Articles tagged "prism"

S4 on LinuxBSDos.com

Yesterday LinuxBSDos.com featured S4 and LAFS in an article on secure, distributed cloud storage. We had a bit of a quibble with the article's first line, though:

Looking for a solution to give you an edge in the ongoing struggle between you and the authorities over the privacy of your data?

It's important to us to note that S4 and LAFS are not only meant to thwart mass government surveillance. We seek to protect against access by the unauthorized, not merely "the authorities". That means individual crackers, criminal organizations, corporate rivals, or non-PRISM-affiliated foreign governments just as much as the NSA! Least Authority is pro-security across the board.

There is no way that one could build an effective anti-government security system without excluding those other threats as well. Similarly, if law enforcement is authorized to see the data, then hackers also can see the data.


Open Letter to Phil Zimmermann and Jon Callas of Silent Circle, On The Closure of the “Silent Mail” Service

This open letter is in response to the recent shutdown of Lavabit , the ensuing shutdown of Silent Circle's “Silent Mail” product, Jon Callas's posts about the topic on G+, and Phil Zimmermann's interview in Forbes. Also, of course, all of this is unfolding in the context of the 2013 Mass Surveillance Scandal.

Dear Phil and Jon: Hello there! It is good to have a chance to chat with you in public.

Please accept the following in the spirit of constructive criticism in which it is intended.

For those readers who don't know, I've known you both, personally and professionally for decades. You've each written texts that I've learned from, inspired me to follow your example, we've worked together successfully, and you've mentored me. I have great respect for your technical abilities, your integrity, and your general reasonableness. Thank you for all of that and for holding fast to your principles today, when we need it more than ever.

Now:

Your job is not yet done. Your customers are currently vulnerable to having all of their communications secretly monitored.

I just subscribed to the service at https://SilentCircle.com, and after I paid $120 for one year of service, it directed me to install the Silent Text app from Silent Circle on my android phone, which I did. Now, when I use that Silent Circle app to send text messages to other Silent Circle customers, I have no way of verifying whether it is really encrypting my message on my own phone, and if it is really keeping the encryption key only for me, or if it is leaking the contents of my messages or my encryption keys to you or to others.

If some attacker, for example the U.S. Federal Government — or to pick a different example the Zetas Mexican drug cartel — were to coerce Silent Circle into cooperating with them, then that attacker would simply require Silent Circle to distribute an update to the app, containing a backdoor.

There is no way for me to verify that any given version of Silent Text, including the one that I just installed, is correctly generating strong encryption keys and is protecting those keys instead of leaking them.

Therefore, how are your current products any safer for your users that the canceled Silent Mail product was? The only attacker against whom your canceled Silent Mail product was vulnerable but against whom your current products are safe is an attacker who would require you to backdoor your server software but who wouldn't require you to backdoor your client software.

Does that constraint apply to the U.S. Federal Government entities who are responsible for PRISM, for the shut-down of Lavabit, and so much else? No, that constraint does not apply to them. This was demonstrated in the Hushmail case in which the U.S. DEA asked Hushmail (a Canadian company) to turn over the plaintext of the email of one of its customers. Hushmail complied, shipping a set of CDs to the DEA containing the customer's messages.

The President of Hushmail emphasized in interviews with journalists at the time that Hushmail would be able to comply with such orders regardless of whether the customer used Hushmail's “client-to-server” (SSL) encryption or its “end-to-end” (Java applet) encryption.

Phil had been Chief Cryptographer of Hushmail years earlier, and was still a member of the Advisory Board of Hushmail at the time of that case. He commented about the case at that time, and he also stated, correctly, that the Hushmail model of unverified end-to-end encryption was vulnerable to government coercion. That's the same model that Silent Circle uses today.

You have just taken the courageous act of publicly shutting down the Silent Mail product, and publicly stating your reasons for doing so. This, then, is your opportunity to make your stance consistent by informing your customers of the similar dangers posed by the software distribution practices currently used by Silent Circle (along with most of the rest of the industry).

I don't know the perfect solution to the problem of the unverifiability of today's software. But being frank about the current approach and the vulnerability that it imposes on users is the first step. People will listen to you about this, now. Let's start talking about it and we can start finding solutions.

Also, warn your users. Don't tell them the untruth that it is impossible for you to eavesdrop on their communications even if you try (as your company seems to be on the borderline of doing in public statements like these: [ ¹, ²]).

We're trying an approach to this problem, here at LeastAuthority.com, of “verifiable end-to-end security”. For our data backup and storage service, all of the software is Free and Open Source, and it is distributed through channels which are out of our direct control, such as Debian and Ubuntu. Of course this approach is not perfectly secure — it doesn't guarantee that a state-level actor cannot backdoor our customers. But it does guarantee that we cannot backdoor our customers.

This currently imposes inconvenience on our customers, and I'm not saying it is the perfect solution, but it shows that there is more than one way to go at this problem.

Thank you for your attention to these important matter, and your leadership in speaking out about them.

(By the way, LeastAuthority.com is not a competitor to Silent Circle. We don't offer voice, text, video, or email services, like Silent Circle does/did. What we offer is simply secure offsite backup, and a secure cloud storage API that people use to build other services.)

Regards,

Zooko Wilcox-O'Hearn



LeastAuthority.com Announces A PRISM-Proof Storage Service

LeastAuthority.com today announced Simple Secure Storage Service (S4), a backup service that encrypts your files to protect them from the prying eyes of spies and criminals.

“People deserve privacy and security in the digital data that make up our daily lives.” said the company's founder and CEO, Zooko Wilcox-O'Hearn. “As an individual or a business, you shouldn't have to give up control over your data in order to get the benefits of cloud storage.”

Verifiable end-to-end security

The Simple Secure Storage Service offers verifiable end-to-end security.

It offers “end-to-end security” because all of the customer's data is encrypted locally — on the customer's own personal computer — before it is uploaded to the cloud. During its stay in the cloud, it cannot be decrypted by LeastAuthority.com, nor by anyone else, without the decryption key which is held only by the customer.

S4 offers “verifiable end-to-end security” because all of the source code that makes up the Simple Secure Storage Service is published for everyone to see. Not only is the source code publicly visible, but it also comes with Free (Libre) and Open Source rights granted to the public allowing anyone to inspect the source code, experiment on it, alter it, and even to distribute their own version of it and to sell commercial services.

Wilcox-O'Hearn says “If you rely on closed-source, proprietary software, then you're just taking the vendor's word for it that it actually provides the end-to-end security that they claim. As the PRISM scandal shows, that claim is sometimes a lie.”

The web site of LeastAuthority.com proudly states “We can never see your data, and you can always see our code.”.

Trusted by experts

The Simple Secure Storage Service is built on a technology named “Least-Authority File System (LAFS)”. LAFS has been studied and used by computer scientists, hackers, Free and Open Source software developers, activists, the U.S. Defense Advanced Research Projects Agency, and the U.S. National Security Agency.

The design has been published in a peer-reviewed scientific workshop: Wilcox-O'Hearn, Zooko, and Brian Warner. “Tahoe: the least-authority filesystem.” Proceedings of the 4th ACM international workshop on Storage security and survivability. ACM, 2008. http://eprint.iacr.org/2012/524.pdf

It has been cited in more than 50 scientific research papers, and has received plaudits from the U.S. Comprehensive National Cybersecurity Initiative, which stated: “Systems like Least-Authority File System are making these methods immediately usable for securely and availably storing files at rest; we propose that the methods be further reviewed, written up, and strongly evangelized as best practices in both government and industry.”

Dr. Richard Stallman, President of the Free Software Foundation said “Free/Libre software is software that the users control. If you use only free/libre software, you control your local computing — but using the Internet raises other issues of freedom and privacy, which many network services don't respect. The Simple Secure Storage Service is an example of a network service that does respect your freedom and privacy.”

Jacob Appelbaum, Tor project developer and WikiLeaks volunteer, said “LAFS's design acknowledges the importance of verifiable end-to-end security through cryptography, Free/Libre release of software and transparent, peer-reviewed system design.”

The LAFS software is already packaged in several widely-used operating systems such as Debian GNU/Linux and Ubuntu.


Page 1 / 1