Monthly Archives: November 2016

YAHOO SPIED ON 500M USERS EMAILS REQUESTED BY FEDERAL AGENCIES

Published on 5 Oct 2016

An unsettling report says Yahoo complied with government requests to scan all incoming user emails, and even wrote a special program to do so. Between this news and the massive data breach, how can consumers trust Yahoo with their privacy?

CLUB LIBIDO BANNER THE EYES HAVE IT

Henry Sapiecha

New Trump national security adviser shared classified information with Australia

General Michael Flynn image www.intelagencies.com

US president-elect Donald Trump’s recently-appointed national security adviser was investigated for inappropriately sharing highly-classified intelligence with Australian forces.

Retired US three-star lieutenant general Michael Flynn, a maverick who spent more than 33 years in US Army intelligence, worked alongside Australian forces in Afghanistan and Iraq.

An outspoken believer in assisting allies on the battleground despite red tape preventing the flow of information, Lt Gen Flynn said the sharing of intelligence with Australian and British forces that left him in hot water was done “with the right permissions”.

“I’m proud of that one,” Lt Gen Flynn told The Washington Post. “Accuse me of sharing intelligence in combat with our closest allies, please.” His unconventional style and strong resume – he was tapped by US commander in Afghanistan General Stanley McChrystal to be his top intelligence officer and promoted by President Barack Obama as Defence Intelligence Agency director – was obviously attractive to fellow maverick Mr Trump.
Lt Gen Flynn was pushed out of the DIA job after two years in the role and has labelled Mr Obama a “liar”.

His views on the Middle-East are aligned with Mr Trump and both men are prolific users of Twitter.

During the recent presidential campaign Lt Gen Flynn, a registered Democrat, called Mr Trump’s chief opponent, Democrat Hillary Clinton, “the enemy camp” and joined the call to “lock her up” in jail.

He also raised eyebrows when he sat alongside Russian President Vladimir Putin at a lavish party in Moscow last year.

Offering insight into his more open, untraditional philosophy of sharing information, in 2010 he co-wrote the report Fixing Intel: A Blueprint for Making Intelligence Relevant in Afghanistan.

It concluded the US intelligence community “must open their doors to anyone who is willing to exchange information, including Afghans and NGOs (non-governmental organisations) as well as the US military and its allies”.

Lt Gen Flynn has confidently defended the incident that involved passing sensitive information to Australia and Britain.

“The investigation on me was for sharing intelligence with the Brits and Australians in combat, and I’m proud of that one,” Lt Gen Flynn said. “That was substantiated because actually I did it.

“But I did it with the right permissions when you dig into the investigation.” Lt Gen Flynn said he met with Mr Trump mid-2015 and described the real estate billionaire as a “very serious guy”, “good listener” and possessing similar views.

“I found him to be in line with what I believed,” he told the Washington Post.

Originally published as Trump’s new adviser is seriously scary
Russian_Girl_2_728_90
Henry Sapiecha

Protect your emails from being spied on by doing this

We live in a post-Edward Snowden world, in which US tech companies have been accused of complicity in mass surveillance by the US National Security Agency. One recent allegation is the claim that Yahoo scanned hundreds of millions of emails at the NSA’s request.

We don’t truly know how much or how often this is happening within the companies that host millions of people’s email accounts.

Yahoo secretly scans emails for US

Yahoo said to have secretly scanned all of its customer emails for US intelligence officials.

According to Reuters, Yahoo was ordered by the secret US Foreign Intelligence Surveillance Court (FISC) to scour emails for a specific string of characters. This is significant, as it required Yahoo to create a custom-built program for real-time surveillance of email traffic.

The power for this type of surveillance was expanded by the US Patriot Act, which allows for the use of secret National Security Letters to compel service providers to hand over customer data. The letters come with gag orders, prohibiting companies like Yahoo from even admitting that they have been ordered to monitor customers.

oooYAHOO SIGN OFFICE image www.intelagencies.com

Email scanning does not only occur at the behest of national security agencies. 

But email scanning does not only occur at the behest of national security agencies. The past decade has seen the rise of “surveillance capitalism” and “data brokers”, who collect your information for behavioural profiling and targeted advertising.

Google has admitted to scanning emails to deliver targeted advertising and customised search results. Facebook is currently facing legal action for scanning private messages to do the same. And earlier this year Yahoo itself settled a class action lawsuit for scanning non-Yahoo customer emails without consent.

Protecting your privacy

So with all this going on, is it possible protect your privacy? And if so, how?

One way is through encryption, which allows only the sender and the receiver to read the content of messages, as it converts information into a secret code that requires a key to decode it.

Public-key cryptography is one type of encryption, involving two paired keys – one public and one private. When an encrypted email is sent it is encoded or “locked” with the receiver’s public key. Only the receiver can “unlock” it with their private key.

End-to-end encryption involves encrypting information before it leaves your device, with it only being decrypted once it reaches the receiver’s device. In other words, it is encrypted “at the ends” where the keys are held. This means that security and privacy are not dependent on the channel of communication – in this case the email provider – because if the message is intercepted it cannot be deciphered. This prevents eavesdropping in transit.

There are now numerous services that promise free end-to-end encrypted communication, including ProtonMail, Tutanota, and the messaging app Signal. Look for those with open source code because it enables peer-review, guaranteeing there are no backdoors.

The push-back against encryption

With increased encryption comes more demands from authorities for companies to “unlock” information. The best example may be the Apple-FBI case, which saw the FBI attempt to compel Apple to unlock a suspect’s iPhone. In the end this wasn’t necessary. There has also been a simultaneous rise in companies like Cellebrite who offer digital forensic services to decrypt and extract data.

Therefore, the best services use principles of privacy by design, that limit how much information the service provider themselves can collect or access. ProtonMail and Signal, for example, cannot access their users’ information, no matter how hard they try. If issued with a subpoena all they could provide is the date and time a user registered and the last date of connection.

Partly as a result of this encryption war, some states are considering outlawing encryption entirely. Criminalising encryption has been discussed in the United States, Britain, Australia, and elsewhere.

Tech companies safeguarding secrecy

But not all hope is lost. There is a growing trend of tech companies fighting back and refusing to comply with surveillance orders.

In 2014 Lavabit chose to shut down rather than turn over the private encryption key to a customer’s account. This customer was later revealed to be Edward Snowden. Microsoft has refused to hand over emails stored on its servers in Ireland, arguing that this would constitute an impermissible extraterritorial search by the FBI. And of course, Apple refused to disable inbuilt security features to crack an encrypted iPhone.

This shows that service providers are aware of the importance of developing and maintaining consumer trust in matters of privacy. They are intimately, and commercially, invested in protecting it.

Transparency reports and warrant canaries

Another way companies have attempted to gain trust is through transparency reports that detail the orders they have received from authorities. These can be found on company websites and are often reported in the media. Many of these reports feature a workaround to the restrictions on letting customers know if surveillance has been ordered. Companies simply include a statement that they have not been subject to a secret order. If this statement ever goes missing, customers know an order has been issued. This is known as a “warrant canary”.

Several companies routinely issue transparency reports with warrant canaries. Apple and Reddit have set them off, implying that they have received secret orders to provide data.

The same workaround may not be available in Australia however. Recent data-retention laws introduced journalist information warrants that made it an offence to disclose information about the existence (or non-existence) of the warrant, effectively outlawing warrant canaries for journalists in Australia.

The future

Encryption and transparency reports are some of the last protections that consumers have against both governments and the big tech companies we rely on. As more of our lives transition online, we will need them to protect civil rights and individual privacy. We can’t afford for either to be weakened or outlawed.

There are a couple of challenges under way. NSL statutes and gag orders are currently being challenged by the Electronic Frontier Foundation and members of the US Congress as unconstitutional. Watch this space. The Conversation

Monique Mann is a lecturer at the Crime and Justice Research Centre at  Queensland University of Technology in Australia.

Meet_Russian_728_90

Henry Sapiecha

www.scamsfakes.com