We rarely note tech events. But unless you have been living under a rock, you know privacy and surveillance has been in the news lately. Interested in some keyboards-on experience with privacy-enhancing tools? You can has.
Tonight is Portland's first Crypto Party. You can learn about key signing, virtual private networks and cryptography. Key signing is an example of creating the chain of trust for cryptographic certificates establishing identity and keys for encoding-decoding. Virtual private networks are a way to hide your computer network address, the untraceable phone call. Cryptography is a way to keep your messages and files secret from those without the decoding key.
Unfortunately each of these contains its own seeds of weakness. Cryptographic certificates can be compromised by breakins to the key server. This was the case when Chinese hackers stole information from RSA Security that compromised their SecureID. SecureID is used by the government and companies to supplement passwords and was thought to be unbreakable. The exploit was used to break into Lockheed, a military equipment maker. The Stuxnet attack on the Iran nuclear program used stolen certificates to trick computers into trusting the hostile software. Of course various governments would have an interest in compromising key and certificate servers in furtherance of their own hacking.
Some forms of cryptography are thought to be essentially unbreakable, at least for the next few years. That is why they are used by governments, and that same software is available to individuals. Unfortunately it was just revealed that it is legal for the NSA to capture communications between Americans, within America, solely because it is encrypted.
Virtual private networks have many uses. For instance, they allow Americans visiting China to communicate privately to servers in the US for mail and news without being meddled with by the Great Firewall. Unfortunately the Chinese government has reportedly started terminating virtual private network sessions. They are almost universally used by corporations for employees working at home or traveling. They enable watching region-limited broadcasts by, say the BBC, outside the UK. The Catch-22 is that US-based systems could be subject to government inspection, and foreign systems are guaranteed to be surveilled at the border.
All of these combine in the Tails project, a relatively secure way to use an Internet cafe anywhere in the world. It is a bootable USB device that routes your Internet connection though the Tor virtual private network. Ironically these type systems are promoted by our very own State Department to provide a measure of safety for journalists and democracy advocates overseas.
Unfortunately while mobile security has to date been relatively good, privacy is weak against a determined adversary.
But fortunately Oregon's own Senator Wyden, who has been on the Senate Intelligence Committee since 9/11, and thus in a position to review government surveillance programs, is seriously questioning the cost effectiveness of the programs. He and Senator Merkley are working to reform the programs, so I'm sure they would like to hear your thoughts on the issues.
Bring a computer, a USB storage device and curiosity. No experience necessary.
CryptoParty Portland at Lucky Labrador, 1945 NW Quimby 6:30PM-10 Free
