Gwebs Cryptographer

Last night I was at the Beijing Tweetup and had an interesting conversation with Rebecca MacKinnon and Andrew Lih about NGO and journalist security needs, which got me thinking this morning - NGO’s and Journalists really need an easy-to use-security tool designed to provide them with 100% fail-proof anonymity and security - and MailCloak - our new encryption tool, is perfectly positioned to help them out.

Why is MailCloak positioned to help? Because MailCloak allows you to send email from Yahoo, MSN and Gmail, and protect your messages with strong encryption. Yahoo, MSN and Gmail - are these known for anonymity? Well, maybe they aren’t known for it, but they are great tool because you can create disposable email accounts freely and easily.

Here are the steps, most of which I have previously documented:

1. Setup your proxy connection (and turn it on) to keep your IP address private when accessing services you wish to remain anonymous
2. Create a new free, disposable Gmail, Yahoo! Mail or MSN Live Hotmail account. Remember, don’t use any real personal information.
3. Download and install MailCloak on your computer, and have your contact do the same.
4. Exchange public keys and test MailCloak by sending trivial messages to make sure they go through encrypted. Only send important information after testing the encryption.

That’s it!

Security, email, email encryption, encryption, government Anonymous, email, NGO, proxy, Security

My computer is every hacker’s dream: chock-full of personal information that can be used in deliciously evil ways. Stored on my hard drive are electronic copies of my passport, previous tax returns, and a plethora of other files that contain sensitive information. If accessed, this information would allow someone to easily steal my identity or worse.

Thankfully, I encrypt those files (meaning the only person who has access to them is me). I am the only person that knows the encryption password (sometimes called a passphrase) used to decrypt my files for viewing. Without the password, the files cannot be accessed.

Hackers and personal information aside, let’s pretend the files I encrypted contain incriminating information. Hypothetically speaking, could someone use the law to force me to divulge my encryption password so they could access my files?

Read more…

email, encryption, government, law, passphrases, privacy 5th amendment, encryption, law, password

Cnet.com is running a news article on our fifth amendment rights entitled “Judge: Man Can’t be Forced to Divuldge Passphrase.” I thought this was noteworthy because, as I argued just last week, being forced to reveal passkeys is tantamount to self-incrimination.

encryption, government, law, passphrases, passwords

One of the reasons we (yes, it’s a we now) at the Cryptographer are in this business is because we get to laugh at the messes we ourselves will never get into. Take, for example, Guo Li, a Hangzhou lawyer whose email was inadvertently “hung out to dry” online by Baidu (China’s search giant) and WanWang (one of China’s largest hosting providers). He sued for 1,000,000RMB (around $120,000), and the results speak for themselves.

I have translated the following article specifically for this blog.

Private Emails “Hung Out to Dry” for a Month, Victim Sues Baidu for
Violation of Privacy.
8-12-2007 3:35 A.M., Beijing Morning Post
After his private emails hosted in a Baidu (百度) account were posted online for more than a month, Hangzhou lawyer Guo Li (郭力) decided to sue Baidu Inc. and email services provider WanWang (万网) for 1,000,000 yuan in damages, claiming his communication privacy rights were violated. A judgment will be issued tomorrow at the Haidian District Court on this so-called “national precedent-setting email privacy case.” Guo Li stated at the conclusion of the trial, “It’s entirely possible to look into other people’s inboxes online, I’ve searched the information myself. This won’t be the last trial of this type.”

Read more…

Security, email, encryption, government, law, personal, privacy Baidu, email, email server, Internet Security, law, lawyer, privacy, search engine, Wanwang, 万网, 晒, 海淀区, 百度, 郭力, 金道律师事务所

Two news stories caught my attention this weekend. The first, “Wider Spying Fuels Aid Plan For Telecom Industry,” [NyTimes.com] is a great article describing the state of the NSA wiretapping investigation.  Most of my readers will have heard of the secret room at AT&T’s San Franscisco offices, which was built to mirror ALL of the data going into and out of AT&T. But the reporter for this excellent article turns up a ton of new information.

The N.S.A.’s reliance on telecommunications companies is broader and deeper than ever before, according to government and industry officials, yet that alliance is strained by legal worries and the fear of public exposure.

To detect narcotics trafficking, for example, the government has been collecting the phone records of thousands of Americans and others inside the United States who call people in Latin America…. The program dates to the 1990s, according to several government officials, but it appears to have expanded in recent years.

Terror, the government’s (not very good) excuse for renegigng on the 4th amendments promises of personal security, has nothing to do with drug trafficking.

In addition the article points to some further previously unknown facets of the government’s spying. A dedicated fiber optic cable mirroring all of Verizon’s traffic appears to have been uncovered during lawsuit depositions.

[what the accusing Verizon employee saw] “was decisive evidence that within two weeks of taking office, the Bush administration was planning a comprehensive effort of spying on Americans’ phone usage.”

The same lawsuit accuses Verizon of setting up a dedicated fiber optic line from New Jersey to Quantico, Va., home to a large military base, allowing government officials to gain access to all communications flowing through the carrier’s operations center. In an interview, a former consultant who worked on internal security said he had tried numerous times to install safeguards on the line to prevent hacking on the system, as he was doing for other lines at the operations center, but his ideas were rejected by a senior security official.

It doesnt say why his safeguards were rejected, but if the government is viewing all our telecommunications, that is bad enough - if they are negligently making that information available hackers, that is an even grater cause of concerns.

Security, government, law, privacy at&t, government, NSA, ny times, privacy, secret room, verizon

Here is an article on law.com titled Think Before You Send that all my readers should take a look at.

From the article

“Don’t put this in writing, but … ” Those are the opening words of an e-mail that got the writer’s company in legal hot water. And there are plenty more where that came from.”

I mean, you must be kidding me. If you don’t want something in writing, don’t write it. And if you write it, encrypt it! Common sense, kiddies!

Security, email, encryption, government, law, privacy email, encryption

Yesterday’s news of Hushmail.com passing information to the US Government is alarming to most people who consider privacy important. We use encryption to protect our privacy against industrial spies, nosy intruders, and hackers; but most importantly, we use encryption to protect ourselves against governments, which are becoming more and more nosey.

Read more…

PGP, Security, email, government, personal, privacy Internet Security, privacy