The World Doesn’t Trust Putin – But, They Trust Trump Even Less

❝ Russian President Vladimir Putin inspires little confidence when it comes to handling world affairs, a Pew Research Center survey showed. But he still outshines his U.S. counterpart Donald Trump.

“Although confidence in Putin’s handling of foreign affairs is generally low, in many countries he is more trusted than American President Donald Trump,” Pew wrote in a survey focused on Russia’s power and influence. Pew is a Washington-based non-partisan research group.

❝ A median 60 percent of people in 37 countries, including the U.S., said they lack confidence in the Russian leader’s actions in world affairs, versus 26 percent who said he’s doing a good job. Pew didn’t provide matching statistics for Trump in a survey focused on Russia, but of the 36 countries canvassed on who they trust more, 22, including Germany, France and Japan, trust Putin more than Trump, according to the pollster’s 2017 spring survey.

❝ The survey was conducted Feb. 16 to May 8, before Trump set global markets on edge in August by tweeting threats to rain “fire and fury” on North Korea should the hermit regime threaten U.S. territory with any of its intercontinental ballistic missiles. It also preceded Trump’s decision to sign a bill deepening sanctions against Russia over Ukraine. The Kremlin retaliated by ordering the U.S. to slash staff at its diplomatic missions.

Now that Trump voters have had time to watch their 1-percenter superhero in action I’m forced to continue to rely on the Mencken analysis of decision-making by American consumers, e.g., “You’ll never go broke underestimating the intelligence of Americans.”

Believing Trump’s blatant lies, ignorance and bigotry would somehow change things for the better for folks who work for a living in America requires a qualitative leap in gullibility. Even in a land brainwashed by decades of advertising about, say, cigarettes “without a cough in a carload”.

Would you buy your kid a doll that can be compromised by the NSA?

❝ It’s nice to have a friend who’s a good listener, but a doll called My Friend Cayla listens a little too well, according to German regulators who say the toy is essentially a stealthy espionage device that shares what it hears and is also vulnerable to takeover by third parties.

“Cayla ist verboten in Deutschland,” says Jochen Homann, the president of Germany’s Federal Network Agency…announcing a ban on the doll in Germany on Friday. His agency oversees electronic privacy as part of its telecommunications mandate; Homann also cites a special obligation to protect the privacy of children, calling them the most vulnerable members of society.

❝ The heart of the problem, Homann says, is that Cayla looks like an everyday doll and gives no notice that it collects and transmits everything it hears — in this case, to a voice-recognition company in the U.S. whose other customers include intelligence agencies.

❝ Nuance, the U.S. company in question, has said in response to similar criticisms that it “does not share voice data collected from or on behalf of any of our customers with any of our other customers.”

❝ The test question — “Can I tell you a secret?” — brought this reply: “Sure go ahead; be very quiet, though. I promise not to tell anyone; it’s just between you and me because we are friends.”

Regardless what the folks making a living off the doll tell you — Do you think the NSA asks permission from the people they bug?

Spy chiefs briefed 8 Congress-drones a year ago on hacking of Democrats — didn’t tell DNC “because it was a secret”

U.S. intelligence officials told top congressional leaders a year ago that Russian hackers were attacking the Democratic Party, three sources familiar with the matter said on Thursday, but the lawmakers were unable to tell the targets about the hacking because the information was so secret…

The material was marked with additional restrictions and assigned a unique codeword, limiting access to a small number of officials who needed to know that U.S. spy agencies had concluded that two Russian intelligence agencies or their proxies were targeting the Democratic National Committee, the central organizing body of the Democratic Party…

Our spy professionals decided the DNC didn’t need to know.

The alleged hacking of the Democrats and the Russian connection did not become public until late last month when the FBI said it was investigating a cyber attack at the DNC…

The congressional briefing was given last summer in a secure room called a Sensitive Compartmented Information Facility, or SCIF, to a group of congressional leaders informally known as the “Gang of Eight,” the sources said.

The group at the time included four Republicans: Senate Majority leader Mitch McConnell and House of Representatives Speaker John Boehner, and Senator Richard Burr and Representative Devin Nunes, the House and Senate intelligence committee chairs. Their Democratic counterparts were: Senator Harry Reid and Representative Nancy Pelosi, and Senator Dianne Feinstein and Representative Adam Schiff of the intelligence committees…

A bipartisan group of professional politicians who couldn’t care less about transparency, security.

The attack on the DNC later led the hackers to other party organizations, including the Democratic Congressional Campaign Committee, which raises funds for House candidates, Hillary Clinton’s presidential campaign, and other groups…

One of the sources said the Clinton campaign first detected attacks on its data system in early March, and was given what the source described as a “general briefing” about it by the FBI later that month. The source said the FBI made no mention of a Russian connection in that briefing and did not say when the penetration first took place.

According to a memo obtained by Reuters, interim DNC Chair Donna Brazile said on Thursday she was creating a Cybersecurity Advisory Board “to ensure prevent future attacks and ensure that the DNC’s cybersecurity capabilities are best-in-class.”

Better update security on your own. Obviously you can’t count on our bought-and-paid-for government spies to offer any help.

Obama proves that Hope doesn’t include Trust

An Obama administration working group has explored four possible approaches tech companies might use that would allow law enforcement to unlock encrypted communications — access that some tech firms say their systems are not set up to provide.

The group concluded that the solutions were “technically feasible,” but all had drawbacks as well.

The approaches were analyzed as part of a months-long government discussion about how to deal with the growing use of encryption in which no one but the user can see the information. Law enforcement officials have argued that armed with a warrant they should be able to obtain communications, such as e-mails and text messages, from companies in terrorism and criminal cases.

Senior officials do not intend to advance the solutions as “administration proposals” — or even want them shared outside the government, according to a draft memo obtained by The Washington Post.

Why? — They’re afraid Americans still believe our government should protect our privacy.

“Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce ‘backdoors’ or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation,” the memo said.

…National Security Council spokesman Mark Stroh stated in an e-mail that “these proposals are not being pursued.”

And we’re supposed to believe him…after the Obama White House spent a month trying to figure out how to get away with achieving these proposals.

Instead of offering technical solutions, the working group drew up a set of principles to guide engagement with the private sector. They include: no bulk collection of information and no “golden keys” for the government to gain access to data.

All of which were suggested by assorted government experts in the Obama administration.

All four approaches amount to what most cryptography experts call a “backdoor” because they would require developers to alter their systems by adding a surreptitious mechanism for accessing encrypted content, according to Joseph Lorenzo Hall, chief technologist at the Center for Democracy & Technology…

Technologists have said such approaches weaken the security of encryption by adding layers of complexity that might hide bugs and creating new potential targets for hackers.

In general, creating an “aftermarket solution” instead of designing a solution into the platform from the start “brings in additional vulnerabilities” that could be exploited, the law enforcement official acknowledged.

These are some of the reasons why federal officials say they want the companies themselves to craft solutions based on their own systems.

A number of encryption solutions are built by groups of open-source developers, who make the software available for free on the Internet. The open-source nature of the code makes it harder to hide a backdoor. And because the developers are often dispersed among different countries and volunteers who are not working for any company, it is impractical for law enforcement to serve an order on one that’s enforceable on all.

“These challenges mean that inaccessible encryption will always be available to malicious actors,” the memo said…And to individuals who still think their privacy trumps a government run to satisfy police above all else..

#standwithapple

An encryption backdoor is a lousy idea

The recent column by veteran tech journalist Walt Mossberg…executive editor at The Verge and editor at large of Re/code.

Protecting the security of the United States and of Americans abroad is no easy task, especially against terrorists. I got a lesson in this before I became a tech columnist, when I served stretches as the chief Pentagon correspondent and the National Security correspondent for The Wall Street Journal, including coverage of the intelligence agencies.

So, I’m somewhat sympathetic with the frustrations expressed over the past year or so by national security officials — especially FBI Director James Comey — over fears that encryption of digital devices and services is making it harder for their agencies to spot and stop terrorists in the digital age…

I understand their exasperation, but not their proposed solution: Forcing American companies, notably Apple and Google, to build “backdoors” into their encrypted smartphones that would allow the government access. This would be a huge change, because both companies have introduced whole-device encryption that even they can’t decrypt. It would also be a huge mistake.

Over the past year or so, Mr. Comey and his colleagues have complained that this encryption of smartphones by Apple and Google is causing a problem they call “going dark” — making it harder for them to conduct surveillance of smartphones, messaging services and more.

The problem is that, even if the FBI served the companies with a legal court-approved search warrant for particular encrypted phones, they couldn’t comply. The lawmen would have to serve the warrant on the phones’ owners, and try and force them to unlock the devices with a password, fingerprint or some other authentication method…

But now, following the horrific terror attack in Paris, the issue is showing signs of coming back to life…Add in the massacre in San Bernadino, California, and we all know what we can expect from the amalgamation of security hawks and craven politicians.

Apple CEO Tim Cook posted a statement on a special privacy section of Apple’s web site, saying, in part: “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”

He followed that up recently. In October, he told a tech conference that “I don’t know a way to protect people without encrypting” and “you can’t have a backdoor that’s only for the good guys…”

It’s fair to note that, in addition to protecting their customers, Apple and Google get business benefits from strong and secure encryption. They gain the ability to remove themselves from delicate law enforcement actions. And they gain protection against charges overseas that buying their products will give the U.S. government access to foreign users’ data.

They also have plenty of support for their views from people with no such business interests…

For another, Mr. Comey’s complaints are overblown. Even without a backdoor, there are still many avenues that authorities can use to track terrorists…

I sincerely hope that the U.S. government, working with tech companies, can come up with some solution that helps catch terrorists and criminals who use smartphones and messaging services to disguise their plans and identities. I wish I could say what that might be. But I do know that it shouldn’t be one that weakens or destroys user-controlled smartphone encryption.

Walt Mossberg is someone I appreciate and often agree with on technology. Not so often on politics. It’s a pleasure to say he’s nailed both this time.

Survey of old train bridges is pretty scary

rr bridge

A survey of 250 oil train bridges across America found that almost half showed signs of considerable deterioration, including missing or crumbling concrete, partially washed-away footings, rotted pilings and badly corroded steel beams…

Determining whether the problems found by three environmental groups pose a threat to public safety is almost impossible, however, because the Federal Railroad Administration (FRA) rarely inspects the nation’s estimated 100,000 rail bridges, including some built more than 100 years ago. Instead the agency leaves that responsibility to the railroads, which don’t make their inspection records public…

No bridge collapse appears to have been involved in any of the 10 fiery oil train derailments that have occurred in North America in the past 29 months.

Ed Greenberg, a spokesman for the Association of American Railroads, noted that the environmental groups’ report involves “observations by noncertified bridge inspectors,” adding that the industry “follows an aggressive 24/7 safety-first process should a bridge inspector or train crew raise a concern about a particular bridge…blah, blah, blah…

But there is no public documentation of this process, so the railroads aren’t accountable to state and local officials. The FRA says Congress hasn’t given it the authorization or resources to independently inspect rail bridges or to force the railroads to be more transparent…

The FRA receives complaints about the condition of railroad bridges almost daily, said an FRA official speaking on condition of anonymity in order to comment freely, and in most cases the problems turn out to be cosmetic rather than structural. However, the official said there’s no formal procedure for adjudicating public concerns about rail bridges and no central record kept of complaints.

Even a conservative like Ronald Reagan once said, “Trust – but verify”…America’s railroad industry hasn’t the slightest apparent inclination to invest time in transparency. We’re simply supposed to trust them – until we have a major disaster.

Meanwhile, the folks we’ve elected to Congress are following what has become standard procedure – at least for Republicans. Talk a lot, complain a lot – and do nothing.

Here goes Apple pissing off the NSA again

Apple has opened its Security Framework and Common Crypto libraries to developers, hoping to foster tighter levels of security in third-party apps.

The Security Framework is used in iOS and OS X for managing keys, certificates, and trust policies, including storing the first two in the platforms’ keychains. Common Crypto is tied to functions like symmetric encryption, hash-based message authentication codes, and digests. The pair both depend on a shared library known as corecrypto…

The company is typically slow to publish the source code for open-source components in its software. It has yet to do so for OS X El Capitan for instance, and while its Swift programming language is due to become open-source, that will only happen sometime before the end of 2015.

Security though is an important issue for Apple in light of growing privacy and malware threats. The company previously marketed its devices as virtually immune to malware, but both iOS and OS X have come under increasing levels of attack.

Plus, the inevitable whining from the Homeland Insecurity crowd. They’re going to get their knickers in a bunch over Apple helping developers with tighter encryption.

Germans loved Obama. Now we don’t trust him


Malte Spitz is a member of the German Green Party

In May 2010, I received a brown envelope. In it was a CD with an encrypted file containing six months of my life. Six months of metadata, stored by my cellphone provider, T-Mobile. This list of metadata contained 35,830 records. That’s 35,830 times my phone company knew if, where and when I was surfing the Web, calling or texting.

The truth is that phone companies have this data on every customer. I got mine because, in 2009, I filed a suit against T-Mobile for the release of all the data on me that had been gathered and stored. The reason this information had been preserved for six months was because of Germany’s implementation of a 2006 European Union directive…

This “preventive measure” was met with huge opposition in Germany. Lawyers, journalists, doctors, unions and civil liberties activists started to protest. In 2008, almost 35,000 people signed on to a constitutional challenge to the law. In Berlin, tens of thousands of people took to the streets to protest data retention. In the end, the Constitutional Court ruled that the implementation of the European Union directive was, in fact, unconstitutional.

In Germany, whenever the government begins to infringe on individual freedom, society stands up. Given our history, we Germans are not willing to trade in our liberty for potentially better security. Germans have experienced firsthand what happens when the government knows too much about someone. In the past 80 years, Germans have felt the betrayal of neighbors who informed for the Gestapo and the fear that best friends might be potential informants for the Stasi. Homes were tapped. Millions were monitored…

With Edward J. Snowden’s important revelations fresh in our minds, Germans were eager to hear President Obama’s recent speech in Berlin. But the Barack Obama who spoke in front of the Brandenburg Gate to a few thousand people on June 19 looked a lot different from the one who spoke in front of the Siegessäule in July 2008 in front of more than 200,000 people, who had gathered in the heart of Berlin to listen to Mr. Obama, then running for president. His political agenda as a candidate was a breath of fresh air compared with that of George W. Bush. Mr. Obama aimed to close the Guantánamo Bay detention camp, end mass surveillance in the so-called war on terror and defend individual freedom.

But the senator who promised to shut Guantánamo is now a second-term president who is still fighting for its closure. And the events of the past few weeks concerning the collection of metadata and private e-mail and social-media content have made many Germans further question Mr. Obama’s proclaimed commitment to the individual freedoms we hold dear.

We ended up with a Harvard lawyer trained to distort freedoms to fit into a legalese framework that our Constitution allows – and somehow that aligns with the spirit of that document. But, the Bill of Rights was added because of the shortcoming within that first document penned by a group of consensus-laden politicians.

The tradition has been carried forward by political hacks from the two parties we’re allowed. Diminishing the freedom of individual citizens is considered fair game by the same category of lawyers who made corporations into people. Our difference in economic standing notwithstanding.

Obama’s ethics are nothing but the same old crap centrism, a middle-of-the-road litany designed to save reactionary economics and limited freedom.

Nokia – “Yes, we decrypt your HTTPS data, but don’t worry!”

Nokia has confirmed reports that its Xpress Browser decrypts data that flows through HTTPS connections – that includes the connections set up for banking sessions, encrypted email and more. However, it insists that there’s no need for users to panic because it would never access customers’ encrypted data.

The confirmation-slash-denial comes after security researcher Gaurang Pandya, who works for Unisys Global Services in India, detailed on his personal blog how browser traffic from his Series 40 ‘Asha’ phone was getting routed via Nokia’s servers…

However, it was Pandya’s second post on the subject that caused some alarm. Unlike the first, which looked at general traffic, the Wednesday post specifically examined Nokia’s treatment of HTTPS traffic. It found that such traffic was indeed also getting routed via Nokia’s servers. Crucially, Pandya said that Nokia had access to this data in unencrypted form:

“From the tests that were preformed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature…”

In a statement – “Nokia has implemented appropriate organizational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.”

To paraphrase: we decrypt your data, but trust us, we don’t peek. Which is, in a way, fair enough. After all, they need to decrypt the data in order to de-bulk it…

UPDATE: A kind soul has reminded me that, unlike Xpress Browser and Opera Mini, two other services that also do the compression thing leave HTTPS traffic unperturbed, namely Amazon with its Silk browser and Skyfire. This is arguably how things should be done, although it does of course mean that users don’t get speedier loading…on HTTPS pages.

If you live on the same planet with the United States government, the NSA and Congress – trust no one!