Blog

ConComms Joins EFF’s New Alliance

We are happy to report that Constitutional Communications has agreed to join the EFF’s new Electronic Frontier Alliance, and fight for the principles of Security, Privacy, Free Expression, Creativity, and Access to Knowledge.

The Electronic Frontier Alliance is a grassroots network of community and campus organizations across the United States working to educate our neighbors about the importance of digital rights.

Electronic Frontier Alliance Principles

As a member organization of the EFA, we believe that technology should support the intellectual freedom at the heart of a democratic society. In the digital age, that entails advancing:

Free Expression:
People should be able to speak their minds to whoever will listen.

Security:
Technology should be trustworthy and answer to its users.

Privacy:
Technology should allow private and anonymous speech, and allow users to set their own parameters about what to share with whom.

Creativity:
Technology should promote progress by allowing people to build on the ideas, creations, and inventions of others.

Access to Knowledge:
Curiosity should be rewarded, not stifled.

We uphold these principles by fighting for transparency and freedom in culture, code, and law.

Concomms Article featured in The Indypendent

The Indypendent Issue # 215

As legal showdowns go, Apple v. FBI came in like a lion and left like a lamb. In February, the Federal Bureau of Investigations (FBI) won a federal court order to compel Apple to build a new operating system that would allow agents to hack into the iPhone 5 used by the San Bernardino mass shooter. When Apple refused to comply, some commentators claimed it was the biggest showdown over surveillance in the last decade.

While this legal showdown was still grabbing headlines, National Security Agency (NSA) whistleblower and cyber security expert Edward Snowden called Apple’s refusal to cooperate important on principle. But he correctly asserted the FBI’s claim it was unable to access the iPhone due to Apple’s encryption was “bullshit.” On March 28, the FBI dropped the legal action after an unnamed contractor helped the Bureau bypass the encryption.

Nonetheless, encryption, is still a key privacy tool. As Snowden himself put it during an online Q & A hosted by The Guardian in 2013: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on [to protect your privacy].” 

This is a broad statement, however, because there are different types of encryption for different types of functions. The most secure forms are made with open source software, which make it possible for technicians to see how the programs work and also makes them free for individuals to download and use. Although there are free tools that can secure information from even the most well resourced attackers, like the NSA, few organizations use encryption, let alone worry much about what types of encryption to use. 

Case in point: Mossack Fonseca, the self-described “legal services firm” that was the source of the Panama Papers. A whistleblower concerned with the unethical and illegal nature of the company’s business provided 2.6 terabytes of data from its internal network to International Consortium of Investigative Journalists, which began publishing the material through various news outlets in April. 

The term “Legal services firm” in Mossack Fonseca’s case is a nice way of saying “money laundry.” As the Panama Papers reveal the firm set up shell companies and provided tax havens to the globe’s wealthiest individuals. When the Panama Papers hit front pages worldwide, the company’s offices were raided by the police forces of four governments. 

Mossack Fonseca’s behavior was not simply unethical and illegal, it was also stupid. As its own leaked internal emails show, the firm didn’t use modern, end-to end open source encryption tools; didn’t effectively educate its staff about what it was doing with digital security; and consistently undermined its security by creating anonymous and unlogged access points to its network. These types of practices make it easy for hackers, governments, or whistleblowers, for that matter, to access information systems that lack end-to-end, open source encryption. 

Unfortunately, US government policy has made open source, end-to-end encryption important even for everyday people who are not engaged in nefarious activities. Mass surveillance is current government practice and it has made it necessary to defend our privacy in what many observers have begun referring to as the Golden Age of Surveillance

Governments globally are working to ensure they can have access to all digital information all the time. Domestic law enforcement groups like the FBI have access to more and more information from massive government databases collected directly from the servers of all the major email providers. Here is how it works: the NSA collects information on Americans on a massive scale under the Foreign Intelligence Surveillance Act and Executive Order 12333, the FBI receives access to this data collected by the NSA through a partnership with the Drug Enforcement Administration’s Special Operations Division, which gives them information from all major US service providers — Google, Apple, Yahoo, Facebook. This enables domestic law enforcement to utilize the NSA’s Bluffdale Utah data facility, which has the capacity to hold 1000 times more data than the entire internet, a yottabyte of data. 

In a 2015 report, United Nation’s Special Rapporteur on Freedom of Expression, David Kaye, argued that due to this type of widespread, warrantless surveillance of internet communications, anonymity and encryption must now be considered human rights. Kaye cites Article 19 of the International Covenant on Civil and Political Rights, ratified by the US in 1993, which affirms the universal “freedom to seek, receive and impart information and ideas of all kinds.” 

Those of us wanting to uphold our rights should use open source, end-to-end encryption and demand the same of lawyers, businesses and others handling our personal data. 

Jonathan Stribling-Uss is an attorney and Director of Constitutional Communications (concomms.org), a not-for-profit organization that trains lawyers, journalists and civil society leaders in maintaining secure communications.


6 Tools to Protect Your Privacy

1) Signal by Open whisper systems (in App Stores)

Signal is the easiest and most secure encrypted text and calling program, with more than one million users. The app is free and takes 3-5 minutes to get started. It can now be used with both your phone and computer. 

2) Jitsi (Jitsi.org)

A free service, requiring no account, that allows for multiparty, end-to-end encrypted video calls and chats. For more usability you can install a download, but it is not necessary to get started calling friends around the globe.

3) Tor (www.torproject.org)

A free browser that uses encryption and a random series of open routing computers to separate your actions online from your IP (internet protocol) address, providing anonymity. 

4) Make a longer passphrase with memorable words

With robust symmetric encryption, when you lose your password, you lose your data. This means that you have to create passphrases, not just words, that are easy for humans to remember but hard for machines to guess. The simplest way to do this is to use at least four random words, and a number or given name. For example; “correcthorsebatterystaplenatturner”. 

5) PGP/GPG (www.gnupg.org)

A free, open source, end-to-end encryption system that has been used and tested for over 25 years. It is designed to supplement your current email address, so you don’t need a new email, you can just add this asymmetric encryption system over the top of your current provider.

6) Tails OS (tails.boum.org)

A free, open source operating system that can be run on most computer hardware and secures your traffic and data on an encrypted USB. It is based on one of the most used operating systems, Debian, and it is packaged with a full set of office and encryption tools. 

— Jonathan Stribling-Uss


 

Founded in 2000 as the print project of the New York City Independent Media Center, The Indypendent is a New York City-based free newspaper and online newspaper with a print and online audience of more than 100,000 readers. It is the Winner of more than 50 awards from New York Community Media Alliance for excellence in journalism.

https://indypendent.org/2016/06/29/age-mass-surveillance-encryption-gives-us-edge

Ethics and Technology CLE: What Lawyers Need to Know

Ethics and Technology: What You Need to Know About E-Discovery, the Panama Papers, Attorney Liability for Hacks and Other Recent Developments in Technology That Cannot Be Ignored: May 17th at NYCLA Bar Association.

CLE Credits:

3 NJ Credits: 3 Ethics;
3 NY Credits: 3 Ethics

Join us for the third program in our ongoing series which will identify and help you learn and put into practice the new technology which is needed to deal with electronic data that is pervasive in all aspects of commercial and personal life.

Along with looking at recent technological developments and their effect on confidentiality of proprietary information and the lawyer’s ethical responsibilities to protect it, this program will take a special look at e-discovery and the ethical ramifications of compliance or sanctions for lack thereof.

Our expert panel will also answer audience questions about the ethical issues that are affecting the way attorneys practice law in the new paradigm.

Faculty:

FacultyJoseph BambaraUCNY, Co-Chair, NYCLA’s Law and Technology Committee; James B. Kobak, Jr., General Counsel, Hughes Hubbard & Reed LLPPery KrinskyKrinsky, PLLC; Peter MicekAccess Now;Jonathan Stribling-Uss, Constitutional Communications

When
Where
NYCLA – 14 Vesey Street 2nd Floor Auditorium, New York, NY 10007, United States

https://www.eventbrite.com/e/ethics-and-technology-what-you-need-to-know-about-e-discovery-the-panama-papers-attorney-liability-tickets-25364427686)

Attorney Encryption Now at Rights Con 2016

Constitutional Communications had great success at Rights Con 2016. We gave three presentations and got David Kaye, the UN Special Rapporteur on the Freedom of Opinion and Expression, to publically support our position that we must update professional ethics for the 21st century by requiring encryption for all attorney client communication.

The first presentation was “Cybersecurity, professional ethics and encryption: How and why professionals must encrypt”.  The second was a training for trainers “Organizational security: Moving communications from individual privacy to collective safety”. The third was a private presentation for litigation attorneys on the need to change professional standards to require end-to-end open source encryption for all attorney client communications.

We also had the great honor of dialoging with David Kaye, the UN Speical Rapporteur on the Freedom of Opinion and Expression.  After David mentioned that the UN currently has no secure encrypted method for contacting the Special Rapporteur about human rights abuse, Jonathan got to ask him if he supported changing professional standards to require encryption for all attorney client information. He whole heartedly agreed with our position! You can watch the exchange here:

Concomms at Rightscon 2016

ConComms will be attending Rights Con 2016 in Silicon Valley, hosted by Accessnow.org from March 30th-April 1st. Jonathan will be part of leading two sessions. The first is “Cybersecurity, professional ethics and encryption: How and why professionals must encrypt” And the second is a training for trainers “Organizational security: Moving communications from individual privacy to collective safety”

 

Hope to see people there! You can follow us at on twitter @con_comms

ConComms joins 195 organizations signing Security For All letter

ConComms joins 195 organizations in signing open letter to the leaders of the world’s governments:

We encourage you to support the safety and security of users, companies, and governments by strengthening the integrity of communications and systems. In doing so, governments should reject laws, policies, or other mandates or practices, including secret agreements with companies, that limit access to or undermine encryption and other secure communications tools and technologies.

  • Governments should not ban or otherwise limit user access to encryption in any form or otherwise prohibit the implementation or use of encryption by grade or type;
  • Governments should not mandate the design or implementation of “backdoors” or vulnerabilities into tools, technologies, or services;
  • Governments should not require that tools, technologies, or services are designed or developed to allow for third-party access to unencrypted data or encryption keys;
  • Governments should not seek to weaken or undermine encryption standards or intentionally influence the establishment of encryption standards except to promote a higher level of information security. No government should mandate insecure encryption algorithms, standards, tools, or technologies; and
  • Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets.

https://www.securetheinternet.org/

National Academy Of Continuing Legal Education features ConComms CLE

“Ethics and Technology: Recent Developments and Potential Risks That NO Lawyer Can Ignore” featured in National Acadamy Of Legal Education Program

ConComms CLE featured in National Academy Of Legal Education

Attorneys in practice today are being faced with a myriad of IT security and privacy issues. Therefore it is more imperative than ever for attorneys to understand recent technological developments and the risks associated with them, including their widely acknowledged duty to stay conversant with technology in order to represent their clients adequately and assure confidentiality of client data and privileged communications.

Indeed there is on-going debate about how far the ethics rules should or should not go in mandating specifics steps, such as encryption, to ensure the protection of client data, including recent ethics opinions or comments by bar associations around the country.

A panel of ethicists and technical experts will lead the discussion that no New York attorney can afford to miss, especially sole practitioners, small and mid-sized firm members who typically do not have in-house technical resources to rely on.

The National Academy of Continuing Legal Education is a provider of accredited continuing legal education courses throughout the United States. From its inception, the Academy has been firmly committed to addressing the needs of attorneys and has positioned itself as a leading provider of cost-effective and time-efficient continuing legal education courses. In addition to live seminars, NACLE provides full course credit via Website/Online, DVD, Audio CD and CD-ROM depending on the respective state.

ConComms CLE featured in National Academy Of Legal Education

Encryption for Lawyers at Civic Hall

Encryption for Lawyers (ConComms presentation)

Location: 156 5th ave, 2nd fl. Workshop Room, NY, NY

8:30am – 9:30am EST

February 8, 2016

In the wake of the Snowden revelations, many in the legal profession have grown concerned about the ramifications of surveillance and encryption. Law and discourse about the legality of encryption are rapidly evolving. But encryption and privacy also have day-to-day implications for attorney-client privilege. What do lawyers need to do in order to maintain client confidentiality?

Join Gus Andrews with guests Harlo Holmes from Freedom of the Press Foundation and Jonathan Stribling-Uss from Constitutional Communications for a brief breakfast presentation and discussion about best practices in digital privacy and law. Talk with other lawyers about their experiences using secure technology within their firms.

RSVP here
Key Words: Crypto Law

The NSA v. Lawyers

Lawyers, the NSA, and Mass Surveillance: Constitutional Communications at NYCLA

Recent Developments and Potential Risks that NO Lawyer Should Ignore: Part of an accredited Continuing Legal Education (CLE) class at the NYCLA bar with Constitutional Communications and others. A detailed presentation showing the ethical compromises and insecurity facing unencrypted attorney-client information. The full program can be accessed for the cost of a CLE at www.nycla.org.

 

Annual Report 2015

ConComms Annual Report 2015

We had an amazing year in 2015, we trained nearly 400 people in secure communication, legal ethics and mass surveillance, and I am excited that over 150 of those people have been attorneys and law students. We also provided training to 278 civil society leaders from 35 countries. We have found that a wide range of audiences – from lawyers who are a part of the NY County Lawyers Association (NYCLA) Bar Association, to attorneys who serve with the Movement for Black Lives, journalists and human rights activists from around the world – are invested in developing secure communications capacities. We also got some great media at the end of the year with NY Mag writing a piece about our trainings and a solid video of our presentation and debate at a accredited continuing legal education program at NYCLA.

Please find our 6pg annual report here:

Annual Report 2015