Jul 072015

Iain Thomson reports:

With congressional hearings due on Wednesday to discuss US government plans to force tech companies to install backdoors in their encryption systems, some of the leading minds in the security world have published a paper on how, and if, such a system would work.

The authors of the 34-page paper [PDF] read like a who’s who of computer security: they are Whitfield Diffie (who along with Martin Hellman invented public key encryption); crypto guru Bruce Schneier; Ronald Rivest (the R in RSA), Matt Blazer, the killer of the Clipper Chip; Professor Ross Anderson from Cambridge University; and 11 other senior figures in the field.

Read more on The Register.

@EFFLive will be live-tweeting tomorrow morning’s hearing where FBI Director Comey will testify about “going dark.” Read their comments here

Jul 072015

Consider this today’s “must-read” report on surveillance. Cora Currier and Morgan Marquis-Boire report:

Documents obtained by hackers from the Italian spyware manufacturer Hacking Team confirm that the company sells its powerful surveillance technology to countries with dubious human rights records.

Internal emails and financial records show that in the past five years, Hacking Team’s Remote Control System software — which can infect a target’s computer or phone from afar and steal files, read emails, take photos, and record conversations — has been sold to government agencies in Ethiopia, Bahrain, Egypt, Kazakhstan, Morocco, Russia, Saudi Arabia, South Sudan, Azerbaijan, and Turkey. An in-depth analysis of those documents by The Intercept shows Hacking Team’s leadership was, at turns, dismissive of concerns over human rights and privacy; exasperated at the bumbling and technical deficiency of some of its more controversial clients; and explicitly concerned about losing revenue if cut off from such clients.

Read more on The Intercept.

Jul 072015

Dennis Fisher reports:

More than 36 hours after the huge cache of data from Hacking Team’s corporate network was dumped online, researchers are continuing to find surprising bits and pieces in the documents. Among them is evidence that the company had an enterprise developer certificate from Apple, allowing it to develop internal apps, but could not get its malware onto iOS devices.

Read more on Threat Post.

Jul 072015
 July 7, 2015  Breaches, Laws, Non-U.S. No Responses »

Sam Burne James writes:

The Information Commissioner’s Office will investigate potential data and privacy breaches at four large charities and the fundraising agency GoGen after allegations were made in today’s Daily Mail newspaper that the agency was “exploiting loopholes” in the Telephone Preference Service.

The newspaper’s front page today carried the headline “Shamed: Charity cold call sharks”, with a further four pages devoted to the findings of a Mail journalist who spent a fortnight undercover at GoGen’s London call centre. The paper names the four charities accused of TPS breaches as the British Red CrossMacmillan Cancer Support, the NSPCC and Oxfam.

Read more on Third Sector.