uruknet.info
  اوروكنت.إنفو
     
    informazione dal medio oriente
    information from middle east
    المعلومات من الشرق الأوسط

[ home page] | [ tutte le notizie/all news ] | [ download banner] | [ ultimo aggiornamento/last update 28/08/2019 00:45 ] 103640


english italiano

  [ Subscribe our newsletter!   -   Iscriviti alla nostra newsletter! ]  




[103640]



Uruknet on Alexa


End Gaza Siege
End Gaza Siege

>

:: Segnala Uruknet agli amici. Clicka qui.
:: Invite your friends to Uruknet. Click here.




:: Segnalaci un articolo
:: Tell us of an article






A criminal government at work!
The NSA Paid to Steal Your Private Data

Alfredo Lopez

December 25, 2013


As the people of this country, and much of the world, observe the year-end holidays, we can look back on 2013 as the year when any illusion of genuine democracy was dashed by the remarkable revelations about the police-state surveillance that watches us. Last week, we saw a deeply disturbing stroke added to that incrementally developing picture.

In the ever-expanding and groan-provoking saga of the NSA's attack on our privacy, it was revealed that the agency paid a major Internet security firm to insert a flawed encryption formula into the company's software. The news, sparked by leaks from Edward Snowden and first reported by Reuters [1], raises serious questions about the security of popular encryption programs and indicates that the U.S. government was consciously involved in massive and very destructive fraud.

 RSA's logoThe Accomplice: RSA's logo

The revelations indicate that the NSA paid $10 million to RSA, one of the most prominent encrytion software companies in the world, to include the NSA's own encryption formula in a very popular and heavily used encryption product called "Bsafe". While Bsafe offers several encryption options, the default option (the one you use if you don't specifically choose any) is the NSA's own code.

The massive attack on encryption by the NSA has been reported before but this recent revelations about payments made demonstrate an intentionality to defraud and a complete disregard for the law, honesty and people's rights. RSA offered a partial and fairly weak statement [2] of defense. The NSA has yet to comment.

"Encryption" is a computerized function, ubiquitous on the Internet, that scrambles data so it can't be read unless the reader has a "key", a small piece of computer code that the encryption program uses to "decrypt" the data and render it readable. Some of us use it to encrypt email, do Internet chat or voice-over-IP communications (an Internet telephone protocol). Most of us have probably used it to send data like credit card numbers when we purchase something. It's the thing that makes private communications on the Internet private.

Nothing revealed indicates that encryption itself doesn't work. In fact, the NSA's attack on encryption is proof of strong encryption's usefulness and security. The agency didn't "crack" encryption; it apparently can't. Rather it developed its own, faulty encryption code that allowed it to read data encrypted using that code. Then it paid RSA to use that code in its products. To understand how this works, we have to understand RSA standard encryption.

The fact that it's called RSA encryption shows how prominent the products of this company are. RSA encryption uses a two-key system. When you start working with the encryption program, it generates your public key (a string of numbers and letters) and an accompanying "private key". You let everyone know your public key; mine is on my business card. You *never* let anyone know your private key.

If I want to send you an encrypted message, I get your public key and use software that will encrypt the data using that key -- encryption software lets me keep a library of people's public keys so it can do the encryption automatically. You receive what I sent and then apply your private key (which is stored on your server or computer) to decrypt the data and read it. All of this happens in seconds and it is absolutely foolproof -- unless, of course, the company that made the software uses a key generating method that allows it to decrypt the message without having anyone's private key.

It's like building door locks that can all be opened with a special key. That's what the NSA designed and it paid RSA to include that "backdoor" in its software and offer that version of the encryption scheme as the default on its Bsafe programs.

What's disturbing is that millions of computers use Bsafe (and many more use some RSA-based encryption method). What is even more disturbing is that many of the programs that use "Bsafe" are for Androids and other cell phones: devices rapidly becoming the information device of choice for many people all over the world. But what's most disturbing is that this piece of technological flim-flam may not be limited to Bsafe or even to RSA programs. Other companies that build widely-used encryption include Symantec, McAfee, and Microsoft and experts now suspect the NSA may have bribed them as well.

"You think they only bribed one company in the history of their operations?" asked Bruce Schneier, one of the world's premier information security experts [3]. "What's at play here is that we don't know who's involved. You have no idea who else was bribed, so you don't know who else you can trust."

The NSA has frequently said its only purpose in data capture and analysis is to catch criminals and terrorists. Most Americans would consider that a legitimate, even laudatory, goal of law enforcement. But when you capture information on everyone to catch the criminal, law enforcement is operating like a police state. Captured information is usually stored and having information on everyone's communications is against the law and there's a reason for that. When a government decides that legal activity you're involved in is now illegal, it can use that data to repress that activity and the history of governments is that they will frequently declare illegal such activities as organizing against their policies.

That's why the Constitution stricty forbids this type of data gathering under the First and Fourth amendments: the states that united to approve the constitution didn't trust a central government with the power to intrusively and massively gather information on its citizens.

The use of encryption means that the intent of the data exchange, particularly with email, is to be private. People speak to each other in privacy all the time and nobody would argue that a private communication means that there is illegal activity. Moreover, privacy is our right and why we go private is not the business of anyone but the people we are speaking with privately. It's certainly not the government's business. In fact, this concept of "privacy" has long been a pillar of Internet communications which is why encryption programs are so popular on-line.

But this a step beyond the "capture all information" programs the NSA has admitted to and been sharply criticized for: the subject of the recent report by the Presidentĺs Review Group on Intelligence and Communications Technologies [4] that found that the NSA had "over-stepped" its mandate and rights.

Devising a fraudulent system of encryption, building a back-door into it and then paying companies to offer this to the public as a fool-proof, default assurance of privacy is hardly over-stepping. It's a conscious, cynical, fraudulent and extremely dangerous attack on the principle of Internet privacy, reflecting our government's complete disdain for our rights.

It also demonstrates the dangers of relying on corporate-developed encryption when there are several free and open source alternatives costing nothing and involving the work of developers whose only purpose is their commitment to a free Internet. Brad Chacos of PC World wrote an article last September [5] with several excellent suggestions but finding solutions is really a matter of doing Internet searches for this. Using those solutions now becomes not a choice but a necessity.



Source





:: Article nr. 103640 sent on 26-dec-2013 18:15 ECT

www.uruknet.info?p=103640



:: The views expressed in this article are the sole responsibility of the author and do not necessarily reflect those of this website.

The section for the comments of our readers has been closed, because of many out-of-topics.
Now you can post your own comments into our Facebook page: www.facebook.com/uruknet




Warning: include(./share/share2.php): failed to open stream: No such file or directory in /home/content/25/8427425/html/vhosts/uruknet/colonna-centrale-pagina-ansi.php on line 385

Warning: include(): Failed opening './share/share2.php' for inclusion (include_path='.:/usr/local/php5_6/lib/php') in /home/content/25/8427425/html/vhosts/uruknet/colonna-centrale-pagina-ansi.php on line 385



       
[ Printable version ] | [ Send it to a friend ]


[ Contatto/Contact ] | [ Home Page ] | [Tutte le notizie/All news ]







Uruknet on Twitter




:: RSS updated to 2.0

:: English
:: Italiano



:: Uruknet for your mobile phone:
www.uruknet.mobi


Uruknet on Facebook






:: Motore di ricerca / Search Engine


uruknet
the web



:: Immagini / Pictures


Initial
Middle




The newsletter archive




L'Impero si è fermato a Bahgdad, by Valeria Poletti


Modulo per ordini




subscribe

:: Newsletter

:: Comments


Haq Agency
Haq Agency - English

Haq Agency - Arabic


AMSI
AMSI - Association of Muslim Scholars in Iraq - English

AMSI - Association of Muslim Scholars in Iraq - Arabic




Font size
Carattere
1 2 3





:: All events








     

[ home page] | [ tutte le notizie/all news ] | [ download banner] | [ ultimo aggiornamento/last update 28/08/2019 00:45 ]




Uruknet receives daily many hacking attempts. To prevent this, we have 10 websites on 6 servers in different places. So, if the website is slow or it does not answer, you can recall one of the other web sites: www.uruknet.info www.uruknet.de www.uruknet.biz www.uruknet.org.uk www.uruknet.com www.uruknet.org - www.uruknet.it www.uruknet.eu www.uruknet.net www.uruknet.web.at.it




:: This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more info go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.
::  We always mention the author and link the original site and page of every article.
uruknet, uruklink, iraq, uruqlink, iraq, irak, irakeno, iraqui, uruk, uruqlink, saddam hussein, baghdad, mesopotamia, babilonia, uday, qusay, udai, qusai,hussein, feddayn, fedayn saddam, mujaheddin, mojahidin, tarek aziz, chalabi, iraqui, baath, ba'ht, Aljazira, aljazeera, Iraq, Saddam Hussein, Palestina, Sharon, Israele, Nasser, ahram, hayat, sharq awsat, iraqwar,irakwar All pictures

 

I nostri partner - Our Partners:


TEV S.r.l.

TEV S.r.l.: hosting

www.tev.it

Progetto Niz

niz: news management

www.niz.it

Digitbrand

digitbrand: ".it" domains

www.digitbrand.com

Worlwide Mirror Web-Sites:
www.uruknet.info (Main)
www.uruknet.com
www.uruknet.net
www.uruknet.org
www.uruknet.us (USA)
www.uruknet.su (Soviet Union)
www.uruknet.ru (Russia)
www.uruknet.it (Association)
www.uruknet.web.at.it
www.uruknet.biz
www.uruknet.mobi (For Mobile Phones)
www.uruknet.org.uk (UK)
www.uruknet.de (Germany)
www.uruknet.ir (Iran)
www.uruknet.eu (Europe)
wap.uruknet.info (For Mobile Phones)
rss.uruknet.info (For Rss Feeds)
www.uruknet.tel

Vat Number: IT-97475012153