stealing the package along the way? And what happens when next door’s kid decides to shoot the drone with his BB rifle?

None of that starts to come close to the legal minefield using drones in this way entails. At present, flying drones of this sort for commercial use would be illegal in the US. The Federal Aviation Administration (FAA), which regulates this area, intends to make commercial drones legally viable and workable by 2015, but this deadline is all-but impossible: managing the skies with this much low-level traffic is a problem people are nowhere near solving. Opening up crowded urban areas full of terror targets to large numbers of flying platforms is always going to be packed with conflicting interests and difficulties. And all this has come before the first lawsuit caused after someone is injured by a faulty drone (or that one your neighbour shot), crashing down to earth.

What Jeff Bezos announced amounted, essentially, to an aspiration to change how his company delivers products, in about five years time, if technology advances and regulation falls his way. If his TV appearance hadn’t included the magic word “drones”, Bezos’s vague aspirations to change an aspect of his company’s logistics probably wouldn’t have made waves. Lucky for him, he did – winning his company positive publicity just ahead of what is usually the biggest online shopping day of the year, the dreadfully named Cyber Monday.

Floating an exciting-but-impractical innovation for a swath of press coverage is such an old PR tactic you’d hope no one would fall for it, and yet everyone still does.

Facebooktwittermail

Fallout from NSA surveillance threatens ‘the existence of the World Wide Web’ says agency’s former director

The Wall Street Journal reports: Revelations about the NSA’s surveillance operations are fueling international efforts to divide up the Internet by country, [Michael Hayden, former director of both the NSA and the CIA] said, which is a movement the U.S. government — and U.S. tech companies — have worked hard to prevent.

“This is threatening the existence of the World Wide Web,” Mr. Hayden said, adding that a Balkanization of the Internet is “a no-fooling danger.”

In the near term, Germany wants a “no-spy” agreement and has sought to insert tough data-privacy measures into a long-sought U.S.-European trade pact. Ms. Merkel told parliament last Monday the NSA affair was “putting to the test” Germany’s relationship with the U.S., and the trade pact negotiations in particular.

Facebooktwittermail

Microsoft boosts effort to encrypt its Internet traffic to avoid NSA spying

The Washington Post reports: Microsoft is moving toward a major new effort to encrypt its Internet traffic amid fears that the National Security Agency may have broken into its global communications links, said people familiar with the emerging plans.

Suspicions at Microsoft, while building for several months, sharpened in October when it was reported that the NSA was intercepting traffic inside the private networks of Google and Yahoo, two industry rivals with similar global infrastructures, said people with direct knowledge of the company’s deliberations. They said top Microsoft executives are meeting this week to decide what encryption initiatives to deploy and how quickly.

Documents obtained from former NSA contractor Edward Snowden suggest — but do not prove — that the company is right to be concerned. Two previously unreleased slides that describe operations against Google and Yahoo include references to Microsoft’s Hotmail and Windows Live Messenger services. A separate NSA e-mail mentions Microsoft Passport, a Web-based service formerly offered by Microsoft, as a possible target of that same surveillance project, called MUSCULAR, which was first disclosed by The Washington Post last month.

Though Microsoft officials said they had no independent verification of the NSA targeting the company in this way, general counsel Brad Smith said Tuesday that it would be “very disturbing” and a possible constitutional breach if true. [Continue reading…]

Facebooktwittermail

NSA may have hit Internet companies at a weak spot

The New York Times reports: The recent revelation that the National Security Agency was able to eavesdrop on the communications of Google and Yahoo users without breaking into either company’s data centers sounded like something pulled from a Robert Ludlum spy thriller.

How on earth, the companies asked, did the N.S.A. get their data without their knowing about it?

The most likely answer is a modern spin on a century-old eavesdropping tradition.

People knowledgeable about Google and Yahoo’s infrastructure say they believe that government spies bypassed the big Internet companies and hit them at a weak spot — the fiber-optic cables that connect data centers around the world and are owned by companies like Verizon Communications, the BT Group, the Vodafone Group and Level 3 Communications. In particular, fingers have been pointed at Level 3, the world’s largest so-called Internet backbone provider, whose cables are used by Google and Yahoo.

The Internet companies’ data centers are locked down with full-time security and state-of-the-art surveillance, including heat sensors and iris scanners. But between the data centers — on Level 3’s fiber-optic cables that connected those massive computer farms — information was unencrypted and an easier target for government intercept efforts, according to three people with knowledge of Google’s and Yahoo’s systems who spoke on the condition of anonymity. [Continue reading…]

Facebooktwittermail

Google mulled ditching U.S. after NSA scandal

CNBC reports: Google, the giant of the Internet, thought about moving its servers out of the U.S. after the NSA debacle, said Eric Schmidt, the company’s chairman, on Friday at the Paley International Council Summit in New York.

“Actually, we thought about that and there are many, many reasons why it’s impossible for Google to leave the United States, although it’s attractive,” Schmidt said.

“But the reason it’s an interesting idea is because American firms are subject to these rules, the [Foreign Intelligence Surveillance Act] rules, Patriot Act and so forth, and this government surveillance is really a problem.”

Facebooktwittermail

U.S. ranks #27 in Web freedom and openness

Web Index: Designed and produced by the World Wide Web Foundation, the Web Index is the first multi-dimensional measure of the World Wide Web’s contribution to development and human rights globally. It covers 81 countries, incorporating indicators that assess the areas of universal access; freedom and openness; relevant content; and empowerment.

First released in 2012, the 2013 Index has been expanded and refined to include 20 new countries and features an enhanced data set, particularly in the areas of gender, Open Data, privacy rights and censorship. The Index combines existing secondary data with new primary data derived from an evidence-based expert assessment survey.

This is the second edition of the Web Index, which will be published annually. It will eventually allow for comparisons of trends over time and the benchmarking of performance across countries, continuously improving our understanding of the Web’s value for humanity.

Facebooktwittermail

A digital underworld cloaked in anonymity

glen-parkNick Bilton writes: So this is where they collared the man they call the Dread Pirate Roberts.

It’s up a flight of stone steps, past the circulation desk and the Romance stacks, over in Science Fiction, far corner.

On a sunny Tuesday in October, federal officers entered the public library in the Glen Park section of this city and arrested a young man who they say ran a vast Internet black market — an eBay of illegal drugs.

Their mark, Ross William Ulbricht, says he is not the F.B.I.’s Dread Pirate Roberts, the nom de guerre of the mastermind behind the marketplace, Silk Road. And the facts, his lawyer says, will prove that.

However this story plays out, Silk Road already stands as a tabloid monument to old-fashioned vice and new-fashioned technology. Until the website was shut down last month, it was the place to score, say, a brick of cocaine with a few anonymous strokes on a computer keyboard. According to the authorities, it greased $1.2 billion in drug deals and other crimes, including murder for hire.

That this story intruded here, at a public library in a nice little neighborhood, says a lot about the dark corners of the Internet. Glen Park isn’t the gritty Tenderloin over the hills, or Oakland or Richmond out in East Bay. And that is precisely the point. The Dark Web, as it is known, is everywhere and nowhere, and it’s growing fast.

No sooner was the old Silk Road shut down than a new, supposedly improved Silk Road popped up. Other online bazaars for illegal guns and drugs are thriving.

And the Dread Pirate Roberts — the old one, a new one, who knows? — is back, taunting the authorities. (The pseudonym is a reference to a character in the film “The Princess Bride” who turns out to be not one man but rather many men passing down the title.)

“It took the F.B.I. two and a half years to do what they did,” the Dread Pirate Roberts wrote last week on the new Silk Road site. “But four weeks of temporary silence is all they got.”

So catch us if you can, the Dread Pirate is saying. The new Silk Road has overhauled its security and “marks the dawn of a brand new era for hidden services,” he wrote.

The question is, can anyone really stamp out the Dread Pirates? Like the rest of the Internet, the Dark Web is being shaped and reshaped by technological innovation. [Continue reading…]

Facebooktwittermail

Google warns about the NSA threat to the U.S. economy

The New York Times reports: Google’s canned responses to reports of government spying have ranged from “concerned” to “outraged.” But some of its employees have been more outspoken.

One of Google’s top lawyers testified before Congress Wednesday about surveillance, demanding urgent reform of email privacy laws and warning of threats to the open Internet and to the United States economy. Meanwhile, Google engineers who work on security railed against the government online.

The backlash against government Internet surveillance could hurt the United States economy, partly because businesses and consumers could abandon United States cloud companies, said Richard Salgado, the director for law enforcement and information security at Google, in testimony before the Senate judiciary subcommittee on privacy, technology and the law.

He cited studies like one from Forrester that predicted the cloud computing industry could lose $180 billion, 25 percent of its revenue, by 2016. [Continue reading…]

Facebooktwittermail

Cisco demonstrates how the NSA is seriously damaging the U.S. economy

Quartz reports: Cisco announced two important things in today’s earnings report: The first is that the company is aggressively moving into the Internet of Things — the effort to connect just about every object on earth to the internet — by rolling out new technologies. The second is that Cisco has seen a huge drop-off in demand for its hardware in emerging markets, which the company blames on fears about the NSA using American hardware to spy on the rest of the world.

Cisco chief executive John Chambers said on the company’s earnings call that he believes other American technology companies will be similarly affected. Cisco saw orders in Brazil drop 25% and Russia drop 30%. Both Brazil and Russia have expressed official outrage over NSA spying and have announced plans to curb the NSA’s reach.

Analysts had expected Cisco’s business in emerging markets to increase 6%, but instead it dropped 12%, sending shares of Cisco plunging 10% in after-hours trading. [Continue reading…]

If Cisco currently feels like its operations have been undermined by the NSA, it hasn’t shown much reticence in the past about making its technology available where it would likely be used for surveillance.

In 2011, the Wall Street Journal reported: Western companies including Cisco Systems Inc. are poised to help build an ambitious new surveillance project in China—a citywide network of as many as 500,000 cameras that officials say will prevent crime but that human-rights advocates warn could target political dissent.

The system, being built in the city of Chongqing over the next two to three years, is among the largest and most sophisticated video-surveillance projects of its kind in China, and perhaps the world. Dubbed “Peaceful Chongqing,” it is planned to cover a half-million intersections, neighborhoods and parks over nearly 400 square miles, an area more than 25% larger than New York City.

The project sheds light on how Western tech companies sell their wares in China, the Middle East and other places where there is potential for the gear to be used for political purposes and not just safety. The products range from Internet-censoring software to sophisticated networking gear. China in particular has drawn criticism for treating political dissent as a crime and has a track record of using technology to suppress it.

An examination of the Peaceful Chongqing project by The Wall Street Journal shows Cisco is expected to supply networking equipment that is essential to operating large and complicated surveillance systems, according to people familiar with the deal.

Facebooktwittermail

Twitter isn’t spreading democracy — democracy is spreading Twitter

Kentaro Toyama writes: Last month I wrote about Chinese Internet censors, who seem less concerned about eliminating criticism of the government, and more concerned with preventing grassroots collective action. What the Communist Party most fears is organized protests and activities, even when they’re not political in nature.

In America, the right to assembly is guaranteed, so there’s no censoring of tweeted incitements to mass action, political or otherwise. But thanks to Edward Snowden, we now see how far the government goes to spy on our digital communications in the name of national security. Arguably, what the U.S. government fears most is threats to its citizens’ physical safety.

Considering these revelations together allows us to see more clearly the relationship between the Internet and politics.

Until now the dominant story has been that the Internet democratizes. For many, any mention of the Arab Spring immediately calls to mind a “Facebook revolution.” For similar reasons, Hillary Clinton as Secretary of State promoted a foreign policy of Internet freedom. And, the mantra that the Internet democratizes everything is repeated over and over in the media. Just in the last few days, for example, here, here, and here.

But what both Chinese censorship and American surveillance show is that there is nothing inherently democratizing about digital networks, at least not in the political sense. Far-reaching communication tools only make it easier to impose constraints on the freedom of expression or the right to privacy. Never before have Chinese censors had it so easy in identifying subversive voices, and never before has the NSA been able to eavesdrop on the private communications of so many people. [Continue reading…]

Facebooktwittermail

GCHQ used fake LinkedIn pages to target engineers

Der Spiegel reports: Elite GCHQ teams targeted employees of mobile communications companies and billing companies to gain access to their company networks. The spies used fake copies of LinkedIn profiles as one of their tools.

The Belgacom employees probably thought nothing was amiss when they pulled up their profiles on LinkedIn, the professional networking site. The pages looked the way they always did, and they didn’t take any longer than usual to load.

The victims didn’t notice that what they were looking at wasn’t the original site but a fake profile with one invisible added feature: a small piece of malware that turned their computers into tools for Britain’s GCHQ intelligence service.

The British intelligence workers had already thoroughly researched the engineers. According to a “top secret” GCHQ presentation disclosed by NSA whistleblower Edward Snowden, they began by identifying employees who worked in network maintenance and security for the partly government-owned Belgian telecommunications company Belgacom.

Then they determined which of the potential targets used LinkedIn or Slashdot.org, a popular news website in the IT community.

The computers of these “candidates” were then infected with computer malware that had been placed using infiltration technology the intelligence agency refers to as “Quantum Insert,” which enabled the GCHQ spies to deeply infiltrate the Belgacom internal network and that of its subsidiary BICS, which operates a so-called GRX router system. This type of router is required when users make calls or go online with their mobile phones while abroad. [Continue reading…]

Facebooktwittermail

Cyber spying risks the future of the internet, says Eugene Kaspersky

The Sydney Morning Herald reports: Cyber espionage between nations has reached such damaging levels it risks not only the trust between friendly countries, but the future of the internet itself.

That is the view of Eugene Kaspersky, the ebullient chief executive of Russian security firm Kaspersky Labs, who is in Canberra this week to deliver the message to politicians and business leaders.

Speaking ahead of his speech to the National Press Club on Thursday, Mr Kaspersky told Fairfax Media he was “very surprised” and concerned about the extent of espionage currently undertaken by Western countries. He also warned Australia to invest in educating a new generation of security engineers to future-proof its critical systems.

“Cyber espionage is not new,” he said. “We knew that from years ago, but I did not expect it in such a huge scale and coming from so many different nations.”
Advertisement

Mr Kaspersky said he feared governments would withdraw to their own parallel networks away from the prying eyes of others, and would cease investing in the development of the public internet, products and services.

“If governments and enterprises exit the public internet, there will be a lot less investment. If they emigrate to a separate zone, I’m afraid the internet will have a crisis”. [Continue reading…]

Facebooktwittermail

A fraying of the public/private surveillance partnership

Bruce Schneier writes: The public/private surveillance partnership between the NSA and corporate data collectors is starting to fray. The reason is sunlight. The publicity resulting from the Snowden documents has made companies think twice before allowing the NSA access to their users’ and customers’ data.

Pre-Snowden, there was no downside to cooperating with the NSA. If the NSA asked you for copies of all your Internet traffic, or to put backdoors into your security software, you could assume that your cooperation would forever remain secret. To be fair, not every corporation cooperated willingly. Some fought in court. But it seems that a lot of them, telcos and backbone providers especially, were happy to give the NSA unfettered access to everything. Post-Snowden, this is changing. Now that many companies’ cooperation has become public, they’re facing a PR backlash from customers and users who are upset that their data is flowing to the NSA. And this is costing those companies business.

How much is unclear. In July, right after the PRISM revelations, the Cloud Security Alliance reported that US cloud companies could lose $35 billion over the next three years, mostly due to losses of foreign sales. Surely that number has increased as outrage over NSA spying continues to build in Europe and elsewhere. There is no similar report for software sales, although I have attended private meetings where several large US software companies complained about the loss of foreign sales. On the hardware side, IBM is losing business in China. The US telecom companies are also suffering: AT&T is losing business worldwide.

This is the new reality. The rules of secrecy are different, and companies have to assume that their responses to NSA data demands will become public. This means there is now a significant cost to cooperating, and a corresponding benefit to fighting. [Continue reading…]

Facebooktwittermail

NIST to review standards after cryptographers cry foul over NSA meddling

Jeff Larson, ProPublica, November 4, 2013

The federal institute that sets national standards for how government, private citizens and business guard the privacy of their files and communications is reviewing all of its previous recommendations.

The move comes after ProPublica, The Guardian and The New York Times disclosed that the National Security Agency had worked to secretly weaken standards to make it easier for the government to eavesdrop.

The review, announced late Friday afternoon by the National Institute for Standards and Technology, will also include an assessment of how the institute creates encryption standards.

The institute sets national standards for everything from laboratory safety to high-precision timekeeping. NIST’s cryptographic standards are used by software developers around the world to protect confidential data. They are crucial ingredients for privacy on the Internet, and are designed to keep Internet users safe from being eavesdropped on when they make purchases online, pay bills or visit secure websites.

But as the investigation by ProPublica, The Guardian and The New York Times in September revealed, the National Security Agency spends $250 million a year on a project called “SIGINT Enabling” to secretly undermine encryption. One of the key goals, documents said, was to use the agency’s influence to weaken the encryption standards that NIST and other standards bodies publish.

“Trust is crucial to the adoption of strong cryptographic algorithms,” the institute said in a statement on their website. “We will be reviewing our existing body of cryptographic work, looking at both our documented process and the specific procedures used to develop each of these standards and guidelines.”

Continue reading

Facebooktwittermail