The annual US Wiretap Reportout, covering 2016, and as usual, its packed with intriguing tidbits.

A few key takeaways: the federal government is wiretapping more, states are wiretapping less, drug crimes remain the #1 target, encryption is becoming a somewhat bigger obstacle to investigators, and courts almost always give law enforcement what it wants.

When Congress set detailed rules for wiretapping in 1968, it also instructed the US court system to tell Congress the number and nature of federal and state applications for orders authorizing or approving the interception of wire, oral, or electronic communications. This report excludes intercepts governed by the Foreign Intelligence Surveillance Act of 1978: you wont find data here about espionage or terrorism warrants. These are federal and state warrants related to violent, white-collar and organized crime and above all, drug crime.

According to The Register:

Investigations into just drug dealing made up 61% of all wiretap requests, and that rose to 82% when multiple charges, including drugs, were counted. By comparison, the next most popular cause for wiretaps was conspiracy, which accounted for just 8%, followed by homicide at 5%.

Even so, drug-related wiretaps actually plummeted last year from 3,367 to 1,949. That correlated with an overall 41% drop in warrants requested by state law enforcement, from 2,745 to 1,617, suggesting that state authorities may be de-emphasizing the use of wiretaps in the drug war.

As the San Bernardino Sun reports, more than a third of this national shift can be traced to one county in California: Riverside, where wiretaps dropped from 640 to 106. This followed an expose by USA TODAY and The Desert Sun which raised

questions about the vast wiretapping coming out of Riverside County, which, in 2014, entailed the interception of 2m calls, texts and other forms of communication among 44,000 people [most] approved by a single judge Judge Helios Hernandez.

Since then, a new local district attorney has taken greater responsibility for personally reviewing wiretap requests, demanding that they have a clearer connection to the county. Meanwhile, the US Drug Enforcement Agency ordered its agents to check in with federal prosecutors before pursuing wiretaps.

Riversides case points to vast disparities in the numbers of wiretaps authorized in different US jurisdictions. According to an official report summary:

Six states (California, New York, Nevada, New Jersey, Colorado, and Florida) accounted for 82% of all state wiretap applications. California alone accounted for 35%.

A more detailed analysis by the Electronic Frontier Federation found that California investigators captured 7.8m communications from 181,000 people at a cost of nearly $30m. Of those, 19% were considered incriminating.

Only two of 3,170 federal and state wiretap requests were turned down by courts last year but thats up from a whopping zero in 2015. (In the past 11 years, only nine warrant requests have been turned down.)

Of course, a courts rejection isnt the only way to thwart law enforcement. For years, authorities have loudly complained that encryption would prevent access to crucial information for prosecuting dangerous offenders. But the actual data seemed to raise serious questions about this argument.In 2015, for example, the number of wiretaps in which encryption was encountered actually dropped from 22 to just seven.

This year, however, that number spiked to 57, and investigators couldnt overcome encryption in 48 of these cases. While, even in 2016, encryption interfered with fewer than 2% of wiretaps its wider availability and awareness might finally be having an impact.

With or without encryption, wiretapping got a lot more expensive in 2016, averaging $74,949 per tap, up 78% from 2015. In the past, wiretappings high cost has been viewed as a key reason for its disproportionate use in drug cases. As ACLU lead technologist Christopher Soghoian told Wired:

When agencies bust a drug dealer and get $5m and a kilo of coke, they keep the money. In many ways, the drug cases subsidize the surveillance technology.

When you combine those incentives with the Trump-era Justice Department re-emphasis on fierce enforcement of even lower-level drug offenses, next years numbers could prove even more interesting than usual.

Read the original:
Encryption thwarting investigators as federal government taps increase - Naked Security

Photonics.com Jul 2017 ERLANGEN, Germany, July 5, 2017 Quantum-limited coherent measurements of optical signals were sent from a satellite in Earths orbit to an optical ground station over a distance of 38,600 kilometers (almost 24,000 miles). Excess noise was bound. The precise Earth-based measurement of optical signals from a satellite demonstrates the potential for a satellite-based quantum encryption network using equipment that is already in space.

Although methods for quantum encryption have been in development for more than a decade, the technology has been unable to work over long distances because residual light losses in the optical fibers used for telecommunications networks on the ground degrade the quantum signals. According to researchers, encryption techniques such as quantum key distribution will be of increasing importance as current encryption codes based on mathematical algorithms become easier to crack.

A team from the Max Planck Institute for the Science of Light worked with satellite telecommunications company Tesat-Spacecom GmbH and the German Space Administration to conduct the experiments.

From our measurements, we could deduce that the light traveling down to Earth is very well suited to be operated as a quantum key distribution network, Max Planck researcher Christoph Marquardt said. We were surprised because the system was not built for this.

A satellite-based quantum encryption network would provide an extremely secure way to encrypt data sent over long distances.

We were quite surprised by how well the quantum states survived traveling through the atmospheric turbulence to a ground station, said Marquardt. The paper demonstrates that technology on satellites, already space-proof against severe environmental tests, can be used to achieve quantum-limited measurements, thus making a satellite quantum communication network possible. This greatly cuts down on development time, meaning it could be possible to have such a system as soon as five years from now.

Developing such a system in just five years is an extremely fast timeline since most satellites require around ten years of development.

The researchers are now working with Tesat-Spacecom and others in the space industry to design an upgraded system based on the hardware already used in space. This will require upgrading the laser communication design, incorporating a quantum-based random number generator to create the random keys, and integrating post processing of the keys.

The results of initial experiments indicate that quantum communication using satellites in space is feasible and could open the possibility of a global quantum key distribution network for secure communication.

There is serious interest from the space industry and other organizations to implement our scientific findings, said Marquardt. We, as fundamental scientists, are now working with engineers to create the best system and ensure no detail is overlooked.

The research was published in Optica, a publication of OSA, The Optical Society of America (doi:10.1364/OPTICA.4.000611).

See the original post:
Ground-Based Signals Measured From Space Could Enable Quantum Encryption Network - Photonics.com

In the wake of the recent terrorist attacks in London, there is a renewed attempt by global governments to increase surveillance of the internet.

Taking aim at encryption, Malcolm Turnbull stated that, despite it being a vital piece of security for every user of the Internet encrypted messaging applications are also used by criminals and terrorists at the moment much of this traffic is difficult for our security agencies to decrypt, and indeed for our Five Eyes partners as well.

In June, attorney-general George Darth Brandis, along with his Five Eyes counterparts from the UK, US, Canada and NZ, met in Ottawa to discuss ways to weaken encryption and pressure the tech industry to build back doors through which they can spy on global communications.

In response, a joint statement by 83 organisations and individuals from these five countries opposed these plans. The executive officer of Electronic Frontiers Australia, Jon Lawrence, said, Calls to undermine encryption in the name of national security are fundamentally misguided and dangerous. Jim Killock, executive director at the UKs Open Rights Group, said, Security experts and cryptographers are as united in their views on encryption as scientists are on climate change.

At the time of writing, we dont know what decisions were made at the Five Eyes ministerial meeting, but new attempts to circumvent encryption reflect the ways that state surveillance has changed since revelations from US whistleblower Edward Snowden.

In 2013, Snowden shocked the world when he revealed that the US and its allies had created the largest and most complex system of state surveillance that has ever existed. One of the US National Security Agencys most invasive programs was XKeyscore, a searchable database with millions of peoples emails, web browsing histories and more. This also allowed for real-time monitoring of almost any individual around the world while they used the internet.

Just four years later, the state of computer security has changed immensely, making this surveillance more difficult. According to a report published in February by the Electronic Frontiers Federation, more than half of all internet traffic is now encrypted. The expansion of Virtual Private Network services and use of the Onion Router (TOR) has made it easier for everyone to remain anonymous online. However, the development that is of most concern to the likes of the NSA is the widespread use of encrypted mobile devices and messaging applications such as Signal and WhatsApp.

These applications use a method called end-to-end encryption in which messages are encrypted, and the tools to decrypt those messages exist only on the device of the sender and receiver. Therefore, a company like WhatsApp cannot read the messages sent through its servers. As a WhatsApp spokesperson said in 2016 as part of an ongoing court case brought by the Brazilian government, We cannot share information we dont have access to.

Years before James Comey began presenting himself as the supposed good guy of the US establishment, the then FBI director railed against the use of domestic encryption tools. In 2015 he stated, If the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place.

He pressured companies such as Apple to build back doors to bypass encryption. While the intelligence agencies recognise that they cannot currently break modern encryption algorithms, they have focused their resources on trying to get around them by hacking directly into mobile devices.

This strategy was demonstrated in March when whistleblower website WikiLeaks released Vault 7, the largest ever publication of confidential documents leaked from the CIA. Additional leaks this year by hacking group Shadow Brokers have further revealed the extent of the intelligence agencies hacking capabilities. These documents show that the US has been developing, purchasing and stockpiling security vulnerabilities in Apple and Android mobile devices. Exploiting these vulnerabilities has allowed them to read WhatsApp or Signal messages as they are being typed or read.

One of the most damning leaks in Vault 7 revealed that the CIA had discovered how to turn Samsung Smart TVs into covert listening devices, even when they are turned off.

The recent WannaCry and Petya ransomware attacks, which caused immense damage across the world, both used security holes codenamed EternalBlue that had been stockpiled by the CIA and deliberately left open. While the CIA did not intend these vulnerabilities to be used in this way, it is the inevitable result of keeping software insecure and creating back doors.

With leaks from the CIA and the NSA exposed, these security flaws are now being fixed, making it more difficult for the agencies to continue their spying activities. This explains the increased push from Five Eyes countries to force tech companies to install back doors so they can bypass encryption.

However, the argument that states should have the right to bypass encryption to stop terrorism simply doesnt hold up. It would be ludicrous to suggest that turning Smart TVs into listening devices is about stopping ISIS. It has always been about developing tools for mass surveillance, and now increasingly for espionage and cyberwar. This has been seen before. For example, the worm Stuxnet was written by the US and Israel and used to target Iranian nuclear facilities.

It is not a question of whether governments will one day use these hacking techniques for domestic surveillance they already do. On 30 June, it was revealed that Centrelink has been paying Israeli hacking company Cellebrite to break into mobile phones. The methods used are the same ones Cellebrite developed in 2015, when it helped the FBI break into an iPhone as part of the San Bernardino terrorism case.

It is now known that government departments such as the Australian Tax Office and the Department of Employment have paid around $500,000 to Cellebrite for equipment and training to hack into phones.

In the debate about metadata storage, George Brandis was adamant that the government wasnt after the content of Australians communications, just who we are talking to. These new revelations and the entire debate about encryption show that the content is exactly what they are after. No matter the justification, we should resist any attempt to weaken encryption and our right to privacy.

See the article here:
Weakening encryption is an attack on our freedom - Red Flag

An exclusive report this morning says that Australian Prime Minister Malcolm Turnbull plans to ask US President Donald Trump to demand that US technology companies break into encrypted messages sent by suspected terrorists.

It is an indication that the publishing company, Fairfax Media, and the writer, Peter Hartcher, are prepared to print any kind of bunkum as long as it comes from a sufficiently "official" source.

Whether the statement makes sense or not is never the issue, it would appear. The reader is also given no indication that Turnbull is speaking nonsense.

Without any proof, Turnbull also told Hartcher: "The point is, what are the responsibilities that a WhatsApp or a Telegram or a Signal, what are the responsibilities they owe to public safety You have got a very real global threat where terrorist organisations, Islamist terrorist organisations, are using these digital platforms to do us harm."

To put it rather bluntly, short of rolling back encryption altogether, there is no way of ensuring that all people who are not behind bars do not have access to encryption.

Tom Sulston (right), a software delivery consultant who works for ThoughtWorks, agrees. "Given that the best encryption libraries are open source, that genie is out of the bottle," he said during an informal exchange with iTWire.

"While governments might choose to compel companies to put backdoors in their individual implementations, the library code remains secure," said Sulston, who recently addressed the Canberra press gallery on the tools journalists could use to help protect their sources from unwanted intrusion.

"So attempts to roll back encryption not only wouldnt work, theyd punish ordinary citizens while criminals used other, un-backdoored tools, or simply move their communications to other jurisdictions."

Somehow, the Australian government, which can afford to pay any number of consultants steep fees, cannot find a man with the simple common sense that someone like Sulston has. Or is that because the kind of logic that Sulston dishes out would mean that Turnbull would be unable to bloviate as he has in the exclusive interview mentioned at the start of this piece?

Sulston was asked what was the best option for governments in the existing scenario. Pat came the answer: "Governments need to realise the limitations of technology encryption tools are either broken or not. They cant be compromised just for intelligence agencies and no-one else. There is a huge gap where our society has gone digital and our government has failed to understand what this means."

Unlike our good Prime Minister, Sulston also knows his limitations as a technologist. "Im not a legal or security expert, so I dont have strong (or relevant!) opinions on how governments should tackle terrorism," he confessed.

"But I do believe that their efforts to do so need to remain within the boundaries set by existing laws, including the Universal Declaration of Human Rights."

Turnbull would do well to contemplate the fact that the whole debate about encryption was brought to the fore by the US National Security Agency. Its blanket surveillance of Americans was exposed in 2013 by one Edward Snowden and this led US companies to do everything possible to convince their customers that their data was safe.

Microsoft went so far as to set up a data centre in Germany where it would not be subject to the remit of US laws.

Encryption is built into products like WhatsApp for a reason the owners, in this case Facebook, want to attract more and more people with the selling point being that whatever they say is secure.

Try asking companies which are making billions hand over fist by offering such apps free, to cut back on encryption.

Empty promises can be made some of the time, but even Turnbull, who probably holds the record for the use of the words "innovative" and "agile" in recent times, should realise that you cannot blow hot air on encryption all the time and expect people not to become cynical as to the motives behind such talk.

Visit link:
Encryption: Turnbull continues his Man of La Mancha ways - iTWire

Street art by Banksy near Hyde Park, London. Credit: David Maddison/Flickr. Some rights reserved.The Five Eyes is a surveillance partnership of intelligence agencies consisting of Australia, Canada, New Zealand, the United Kingdom, and the United States. According to a joint communique issued after the meeting, officials discussed encryption and access to data. The communique states that encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism.

In the letter organized by Access Now, CIPPIC, and researchers from Citizen Lab, 83 groups and security experts wrote, we call on you to respect the right to use and develop strong encryption. Signatories also urged the members of the ministerial meeting to commit to allowing public participation in any future discussions.

Read the full letter here.

Security experts and cryptographers are as united in their views on encryption as scientists are on climate change.

Massive surveillance operations conducted by the Five Eyes partnership inherently put the human rights of people around the world at risk. The joint communique commits to human rights and the rule of law, but provides no detail as to how these powerful, secretive spy agencies plan to live up to those commitments. We call for public participation and meaningful accountability now; otherwise, those commitments are empty. Amie Stepanovich, U.S. Policy Manager at Access Now

Our political leaders are putting people around the world at greater risk of crime when they call for greater powers to weaken our digital security. Security experts and cryptographers are as united in their views on encryption as scientists are on climate change. Politicians need to listen to them before they make decisions that could put us all at risk. Jim Killock, ORG

Attempting to undermine the free use and development of strong encryption technology is not only technologically misguided, it is politically irresponsible. Both law enforcement and intelligence agencies have access to more dataand more powerful analytical toolsthan ever before in human history. Measures that undermine the efficacy or public availability of encryption will never be proportionate when weighed against their profound threat to global human rights: encryption is essential to the preservation of freedom of opinion, expression, dissent, and democratic engagement. Without it, meaningful privacy, trust, and safety in the digital sphere would not be possible. Lex Gill, Research Fellow, Citizen Lab, Munk School of Global Affairs

Encryption protects billions of ordinary people worldwide from criminals and authoritarian regimes. Agencies charged with protecting national security shouldnt be trying to undermine a cornerstone of security in the digital age. Cynthia Wong, Senior Internet Researcher, Human Rights Watch

Encryption is used by governments, businesses, and citizens alike to secure communications, safeguard personal information, and conduct business online. Deliberately weakening encryption threatens the integrity of governance, the safety of online commerce, and the interpersonal relationships that compose our daily lives. We must not sacrifice our core values to the threat of terrorism: the solution to such threats must entail better protecting our basic rights and the technologies that advance them. Christopher Parsons, Research Associate and Managing Director of the Telecom Transparency Project at the Citizen Lab, Munk School of Global Affairs

Encryption is a necessary and critical tool enabling individual privacy, a free media, online commerce and the operations of organisations of all types.

Calls to undermine encryption in the name of national security are fundamentally misguided and dangerous. Encryption is a necessary and critical tool enabling individual privacy, a free media, online commerce and the operations of organisations of all types, including of course government agencies. Undermining encryption therefore represents a serious threat to national security in its own right, as well as threatening basic human rights and the enormous economic and social benefits that the digital revolution has brought for people across the globe. Jon Lawrence, EFA

Assurances of strong encryption not only benefit civil liberties and privacy, but the economy as well. A vibrant and dynamic internet economy is only possible if consumers and users trust the environment in which theyre conducting business. While law enforcement and intelligence services have legitimate concerns over their ability to access data, those concerns need to be balanced with the benefits encryption provides to average users transacting in cyberspace. A strong Internet economy, buttressed by the trust that encryption produces, is vital to national interests around the globe. National policies should support and defend, not weaken and abridge, access to encryption. Ryan Hagemann, Niskanen Center

The strength of the tools and techniques that our government and members of the public have and use to secure our nation and protect our privacy is of significant public interest. Transparency and accountability around a nations policy regarding the use of encryption is a bedrock importance in a democracy, particularly given the potential of backdoors to put billions of online users at greater risk for intrusion, compromise of personal data, and breaches of massive consumer or electoral databases. The democracies in the Five Eyes should be open and accountable to their publics about not only the existence of these discussions but their content, removing any gap between what is being proposed and the consent of those governed by those policies. Alex Howard, Sunlight Foundation

Encryption is a vital tool for journalists, activists, and everyone whose lives and work depend on using the internet securely. It allows reporters to protect their confidential sources from reprisal, and to fearlessly pursue stories that powerful actors dont want told. It offers protection from mortal danger for dissidents trying the communicate under repressive regimes. Undermining the integrity of encryption puts lives at risk, and runs directly counter to the mandate of the Five Eyes Signals Intelligence agencies to keep their citizens safe. Tom Henheffer, Executive Director, Canadian Journalists for Free Expression

The answer to concerns on going dark is to help bring our law enforcement and counterterrorism officials into the future, not send encryption to the past. We hope to hear back from the Five Eyes that they were looking for how to adapt to digital security measures, not break them to the detriment of everyday Americans and our national security. As Five Eyes leaders work on a strategy to protect against cyberattacks, it is important to have a transparent process and cooperation between governments and civil society without stifling innovation or weakening other parts of security. Austin Carson, Executive Director, TechFreedom

Strong encryption is essential for modern society. Broken technologies undermine commerce, security, and human rights. Jeramie Scott, EPIC

Any attempt by the U.K. government to attack encrypted messengers would be nothing less than an attack on the right to a private conversation.

Any attempt by the U.K. government to attack encrypted messengers would be nothing less than an attack on the right to a private conversation. Far from making the internet safer, by undermining the technology that protects everything from our bank accounts to our private conversations, governments around the world are putting us all at risk. Transparency is vital around any coordinated plans that could jeopardize both our security and our rights. Silkie Carlo, Policy Officer, Liberty

We increasingly rely on a secure internet for work, personal relationships, commerce, and politics. While we support justifiable lawful intercept with appropriate oversight, we dont think we should be seriously weakening the security of the internet to achieve it. Attempts to weaken encryption will do more damage to our society and our freedom than the possible threats its meant to be protecting us from. Thomas Beagle, Chairperson, NZ Council for Civil Liberties

All sensitive personal data must be encrypted as a matter of human rights to privacy, especially health data, i.e., all information about our minds and bodies, wherever it exists. Today health data is the most valuable personal data of all, the most attractive to hackers, and the most sold and traded by the massive, hidden global health data broker industry. Dr. Deborah Peel, Patient Privacy Rights

We lock our devices for good reason. Introducing backdoors weakens security and violates our right to privacy. The very existence of backdoors means unwelcome guests will come knocking. Linda Sherry, Director of National Priorities, Consumer Action

Originally posted here:
Shielding data from the "five eyes": we need to stand up for ... - Open Democracy