Article

NSA can see through encryption, including your private e-mail's, says report 

More documents from former security contractor Edward Snowden show that the National Security Agency has been secretly working to gain a back door into all encryption technologies, The New York Times reports. 

by Edward Moyer

A woman walks past a banner displayed in support of ex-NSA analyst Edward Snowden in Hong Kong on June 18, 2013.

(Credit: Philippe Lopez/AFP/Getty Images) Despite losing a '90s era debate over allowing a government back door into all encryption technologies, the US National Security Agency set up a clandestine program code-named Bullrun and can now circumvent much of the virtual armor intended to protect digital communications -- from everyday e-mails to financial and medical records -- according to a report from The New York Times.

The report -- assembled in partnership with the UK's Guardian newspaper and nonprofit news organization ProPublica -- cites documents provided by Prism leaker Edward Snowden, as well as interviews with industry officials, in saying that the NSA has sidestepped common Net encryption methods in a number of ways, including hacking into the servers of private companies to steal encryption keys, collaborating with tech companies to build in back doors, and covertly introducing weaknesses into encryption standards.

The paper quotes a memo provided by Snowden:

"For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies," said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. "Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable."

Encryption methods targeted by the NSA include those most often used by Americans in sending e-mails, using a company computer, or communicating via phone: Secure Sockets Layer (SSL), virtual private networks (VPNs), and security used for 4G smartphones, the Times reports.

The NSA defends its actions on the basis of national security, the Times says, with agency officials claiming that the country would be at serious risk if the messages of foreign spies, terrorists, and others couldn't be cracked.

The NSA's apparent ability to easily sidestep encryption "moves spying from somewhat difficult to trivial," Eva Galperin, a Global Policy Analyst with the Electronic Frontier Foundation, told CNET.And the Times makes a point of saying the news doesn't change laws related to the Fourth Amendment that, for instance, require search warrants to conduct certain types of surveillance. But that may be cold comfort to those wary of the secret court with which the NSA deals, as well as the security agency's perceived lack of forthrightness with lawmakers regarding its activities.

Galperin also said the NSA's tools could wind up in the hands of others. "We lose our security not just from the NSA," she said, "but from other actors who could subvert" the back doors and so on for which the agency is responsible.

The Times says intelligence officials asked the paper and ProPublica not to publish information on the NSA's decryption efforts because that would tip off foreign targets as to what sorts of communications might be more safe from surveillance. The Times says it "decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others." ProPublica has also posted a statement about the decision to publicize the NSA's efforts. We have an e-mail in to the NSA and will update this piece when we have more information.

The documents provided by Snowden don't specify which tech companies have been involved with the NSA's effort to foil encryption, and the Times report says that "the full extent of the N.S.A.'s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia, and New Zealand."

The Times notes that "by introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open," and it points to the debate in the '90s over the "Clipper Chip," which would have handed the NSA a key to any digital encryption technologies. The Clipper Chip idea was abandoned after a backlash from varied politicos, tech execs, and rights groups.

You can read the Times story in its entirety here. The Guardian's take is here.

Update, September 6 at 7:33 a.m. PT: The US Office of the Director of National Intelligence posted this response to the stories overnight:

It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries' use of encryption. Throughout history, nations have used encryption to protect their secrets, and today terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that. While the specifics of how our intelligence agencies carry out this cryptanalytic mission have been kept secret, the fact that NSA's mission includes deciphering enciphered communications is not a secret, and is not news. Indeed, NSA's public website states that its mission includes leading "the U.S. Government in cryptology ... in order to gain a decision advantage for the Nation and our allies."
The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity. Anything that yesterday's disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.

 

 

 

Touch ID found to fit snugly in iPad 5, iPad Mini 2 parts Apple's latest touch security technology may be headed to its next round of iPads, a new video suggests.

top me if you've seen this before: A new color and form factor for Apple's next iPad. Here it is again, this time next to other iPads.

by:Josh Lowensohn (Credit: iCrackUriDevice) In case you missed the first several leaks of this purported iPad 5 metal backing in Apple's newest color, there's more. iCrackUriDevice posted a rather extensive video of the part, which is said to have originated from suppliers in Hong Kong. Besides the color, it's identical in appearance to other such leaks, which strongly suggest Apple plans to super-size the iPad Mini case design to its larger 9.7-inch tablet. Apple introduced Space Gray as a new color option on the iPhone 5S, while quietly adding it as an option for iPod Touch buyers. As the name would suggest, the color falls in between last year's black, and the typical silver that's made up the back of all four generations of iPad, along with the iPhone 5 and 5S. Related stories Leaked photos show 'space gray' iPad Mini model Alleged images show iPad 5 in silver, space gray iPad Mini 2 to come in gold and space gray, claim latest leaks The video is the latest to show off the part, which represents the first major physical change to the iPad since the iPad 2 in 2010. A similar Space Gray unit for the iPad Mini was depicted last month. There still haven't been any leaks of a fully assembled device that would hint at what's changing on the inside. That includes whether Apple plans to include its new Touch ID sensor in those devices, or if it intends to keep the technology limited to phones for the time being. Apple is expected to unveil both a new full-sized iPad and souped up iPad Mini at an event later this month. The company did the same thing last year with a special event about a month after its iPhone 5 unveiling. Here's the video, complete with a glaring typo in the preview image:

 

 

 

The road is paved for Apple's rumored 'iWatch'

commentary The market would welcome a polished smartwatch from Apple. The current products in the market are lacking.

 

by Roger Cheng

A real iWatch would surely put this mockup to shame.

(Credit: Sarah Tew and Christopher MacManus/CNET) Apple's got a shot at blowing us away with its take on the smartwatch.

At this point, it's really not a matter of if Apple releases its long rumored iWatch, but when. The latest rumor now calls for Apple's eventual device to incorporate a plastic OLED screen that can bend, as well as for models to arrive in three different sizes: 1.3-inch, 1.4-inch, and 1.5-inch. A prototype of the 1.5-inch version has already been made, according to Korean publication Chosun, citing unnamed industry sources.

 

Given the tepid reception for Samsung's Galaxy Gear and the modest adoption of other smartwatch projects such as Pebble Watch, the door is wide open for Apple to revolutionize this area. These companies demonstrate that there is indeed interest in this kind of "wearable" technology. If Apple employs its usual polish and finish on a smartwatch, that timepiece could be its next hit product.

The latest rumor comes as Samsung prepares Galaxy Gear for launch in the US on Friday. The Gear has garnered mixed to negative reviews, with many critical of the device's lack of capabilities, its price, and the limitation of working with only the Galaxy Note 3 (as well as a single Samsung tablet). Samsung said it plans to open up the compatibility to other Samsung phones down the line.

Given how quickly Samsung put together Gear, it's still an impressive first attempt at a smartwatch. And undoubtedly the company will follow up and improve upon the first Gear. But for now, it's not ready for prime time.

The Pebble, perhaps the best known smartwatch before Samsung came around, remains more of a tinkerer's toy -- a cool project that's at the peripheries of the mainstream. Meanwhile, Sony talked up its SmartWatch 2 earlier this year, though the expected September release date has come and gone.

It's not like this would be the first time Apple came in and swept up the market with a greatly enhanced product that redefines a category. The company did it to MP3 players with the iPod, then again to smartphones with the iPhone, and yet again to tablets with the iPad.