Infosec professional and security blogger Scot Terban joins me to discuss the recent LinkedIn spying case, the degrading environment in social media, and strategies for improving your personal security so that you don’t get targeted, compromised, and swept into your own (or someone else’s) October surprise.
Keybase is a small but ambitious company that aims to make cyrpto available and virtually seamless for everyone. Their approach to this problem, a massively challenging one that hasn’t really been cracked to date, has been creative. However, the flexibility and scope of potential applications hasn’t always been obvious as they’ve slowly scaled up from an invitation only directory with basic functionality to the much more robust layer of services and platforms supported today. I have followed the development of Keybase (my profile and proofs) closely and was excited to talk with co-founder Max Krohn about the product, the company’s unique approach, and the potential to apply Keybase’s model to solve problems like we’ve seen recently with the Qatar News Agency hack.
Regular Blogs of War and Covert Contact contributor William Tucker joins me to discuss the apparent Russian state-sponsored hack of the DNC. We also spend quite a bit of time discussing the sorry state of security. We’re talking about cyber issues constantly but the intrusions, threats, and vulnerabilities seem to be mounting. There is a lot of cybersecurity chatter but it seems to have generated very little urgency or understanding.
Over the past couple of weeks I’ve been evaluating ProtonMail. This service is part of a new generation of tools (most inspired by Edward Snowden) developed with the aim of delivering robust encrypted communications and file sharing to the widest possible audience.
Blogs of War readers know that I’m not an Edward Snowden fan, far from it in fact, but I do believe that we have to secure the applications and communication channels that now pervade our lives. Not because I’m worried about the NSA. Frankly I’m far more worried about every other threat. However, I’m also keenly aware of the terrorist and criminal threats we face and why law enforcement agencies and intelligence services (the friendly ones) are deeply concerned about bad actors having the ability to go dark.
There are well-intentioned people on both sides of the privacy debate (see episode 18 with retired FBI agent David Gomez for a law enforcement perspective) and Andy Yen, as a privacy advocate, makes a powerful case for making encrypted communication tools as widely available as possible.
For more from Andy I recommend his TED Talk “Think your email’s private? Think again“.
I emailed retired FBI agent David Gomez from my new ProtonMail account to propose a podcast about encryption and its effect on mass surveillance from a homeland security and law enforcement perspective. You’re reading this because he immediately accepted.
Encrypted communication has been available to consumers for decades but new tools are arriving that are actually making it an accessible and realistic option for the majority of users. Easy to use strong encryption is, in many ways, a wonderful thing. It means that good people in bad places might have more freedom to communicate. It means that people can trust that a point to point communication is just that. But it also means that a lot of people with bad intentions will find it easier to go dark, to plot, and to recruit – often across international borders. How are governments going to cope with this especially when they’ve enjoyed great success with the current collection models that allow them to intercept electronic communications on a massive scale?
Even if you support strong encryption and disagree with government interception of electronic communications you must acknowledge the impact that cutting them out of the loop could have on our security. That tradeoff is the topic we struggle with in this episode.
You can follow David on Twitter @AllThingsHLS.
William J. Tucker joins me again to discuss Hillary Clinton’s decision to manage her own email services while Secretary of State. While this decision has angered political opponents and government transparency advocates (not to mention a few historians) we are bypassing the political and legal issues to zero in on the risks associated with her decision – and there are many. Join us as we walk through the information security and intelligence aspects of this story and examine the risks posed to Hillary Clinton, our government, and potentially anyone that maintained contact with her through this method. If you’re not concerned now, you will be.
You can follow William J. Tucker on Twitter and read his guest posts on Blogs of War:
Other Covert Contact Episodes Featuring William:
Episode 12 | Counterintelligence: William J. Tucker Breaks Down the Challenges
Embed Code for This Episode
<iframe style="border: none" src="//html5-player.libsyn.com/embed/episode/id/3418032/height/250/width/450/theme/custom/autoplay/no/autonext/no/thumbnail/yes/preload/no/no_addthis/no/direction/backward/no-cache/true/render-playlist/no/custom-color/d65008/" height="250" width="450" scrolling="no" allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen></iframe>
This week I’m focusing on a single critical topic – the struggle between privacy advocates and governments over cryptography. This is a sensitive topic and there are a lot of extreme positions on the matter. I attempt to take a balanced look at both sides of the issue, offer my thoughts about who might win the war, and I explore what the eventual outcome might mean for intelligence professionals. However, I also argue that if either side “wins” the war without understanding and accommodating the positions of the other, we all stand to lose.
This is a slightly shorter and more focused episode but I’m exploring this format with the intention of releasing more than one episode per week. Please let me know what you think about the format change. You can do that on the Covert Contact Facebook Page or by connecting with me on Twitter @CovertContact.