The group has written a letter to the US President and Congress arguing that current surveillance practice "undermines the freedom" of people..
It comes after recent leaks detailed the extent of surveillance programmes..
"We understand that governments have a duty to protect their citizens. But this summer's revelations highlighted the urgent need to reform government surveillance practices worldwide," the group said in an open letter published on its website..
"The balance in many countries has tipped too far in favour of the state and away from the rights of the individual - rights that are enshrined in our Constitution..
"This undermines the freedoms we all cherish. It's time for a change," it added. More...
Network intelligence firm Renesys warns that victims including financial institutions, VoIP providers, and governments have been targeted by the man-in-the-middle attacks. It reckons the diversions are malicious, and probably pulled off by manipulating BGP routing tables.
BGP (Border Gateway Protocol) is a core routing protocol that maps out the connections for internet traffic to flow through, from source to destination. As things stand, BGP has no built-in security. Routers may accept dodgy connection routes advertised by peers, internet exchanges or transit suppliers.
These suspect routes, once accepted, can have local, regional or global effects. Routers look for the shortest logical path (the least number of hops, in other words) and place blind trust in any path that's advertised. And the shortest logical path can take weird and wonderful physical geographical routes.
In 2008, changes by Pakistan Telecom intended to restrict access to YouTube solely within the country had the affect of briefly diverting ALL YouTube traffic into a global blackhole, rendering the site unreachable for hours. Two years later, China Telecom rerouted up to 15 per cent of the world's internet destinations on two brief occasions, after advertising false BGP route information that directed traffic through its networks. More...
The companies, burned by disclosures they’ve cooperated with U.S. surveillance programs, are protecting user e-mail and social-media posts with strengthened encryption that the U.S. government says won’t be easily broken until 2030.
While the NSA may find ways around the barriers, the companies say they have to assure users their online connections are secure and data can’t be grabbed when transmitted over fiber-optic networks or digitally stored.
Microsoft Corp. is convinced it must “invest in protecting customers’ information from a wide range of threats, which if the allegations are true, include governments,” Matt Thomlinson, general manager of trustworthy computing, said in an e-mail. He didn’t provide details.
Internet companies including Google, Yahoo, Facebook, Microsoft and Apple Inc. are trying to distance themselves from news reports that they gave the agency data on electronic communications of Americans and foreigners or have lax security.
While the companies are trying to prevent the NSA from gaining unauthorized access to their data, they say they comply with legal court orders compelling them to provide the government information.
The NSA has tapped fiber-optic cables abroad in order to siphon off data from Google and Yahoo, circumvented or cracked encryption, and covertly introduced weaknesses and back doors into coding, according to reports in the Washington Post, the New York Times and the U.K.’s Guardian newspaper based on documents leaked by former NSA contractor Edward Snowden.
Companies are fighting back primarily by using increasingly complex encryption, which scrambles data using a mathematical formula that can be decoded only with a special digital key. The idea is to protect sensitive information like e-mails, Internet searches and digital calls.
Google has accelerated efforts to encrypt information flowing between its data centers, doubled the length of its digital keys and implemented measures to detect fraudulent certificates for verifying the authenticity of websites, according to a statement from the Mountain View, California-based company. More...
- Email Attack on Vendor Set Up Breach at Target
- With data vulnerable, retailers look for tougher security
- Target Struck in the Cat-and-Mouse Game of Credit Theft
- Technology firms seek government surveillance reform
- Rise of the Machines: Internet-Connected Devices
- Mystery traffic redirection attack pulls net traffic through Belarus, Iceland
- Silicon Valley Nerds Seek Revenge on NSA Spies With Coding
- Russian Cosmonauts Occasionally Infect the ISS with Malware
- Council on CyberSecurity to Revise the 20 Critical Security Controls
- Cybersecurity website reports cyberattacks at data brokers D&B, LexisNexis, Altegrity