Senate bill draft would prohibit unbreakable encryption

Government attempts to dismantle Internet security

A draft version of a Senate bill would effectively prohibit unbreakable encryption and require companies to help the government access data on a computer or mobile device with a warrant.

The draft is being finalized by the chairman of the Senate Intelligence Committee, Sen. Richard Burr, R-N.C., and the top Democrat, Sen. Dianne Feinstein of California.

Their goal, they said in a statement, is to ensure adherence to any court order that requires helping law enforcement or providing decrypted information. “No individual or company is above the law.”

It was not immediately clear when they would introduce the bill.

Read more


470,000 Vehicles At Risk After Hackers “Take Control & Crash” Jeep Cherokee From A Sofa 10 Miles Away

The on-board Internet connection is a ‘super nice vulnerability’ for hackers

by Zero Hedge | July 22, 2015

In what is being called “the first of its kind,” reports that hackers, using just a laptop and mobile phone, accessed a Jeep Cherokee’s on-board systems (via its wireless internet connection), took control and crashed the car into a ditch from 10 miles away sitting on their sofa. As The Telegraph details, the breach was revealed by security researchers Charlie Miller, a former staffer at the NSA, and Chris Valasek, who warned that more than 470,000 cars made by Fiat Chrysler could be at risk of being attacked by similar means. Coming just weeks after the FBI claimed a US hacker took control of a passenger jet he was on in the first known such incident of its kind, the incident shows just how vulnerable we are to modern technology.

As The Telegraph reports, the hackers (security experts) worked with Andy Greenberg, a writer with tech website, who drove the Jeep Cherokee on public roads in St Louis, Missouri

In his disturbing account Greenberg described how the air vents started blasting out cold air and the radio came on full blast when the hack began.

The windscreen wipers turned on with wiper fluid, blurring the glass, and a picture of the two hackers appeared on the car’s digital display to signify they had gained access.

Greenberg said that the hackers then slowed the car to a halt just as he was getting on the highway, causing a tailback behind him – though it got worse after that.

He wrote: ‘The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.

‘The researchers say they’re working on perfecting their steering control – for now they can only hijack the wheel when the Jeep is in reverse.

‘Their hack enables surveillance too: They can track a targeted Jeep’s GPS coordinates, measure its speed, and even drop pins on a map to trace its route.’

The hack was possible thanks to Uconnect, the Internet connected computer feature that has been installed in fleets of Fiat Chrysler cars since late 2013.

It controls the entertainment system, deals with navigation and allows phone calls.

The feature also allows owners to start the car remotely, flash the headlights using an app and unlock doors.

But according to Miller and Valasek, the on-board Internet connection is a ‘super nice vulnerability’ for hackers.

All they have to do is work out the car’s IP address and know how to break into its systems and they can take control.

In a statement to Fiat Chrysler said:

“Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorised and unlawful access to vehicle systems.

‘We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities. However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.”

Encryption: What The FBI Wants It Can Only Have By Destroying Computing And Censoring The Internet

Feds attempt to destroy privacy nationwide
Encryption: What The FBI Wants It Can Only Have By Destroying Computing And Censoring The Internet

Image Credits: ter-burg, Flickr.

by Tim Cushing | Tech Dirt | May 6, 2015

The FBI — and by extension, every law enforcement agency it partners with — wants holes carved in cellphone encryption. The problem is that it doesn’t even know what specifically it wants.

When asked directly if the FBI wants a backdoor, [Amy] Hess [Asst. Director of FBI’s Science & Technology branch] dodged the question and did not describe in detail what actual solution the FBI is seeking.

“We are simply asking for information that we seek in response to a lawful order in a readable format,” Hess responded, while also repeating that the Bureau supports strong encryption. “But how that actually happens should be the decision of the provider.”

When pressed again, Hess said that it would be okay for the FBI not to have a key to decrypt data, if the provider “can get us that information by maintaining the key themselves.”

That’s asking the impossible — for a great many reasons. First and foremost, compromised encryption is compromised encryption. It can be exploited by criminals and other unwanted entities just as certainly as it can assist law enforcement agencies in obtaining the information they’re seeking. There’s no way around this fact. You cannot have “good guys only” encryption.

But beyond that, even if the FBI manages to get what it wants, it will do so at the expense of general computing. Requiring built-in backdoors or key escrow will dismantle the very systems it’s meant to access. Computer scientist Jonathan Mayer delivers a long, detailed hypothetical involving the Android platform and how the FBI’s desired access would fail — and do severe collateral damage — every step of the way. (via Boing Boing)

First off, if Google gives the FBI the backdoors it wants, that only nails down Google. But Google also distributes thousands of third-party apps through its Play store. And these apps may not contain the subverted encryption the FBI is looking for. Now, Google has to be in the business of regulating third-party apps to ensure they meet the government’s standard for compromised encryption.

The obvious answer is that Google can’t stop with just backdooring disk encryption. It has to backdoor the entire Android cryptography library. Whenever a third-party app generates an encrypted blob of data, for any purpose, that blob has to include a backdoor.

This move may work, but it only affects apps using Google’s encryption. Other offerings may rely on other encryption methods. Then what? It has a few options, all of them carrying horrendous implications.

One option: require Google to police its app store for strong cryptography. Another option: mandate a notice-and-takedown system, where the government is responsible for spotting secure apps, and Google has a grace period to remove them. Either alternative would, of course, be entirely unacceptable to the technology sector—the DMCA’s notice-and-takedown system is widely reviled, and present federal law (CDA 230) disfavors intermediary liability.

At this point, Mayer suggests the “solution” is already outside the realm of political feasibility. Would the FBI really push this far to obtain encryption backdoors? The FBI itself seems unsure of how far it’s willing to go, and many officials quoted (like the one above) seem to think all the FBI really needs to do is be very insistent on this point, and techies will come up with some magical computing solution that maintains the protective qualities of encryption while simultaneously allowing the government to open the door and have a look around any time it wants to.

So, if the FBI is willing to travel this very dark road littered with an untold amount of collateral damage, it still hasn’t managed to ensure the phones it encounters will open at its command. Considering phone users could still acquire apps from other sources, the government’s reach would only extend as far as the heavily-policed official app store (and other large competitors’ app stores). Now what? More government power and less operational stability.

The only solution is an app kill switch. (Google’s euphemism is “Remote Application Removal.”) Whenever the government discovers a strong encryption app, it would compel Google to nuke the app from Android phones worldwide. That level of government intrusion—reaching into personal devices to remove security software—certainly would not be well received. It raises serious Fourth Amendment issues, since it could be construed as a search of the device or a seizure of device functionality and app data. What’s more, the collateral damage would be extensive; innocent users of the app would lose their data.

Even if the government were willing to take it this far, it still doesn’t eradicate apps that it can’t crack. (But it may be sufficient to only backdoor the most used apps, which may be all it’s looking to achieve…) App creators could decide to avoid Google’s government-walled garden and mandated kill switch by assigning random identifiers and handling a majority of the app’s services (like a messaging service, etc.) via a website, out of reach of app removal tools and government intervention. To stop this, the US government would need to do the previously unimaginable:

In order to prevent secure data storage and end-to-end secure messaging, the government would have to block these web apps. The United States would have to engage in Internet censorship.

Robert Graham at Errata Security makes similar points in his post on the subject, but raises a couple of other interesting (in the horrific train wreck meaning of the word) points. While the government may try to regulate the internet, it can’t (theoretically) touch services hosted in foreign countries. (Although it may soon be able to hack away at them with zero legal repercussions…)

Such services could be located in another country, because there are no real national borders in cyberspace. In any event, such services aren’t “phone” services, but instead just “contact” services. They let people find each other, but they don’t control the phone call. It’s possible to bypass such services anyway, by either using a peer-to-peer contact system, or overloading something completely different, like DNS.

Like crypto, the entire Internet is based on the concept of end-to-end, where there is nothing special inside the network that provides a service you can regulate.

The FBI likely has no desire to take its fight against encryption this far. The problem is that it thinks its “solution” to encryption is “reasonable.” But it isn’t.

The point is this. Forcing Apple to insert a “Golden Key” into the iPhone looks reasonable, but the truth is the problem explodes to something far outside of any sort of reasonableness. It would mean outlawing certain kinds of code — which is probably not possible in our legal system.

The biggest problem here is that no one arguing for “golden keys,” key escrow, “good guy” backdoors, etc. seems to have any idea what implementing this could actually result in. They think it’s just tech companies sticking it to The Man, possibly because a former NSA sysadmin went halfway around the world with a pile of documents and a suitcase of whistles with “BLOW ME” printed on the side.

But it isn’t. And their continual shrugged assertion that the “smart guys” at tech companies will figure this all out for them is not only lazy, it’s colossally ignorant. There isn’t a solution. The government can’t demand that companies not provide encryption. It’s not willing to ban encryption, nor is it in any position to make that ban stick. It doesn’t know what it needs. It only knows what it wants. And it can’t have what it wants — not because no one wants to give it to them — but because no one can give it to them.

Yes, many tech companies are far more wary of collaborating with the government in this post-Snowden era, but in this case, the tech world cannot give the FBI what it wants without destroying nearly everything surrounding the “back door.” And continually trotting out kidnappers, child porn enthusiasts and upskirt photographers as reasons for breaking cell phone platforms doesn’t change the fact that it cannot be done without potentially harming every non-criminal phone owner and the services they use.

You May Never Trust Another Repairman After Reading About This Stunning FBI Sting

Written by: Daniel Jennings Current Events 1 Comment Print This Article Print This Article

Image source: HuffingtonPost

FBI agents violated the Fourth Amendment by turning off the Internet and then pretending to be repairmen to enter an alleged bookie’s hotel suite and search computers without a warrant, a federal judge has ruled.

US District Judge Andrew P. Gordon also ruled that it is unconstitutional for agents to cut off Internet service without a warrant.

“They were trying everything they could to get inside without a warrant,” attorney Thomas Goldstein said of FBI agents in an interview with the Associated Press.

Goldstein represents Wei Seng Phua and a number of other men accused of running an illegal online sports book out of villas at the Caesars Palace Casino in Las Vegas.

In his opinion, Golden said the case “tests the boundaries of how far the government can go when creating a subterfuge to access a suspect’s premises.”

Learn How To Become Invisible In Today’s Surveillance State!

“Here, the government disrupted the Internet service to the defendant’s hotel room in order to generate a repair call. Government agents then posed as repairmen to gain access to the defendant’s room and conduct a surreptitious search for evidence of an illegal sports betting operation,” Gordon wrote. “By creating the need for a third party to enter defendant’s premises and then posing as repairmen to gain entry, the government violated the defendant’s Fourth Amendment rights.”

The Fourth Amendment protects “the right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures,” Gordon wrote, ordering the evidence collected not be considered in determining the man’s guilt or innocence.

The evidence was collected during a joint investigation by the FBI and the Nevada Gambling Control Board (NVGCB) in the summer of 2014. The two agencies received a tip that Phua and other guests were taking online bets on World Cup Soccer.

Hotel workers reportedly saw what looked like an illegal bookie operation set up in Phua’s high roller villa.

Warrantless Searches

To get into the Villa, the FBI and NVGCB recruited Mike Wood, the owner of Wood Telemanagement & Solutions, the company that maintains the DSL service at Caesars. Wood agreed to help the FBI by cutting off Internet service and letting two of its agents poise as his employees. The two had no warrant and they were wearing recording devices.

“The ruse’s only purpose was to gain entry into villa 8882 and gather evidence without a warrant,” Gordon wrote of the agents’ behavior.

In the villa, an NVGCB agent named Ricardo Lopez and the FBI agent saw Phua and another man sitting at computers looking at sports betting sites. After leaving the villa, Lopez and the FBI applied for warrants to search the villa. The application for the warrants was based on information gathered during the warrantless search. The FBI later raided the villas and arrested Phua and his associates.

Phua only learned of the warrantless search when details of it were entered as evidence at a federal trial.

Do you agree with the judge’s ruling? What do you think about the case? Share your thoughts in the section below:


FCC cherry picking existing laws for cable, radio & broadband to regulate Internet
Image Credits: C-Span (Public Domain)

The FCC is combining several separate sections of telecommunications law developed for radio, cable TV and broadband access for a regulatory takeover of the Internet, according to its 400-page report released Thursday.

The agency is going to regulate the Internet like broadcast radio and television through a patchwork of telecommunications laws which were developed not only separately of each other but also in different decades.

“We ground the open Internet rules we adopt today in multiple sources of legal authority – Section 706, Title II and Title III of the Communications Act [of 1934],” page 120 of the 400-page FCC report states.

But what are these statues? Here’s a quick breakdown:

Section 706, Broadband Internet Regulation and Access, of the Telecommunications Act of 1996
Title II, Common Carrier Regulations of the Communications Act of 1934
Title III, Broadcast Station Requirements of the Communications Act of 1934
We already knew the FCC was reclassifying Internet Service Providers as “common carriers” under Title II regulations developed in 1934, but the agency is also invoking the regulatory frameworks created for broadcast radio and television stations under Title III and for “Internet broadband services” under Section 706 of the Telecommunications Act of 1996.

The FCC is claiming jurisdiction over the Internet by cherry picking existing regulations and combining them into new authority.

Section 706 in particular grants the FCC and its state commissions “with regulatory jurisdiction over telecommunications services” under the guise of improving “advanced telecommunications capability to all Americans.”

This section allows the FCC to utilize “price cap regulations” and “measures that promote competition in the local telecommunications market,” i.e. de facto favoritism toward select interest groups.

In other words, the government, not the free market, makes the decisions over broadband access.

But what does the FCC plan on doing with these regulations? Well, many current and former members of the FCC were members of a leftist organization called Free Press and through the group they advocated draconian restrictions placed on the Internet.

For example, the FCC’s former chief diversity officer, Mark Lloyd, co-authored a 2007 report calling for the regulation of political talk radio by limiting free speech on AM and FM stations under the guise of “balanced radio programming,” i.e. a fairness doctrine.

“While progressive talk is making inroads on commercial stations, conservative talk continues to be pushed out over the airwaves in greater multiples of hours than progressive talk is broadcast,” the report stated, oversimplifying politics into a false left/right paradigm. “These empirical findings may not be surprising given general impressions about the format, but they are stark and raise serious questions about whether the companies licensed to broadcast over the public airwaves are serving the listening needs of all Americans.”

Media mogul Mark Cuban was proven right when he said the feds would f*** the Internet up.

Below is an article from RT breaking down other sections of the FCC’s 400-page takeover plan:

FCC outlines net neutrality rules in 400-page report: 5 things you need to know

The Federal Communications Commission on Thursday published a 400-page report containing the open internet rules that the agency’s panel moved to adopt last month in a 5-3 vote hailed as a victory by net neutrality advocates.

The report, the FCC says, “once and for all…puts into place strong, sustainable rules, grounded in multiple sources of our legal authority, to ensure that Americans reap the economic, social and civic benefits of an open Internet today and into the future.”

Want to know what that means, but without wrapping your brain around the report’s 270,000 or so words? We’ve outlined a few key takeaways to help explain the FCC’s latest release.

No blocking

The FCC says that strong rules are required in order to protect consumers against past and potentially future tactics that would threaten the existence of an open internet, and first on the agency’s list is a “no blocking” provision. As one might expect, this rule prohibits internet service providers, or ISPs, from keeping customers from accessing content that isn’t against the law.

“A person engaged in the provision of broadband Internet access service, insofar as such person is so engaged, shall not block lawful content, applications, services or non-harmful devices, subject to reasonable network management,” the FCC says.

In other words, an ISP, such as Comcast or Verizon, for example, can’t take action to keep ordinary customers away from certain websites (or stop them from downloading certain movies or music, for that matter), unless the content in question and the act of obtaining it is otherwise illegal. So while the new rules prohibit ISPs from blocking access to blogs that might be critical of their corporations, web service providers can still take action if a customer is somehow caught downloading illegal content.

“[T]he no-blocking rule only applies to transmissions of lawful content and does not prevent or restrict a broadband provider from refusing to transmit unlawful material, such as child pornography or copyright-infringing materials. We believe that this approach will allow broadband providers to honor their service commitments to their subscribers without requiring a specified level of service to those subscribers or edge providers under the no-blocking rule,” the agency says.

Throughout the report, the FCC notes that, notwithstanding rules such as the “no blocking” provision, certain custodial efforts (or “reasonable network management”) might affect access to the internet. As long as the management is reasonable, however, the FCC says it will find no fault.

No throttling

Similarly, the FCC’s new rules also say that internet providers can’t decide to speed-up and slow-down the delivery to customers of online content at an ISP’s own discretion. Adding to open internet rules adopted by the FCC starting in 2010 (and enforced up until a federal court judge told them otherwise, eventually paving way for the release of this report nearly a half-decade later), the agency says this no throttling rule means ISPs can’t “degrade lawful Internet traffic on the basis of Internet content, application or service, or use of a non-harmful device, subject to reasonable network management.”

“Degrading access to legal content and services can have the same effect as blocking and will not be permitted,” reads a portion of this week’s report.

According to the FCC, “the ban on throttling is necessary both to fulfill the reasonable expectations of a customer who signs up for a broadband service that promises access to all of the lawful Internet, and to avoid gamesmanship designed to avoid the no-blocking rule by, for example, rendering an application effectively, but not technically, unusable.”

“With the no-throttling rule, we ban conduct that is not outright blocking, but inhibits the delivery of particular content, applications or services, or particular classes of content, applications or services.”

Once again, though, illegal content isn’t covered by the FCC’s “no throttling” provision, meaning the agency’s new rules won’t stop ISPs from adjusting the connection speeds of customers caught sharing copywrited material, as RT previously reported.

No paid prioritization

Ahead of the FCC’s decision last month to adopt the rules released in this week’s report, a hot topic among commentators watching the debate was whether the agency would allow for paid prioritization; that is, whether ISPs should be able to cut deals with content creators in which the delivery of web traffic, specifically with regards to the speed, could differ depending on how much those content creators chose to pay.

“Paid prioritization occurs when a broadband provider accepts payment (monetary or otherwise) to manage its network in a way that benefits particular content, applications, services or devices,” the FCC says, and allowing for it would indeed enable the creation of “fast lanes” feared by net neutrality advocates.

“To protect against ‘fast lanes,’ this Order adopts a rule that establishes that: A person engaged in the provision of broadband Internet access service, insofar as such person is so engaged, shall not engage in paid prioritization,” reads another one of the FCC’s new rules.

Along with no blocking and no throttling, the FCC says this this provision is one of three “clear, bright-line rules” necessary to preserve net neutrality.

Well, almost no paid prioritization

Yet while paid prioritization and “fast lanes” became a central argument to the net neutrality debate, the FCC has included language in its report that doesn’t outright ban that concept 100 percent. According to the FCC, the ban on paid prioritization may be waived “only if the petitioner demonstrates that the practice would provide some significant public interest benefit and would not harm the open nature of the Internet.”

In order to demonstrate as much, the FCC says that the applicant “must demonstrate that the practice will have some significant public interest benefit,” and explain how it wouldn’t harm the concept of net neutrality.

According to the rules, “An applicant seeking waiver relief under this rule faces a high bar.”

“We anticipate granting such relief only in exceptional cases,” wrote the commissioned.

Regulations won’t restrict law enforcement

Speaking of exceptional cases, the FCC made sure to include language in this week’s report that reiterates the importance of ensuring authorities can bypass open internet protections adopted through the ruling for the sake of law enforcement operations.

“The record is generally supportive of our proposal to reiterate that open Internet rules do not supersede any obligation a broadband provider may have – or limit its ability – to address the needs of emergency communications or law enforcement, public safety, or homeland or national security authorities,” the FCC says. According to the report, broadband providers have obligations under statutes such as the Communications Assistance for Law Enforcement Act (CALEA), the Foreign Intelligence Surveillance Act (FISA) and the Electronic Communications Privacy Act (ECPA) that “could in some circumstances intersect with open Internet protections,” given that access must always be prioritized “in order to coordinate disaster relief and other emergency response efforts, or for other emergency communications.”

“Most commenters recognize the benefits of clarifying that these obligations are not inconsistent with open Internet rules” the FCC says.

Privacy advocates have raised questions in recent years about the scope of laws like CALEA, FISA and ECPA, however, especially given statements from government officials concerning ways in which authorities may rely on certain legislation to conduct online eavesdropping.

RT reported at the time that a Justice Department attorney said in 2013 that the government wants to use CALEA to monitor the online conversations of suspected criminals in real time, and disclosures that same year from former intelligence contractor Edward Snowden revealed that the government uses Section 702 of FISA to authorize digital surveillance on foreign persons – the likes of which, tech experts have argued, has involved exploiting security weaknesses on behalf of the government and, as a result, secretly undermining the protocols meant to protect online activity.

The language in the report doesn’t provide any new powers to law enforcement, but rather clarifies that open internet provisions shouldn’t in any way preclude the authorities’ already established abilities.

Net Neutrality: We Lose Our Rights Because We Give Them Away

Net Neutrality: We Lose Our Liberties Because We Give Them Away
February 28, 2015, by Ken Jorgustin

Quoted from ‘Lionel’ of,

If ever we lose our liberties, if ever we lose our first amendment right to speak, it will be because WE give the rights away. Nobody will take them from us – we will give them away – stupidly. Idiotically. Without so much as a struggle we’ll hand them away, “Here, take them, take our rights, we don’t need them – because we’re stupid”.

The most important thing, number one, in any free society in order to remain free – that’s only accomplished by a free exchange of ideas. The commerce of expression. That’s critical. Anything that impinges upon that, anything that limits that, hurts us all.

The internet. This up until now has been free and unfettered by government and regulation. That has changed because of what Obama’s appointed FCC commissioner’s did two days ago.

The mainstream media in particular have met with not so much as a raised Botoxed eyebrow – of the long-range implications of the FCC’s net neutrality. In case you missed it, the Internet and World Wide Web are now considered a utility under Title II of the Communication Act.

All bets are off.

“Net Neutrality” yet again shows you that it stands for the proposition that Americans will applaud and vote for (and/or accept) anything as long as it has a good label. The Patriot Act, Clean Water, No Child Left Behind, The Affordable Health Care Act, Safety in the Schools Act, – Give it a good name and nobody will question it…

You may find the following video podcast commentary regarding the recent government ‘takeover’ of the internet to be insightful, informative, interesting, enlightening, and perhaps even entertaining…

“The implications are mind boggling. This opens the door to licensure requirements for websites, decency regulation, fairness doctrine applications and worse.”