security

Learn crypto while it's still legal

The 1990s crypto-wars seem to get started again. Under the new proposed measures it will be illegal to use secure end-to-end crypto like GPG, or even iMessage and Whatsapp. It’s even more important to learn how to use it then. We’re going to have another Cryptoparty at the upcoming Chaos.Cologne conference here at the KHM in May. Or just talk to us and we’ll show you how. It’s not hard to get started.

The news:
http://www.sueddeutsche.de/digital/fnord-1.2314768
http://boingboing.net/2015/01/13/what-david-cameron-just-propos.html

What you can do:
Surveillance Self-Defense (in English) https://ssd.eff.org/
Digitale Selbstverteidigung (auf deutsch) https://digitalcourage.de/support/digitale-selbstverteidigung

let's Cryptoparty again

Cryptoparty sticker

Mittwoch, 30. April 2014
ab 18.00 Uhr bis ca. 21.00 Uhr Workshops und freies Rumhängen

Cryptopartys sind eine globale DIY-Initiative zur Emanzipation aus der technologischen Unmündigkeit.

Wir meinen, das Thema der digitalen Rundum-Überwachung sollte gerade auch an der Kunsthochschule für Medien kritisch beleuchtet werden. Deshalb freuen wir uns besonders, bereits die zweite Cryptoparty zu veranstalten.

Wieder geht es um die Rückeroberung der Datenhoheit. In entspannter Atmosphäre wird konkretes Wissen rund um Verschlüsselungstechniken und die digitale Selbstverteidigung vermittelt. Bitte Laptop, Notebook oder Vergleichbares mitbringen, um gleich vor Ort loslegen zu können.

Eine Initiative des Surveillant Architectures Seminars mit Jürgen Fricke.

GLASMOOG, Kunsthochschule für Medien Köln

p.s.
wer sich vorbereiten will oder morgen keine Zeit hat:
(auf deutsch): https://digitalcourage.de/support/digitale-selbstverteidigung
(English): Eff’s Surveillance Self-Defense site: https://ssd.eff.org/

Ich bringe diese hier mit

Privacy and Surveillance Conference, UC Berkeley

The conference is hosted by the Data and Democracy Initiative at University of California at Berkeley.  Do let me know if you would like your work included as part of the dialogue.

Event: Pan Optics: Perspectives on Digital Privacy & Surveillance
March 6, 2014 11am-4:30pm
Banatao Auditorium, Sutardja Dai Hall

Presented by CITRIS, CITRIS Data & Democracy Initiative, UC Davis Research Initiative in Digital Cultures

“Recent disclosures about the NSA’s international and domestic surveillance activities have stimulated overdue policy discussions among politicians and outrage among activists. The revelations have also suggested a need to address issues of privacy and surveillance on a broader level across a range of disciplines.

As a pervasive practice employed by governments, corporations, and individuals, routine data collection and ubiquitous camera technology are shifting boundaries and cultural expectations about what should and should not be shared. This symposium will bring together scholars and practitioners from a range of disciplines to discuss privacy protections, surveillance methods, and modes of resistance in a digital age.”

http://democracy.citris-uc.org/

physical and virtual

In the words of Eric Schmidt, executive chairman at Google (paraphrased, I can’t find the original quote):

“Identity will change from something that originates in the physical world and is being projected into the virtual world, to Identity that is created in the virtual and experienced in the physical world.”

Coincidentally, there is this news story about how US officials set up tents in hotel rooms where they fear surveillance. Shielding from video cameras, defeating audio bugs with a white noise generator, and even protecting against electromagnetic snooping. It took some work to find out what they look like from the outside. They appear very physical indeed. A psychoanalytic’s dream.

tenda-gonfiabile-010

tent-ready

http://www.solianiemc.com/

F.tenda-TIS-rm

F.tenda-ingresso-CIMA-apertura

Can we get one please?

what paranoid networking physically looks like (and sounds like)

From a discussion about protecting yourself against most ‘black bag’ and ‘evil maid’ attacks.

put distinctive scratches into all your peripherals, take a photo, and regularly check that the scratches are identical to the photo. This is how weapons inspectors ensure the seals protecting weapons caches have not been tampered with. The seals are scratched in a distinctive way that can’t be forged, then check periodically. Use tamper evident tape on your devices to slow down a burglar that wants to plant a keylogger in your keyboard.

The computer in question is an ‘air gapped’ machine, which means it is not connected to any network. You’d use it for extreme operational security (i.e. working with leaked NSA documents).

If you have a desktop [computer], put super glue in all the USB interfaces so they aren’t functional. Do the same to any interface on the mother boards that could attach removable media. Try to make the case impossible to open (bonus points for encasing it in cement except for the fan, CD tray, cables for keyboard/mouse, power cable and power button).

Turns out that really isolating a computer that you work on is a very hard thing to do. The latest threat seems to be some kind of super-malware that can bridge air gaps by communicating via a computer’s built-in speaker and mic. Allegedly it ‘talks’ at around 18kHz which is a frequency most people cannot hear.

a restaurant’s walk-in freezer is the poor man’s faraday cage

Attacker model

Q: Is it possible to put security in place to protect against state surveillance?

A: “You are not even aware of what is possible. The extent of their capabilities is horrifying. We can plant bugs in machines. Once you go on the network, I can identify your machine. You will never be safe whatever protections you put in place.”

Edward Snowden

He is deeply worried about being spied on. He lines the door of his hotel room with pillows to prevent eavesdropping. He puts a large red hood over his head and laptop when entering his passwords to prevent any hidden cameras from detecting them.

Though that may sound like paranoia to some, Snowden has good reason for such fears. He worked in the US intelligence world for almost a decade. He knows that the biggest and most secretive surveillance organisation in America, the NSA, along with the most powerful government on the planet, is looking for him.

…, and as a result, “I got hardened.”

Edward Snowden

Encryption

A basic tool for free speech: learn how to use email encryption.  Mac and Windows versions are here; the mothership is for Linux. It couldn’t be easier, the end-user versions come with great instructions.

Send me something good! Here’s my public key for sievers@khm.de (actually those tools above will find it for you automatically).

http://khm.de/~sievers/D457B050.asc 

P.S. the iphone screenshot shows you it has no means to decrypt the message, which is probably just as well

understanding computers?

“…our inability to describe and understand technological infrastructure reduces our critical reach, leaving us both disempowered and, quite often, vulnerable.”

James Bridle

“Again it comes back to infrastructure and how our inability to describe and understand reduces our critical reach, leaving us both disempowered and, quite often, vulnerable.

Opacity is an important word here too, as is the term ‘black box’. Most of our engineered communications infrastructure is not just extraordinarily abstract for people to come to grips with but is actively kept hidden. There are some valid reasons, of course, for keeping infrastructure hidden but the fact is it out of sight is being increasingly exploited in and out of supposedly democratic contexts, largely by surveillance initiatives we were never told about.

Engendering a healthy paranoia here, along with making work that ruptures the featureless skin of these black boxes – providing points of entry – is important to me currently. Infrastructure must not be a ghost. Nor should we have only mythic imagination at our disposal in attempts to describe it. ‘The Cloud’ is a good example of a dangerous simplification at work, akin to a children’s book. Such convenient reductions will be expensive in time as some corporations and governments continue to both engineer – and take advantage of – ignorance.”

Julian Oliver