Silent Circle: NIST encryption standards untrustworthy

The National Security Agency's apparent attempts to weaken encryption technology has led a private-communication startup to move away from encryption algorithms from the US government's National Institute of Standards and Technology.

Silent Circle co-founder Jon Callas called NIST encryption experts "victims of the NSA's perfidy" in a blog post Monday and said the company will move away from using encryption standards that NIST helped create. The standards will still be available, but not by default, he said.

"At Silent Circle, we've been deciding what to do about the whole grand issue of whether … Read more

How NSA snooping secures profits for famed privacy pro (Q&A)

In a double dose of irony, the National Security Agency's prying has given a big helping hand to Phil Zimmermann's business, Silent Circle.

The first irony is that Zimmermann was the very person the US federal government fought with in the 1990s over the release of the software called PGP, short for Pretty Good Privacy, which made encryption much easier to use. The second irony is that he's now president and co-founder of Silent Circle, a company that seeks to profit from making it harder for the NSA or anybody else to find out what people are … Read more

GPGTools offers quick encryption options for OS X Mail

If you regularly send confidential information via e-mail and wish to make it as secure as possible, one option for OS X users is GPGTools, which provides encryption and decryption services for any of your e-mail accounts.

GPGTools is a free and open-source encryption project for OS X, based on OpenPGP, which gives OS X users quick access to options for signing and encrypting e-mail messages, as well as offering file-level services for encrypting documents and folders. The project has been around since 2011, but was recently updated to version 2, and supports a number of new features. The suite … Read more

5 ways to avoid pulling a Petraeus

The extramarital affair scandal engulfing former CIA director David Petraeus has brought massive public attention to the convoluted U.S. laws governing e-mail privacy. We've got some quick tips for keeping your electronic communiques private.

Before getting into the more technical side of things, there are some simple behavioral changes you can make.

Always log out of your e-mail when you're done using it. This goes for any online service, including social networking sites. Logging out prevents a cached password from keeping you signed in even after the browser has been restarted.

Never use your preferred personal e-mail … Read more

Phil Zimmermann's post-PGP project: privacy for a price

He rocketed to privacy stardom over two decades ago with the release of PGP, the first widely available program that made it easy to encrypt e-mail. Now Phil Zimmermann wants to do the same thing for phone calls.

Zimmermann's new company, Silent Circle, plans to release a beta version of an iPhone and Android app in late July that encrypts phone calls and other communications. A final version is scheduled to follow in late September.

This time around, Zimmermann is facing not the possibility of prison time on charges of violating encryption export laws, but a more traditional challenge: … Read more

PGP Desktop disks not mounting after OS X 10.7.4 update

Some users of Symantec's PGP Desktop encryption software are finding that after installing OS X 10.7.4, the program does not appear to respond properly and encrypted disks can no longer be accessed. When attempting to mount the drives, nothing happens, and the program states in its logs that the disks are already mounted.

If you experience this problem, then you may find an entry similar to the following in the PGP Desktop log files:

... 2012-05-12 9:52:38: Setting up PGP Virtual Disks 2012-05-12 9:52:38: Setting up PGP Whole Disks 2012-05-12 9:52:39: Setting … Read more

Judge: Americans can be forced to decrypt their laptops

American citizens can be ordered to decrypt their PGP-scrambled hard drives for police to peruse for incriminating files, a federal judge in Colorado ruled today in what could become a precedent-setting case.

Judge Robert Blackburn ordered a Peyton, Colo., woman to decrypt the hard drive of a Toshiba laptop computer no later than February 21--or face the consequences including contempt of court.

Blackburn, a George W. Bush appointee, ruled that the Fifth Amendment posed no barrier to his decryption order. The Fifth Amendment says that nobody may be "compelled in any criminal case to be a witness against himself,&… Read more

Symantec buys crypto firms PGP and GuardianEdge

Symantec has announced it will buy encryption vendors PGP and GuardianEdge Technologies to boost its lineup.

The security company plans to integrate encryption products from PGP and GuardianEdge into its data loss prevention suite and endpoint protection products, it said in its acquisition announcement on Thursday.

"The two acquisitions will give us a market-leading position in the $1.4 billion per year encryption business," Symantec enterprise security group vice president Francis deSouza told ZDNet UK on Thursday. "At Symantec, we're focused on making data protection easier to manage, and these acquisitions represent a big step forward.&… Read more

Want really secure Gmail? Try GPG encryption

Perhaps Google's announcement that Chinese cyber attackers went after human rights activists' Gmail accounts has made you skittish about just how private your own messages are on the Google e-mail service.

Well, if you want to take a significant step in keeping prying eyes away from your electronic correspondence, one good encryption technology that predates Google altogether is worth looking at. It's called public key encryption, and I'm sharing some instructions on how to get it working if you want try it.

Unfortunately, better security typically goes hand in hand with increased inconvenience. But some human rights … Read more

Encrypt your e-mail with Enigmail

An extension for Thunderbird and SeaMonkey, Enigmail is a must-use for anybody who's concerned about sending e-mail that can be read by anybody, including your Internet Service Provider. It's not intended to encrypt all of your mail, although you can certainly do that. Rather, it's best used for ensuring that even remotely sensitive e-mails don't get read by the wrong person.

It uses the OpenPGP standard to digitally sign your e-mail, and can be configured to accommodate multiple e-mail accounts. One hang up is that it's impossible with the current version to permanently decrypt e-mails, … Read more