• Tag Archives encryption

  • Digital Security Tips for Protesters

    Posted on by Azrael Comment

    After the election, individuals took to the streets across the country to express their outrage and disappointment at the result of the U.S. presidential election. Many protesters may not be aware of the unfortunate fact that exercising their First Amendment rights may open themselves up to certain risks. Those engaging in peaceful protest may be subject to search or arrest, have their movements and associations mapped, or otherwise become targets of surveillance and repression. It is important that in a democracy citizens exercise their right to peaceably assemble, and demonstrators should be aware of a few precautions they can take to keep themselves and their data safe. Here we present 10 security tips for protesting in the digital age.

    1. Enable full-disk encryption on your device

    Full-disk encryption ensures that the files across your entire device are encrypted. This is a form of encryption that protects data at rest, as compared to in-transit encryption, which protects data that is transferred over the Internet. Full-disk encryption protects everything from your local database of text messages to the passwords you have stored in your browser. This is useful in case your device is confiscated by police, but also protects you in situations where the device is lost or stolen. Protest situations are often unpredictable, so losing your phone is distinct possibility.

    Recent versions of Android and iOS require full-disk encryption capabilities to be built into devices. These should be protected by a strong password, 8-12 random characters that are nonetheless easy to remember and type in when you unlock your device. If devices are not protected by a strong password, the encryption may be easier to break using a brute force attack.Recent editions of the iPhone have employed specialized hardware to protect against this type of attack, but a complex password is still advisable.

    1. Remove fingerprint unlock

    In the past, iOS and Android used the same password to both boot your phone and to unlock it. Recently, both iOS and Android introduced a mechanism to allow you to unlock your device with your fingerprint. This is a convenient way to ensure that you enjoy the benefits of full-disk encryption without sacrificing convenience. However, in protest situations we suggest you turn this functionality off. A police officer can physically force you to unlock your device with your fingerprint. And as a legal matter, while the state of the law is in flux, there is currently less protection against compelled fingerprint unlocking than compelled password disclosure. You can always add your fingerprint back to the device after you’ve left the protest.

    In iOS, you can disable this by going into Settings -> Touch ID & Passcode and removing each of the fingerprints in this menu.

    In Android, disabling this feature may depend on your device manufacturer. For Nexus devices, go into Settings -> Security -> Nexus Imprint and delete the fingerprints from this menu.

    1. Take photos and videos without unlocking your device

    Catching that perfect shot is something you want to be ready for, and powerful images can help bolster the cause. If you’ve chosen a strong password, entering it into the device takes precious time, and you risk the moment passing before you’re able to take the shot. Luckily, newer versions of iOS and Android allow you to take photos and videos without unlocking your device, giving you the time to capture the moment.

    With Android Nexus devices, double-press the power button.

    At the iOS lock screen, you can swipe to the right.

    1. Install Signal

    Signal is an app available on both iOS and Android that offers strong encryption to protect both text messages and voice calls. This type of protection is called end-to-end encryption, which secures your communications in transit (as discussed in tip #1). Other apps, such as WhatsApp, have implemented underlying cryptography. But we believe Signal is the better option because it implements best practices for secure messaging.

    In addition to encrypting one-to-one communication, Signal enables encrypted group chats. The app also recently added the functionality of having messages disappear ranging anywhere from 10 seconds to a week after they are first read. In contrast to some other services like SnapChat, these ephemeral messages will never be stored on any server, and are removed from your device after disappearing.

    Recently, a grand jury in the Eastern District of Virginia issued a subpoena to Open Whisper Systems, the maintainers of Signal. Because of the architecture of Signal, which limits the user metadata stored on the company’s servers, the only data they were able to provide was “the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.”

    1. Read our Surveillance Self Defense (SSD) guide for street-level protests

    Know your rights when attending protests with our SSD module on the topic: https://ssd.eff.org/en/module/attending-protests-united-states

    1. Use a prepaid, disposable phone

    If you’re really concerned with the data stored on your device, don’t bring it at all and pick up a prepaid mobile phone. These lower-end devices can be purchased along with a SIM card at most large retail stores, and current federal regulation does not require you to show your ID (but your state may). Let your friends know your temporary number, and use this to coordinate activities. Remember that the location of mobile devices can be determined by the cell towers they connect to, so if you don’t want your identity known, turn off your prepaid device before going home or anywhere that might lead to your identity. Using GPS should be safe, since GPS is a receiver and does not transmit any information, but your device may store your coordinates. For this reason, we suggest you turn off location services. When you’re done with the phone, it can be safely recycled or discarded from a location that is not linked to you. Keep in mind that if you carry both your regular device and a prepaid one with you, the location of these devices can be correlated as a way to compromise your anonymity.

    1. Back up your data

    Take precautions to limit the possible costs that can be incurred by the loss of a device. Backing up your data regularly and storing that backup in a safe place can save you a headache later on.

    1. Consider biking or walking to the protest

    Automated License Plate Reader Systems (ALPRs) automatically record the license plates of cars driving through an area, along with the exact time, date, and location they were encountered. This technology is often used by law enforcement, or employed by private companies such as Vigilant and MVTrac who then share license plate data with law enforcement and other entities. Amassed in huge databases, this data is retained for an unknown period of time. These companies have lobbied and litigated vigorously against statutes that would ban the private collection of license plate data or otherwise regulate ALPRs. Effectively, your location can be tracked over time by your driving habits, with very few legal limits in place as to how this data can be collected and accessed.

    Consider using alternative means of transportation if you would prefer that your movements and associations remain private.

    Read more in our Street Level Surveillance guide on ALPRs.

    1. Enable airplane mode

    Airplane mode ensures that your device will not be transmitting for the duration of your time at the protest, and prevents your location from being tracked. Clearly, this also means that you won’t be able to message or call your friends, so plan accordingly. You may want to select a nearby meet up spot where you and your friends can rendezvous if you get separated. You may also want to turn off location services (as discussed in tip #6).

    1. Organizers: consider alternatives to Facebook and Twitter

    Facebook and Twitter provide a large user base for you to promote your cause, but these popular social media platforms also carry risks. Viewing an event page, commenting on the event, and stating your intention to attend are all actions viewable by law enforcement if the pages and posts are public, and sometimes even if the pages aren’t (subject to a court order). For actions that require a more cautious approach, consider forming a group chat via Signal as described above.

    Source: Digital Security Tips for Protesters | Electronic Frontier Foundation


    📂This entry was posted in Computer Arcana 📎and tagged

  • What to Do About Lawless Government Hacking and the Weakening of Digital Security

    Posted on by Azrael 1 Comment

    In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don’t have clear, enforceable rules for government activities like hacking and “digital sabotage.” And this is no abstract question—these actions increasingly endanger everyone’s security.

    The problem became especially clear this year during the San Bernardino case, involving the FBI’s demand that Apple rewrite its iOS operating system to defeat security features on a locked iPhone. Ultimately the FBI exploited an existing vulnerability in iOS and accessed the contents of the phone with the help of an “outside party.” Then, with no public process or discussion of the tradeoffs involved, the government refused to tell Apple about the flaw.Despite the obvious fact that the security of the computers and networks we all use is both collective and interwoven—other iPhones used by millions of innocent people presumably have the same vulnerability—the government chose to withhold information Apple could have used to improve the security of its phones.

    Other examples include intelligence activities like Stuxnet and Bullrun, and law enforcement investigations like the FBI’s mass use of malware against Tor users engaged in criminal behavior. These activities are often disproportionate to stopping legitimate threats, resulting in unpatched software for millions of innocent users, overbroad surveillance, and other collateral effects. 

    That’s why we’re working on a positive agenda to confront governmental threats to digital security. Put more directly, we’re calling on lawyers, advocates, technologists, and the public to demand a public discussion of whether, when, and how governments can be empowered to break into our computers, phones, and other devices; sabotage and subvert basic security protocols; and stockpile and exploit software flaws and vulnerabilities.  

    Smart people in academia and elsewhere have been thinking and writing about these issues for years. But it’s time to take the next step and make clear, public rules that carry the force of law to ensure that the government weighs the tradeoffs and reaches the right decisions.

    This long post outlines some of the things that can be done. It frames the issue, then describes some of the key areas where EFF is already pursuing this agenda—in particular formalizing the rules for disclosing vulnerabilities and setting out narrow limits for the use of government malware. Finally it lays out where we think the debate should go from here.

    Recognizing That Government Intrusion and Subversion of Digital Security Is a Single Issue

    The first step is to understand a wide range of government activities as part of one larger threat to security. We see the U.S. government attempt to justify and compartmentalize its efforts with terms like “lawful hacking” and “computer network attack.” It is easy for the government to argue that the FBI’s attempts to subvert the security of Apple iOS in the San Bernardino case are entirely unrelated to the NSA’s apparent sabotage of the Dual_EC_DRBG algorithm. Likewise, the intelligence community’s development of the Stuxnet worm to target the Iranian nuclear program was governed by a set of rules entirely separate from the FBI’s use of malware to target criminals using Tor hidden services.

    These activities are carried out by different agencies with different missions. But viewing them as separate—or allowing government to present it that way—misses the forest for the trees. When a government takes a step to create, acquire, stockpile or exploit weaknesses in digital security, it risks making us all less safe by failing to bolster that security.

    Each of these techniques should involve consideration of the tradeoffs involved, and none of them should be viewed as risk-free to the public. They require oversight and clear rules for usage, including consideration of the safety of innocent users of affected technologies.

    There is hope, albeit indirectly. In the United States, high-ranking government officials have acknowledged that “cyber threats” are the highest priority, and that we should be strengthening our digital security rather weakening it to facilitate government access. In some cases, this is apparently reflected in government policy. For instance, in explaining the government’s policy on software vulnerabilities, the cybersecurity coordinator for the White House and the Office of the Director of National Intelligence have both stated in blog posts that the there is a “strong presumption” in favor of disclosing these vulnerabilities to the public so they can be fixed.

    But the government shouldn’t engage in “policy by blog post.” Government action that actively sabotages or even collaterally undermines digital security is too important to be left open to executive whim.

    Finding Models for Transparency and Limits on When Government Can Harm Digital Security

    While government hacking and other activities that have security implications for the rest of us are not new, they are usually secret. We should demand more transparency and real, enforceable rules.

    Fortunately, this isn’t the first time that new techniques have required balancing public safety along with other values. Traditional surveillance law gives us models to draw from. The Supreme Court’s 1967 decision in Berger v. New York is a landmark recognition that electronic wiretapping presents a significant danger to civil liberties. The Court held that because wiretapping is both invasive and surreptitious, the Fourth Amendment required “precise and discriminate” limits on its use.

    Congress added considerable structure to the Berger Court’s pronouncements with the Wiretap Act, first passed as Title III of the Omnibus Crime Control and Safe Streets Act of 1968. First, Title III places a high bar for applications to engage in wiretapping, so that it is more of an exception than a rule, to be used only in serious cases. Second, it imposes strict limits on using the fruits of surveillance, and third, it requires that the public be informed on a yearly basis about the number and type of government wiretaps.

    Other statutes concerned with classified information also find ways of informing the public while maintaining basic secrecy. For example, the USA Freedom Act, passed in 2015 to reform the intelligence community, requires that significant decisions of the FISA Court either be published in redacted form or be summarized in enough detail to be understood by the public.

    These principles provide a roadmap that can be used to prevent government from unnecessarily undermining our digital security. Here are a few areas where EFF is working to craft these new rules:

    Item 1: Rules for When Government Stockpiles Vulnerabilities

    It’s no secret that governments look for vulnerabilities in computers and software that they can exploit for a range of intelligence and surveillance purposes. The Stuxnet worm, which was notable for causing physical or “kinetic” damage to its targets, relied on several previously unknown vulnerabilities, or “zero days,” in Windows. Similarly, the FBI relied on a third party’s knowledge of a vulnerability in iOS to access the contents of the iPhone in the San Bernardino case.

    News reports suggest that many governments—including the U.S.—collect these vulnerabilities for future use. The problem is that if a vulnerability has been discovered, it is likely that other actors will also find out about it, meaning the same vulnerability may be exploited by malicious third parties, ranging from nation-state adversaries to simple thieves. This is only exacerbated by the practice of selling vulnerabilities to multiple buyers, sometimes even multiple agencies within a single government.

    Thanks to a FOIA suit by EFF, we have seen the U.S. government’s internal policy on how to decide whether to retain or disclose a zero day, the Vulnerabilities Equities Process (VEP). Unfortunately, the VEP is not a model of clarity, setting out a bureaucratic process without any substantive guidelines in favor of disclosure, More concerning, we’ve seen no evidence of how the VEP actually functions. As a result, we have no confidence that the government discloses vulnerabilities as often as claimed. The lack of transparency fuels an ongoing divide between technologists and the government.

    A report published in June by two ex-government officials—relying heavily on the document from EFF’s lawsuit—offers a number of helpful recommendations for improving the government’s credibility and fueling transparency.

    These proposals serve as an excellent starting point for legislation that would create a Vulnerabilities Equities Process with the force of law, formalizing and enforcing a presumption in favor of disclosure. VEP legislation should also:

    • Mandate periodic reconsideration of any decision to retain a vulnerability;
    • Require the government to publish the criteria used to decide whether to disclose;
    • Require regular reports to summarize the process and give aggregate numbers of vulnerabilities retained and disclosed in a given period;
    • Preclude contractual agreements that sidestep the VEP, as in the San Bernardino case, where the FBI apparently signed a form of non-disclosure agreement with the “outside party.” The government should not be allowed to enter such agreements, because when the government buys a zero day, we should not have to worry about defending ourselves from a hostile state exploiting the same vulnerability. If tax dollars are going to be used to buy and exploit vulnerabilities, the government should also eventually use them to patch the security of affected systems, with benefits to all.

    Above all, formalizing the VEP will go a long way to reassuring the public, especially members of the technology industry, that the U.S. government takes its commitment to strengthening digital security seriously.

    Item 2:  Preventing Disproportionate Use of Government Malware and Global Hacking Warrants

    EFF has also long been concerned about state-sponsored malware. It’s at the heart of our suit against the government of Ethiopia. Even in the United States, when the government seeks court permission to use malware to track and surveil suspects over the Internet, it can endanger innocent users as well as general network security.

    A particularly egregious example is the Playpen case, involving an FBI investigation into a Tor hidden service that hosted large amounts of child pornography. The FBI seized the site’s server and operated it as a honey pot for visitors. A single warrant authorized the FBI to install malware on any and all visitors’ computers in order to breach the anonymity otherwise provided by Tor. By not specifying particular users—even though the list of users and logs of their activity was available to the FBI—the warrant totally failed to satisfy the Fourth Amendment requirement that warrants particularly describe persons and places to be searched.

    What’s more, the FBI asked the court to trust that it would operate its malware safely, without accidentally infecting innocent users or causing other collateral damage. Once defendants began to be charged in these cases, the government staunchly refused to turn over certain information about how the malware operated to the defense, even under seal, arguing that it would compromise other operations. As a result, defendants are left unable to exercise their right to challenge the evidence against them. And of course, anyone else whose computer is vulnerable to the same exploit remains at risk.

    In these cases, the FBI flouted existing rules: the Playpen warrant violated both the Fourth Amendment and Rule 41 of the Federal Rules of Criminal Procedure. Other cases have involved similarly overboard uses of malware. EFF has been working to explain the danger of this activity to courts, asking them to apply Fourth Amendment precedent and require that the FBI confront serious threats like Playpen in a constitutional manner. We have also been leaders of a coalition to stop an impending change that would loosen the standards for warrants under Rule 41 and make it easier for the FBI to remotely hack users all over the world.

    Item 3:  A “Title III for Hacking”

    Given the dangers posed by government malware, the public would likely be better served by the enactment of affirmative rules, something like a “Title III for Hacking.” The legislative process should involve significant engagement with technical experts, soliciting a range of opinions about whether the government can ever use malware safely and if so, how. Drawing from Title III, the law should:

    • Require that the government not use invasive malware when more traditional methods would suffice or when the threats being addressed are relatively insignificant;
    • Establish strict minimization requirements, so that the targets of hacking are identified with as much specificity as the government can possibly provide;
    • Include public reporting requirements so that the public has a sense of the scope of hacking operations; and
    • Mandate a consideration of the possible collateral effects—on individuals and the public interest as a whole—on the decision to unleash malware that takes advantages of known or unknown vulnerabilities. Even if the VEP itself does not encompass publicly known vulnerabilities (“N-days”), using remote exploits should impose an additional requirement on the government to mitigate collateral damage, through disclosure and/or notice to affected individuals.

    The same principles should apply to domestic law enforcement activities and foreign intelligence activities overseen by the FISA Court or conducted under the guidelines of Executive Order 12333.

    Of course, these sorts of changes will not happen overnight. But digital security is an issue that affects everyone, and it’s time that we amplify the public’s voice on these issues. We’ve created a single page that tracks our work as we fight in court and pursue broader public conversation and debate in the hopes of changing government practices of sabotaging digital security. We hope you join us.

    Source: What to Do About Lawless Government Hacking and the Weakening of Digital Security | Electronic Frontier Foundation


    📂This entry was posted in News and Politics 📎and tagged