Thursday, July 25, 2013
You don't need encryption keys for metadata. They are required to read your email.
Declan McCullagh reports:
The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users’ private Web communications from eavesdropping.
These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.
Read more on CNET.
Think of this as another “I bet I can get my face on TV!” bill.
From Rep. Rush Holt:
Today Rep. Rush Holt introduced legislation to repeal federal surveillance laws that the government abused by collecting personal information on millions of Americans in violation of the Constitution, as revealed by a federal whistleblower and multiple media outlets last month.
… My legislation would put a stop to that right now.” [Probably not really Bob]
Holt’s bill, the “Surveillance State Repeal Act”, would repeal the PATRIOT Act and the FISA Amendments Act, each of which contains provisions that allowed the dragnet surveillance.
Rep. Holt had previously indicated his intent to introduce this legislation.
Minor, but you need to stay curent.
NIST Releases Updates to Digital Signature Standard
“The National Institute of Standards and Technology (NIST) has released a revision to the digital standard used to ensure the integrity of electronic documents, as well as the identity of the signer. The new document, Federal Information Processing Standard (FIPS) 186-4, concerns what is commonly known as the digital signature standard. First published in 1994 and revised several times since then, the standard provides a means of guaranteeing authenticity in the digital world. It uses complex math operations to encrypt and unscramble “signatures” that are all but impossible to forge. Updates to the standard are still necessary as technology changes. According to NIST computer scientist Elaine Barker, FIPS 186-4 contains no major revisions, but rather focuses on keeping the standard consistent with other NIST cryptographic guidelines. Other than clarifying a number of terms and correcting typographical errors, most of the changes aim to align the standard with other publications, such as NIST Special Publication 131A, so that all NIST documents offer consistent guidance regarding the use of random number generators. Another change concerns the use of prime number generators, which requires random initial values for searching for prime numbers. FIPS 186-3 specifically allowed saving these “seeds” only for use as evidence that the generated values were determined in an arbitrary manner; FIPS 186-4 permits saving them for additional purposes, such as the regeneration of the values.”
For my students...
Online Survival Kit from Reporters Without Borders
“Reporters Without Borders has published an Online Survival Kit on its WefightCensorship.org website that has tools and practical advice that will allow you to protect your communications and data. You don’t need to be an IT engineer to learn how to protect the content of your emails and remain anonymous online. The tools and techniques presented in this kit do not require advanced knowledge of computers and programming.”
For my Computer Security students who claim they can't find anything relevant.
CRS – Cybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources, Rita Tehan, Information Research Specialist. July 18, 2013
There is no shortage of data on this topic: government agencies, academic institutions, think tanks, security consultants, and trade associations have issued hundreds of reports, studies, analyses, and statistics.”