By Jon Matonis
Thursday, July 19, 2012
The first crypto war revolved around the hardware-based Clipper Chip
and coercing companies to deploy broken encryption with backdoors to
enable domestic State spying. Fortunately, the good guys won.
next crypto war is still a war of the government against its own
citizens but this time enlisting the corporations, including social
networks, as direct agents of the State. What some have dubbed Crypto Wars 2.0 manifests itself in the current litany of legislative acronyms designed to confuse and befuddle.
I think legislative bills are named with a Twitter hashtag in mind.
Although it doesn’t always work out favorably for the name deciders,
hashtags do generally assist in the coalescing of Internet organizers
around the world. Since passage of the Cyber Intelligence Sharing and Protection Act by the U.S. House of Representatives in April, #CISPA has been everywhere. Thankfully, twin legislative initiatives SOPA and PIPA were dropped in January. Also, let’s not forget the gradual expansion of CALEA and the Lieberman-Collins Cyber Security Act and the NSA-centric McCain Cybersecurity Act.
Even the seemingly unpatriotic USA PATRIOT Act of 2001 is a garbled backronym that would make George Orwell proud: Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act.
The Electronic Frontier Foundation recently posted an FAQ
arguing that CISPA would allow companies to review and then to hand
over customers’ personal information, logs, and email to the government.
That is a fairly broad and comprehensive mandate.
What has gone
largely unnoticed in this torrent of analysis, however, is that privacy
tools for individuals already exist and they have so for many years!
Quietly anticipating encroachment against basic Internet liberties,
concerned cyber privacy advocates has been coding and releasing the
tools that allow for private electronic communication and private web
surfing. Proposed legislation like CISPA may or may not pass and become
law, but if it does we have to understand the new landscape. Your
privacy is up to you!
1. Email Privacy – Naked email is like a postcard for anyone to read. Pretty Good Privacy
(PGP), an open source software program created by Phil Zimmermann in
1991, is the global standard for point-to-point encrypted and
authenticated email. Hushmail is an OpenPGP-compatible web-based email platform that does not have access to your user password for decryption. Both products, when used correctly, offer subpoena-proof email communication.
2. File Privacy
– Your files might be stored in the encrypted cloud but that doesn’t
mean that they’re 100% safe for your eyes only. Free and open-source TrueCrypt allows you to encrypt folders or entire drives locally prior to syncing with Dropbox. BoxCryptor also facilitates local file encryption prior to cloud uploading and it comes with added compatibility for Android and iOS.
is an alternative to the dual-application process described above.
Although most cloud-based storage services transfer over an encrypted
session and store data in an encrypted form, the files are still
accessible to the service provider which makes the data vulnerable to
court-ordered subpoena. In order to rectify this, two different zero-knowledge data storage companies provide secure online data backup and syncing – SpiderOak and Wuala. For obvious reasons, there is no password recovery and employees have zero access to your data.
3. Voice Privacy – Wiretapping will become more prevalent in the days and months ahead. From the creator of PGP, Zfone is a new secure VoIP phone software product utilizing a protocol called ZRTP which lets you make encrypted phone calls over the Internet. The project’s trademark is “whisper in someone’s ear from a thousand miles away.” You can listen to Zimmermann present Zfone at DEFCON 15.
Also utilizing ZRTP, open-source Jitsi
provides secure video calls, conferencing, chat, and desktop sharing.
Because of security issues and lawful interception, Tor Project’s Jacob
Appelbaum recommends using Jitsi instead of Skype.
Designed specifically for mobile devices and utilizing ZRTP, open-source RedPhone from Whisper Systems is an application that enables encrypted voice communication between RedPhone users on Android.
4. Chat Privacy – Encrypting your chat or instant messaging sessions is just as important as encrypting your email. Cryptocat
establishes a secure, encrypted chat session that is allegedly not subject to
commercial or government surveillance. Similar to Cryptocat, the older
and more durable Off-the-record Messaging (OTR) cryptographic protocol generates new key pairs for every chat implementing a form of perfect forward secrecy and deniable encryption. It is available via Pidgin plugin.
5. Traffic Privacy – The final step in the process is geo-privacy, which refers to the protection of ‘information privacy’ with regard to geographic information. Virtual Private Networks, or VPNs, have been used consistently for anonymous web browsing and IP address masking. Just make sure that your VPN provider does not log IP addresses and that they accept a form of payment that does not link you to the transaction.
Additionally, the Tor Project
provides free software and an open network for privacy-oriented
Internet usage. Intended to protect users’ personal freedom, privacy,
and ability to conduct confidential business, Tor (The onion router) is a
system that improves online anonymity by routing Internet traffic
through a worldwide volunteer network of layering and encrypting servers
which impedes network surveillance or traffic analysis.
encourage everyone to become familiar with these basic tools for
privacy. The important disclaimer is that in order to circumvent these
privacy technologies, your password can be obtained in a variety of ways
that are extremely intrusive and beyond the realm of casual day-to-day
usage, such as hardware keyloggers
or ceiling-mounted cameras. Furthermore, browser-based cryptography
carries the added risk of spoofed applets being delivered to your
desktop by court order or by malicious actors but this risk can be
mitigated by maintaining trusted source code locally or by verifying
compiled code against a digital signature. The mission statement from
Tor Project advocate and developer Jacob Appelbaum still stands, “Make the metadata
worthless essentially for people that are surveilling you.”
[UPDATE: I was previously affiliated with Hush Communications Corporation, the creator of Hushmail. This link further explains my stance on Hushmail strengths and weaknesses.]
For further reading:
“Review of Cryptocat”, Vitalik Buterin, Bitcoin Magazine, June 15, 2012
“Paranoia About CISPA Is Justified”, Conor Friedersdorf, The Atlantic, April 27, 2012
“Never Trust A VPN Provider That Doesn’t Accept Bitcoin”, Rick Falkvinge, September 27, 2011
“PGP Creator Defends Hushmail”, Ryan Singel, Wired, November 19, 2007
Please Help Support BeforeitsNews by trying our Natural Health Products below!
Order by Phone at 888-809-8385 or online at https://mitocopper.com M - F 9am to 5pm EST
Order by Phone at 888-388-7003 or online at https://www.herbanomic.com M - F 9am to 5pm EST
Order by Phone at 888-388-7003 or online at https://www.herbanomics.com M - F 9am to 5pm EST
Humic & Fulvic Trace Minerals Complex - Nature's most important supplement! Vivid Dreams again!
HNEX HydroNano EXtracellular Water - Improve immune system health and reduce inflammation
Ultimate Clinical Potency Curcumin - Natural pain relief, reduce inflammation and so much more.
pathogens and gives you more
energy. (See Blood Video)
Oxy Powder - Natural Colon Cleanser! Cleans out toxic buildup with oxygen!
Nascent Iodine - Promotes detoxification, mental focus and thyroid health.
Smart Meter Cover - Reduces Smart Meter radiation by 96%! (See Video)
Immusist Beverage Concentrate - Proprietary blend, formulated to reduce inflammation while hydrating and oxygenating the cells.