Ads 468x60px

Blogger templates

Saturday, July 27, 2013

Feds put heat on Web firms for master encryption keys | Politics and Law - CNET News


Feds put heat on Web firms for master encryption keys

Whether the FBI and NSA have the legal authority to obtain the master keys that companies use for Web encryption remains an open question, but it hasn't stopped the U.S. government from trying.

Large Internet companies have resisted the government's demands for encryption keys requests on the grounds that they go beyond what the law permits, according to one person who has dealt with these attempts.
Large Internet companies have resisted the government's demands for encryption keys requests on the grounds that they go beyond what the law permits, according to one person who has dealt with these attempts.
(Credit: Declan McCullagh)
The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping.
These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.
If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption -- which often appears in a browser with a HTTPS lock icon when enabled -- uses a technique called SSL, or Secure Sockets Layer.
"The government is definitely demanding SSL keys from providers," said one person who has responded to government attempts to obtain encryption keys. The source spoke with CNET on condition of anonymity.
The person said that large Internet companies have resisted the requests on the grounds that they go beyond what the law permits, but voiced concern that smaller companies without well-staffed legal departments might be less willing to put up a fight. "I believe the government is beating up on the little guys," the person said. "The government's view is that anything we can think of, we can compel you to do."
A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would turn over a master key used for Web encryption or server-to-server e-mail encryption, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it."
Google also declined to disclose whether it had received requests for encryption keys. But a spokesperson said the company has "never handed over keys" to the government, and that it carefully reviews each and every request. "We're sticklers for details -- frequently pushing back when the requests appear to be fishing expeditions or don't follow the correct process," the spokesperson said.
Sarah Feinberg, a spokeswoman for Facebook, said that her employer has not received requests for encryption keys from the U.S. government or other governments. In response to a question about divulging encryption keys, Feinberg said: "We have not, and we would fight aggressively against any request for such information."
Apple, Yahoo, AOL, Verizon, AT&T, Time Warner Cable, and Comcast declined to respond to queries about whether they would divulge encryption keys to government agencies.
Richard Lovejoy, a director of the Opera Software subsidiary that operates FastMail, said: "Our interpretation is that we are prohibited by law from releasing our SSL key. In the event that we received such a request, we would refuse, for both legal and ethical reasons." Releasing the SSL key would be nearly "equivalent to allowing interception on all our users, which is clearly illegal," Lovejoy said.
Encryption used to armor Web communications was largely adopted not because of fears of NSA surveillance -- but because of the popularity of open, insecure Wi-Fi networks. The "Wall of Sheep," which highlights passwords transmitted over networks through unencrypted links, has become a fixture of computer security conventions, and Internet companies began adopting SSL in earnest about three years ago.
"The requests are coming because the Internet is very rapidly changing to an encrypted model," a former Justice Department official said. "SSL has really impacted the capability of U.S. law enforcement. They're now going to the ultimate application layer provider."
An FBI spokesman declined to comment, saying the bureau does not "discuss specific strategies, techniques and tools that we may use."
NSA director Keith Alexander, shown here at a Washington, D.C. event this month, has said that encrypted data are "virtually unreadable."
NSA director Keith Alexander, shown here at a Washington, D.C. event this month, has said that encrypted data are "virtually unreadable."
(Credit: Getty Images)
Top secret NSA documents leaked by former government contractor Edward Snowden suggest an additional reason to ask for master encryption keys: they can aid bulk surveillance conductedthrough the spy agency's fiber taps.
One of the leaked PRISM slides recommends that NSA analysts collect communications "upstream" of data centers operated by Apple, Microsoft, Google, Yahoo, and other Internet companies. That procedure relies on a FISA order requiring backbone providers to aid in "collection of communications on fiber cables and infrastructure as data flows past."
Mark Klein, who worked as an AT&T technician for over 22 years, disclosed in 2006 (PDF) that he met with NSA officials and witnessed domestic Internet traffic being "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. Only NSA-cleared technicians were allowed to work on equipment in the SG3 secure room, Klein said, adding that he was told similar fiber taps existed in other major cities.
But an increasing amount of Internet traffic flowing through those fiber cables is now armored against surveillance using SSL encryption. Google enabled HTTPS by default for Gmail in 2010, followed soon after byMicrosoft's Hotmail. Facebook enabled encryption by default in 2012. Yahoo now offers it as an option.
"Strongly encrypted data are virtually unreadable," NSA director Keith Alexander told (PDF) the Senate earlier this year.
Unless, of course, the NSA can obtain an Internet company's private SSL key. With a copy of that key, a government agency that intercepts the contents of encrypted communications has the technical ability to decrypt and peruse everything it acquires in transit, although actual policies may be more restrictive.
One exception to that rule relies on a clever bit of mathematics called perfect forward secrecy. PFS uses temporary individual keys, a different one for each encrypted Web session, instead of relying on a single master key. That means even a government agency with the master SSL key and the ability to passively eavesdrop on the network can't decode private communications.
Google is the only major Internet company to offer PFS, though Facebook is preparing to enable it by default.
Even PFS isn't complete proof against surveillance. It's possible to mount a more advanced attack, sometimes called a man-in-the-middle or active attack, and decode the contents of the communications.
Wired article in 2010 disclosed that a company called Packet Forensics was marketing to government agencies a box that would do precisely that. (There is no evidence that the NSA performs active attacks as part of routine surveillance, and even those could be detected in some circumstances.)
The Packet Forensics brochure said that government agencies would "have the ability to import a copy of any legitimate key they obtain (potentially by court order)." It predicted that agents or analysts will collect their "best evidence while users are lulled into a false sense of security afforded by Web, e-mail or VOIP encryption."
With a few exceptions, even if communications in transit are encrypted, Internet companies typically do not encrypt e-mail or files stored in their data centers. Those remain accessible to law enforcement or the NSA through legal processes.
Leaked NSA surveillance procedures, authorized by Attorney General Eric Holder, suggest that intercepted domestic communications are typically destroyed -- unless they're encrypted. If that's the case, the procedures say, "retention of all communications that are enciphered" is permissible.
Valerie Caproni, who was the FBI's general counsel at the time this file photo was taken, told Congress that the government needs "individualized solutions" when "individuals who put encryption on their traffic."
Valerie Caproni, who was the FBI's general counsel at the time this file photo was taken, told Congress that the government needs "individualized solutions" when "individuals who put encryption on their traffic."
(Credit: Getty Images)
It's not entirely clear whether federal surveillance law gives the U.S. government the authority to demand master encryption keys from Internet companies.
"That's an unanswered question," said Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society. "We don't know whether you can be compelled to do that or not."
The government has attempted to use subpoenas to request copies of encryption keys in some cases, according to one person familiar with the requests. Justice Department guidelines say subpoenas may be used to obtain information "relevant" to an investigation, unless the request is "unreasonably burdensome."
"I don't know anyone who would turn it over for a subpoena," said an attorney who represents Internet companies but has not fielded requests for encryption keys. Even a wiretap order in a criminal case would be insufficient, but a FISA order might be a different story, the attorney said. "I'm sure there's some logic in collecting the haystack."
Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation, challenged the notion that current law hands the government the power to demand master encryption keys. Even with a FISA order for the private key, Opsahl said, the amount of technical assistance that a company must provide to the NSA or other federal agencies "has a limit."
Federal and state law enforcement officials have previously said encrypted communications were beginning to pose an obstacle to lawful surveillance. Valerie Caproni, the FBI's general counsel at the time, told a congressional hearing in 2011, according to a transcript:

Thursday, July 25, 2013

Patrick Brown: Edward Snowden's big misstep, trusting Russia, China - World - CBC News

Patrick Brown: Edward Snowden's big misstep, trusting Russia, China - World - CBC News: 'via Blog this'

Xu Zhiyong had been locked down under house arrest for three months when the police marched through the cordon of security agents surrounding his home last week to charge him with "assembling a crowd to disrupt order in a public place."
Xu is a law professor with a reputation as one of China's most meticulously courteous and law-abiding activists.
His real crime in the eyes of the ruling Communist Party and the security apparatus is not whipping up a crowd while home alone in an apartment surrounded by cops. It is his persistence in arguing that China should be governed by its laws and constitution.
"Of course, if people as moderate and reasonable as me cannot escape being locked up in prison, so be it." Xu wrote about his three days of police interrogation just before his arrest. "It's the misfortune of the Chinese people, and I will surrender myself to my destiny."
Reading Xu's words, I heard echoes of a recording I'd listened to a couple of days before of National Security Agency leaker Edward Snowden.
America's dissident wannabe was staking his claim to the moral high ground as the public address system at Moscow's Sheremetyevo airport boomed out in the background, announcing flight departures he dared not take.
A recent picture of Snowden, made available by Human Rights Watch following a meeting with Russian activists and officials at Sheremetyevo airport in mid-July.A recent picture of Snowden, made available by Human Rights Watch following a meeting with Russian activists and officials at Sheremetyevo airport in mid-July. (Tatyana Lokshina / Reuters)
"A little over one month ago, I had family, a home in paradise, and I lived in great comfort," Snowden said. "I also had the capability without any warrant to search for, seize and read your communications.
"Accordingly, I did what I believed right and began a campaign to correct this wrongdoing,"
Snowden's campaign to tell the world about America's vast electronic spying apparatus has clearly cost him personally.
But it has also become irretrievably confused by his mystifying decision to seek protection first from China, which is remorseless in persecuting people like Xu Zhiyong who dare speak truth to power, and then from Russia, where President Vladimir Putin continues a long history of crushing dissent.
In the process, he has provided not only a rich motherlode of hypocritical propaganda to two of the world's more oppressive regimes, he's also waved four laptops loaded with classified material under their noses.
Michael Hayden, a former director of both the NSA and CIA, and now a "terrorism analyst" for CNN, writes on that network's website that he would "lose all respect for China's Ministry of State Security and Russia's FSB if they have not already fully harvested Snowden's digital data trove."

Lost mystique

Since his statement from somewhere in the bowels of Sheremetyevo, Snowden has largely fallen silent. President Vladimir Putin warned that he would not be granted asylum if he continued to divulge secrets damaging to the U.S.
Once willing to risk his freedom by speaking out against American spying, Snowden is now desperately trying to regain a semblance of it by keeping quiet in exchange for permission to stay a bit longer in Russia while he seeks permanent refuge … somewhere.
His situation could become more precarious if the allies he's shared material with, such as WikiLeaks, resume the torrent of leaks that a Snowden confidante has suggested is being held in reserve.
The fact that the U.S. government has charged Snowden with espionage has severely limited his travel options. Despite the charges, a recent poll shows that most Americans view Snowden as a whistleblower rather than a traitor, by a margin of 55 per cent to 34.
That may change the longer he stays in Russia. Anatoly Kucherena, the Russian lawyer who has been "helping" Snowden with his asylum request and speaking for him, has ties to the Kremlin and to Russia's intelligence service, the FSB.
By comparison, Xu Zhiyong's situation at least has a degree of clarity.
In this particular instance, his offence seems to be agreeing with new President Xi Jinping, whose first few months in office have been marked by a campaign against official "corruption, bureaucratism, hedonism, and extravagance."
As the state's anti-corruption campaign got under way, Prof. Xu began his own campaign for a law requiring officials to disclose their personal assets, knowing that top leaders will never allow public scrutiny of the vast fortunes their families have amassed in recent years.
Russian lawyer Anatoly Kucherena, who has been advising Snowden, said late Wednesday that the American's temporary asylum status in Russia has not been resolved, despite what was previously announced. Russian lawyer Anatoly Kucherena, who has been advising Snowden, said late Wednesday that the American's temporary asylum status in Russia has not been resolved, despite what was previously announced. (Associated Press)
Like Liu Xiaobo, the Nobel Peace Prize laureate serving an 11-year prison term for "inciting subversion to state power", Xu stands in the long tradition of principled opposition to Communist Party misrule.
As Snowden will discover, the power of such prisoners of conscience to move public opinion tends to diminish if ever they leave the country. This is especially true for Chinese dissidents.
Democracy Wall activist Wei Jingsheng, for example, had enormous stature as he soldiered through 17 years of prison for a crime similar to Xu's — asking a Chinese leader to turn words into deeds. (Wei challenged Deng Xiaoping to include democracy in his economic reform program of the 1970s.)
Since agreeing to go to the U.S. in 1997, Wei has become just another exile politician, writing reams of press releases and engaging in arcane disputes with his fellow exiles.
Chen Guangcheng, the blind lawyer who inspired the world with his breathtaking resourcefulness during years of persecution, is also having difficulty adjusting to life in the U.S. since his dramatic escape from China last year (after seeking refuge in the U.S. embassy in Beijing).
Such icons lose their mystique once they leave China. Snowden lost his the minute he tried to go there.

Saturday, July 20, 2013

Splenda: The Artificial Sweetener that Explodes Internally » | ThePeoplesChemist.com

Splenda: The Artificial Sweetener that Explodes Internally » | ThePeoplesChemist.com:

'via Blog this'


Splenda: The Artificial Sweetener that Explodes Internally

By: Shane Ellison, MS
100 Comments  
Print
Sucralose
Agent Orange


If there were a contest for the best example of total disregard for human life the victor would be McNeil Nutritionals – makers of Splenda (sucralose). Manufacturers of Vioxx and Lipitor would tie for a very distant second.
McNeil Nutritionals is the undisputed drug-pushing champion for disguising their drug Splenda as a sweetener. Regardless of its drug qualities and potential for side-effects, McNeil is dead set on putting it on every kitchen table in America. Apparently, Vioxx and Lipitor makers can’t stoop so low as to deceptively masquerade their drug as a candy of sort. There is no question that their products are drugs and by definition come with negative side-effects. Rather than sell directly to the consumer, these losers have to go through the painful process of using doctors to prescribe their dangerous goods. But not McNeil…
A keen student in corporate drug dealing, McNeil learned from aspartame and saccharine pushers that if a drug tastes sweet then let the masses eat it in their cake. First though, you have to create a facade of natural health. They did this using a cute trade name that kind of sounds like splendid and packaged it in pretty colors. Hypnotized, the masses were duped instantly. As unquestionably as a dog humps your leg, millions of diabetics (and non-diabetics) blindly eat sucralose under the trade name Splenda in place of real sugar (sucrose).
Splenda was strategically released on April fools day in 1998. This day is reserved worldwide for hoaxes and practical jokes on friends and family, the aim of which is to embarrass the gullible. McNeil certainly succeeded.
The splendid Splenda hoax is costing gullible Americans $187 million annually. While many people “wonder” about the safety of Splenda they rarely question it. Despite its many “unknowns” and inherent dangers, Splenda demand has grown faster than its supply. No longer do I have to question my faith in fellow Man. He is not a total idiot, just a gullible one. McNeil jokesters are laughing all the way to the bank.
Splenda is not as harmless as McNeil wants you to believe. A mixture of sucralose, maltodextrine and dextrose (a detrimental simple sugar), each of the not-so-splendid Splenda ingredients has downfalls. Aside from the fact that it really isn’t “sugar and calorie free,” here is one big reason to avoid the deceitful mix…Think April fools day:
Splenda contains a potential poison
Splenda contains the drug sucralose. This chemical is 600 times sweeter than sugar. To make sucralose, chlorine is used. Chlorine has a split personality. It can be harmless or it can be life threatening.
In combo with sodium, chlorine forms a harmless “ionic bond” to yield table salt. Sucralose makers often highlight this worthless fact to defend its’ safety. Apparently, they missed the second day of Chemistry 101 – the day they teach “covalent” bonds.
When used with carbon, the chlorine atom in sucralose forms a “covalent” bond. The end result is the historically deadly “organochlorine” or simply: a Really-Nasty Form of Chlorine (RNFOC).
Unlike ionic bonds, covalently bound chlorine atoms are a big no-no for the human body. They yield insecticides, pesticides, and herbicides – not something you want in the lunch box of your precious child. It’s therefore no surprise that the originators of sucralose, chemists Hough and Phadnis, were attempting to design new insecticides when they discovered it! It wasn’t until the young Phadnis accidentally tasted his new “insecticide” that he learned it was sweet. And because sugars are more profitable than insecticides, the whole insecticide idea got canned and a new sweetener called Splenda got packaged.
To hide its dirty origin, Splenda pushers assert that sucralose is “made from sugar so it tastes like sugar.” Sucralose is as close to sugar as Windex is to ocean water.
The RNFOC poses a real and present danger to all Splenda users. It’s risky because the RNFOC confers a molecule with a set of super powers that wreak havoc on the human body. For example, Agent Orange, used in the U.S Army’s herbicidal warfare program, is a RNFOC. Exposure can lead to Hodgkin’s lymphoma and non-Hodgkins lymphoma as well as diabetes and various forms of cancer! Other shocking examples are the war gas phosgene, chlordane and lindane. The RNFOC is lethal because it allows poisons to be fat soluble while rendering the natural defense mechanisms of the body helpless.
A poison that is fat soluble is akin to a bomb exploding internally. It invades every nook and cranny of the body. Cell walls and DNA – the genetic map of human life – become nothing more than potential casualties of war when exposed. Sucralose is only 25% water soluble. Which means a vast majority of it may explode internally. In general, this results in weakened immune function, irregular heart beat, agitation, shortness of breath, skin rashes, headaches, liver and kidney damage, birth defects, cancer, cancer and more cancer – for generations!
McNeil asserts that their studies prove it to be safe for everyone, even children. That’s little assurance. Learning from the Vioxx debacle which killed tens of thousands, we know that studies can be bought and results fabricated.
Some things are worth dying for. Splenda is not one of them. What people think of as a food is a drug or slow poison – little distinction there. It wouldn’t be wise to bet your health on it. If safe, sucralose would be the first molecule in human history that contained a RNFOC fit for human consumption. This fact alone makes sucralose questionable for use as a sweetener, if not instantly detrimental to our health. Only time will tell. Until then, Ill stick to the safe and naturally occurring stevia plant to satisfy my occasional sweet tooth in 2007.
Be forewarned though, as long as drugs can be legally disguised as sweeteners, watch out for drugs being disguised as vitamins…Oh wait, they are already doing that – think Lipitor.
About the Author

Shane "The People's Chemist" Ellison holds master's degree in organic chemistry and is the author of Over-The-Counter Natural Cures (SourceBooks). He's been quoted by USA Today, Shape, Woman's World, US News and World Report, as well as Women's Health and appeared on Fox and NBC as a medicine and health expert. Start living young by signing up for his FREENatural Cures Watchdog below. 

 

Sample text

Sample Text

Sample Text