Friam

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

Classic

List

Threaded

14 messages Options

Marcus G. Daniels

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

Roger writes:

"Whose dog is this?"

It's the dog that gets wagged..

Marcus

--------------------------------------------------------------------
mail2web.com What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Owen Densmore

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

Administrator

I've heard its a stunt to pull us off the PRISM disaster. "Look what our surveillance produced!"

On Tue, Aug 6, 2013 at 2:42 PM, [hidden email] <[hidden email]> wrote:

Roger writes:

"Whose dog is this?"

It's the dog that gets wagged..

Marcus

--------------------------------------------------------------------
mail2web.com – What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Owen Densmore

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

Administrator

This, I think, is a good expression of the whole Snowden phenomenon:

http://pressthink.org/2013/08/the-toobin-principle/

-- Owen

As a U.S. citizen I am implicated in what the NSA does, and I want it to succeed in discovering those who would harm us. My concern, as a writer and journalism professor, is with another fight: the one for public knowledge, for sunlight, for the facts to come out so we know what’s going on. I am primarily interested in the journalism that Edward Snowden has set in motion, and the gains in public knowledge that have resulted from his actions, which I have called the Snowden effect.

The question that bothers me most can be put this way:

Can there even be an informed public and consent-of-the-governed for decisions about electronic surveillance, or have we put those principles aside so that the state can have its freedom to maneuver?

On Wed, Aug 7, 2013 at 10:45 AM, Owen Densmore <[hidden email]> wrote:

I've heard its a stunt to pull us off the PRISM disaster. "Look what our surveillance produced!"

On Tue, Aug 6, 2013 at 2:42 PM, [hidden email] <[hidden email]> wrote:

Roger writes:

"Whose dog is this?"

It's the dog that gets wagged..

Marcus

--------------------------------------------------------------------
mail2web.com – What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Roger Critchlow-2

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

Now I'm scratching my head even more. http://www.nytimes.com/2013/08/08/world/caustic-light-on-response-to-a-threat-of-terrorism.html?hp doesn't even include the leaking of classified sources among the issues raised. I suppose the leaks are supposed to justify the actions taken, given the amount of criticism that the actions are receiving from allies. But still, you're prosecuting your own citizens under the espionage act for releasing embarrassing information that you describe as damaging, then you leak intelligence information that reveals very specific capabilities to provide weak justifications for executive decisions. And not one of the comments of the article noticed.

-- rec --

Marcus G. Daniels

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

heh!

http://www.huffingtonpost.com/2013/08/08/lavabit-edward-snowden-email_n_3728005.html

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Steve Smith

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

heh!

http://www.huffingtonpost.com/2013/08/08/lavabit-edward-snowden-email_n_3728005.html

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

who saw this coming ;^/ (really?)

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Roger Critchlow-2

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

I didn't know he had a doubly encrypted mail service. That's funny, that's almost premeditated harassment of the NSA all by itself.

The Toobin principle article was good, too, hearing these pundits led into same trap so neatly one after the other.

Maybe we've come full circle:

-- rec --

On Thu, Aug 8, 2013 at 8:04 PM, Steve Smith <[hidden email]> wrote:

heh!

http://www.huffingtonpost.com/2013/08/08/lavabit-edward-snowden-email_n_3728005.html

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

who saw this coming ;^/ (really?)

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Steve Smith

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

Not until he arrived in Russia?

I don't get 'double' encryption... I get what it is, I just don't get how it is any better/different than longer keys? Just a convenient way to implement double key length?

Is there any other benefit?

I didn't know he had a doubly encrypted mail service. That's funny, that's almost premeditated harassment of the NSA all by itself.

The Toobin principle article was good, too, hearing these pundits led into same trap so neatly one after the other.

Maybe we've come full circle:

-- rec --

On Thu, Aug 8, 2013 at 8:04 PM, Steve Smith <[hidden email]> wrote:

heh!

http://www.huffingtonpost.com/2013/08/08/lavabit-edward-snowden-email_n_3728005.html

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

who saw this coming ;^/ (really?)

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Marcus G. Daniels

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

On 8/8/13 9:33 PM, Steve Smith wrote:

I don't get 'double' encryption... I get what it is, I just don't get how it is any better/different than longer keys? Just a convenient way to implement double key length?

Is there any other benefit?

The double encryption has to do with the treatment of passphrases and private keys (see below). The text below is from the Google cache of Lavabit's former website. Reliably defeating this would mean changing how their software works (misrepresenting the company to their customers), which is the heavy-handed PRISM technique.

Marcus

"This process works by combining three different encryption schemes with Elliptical Curve Cryptography (ECC) as the cornerstone. When a user activates the asymmetric encryption feature, two ECC keys are generated with 521 bits of strength. The first key, or the public key, is stored in plain text on the server. This public key is used to encrypt incoming messages. Because of how ECC works, only someone with the second “private” key can decipher messages encrypted with the public key. To protect the private key from attackers, it is encrypted using the Advanced Encryption Standard (AES) with a 256 bit key. AES is a synchronous encryption scheme that uses a secret passphrase to encrypt/decrypt a ciphered message. In the case of Lavabit’s secure e-mail system, the ciphered message is a user’s private key and the secret passphrase is a hashed version of the user’s password.

To ensure maximum security, passwords are hashed using the Secure Hash Algorithm (SHA). SHA takes the plaintext password as its input and produces a random 512 bit string as the output. With only the SHA output, it is cryptographically impossible to determine the original input. Effectively, hashing is a repeatable one-way process.

To increase the randomness of our hash outputs and the difficulty of reversing the process, Lavabit combines the password with the account name and a cryptographic salt. This combined string is then hashed three consecutive times, with the former iteration’s output being used as the input value of the next iteration. The output of the first hash iteration is used as the secret passphrase for AES mentioned above. The third iteration is stored in our password database and is used to verify that users entered their password correctly.

The product of this encryption process is a message that is cryptographically impossible to read without the password. We say cryptographically impossible because, in theory, an attacker with unlimited computing resources could use brute force to decipher the original message. However in practice, the key lengths Lavabit has chosen equal enough possible inputs that a brute-force attack shouldn’t be feasible for a long time to come."

Steve Smith

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

>>
>> Is there any other benefit?
> The double encryption has to do with the treatment of passphrases and
> private keys (see below). The text below is from the Google cache of
> Lavabit's former website. Reliably defeating this would mean changing
> how their software works (misrepresenting the company to their
> customers), which is the heavy-handed PRISM technique.
got it, "double encryption" seems a little misleading of a term... but
encrypting an encrypted message didn't make much if any more sense
either. I guess I assumed that encrypting private keys was (also)
standard practice? Maybe not.

Yes, it seems like Lavabit is now going to be compromised with their
users... if they stand back up, it will always be suspected that they
were "turned"?

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Roger Critchlow-2

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

legal fund contribution link at lavabit.com

-- rec --

On Thu, Aug 8, 2013 at 10:19 PM, Steve Smith <[hidden email]> wrote:

Is there any other benefit?

The double encryption has to do with the treatment of passphrases and private keys (see below). The text below is from the Google cache of Lavabit's former website. Reliably defeating this would mean changing how their software works (misrepresenting the company to their customers), which is the heavy-handed PRISM technique.

got it, "double encryption" seems a little misleading of a term... but encrypting an encrypted message didn't make much if any more sense either. I guess I assumed that encrypting private keys was (also) standard practice? Maybe not.

Yes, it seems like Lavabit is now going to be compromised with their users... if they stand back up, it will always be suspected that they were "turned"?

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Steve Smith

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

On 8/8/13 10:31 PM, Roger Critchlow wrote:

legal fund contribution link at lavabit.com

wanna take odds on how long until PayPal shuts down? Didn't WikiLeaks have that problem? No (easy) way for donors to support them, thanks to the US Govt?

At least we no longer have to worry that by making a payment to such an organization, we will end up on an FBI list... we are already on their lists!

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Steve Smith

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

Wonder how this came out?

https://www.eff.org/event/surveillance-or-security-former-nsa-officials-debate-eff

Surely there were some blunt and possibly choice exchanges here?

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Marcus G. Daniels

Re: [WedTech] Fwd: Russia Grants Snowden 1-Year Asylum -NYTimes.com

In reply to this post by Steve Smith

On 8/8/13 10:39 PM, Steve Smith wrote:

At least we no longer have to worry that by making a payment to such an organization, we will end up on an FBI list... we are already on their lists!

One hopes wisdom will come suddenly when they find their own dossier amongst the candidates of enemies of the United States.

Marcus

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com