Skype to give more user information to police

By CRAIG TIMBERG | WASHINGTON POST | JULY 26, 2012

Skype, the online phone service long favored by political dissidents, criminals and others eager to communicate beyond the reach of governments, has expanded its cooperation with law enforcement authorities to make online chats and other user information available to police, said industry and government officials familiar with the changes.

Surveillance of the audio and video feeds remains impractical — even when courts issue warrants, say industry officials with direct knowledge of the matter. But that barrier could eventually vanish as Skype becomes one of the world’s most popular forms of telecommunication.

The changes to online chats, which are written messages conveyed almost instantaneously between users, result in part from technical upgrades to Skype that were instituted to address outages and other stability issues since Microsoft bought the company last year. Officials of the United States and other countries have long pushed to expand their access to newer forms of communications to resolve an issue that the FBI calls the “going dark” problem.

Microsoft has approached the issue with “tremendous sensitivity and a canny awareness of what the issues would be,” said an industry official familiar with Microsoft’s plans, who like several people interviewed for this story spoke on the condition of anonymity because they weren’t authorized to discuss the issue publicly. The company has “a long track record of working successfully with law enforcement here and internationally,” he added.

The changes, which give the authorities access to addresses and credit card numbers, have drawn quiet applause in law enforcement circles but hostility from many activists and analysts.

Authorities had for years complained that Skype’s encryption and other features made tracking drug lords, pedophiles and terrorists more difficult. Jihadis recommended the service on online forums. Police listening to traditional wiretaps occasionally would hear wary suspects say to one another, “Hey, let’s talk on Skype.”

Read Full Article →

Your Internet History out in the Open

If you appreciate privacy, anonymity and safety, you are in the wrong universe.

by Daisy Luther
Inalienable Yours
February 15, 2012

What if there was a little box that could be placed in your home that could…..

…. track every Google search that you ran?

…. see who you email?

…. see from whom you receive emails?

…. watch your keystrokes to learn all your passwords?

…. turn on a camera and watch you at any given time?

…. gather information about your likes, dislikes, political affiliations and religious beliefs?

…. dispense all of the above personal data to fusion centers, whose only purpose is to put together profiles of you and your family?

As it turns out, there is such a box, and if you are reading this, you’re on it right now.  You not only voluntarily brought this device into your home, you paid good money for it.  Your computer is spying on you.

The home computer is bar none the greatest information sharing device ever created.  We can study anything our little hearts desire.  We can meet other people anywhere on the globe who have similar interests to us.  We can be kept constantly up to date with news, communication with friends and family and updates to our inboxes about myriad topics.

Unfortunately there is a dark side to having a home computer.  A home computer means that someone else could have constant access to us.

Read Full Article…

 

Internet Dictatorship Begins in Singapore

A “new” system that records every move, stores all passwords and homogenizes software and that will control the net from 3 major hubs.

by John Markoff
NYTimes
June 25, 2011

A small group of Internet security specialists gathered in Singapore this week to start up a global system to make e-mail and e-commerce more secure, end the proliferation of passwords and raise the bar significantly for Internet scam artists, spies and troublemakers.

“It won’t matter where you are in the world or who you are in the world, you’re going to be able to authenticate everyone and everything,” said Dan Kaminsky, an independent network security researcher who is one of the engineers involved in the project.

The Singapore event included an elaborate technical ceremony to create and then securely store numerical keys that will be kept in three hardened data centers there, in Zurich and in San Jose, Calif. The keys and data centers are working parts of a technology known as Secure DNS, or DNSSEC. DNS refers to the Domain Name System, which is a directory that connects names to numerical Internet addresses. Preliminary work on the security system had been going on for more than a year, but this was the first time the system went into operation, even though it is not quite complete.

The three centers are fortresses made up of five layers of physical, electronic and cryptographic security, making it virtually impossible to tamper with the system. Four layers are active now. The fifth, a physical barrier, is being built inside the data center.

The technology is viewed by many computer security specialists as a ray of hope amid the recent cascade of data thefts, attacks, disruptions and scandals, including break-ins at Citibank, Sony, Lockheed Martin, RSA Security and elsewhere. It allows users to communicate via the Internet with high confidence that the identity of the person or organization they are communicating with is not being spoofed or forged.

Internet engineers like Mr. Kaminsky want to counteract three major deficiencies in today’s Internet. There is no mechanism for ensuring trust, the quality of software is uneven, and it is difficult to track down bad actors.

One reason for these flaws is that from the 1960s through the 1980s the engineers who designed the network’s underlying technology were concerned about reliable, rather than secure, communications. That is starting to change with the introduction of Secure DNS by governments and other organizations.

The event in Singapore capped a process that began more than a year ago and is expected to be complete after 300 so-called top-level domains have been digitally signed, around the end of the year. Before the Singapore event, 70 countries had adopted the technology, and 14 more were added as part of the event. While large countries are generally doing the technical work to include their own domains in the system, the consortium of Internet security specialists is helping smaller countries and organizations with the process.

The United States government was initially divided over the technology. The Department of Homeland Security included the .gov domain early in 2009, while the Department of Commerce initially resisted including the .us domain because some large Internet corporations opposed the deployment of the technology, which is incompatible with some older security protocols.

Internet security specialists said the new security protocol would initially affect Web traffic and e-mail. Most users should be mostly protected by the end of the year, but the effectiveness for a user depends on the participation of the government, Internet providers and organizations and businesses visited online. Eventually the system is expected to have a broad effect on all kinds of communications, including voice calls that travel over the Internet, known as voice-over-Internet protocol.

“In the very long term it will be voice-over-I.P. that will benefit the most,” said Bill Woodcock, research director at the Packet Clearing House, a group based in Berkeley, Calif., that is assisting Icann, the Internet governance organization, in deploying Secure DNS.

Secure DNS makes it possible to make phone calls over the Internet secure from eavesdropping and other kinds of snooping, he said.

Security specialists are hopeful that the new Secure DNS system will enable a global authentication scheme that will be more impenetrable and less expensive than an earlier system of commercial digital certificates that proved vulnerable in a series of prominent compromises.

The first notable case of a compromise of the digital certificates — electronic documents that establish a user’s credentials in business or other transactions on the Web — occurred a decade ago when VeriSign, a prominent vendor of the certificates, mistakenly issued two of them to a person who falsely claimed to represent Microsoft.

Last year, the authors of the Stuxnet computer worm that was used to attack the Iranian uranium processing facility at Natanz were able to steal authentic digital certificates from Taiwanese technology companies. The certificates were used to help the worm evade digital defenses intended to block malware.

In March, Comodo, a firm that markets digital certificates, said it had been attacked by a hacker based in Iran who was trying to use the stolen documents to masquerade as companies like Google, Microsoft, Skype and Yahoo.

“At some point the trust gets diluted, and it’s just not as good as it used to be,” said Rick Lamb, the manager of Icann’s Secure DNS program.

The deployment of Secure DNS will significantly lower the cost of adding a layer of security, making it more likely that services built on the technology will be widely available, according to computer network security specialists. It will also potentially serve as a foundation technology for an ambitious United States government effort begun this spring to create a system to ensure “trusted identities” in cyberspace.