Re: [liberationtech] Cloud encryption
Some people think this is an elaborate troll. Not a Mac user so I can't really evaluate this and as I understand it the actual details of the iMessage implementation are not known publicly anyway. https://www.techdirt.com/articles/20130405/01485922590/dea-accused-leaking-misleading-info-falsely-implying-that-it-cant-read-apple-imessages.shtml Basically the claim is that Apple retains the encryption keys so that while it is true as they say in the leak that they can't get the data from the carriers even with a court order, they could get it by going to Apple. On 4/8/2013 14:31, fr...@journalistsecurity.net wrote: I imagine people here might have thoughts about this. Comes from a Texas-based, civil liberties-oriented blog. Encryption for cloud communications may best protect Fourth Amendment rights via Grits for Breakfast by Gritsforbreakfast on 4/6/13 http://gritsforbreakfast.blogspot.com/2013/04/encryption-for-cloud-communications-may.html Says readwrite mobile: With government requests for personal data on the rise, there are few guarantees in place that you or I won't have our private communications snooped through. Since the Fourth Amendment hasn't yet caught up with the lightning fast pace of technological change, some of the best privacy protections are often the ones implemented by tech companies themselves. Well put. The comment comes in response to a DEA complaint that encryption on the Apple iPhone's chat services made them indecipherable, even with a warrant. Continued writer John Paul Titlow: By architecting iMessage the way it did, Apple created a messaging protocol more secure and private than standard text messages, which is how millions of people communicate every day. As we fire those texts back and forth, we're all creating a digital trail that can be snooped upon or hacked more easily than we care to think about. But if they're being and sent and received from iPhones running iOS 5 or later, those messages are invisible to wiretaps by law enforcement or other prying eyes. Apple didn't have to build iMessage with end-to-end encryption. Gmail isn't encrypted this way, nor are the Facebook messages that are increasingly used like texts on mobile devices. Clearly, SMS text messages aren't particularly well-secured either. Whether winning privacy points was its motivation or not, Apple definitely racks up a few for this. Legislation like Texas Rep. Jon Stickland's HB 3164 to require warrants to access electronic communications is one way to protect privacy for third-party facilitated communications, but a far more effective one would be if Gmail, Facebook, and other major providers encrypted user messages. Those companies may or may not have an economic incentive to do so, but they're arguably in a better position in many cases than legislatures or the courts to protect privacy and Fourth Amendment rights. Frank SmythExecutive DirectorGlobal Journalist Securityfrank@journalistsecurity.netTel. + 1 202 244 0717Cell + 1 202 352 1736Twitter: @JournoSecurityWebsite: www.journalistsecurity.netPGP Public Key -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. William Pitt (1759-1806) -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cloud encryption
There you go. The same beef with Skype - encrypted communications, but Skype retains the encryption keys (assuming it works the same under Microsoft ownership), so a no-no for privacy/security-minded organizations and individuals. Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 On Tue, Apr 9, 2013 at 10:52 AM, Wayne Moore wmo...@stanford.edu wrote: Some people think this is an elaborate troll. Not a Mac user so I can't really evaluate this and as I understand it the actual details of the iMessage implementation are not known publicly anyway. https://www.techdirt.com/articles/20130405/01485922590/dea-accused-leaking-misleading-info-falsely-implying-that-it-cant-read-apple-imessages.shtml Basically the claim is that Apple retains the encryption keys so that while it is true as they say in the leak that they can't get the data from the carriers even with a court order, they could get it by going to Apple. On 4/8/2013 14:31, fr...@journalistsecurity.net wrote: I imagine people here might have thoughts about this. Comes from a Texas-based, civil liberties-oriented blog. Encryption for cloud communications may best protect Fourth Amendment rights via Grits for Breakfast by Gritsforbreakfast on 4/6/13 http://gritsforbreakfast.blogspot.com/2013/04/encryption-for-cloud-communications-may.html Says readwrite mobile: With government requests for personal data on the rise, there are few guarantees in place that you or I won't have our private communications snooped through. Since the Fourth Amendment hasn't yet caught up with the lightning fast pace of technological change, some of the best privacy protections are often the ones implemented by tech companies themselves. Well put. The comment comes in response to a DEA complaint that encryption on the Apple iPhone's chat services made them indecipherable, even with a warrant. Continued writer John Paul Titlow: By architecting iMessage the way it did, Apple created a messaging protocol more secure and private than standard text messages, which is how millions of people communicate every day. As we fire those texts back and forth, we're all creating a digital trail that can be snooped upon or hacked more easily than we care to think about. But if they're being and sent and received from iPhones running iOS 5 or later, those messages are invisible to wiretaps by law enforcement or other prying eyes. Apple didn't have to build iMessage with end-to-end encryption. Gmail isn't encrypted this way, nor are the Facebook messages that are increasingly used like texts on mobile devices. Clearly, SMS text messages aren't particularly well-secured either. Whether winning privacy points was its motivation or not, Apple definitely racks up a few for this. Legislation like Texas Rep. Jon Stickland's HB 3164 to require warrants to access electronic communications is one way to protect privacy for third-party facilitated communications, but a far more effective one would be if Gmail, Facebook, and other major providers encrypted user messages. Those companies may or may not have an economic incentive to do so, but they're arguably in a better position in many cases than legislatures or the courts to protect privacy and Fourth Amendment rights. Frank SmythExecutive DirectorGlobal Journalist Securityfrank@journalistsecurity.netTel. + 1 202 244 0717Cell + 1 202 352 1736Twitter: @JournoSecurityWebsite: www.journalistsecurity.netPGP Public Key -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. William Pitt (1759-1806) -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Cloud encryption
I entirely agree that the information could be accessed by targeting Apple (or, likely, Skype) to access information either retroactively or going forward. But, one thing that did strike me as potentially an issue for LEAs after reading the memo: given that communications aren't uniformly going through a single point that can ID communications (i.e. the carrier doesn't seem to know if you're using iMessage, or skype messages, or whatever) then LEAs might be in a situation of having to send requests for data to a host of communications service providers (Apple, Skype, etc). Should this be the case, then the fragmentation of what used to be 'carrier-owned' communications environment (i.e. SMS/MMS) could pose a problem. This problem is made worse for non-American LEAs, on the basis that many of the mechanisms to get Facebook, Google, or Apple to disclose information depends either on corporate quasi-judicial evaluations of court orders (e.g. is a Canadian warrant for X sufficiently close to a US warrant for us to decide to disclose data, outside of the MLAT process) or going through MLATs. This isn't an argument for centralizing communications at a single point to make things easier for LEAs. However, if carriers are presently unable to tell LEAs what communications service providers their customers are using to communicate then I can image legislative or regulatory proposals to 'resolve' this 'problem'. Specifically, such solutions could require carriers to monitor communications flows to know what their subscribers use to communicate, on the basis of potential LEA needs in the future. I imagine that such political maneuverings could/would be spun as being 'privacy protective', insofar as security officials could maintain that 'we don't want to know who you're talking to, or what you're saying, just how you're saying it'. (Note, that my musings aren't meant as endorsement of such regimes, but instead thinking through a possible implication of the 'leaked' memo for carriers and citizens in democratic Western states.) ~Chris * Christopher Parsons Doctoral Candidate Political Science, University of Victoria http://www.christopher-parsons.com ** On 9 April 2013 09:44, Andrés Leopoldo Pacheco Sanfuentes alps6...@gmail.com wrote: There you go. The same beef with Skype - encrypted communications, but Skype retains the encryption keys (assuming it works the same under Microsoft ownership), so a no-no for privacy/security-minded organizations and individuals. Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 On Tue, Apr 9, 2013 at 10:52 AM, Wayne Moore wmo...@stanford.edu wrote: Some people think this is an elaborate troll. Not a Mac user so I can't really evaluate this and as I understand it the actual details of the iMessage implementation are not known publicly anyway. https://www.techdirt.com/articles/20130405/01485922590/dea-accused-leaking-misleading-info-falsely-implying-that-it-cant-read-apple-imessages.shtml Basically the claim is that Apple retains the encryption keys so that while it is true as they say in the leak that they can't get the data from the carriers even with a court order, they could get it by going to Apple. On 4/8/2013 14:31, fr...@journalistsecurity.net wrote: I imagine people here might have thoughts about this. Comes from a Texas-based, civil liberties-oriented blog. Encryption for cloud communications may best protect Fourth Amendment rights via Grits for Breakfast by Gritsforbreakfast on 4/6/13 http://gritsforbreakfast.blogspot.com/2013/04/encryption-for-cloud-communications-may.html Says readwrite mobile: With government requests for personal data on the rise, there are few guarantees in place that you or I won't have our private communications snooped through. Since the Fourth Amendment hasn't yet caught up with the lightning fast pace of technological change, some of the best privacy protections are often the ones implemented by tech companies themselves. Well put. The comment comes in response to a DEA complaint that encryption on the Apple iPhone's chat services made them indecipherable, even with a warrant. Continued writer John Paul Titlow: By architecting iMessage the way it did, Apple created a messaging protocol more secure and private than standard text messages, which is how millions of people communicate every day. As we fire those texts back and forth, we're all creating a digital trail that can be snooped upon or hacked more easily than we care to think about. But if they're being and sent and received from iPhones running iOS 5 or later, those messages are invisible to wiretaps by law enforcement or other prying eyes. Apple didn't have to build iMessage with end-to-end encryption. Gmail isn't encrypted this way, nor are the Facebook messages that are increasingly used
[liberationtech] Cloud encryption
I imagine people here might have thoughts about this. Comes from a Texas-based, civil liberties-oriented blog. Encryption for cloud communications may best protect Fourth Amendment rights via Grits for Breakfast by Gritsforbreakfast on 4/6/13 http://gritsforbreakfast.blogspot.com/2013/04/encryption-for-cloud-communications-may.html Says readwrite mobile: With government requests for personal data on the rise, there are few guarantees in place that you or I won't have our private communications snooped through. Since the Fourth Amendment hasn't yet caught up with the lightning fast pace of technological change, some of the best privacy protections are often the ones implemented by tech companies themselves. Well put. The comment comes in response to a DEA complaint that encryption on the Apple iPhone's chat services made them indecipherable, even with a warrant. Continued writer John Paul Titlow: By architecting iMessage the way it did, Apple created a messaging protocol more secure and private than standard text messages, which is how millions of people communicate every day. As we fire those texts back and forth, we're all creating a digital trail that can be snooped upon or hacked more easily than we care to think about. But if they're being and sent and received from iPhones running iOS 5 or later, those messages are invisible to wiretaps by law enforcement or other prying eyes. Apple didn't have to build iMessage with end-to-end encryption. Gmail isn't encrypted this way, nor are the Facebook messages that are increasingly used like texts on mobile devices. Clearly, SMS text messages aren't particularly well-secured either. Whether winning privacy points was its motivation or not, Apple definitely racks up a few for this. Legislation like Texas Rep. Jon Stickland's HB 3164 to require warrants to access electronic communications is one way to protect privacy for third-party facilitated communications, but a far more effective one would be if Gmail, Facebook, and other major providers encrypted user messages. Those companies may or may not have an economic incentive to do so, but they're arguably in a better position in many cases than legislatures or the courts to protect privacy and Fourth Amendment rights. Frank SmythExecutive DirectorGlobal Journalist Securityfrank@journalistsecurity.netTel. + 1 202 244 0717Cell + 1 202 352 1736Twitter: @JournoSecurityWebsite: www.journalistsecurity.netPGP Public Key -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech