Monday, November 25, 2013

Encrypt Everything, Store Nothing, Leave No Trace! (Dissolving Messages, Wickr, Snapchat)

US corporations like Google, Facebook, and Microsoft benefit from "safe harbor" treaties with the US that allow those companies exemption from European privacy rules.

Then the NSA and FBI came along and forced those companies to put in "back doors" so that nothing is private. 

In the latest 100% believable accusation, EU accuses US of improperly trawling citizens’ online data. In response, Europe is threatening to end the safe harbor laws.
Brussels is to warn Washington that US tech companies risk losing their exemption from privacy rules unless the US changes the way it treats EU citizens’ online data.

A European Commission review of the “safe harbour” pact that allows US technology groups such as Google, Facebook and Microsoft to operate in Europe without EU oversight will conclude that Washington has improperly forced US companies to hand over European customers’ data. It also says that breaches of the data deal have given US tech companies a competitive advantage over European rivals. 

Although the review, which will be unveiled on Wednesday, stops short of calling for the safe harbour agreement to be scrapped, its wording signals that the EU will move in that direction unless the US changes the way that it uses data held by companies on EU citizens.

A scrapping of the safe harbour deal is one of the most formidable weapons the EU has in its arsenal to punish the Obama administration after claims of snooping on Europeans by the National Security Agency.

Such a move would wreak havoc for any US tech company doing business in Europe – especially Google, Facebook and Microsoft, which rely on the agreement to transfer customers’ data seamlessly between countries.

Ending safe harbour and subjecting US companies to European privacy laws would put them in a legal bind over NSA requests for information about European citizens. Under US law they would still be forced to hand over the information, provided the request was backed by an order from the secret foreign intelligence surveillance court but doing so would breach their extra responsibilities in Europe.

Internet companies say the conflict would force them to ringfence EU operations and hold data about the bloc’s citizens in new legal entities there, creating separate islands of data that would lessen the efficiency of their operations and risk balkanizing the internet into separate regional networks.
You've Got "Unsecure" Mail

In an attempt to circumvent NSA spying, a fast growing Russian internet company, Mail.Ru seeks US expansion.
Russia’s largest internet company is expanding into the US, trying to lure customers by keeping the data from its services offshore.

Mail.ru, which has more monthly users than any other Russian website, is targeting the US with a suite of mail and messaging apps under the My.com brand as it tries to crack what its chief executive Dmitry Grishin calls “the most competitive and most difficult market that has ever existed”.

Mr Grishin said the data centres for its US services would be based in the Netherlands, which he said was a “good neutral place” outside of the US and Russia that was “very liberal” and “respected globally”.

The Netherlands has robust data protection laws and a broad definition of what constitutes personal data, as well as some large data centres. However, some privacy experts say keeping the data offshore would not be enough to stop the NSA accessing it.

Jeff Chester, executive director of the Center for Digital Democracy in the US, said the data may be more secure in Europe but the problem was it had to be shipped from the US.

“I don’t think it keeps it from the NSA at all because the data are collected here and shipped to the cloud, it doesn’t make a difference where it goes,” he said. “The NSA can access it during the transportation process.”

James Lewis, a security expert at the Center for Strategic and International Studies in Washington, said: “The location of the server makes absolutely no difference, particularly for Russian companies that have very close relations with their security services. Ask Snowden if he feels like his email is safer.”
Encrypt Everything, Store Nothing!

Mail.Ru is not the answer. At some point the data is unencrypted, and accessible to NSA snoops. Enter Wickr, a secure messaging app, that stores nothing and at no point in routing is there an unencrypted message.

Wickr, has already received a request from the FBI for a back door. Thankfully, the company cannot provide one because it stores no data.

The Financial Times reports US spying fuels popularity of secure messaging app Wickr.
Wickr, the secure messaging app that positions itself “halfway between Snapchat and Snowden”, is set to raise more funds and launch a major update on Monday after its popularity soared following revelations of a US mass surveillance programme.

The Silicon Valley start-up enables encrypted peer-to-peer communications from email to instant messaging while keeping no data whatsoever. It plans to rival Skype by rolling out secure and private international video calling next year.

Nico Sell, co-founder and chief executive of Wickr, said the year-and-a-half-old company had seen an extreme spike in interest after revelations about the National Security Agency’s surveillance programme were published earlier this year.

Wickr works by providing connections between message senders, which are not stored on any central server. Ms Sell said the FBI had already asked for a back door to get information for law enforcement but because the company holds no data, there was not even a way of co-operating.

“I didn’t want to be responsible for securing everyone’s gold – because that’s impossible,” she said. As a hacker who helps organise one of the most important hacker conventions of the year, she knew nothing was foolproof. The sender can set how long he or she wants the message to stay on the recipient’s computer before deleting itself.

Wickr, which has been downloaded 1m times, is free but will begin to offer advanced subscriptions and in-app purchases next year.
Wickr vs. Snapchat

Snapchat is a messaging service that provides text and photo messages that dissolve in a few seconds. The Wall Street Journal reports Snapchat Spurned $3 Billion Acquisition Offer from Facebook.
Snapchat, a rapidly growing messaging service, recently spurned an all-cash acquisition offer from Facebook for close to $3 billion or more, according to people briefed on the matter. Evan Spiegel, Snapchat’s 23-year-old co-founder and CEO, will not likely consider an acquisition or an investment at least until early next year, the people briefed on the matter said. They said Spiegel is hoping Snapchat’s numbers – of users and messages – will grow enough by then to justify an even larger valuation, the people said.

Snapchat specializes in ephemeral mobile messages, including text or photographs, that disappear after a few seconds. The service has not generated any revenue, but is especially popular among teenagers and young adults, who use the app to send messages to friends.

Facebook is interested in Snapchat because more of its users are tapping the service via smartphones, where messaging is a core function. Facebook has rapidly increased the share of its revenue coming from mobile advertising, but said last month that fewer young teens were using the service on a daily basis.

Tencent, a diverse Internet company, owns WeChat, a major messaging service in China, and has a stake in KaKao, a popular South Korean app. It was vying to lead a group of investors that had offered to invest $200 million in Snapchat at a valuation of roughly $4 billion.
Meaning of $3 Billion

Snapchat has no profit and no revenues. Last year it was reportedly worth $100 million. Now it is worth $3 billion.

I cannot fathom turning down an all cash offer of that amount. Isn't $3 billion enough to do whatever you want for the rest of your life? Would $10 billion make one happier? Is the race on to see what deal gets valued at $100 billion? $1 trillion?

Wickr Business Model

Leaving philosophical questions aside, Let's take a closer look at the model of Wickr straight from its website.
The Internet is forever.
Your private communications don´t need to be.

Wickr is a free app that provides:

  • Military-grade encryption of text, picture, audio and video messages
  • Sender-based control over who can read messages, where and for how long
  • Best available privacy, anonymity and secure file shredding features
  • Security that is simple to use


"Wickr - an iPhone encryption app a 3-year-old can use."

New York Times: "There is no reason your pictures, videos and communications should be available on some server, where it can easily be accessed by who-knows-who, or what service, without any control over what people do with it."
Wickr vs. Silk Road

The government shut down "Silk Road", but that model had a fatal problem. It stored data.


From the Wickr privacy policy...

  • We use military-grade encryption. Our encryption is based on 256-bit symmetric AES encryption, RSA 4096 encryption, ECDH521 encryption, transport layer security, and our proprietary algorithm.
  • We canʼt see information you give us. Your information is always disguised with multiple rounds of salted, cryptographic hashing before (if) it is transmitted to our servers. Because of this we donʼt know — and canʼt reveal — anything about you or how you use the Wickr App.
  • Deletion is forever. When you delete a message, or when a message expires, our “secure file shredder” technology uses forensic deletion techniques to ensure that your data can never be recovered by us or anyone else.
  • You own your data. We do not share or sell any data about our users. Period.
What Information Does Wickr Collect, and How Is It Used?

We are committed to limiting our collection of your information to what is necessary to provide you with our Services.

We only collect information from users who create Wickr Accounts. You must create a Wickr Account to use the Wickr App.

What We Donʼt Collect:

Equally important to us is the information we donʼt collect. We will NEVER collect any location information or have access to the contents of the communications you send using the Wickr App. After messages are deleted (or after they expire), they are forensically deleted and are not retrievable by us or anyone else. (Remember, however, that if you send a Wickr message to another Wickr user, that message might remain on their device even after you delete it from yours, depending on the value you set for the self-destruct time of that message.)
Leave No Trace!

I commend any app or any service that stops NSA spying in its tracks. But don't blame me or Snowden if such services become used by crooks, or worse.

Were it not for the massive, unwarranted spying, people would not be so paranoid as to demand these services in the first place.

The end result is as expected: Governmental spying, back doors, denials, and loss of the constitutional right to privacy has made us less secure than before.

That is precisely what the loss of freedom always does!

Mike "Mish" Shedlock
http://globaleconomicanalysis.blogspot.com