Podcast: What You Are Getting Wrong About ISIS

Northeastern University professor and terrorism theorist Max Abrahms excels at poking holes in the conventional wisdom and he joins me again in episode 26 to do exactly that. I initially asked Max to discuss his recent piece in Harvard Business Review Why People Keep Saying, “That’s What the Terrorists Want” but we expanded the discussion to explore commonly accepted ideas about ISIS – their supposed strategic and tactical brilliance, the viability of their so-called caliphate, and the notion that legitimate governments somehow don’t have the tools to address the problem that ISIS represents.

You can follow Max on Twitter @MaxAbrahms and read his work at https://neu.academia.edu/MaxAbrahms. I also recommend reading “The Political Effectiveness of Terrorism Revisited” for a more comprehensive breakdown of Max’s research and arguments on this subject.

Tweet about this on TwitterShare on FacebookShare on TumblrShare on RedditShare on LinkedInDigg thisPrint this pageEmail this to someone

Podcast: Discussing Espionage with Former Double Agent Naveed Jamali

In episode 25 of the Covert Contact podcast I’m talking to Naveed Jamali, former double agent, and co-author of How to Catch a Russian Spy: The True Story of an American Civilian Turned Double Agent.

Naveed seemed like an unlikely candidate for this sort of intrigue but Russian intelligence used his parent’s company to order U.S. government publications. The FBI, of course, wanted to know what the Russians were reading. He could have remained a low-level informant, notifying the FBI of the Russian’s reading habits and interests as his parents had, but Naveed wanted to take it further. He had access, some natural talent, and a lot interest in playing the game.

Our conversation focuses on Naveed’s unusual position and what it’s like to navigate this very confusing territory as a complete amateur.

If you like what you’re hearing on Covert Contact, subscribe, and please let me, and others, know. Your reviews and ratings help!

Related Links
Follow Naveed on Twitter @CatchaRUSSpy

Tweet about this on TwitterShare on FacebookShare on TumblrShare on RedditShare on LinkedInDigg thisPrint this pageEmail this to someone

The Damascus Cover and the Psychology of Spies with Howard Kaplan

The Damascus CoverHoward Kaplan wrote his debut espionage novel, The Damascus Cover, nearly forty years ago. He joins me to discuss the book, the recently completed the film adaptation staring Jonathan Rhys Meyers and Sir John Hurt, his own experience serving as a courier for Israeli intelligence in the Soviet Union (where he was eventually detained for a short time), and the psychology of human intelligence.

Spies make for dramatic characters in books and in film but real intelligence professionals have to pay a price for that drama. It is a life that can take a toll on even the most committed practitioners. Kaplan leverages his limited (but no less dramatic) brush with the profession to explore that tension in his work. We look at these aspects of the business, not only in his own work, but also through examples such as the classic le Carré character Alec Leamus and the life of the Israeli hero Eli Cohen.

You can follow @kaplanhow on Twitter

Covert Contact
Subscribe to Covert Contact
Follow @CovertContact Twitter
Check out the Covert Contact blog

Tweet about this on TwitterShare on FacebookShare on TumblrShare on RedditShare on LinkedInDigg thisPrint this pageEmail this to someone

Matthias Pfau: Tutanota and the Battle Against Mass Surviellance

Mattihias PfauMatthias Pfau is co-founder and developer of the encrypted email service Tutanota. Tutanota is part of what can be considered a post-Snowden development movement that aims to short-circuit government mass surveillance capabilities. I spoke to Matthias to discuss his project and where he believes that the battle between privacy advocates and governments is heading. 

John Little: So how is Tutanota doing? How is it being received? Do you think the project will be sustainable from a financial standpoint?

Matthias Pfau: Very good. We are experiencing massively increasing sign-up rates with thousands of new users coming in daily. I think people value most that their entire mailbox is encrypted and that we truly have no access. We plan to build upon this by adding features like an encrypted calendar and other groupware functions in the future. We have a lot on our list, and we would like to develop much faster, but we keep our budget tight. The upside: Tutanota already is sustainable: We’ve released our first Premium features with custom domain support three months ago. Many of our existing users switched to Premium immediately so that Tutanota: we have reached break-even.

What excites us the most is that many of our users simply upgrade because they WANT to pay for a secure service that respects their privacy without really needing the offered Premium features. That proves that people are realizing how harmful it is that companies and other third parties spy on their data. We believe that this is the start of a trend and that more and more people will make the switch away from the Googles of the world soon.

John Little: A number of other encrypted email services have been rushed into service recently. ProtonMail is a good example. How does Tutanota plan to differentiate itself in this emerging market? And will the market still exit if the massive players like Google move to more secure models?

Matthias Pfau: We believe that there are not too many encrypted services, but too few. The more services there are, the more people discuss these option and become aware of the fact that it has become very, very easy to keep their data private. What we can say about Tutanota is this: We encrypt the entire email – subject, body, attachments automatically. We encrypt all your data stored in Tutanota, even your contacts. We have build a scalable encryption solution that we can easily transfer to future additions like an encrypted calendar or encrypted cloud storage. It took us about three years to lay a solid foundation (server structure, encryption method, flexibility to change encryption algorithms when needed) for Tutanota so that we are well prepared for the future. We also have an up-time higher than 99.99 percent so that Tutanota is always available.

Plus Tutanota is a true open source project. You can GitHub: build and run Tutanota locally if you want to be more independent from us.

We don’t think that Google is a threat to Tutanota. Their business model relies on the fact that they can search their user’s data and post targeted ads. The security options Google implements will continue be add-ons only. In contrast to that, encryption is the default in Tutanota.

John Little: One challenge users face at the moment is fragmentation. We can send encrypted communications to other users on the same platform but not between platforms in many cases. Is this something that Tutanota is working on? Are you actively discussing this with other companies and developers?

Matthias Pfau: You are completely right, this is definitely an issue we need to tackle. We would like to make Tutanota interoperable with other services. We’ve been in contact with Openmailbox and know that they are open to the idea. However, we want to focus on developing more features for our users first. In addition, people on Tutanota can send end-to-end encrypted emails to anybody when they exchange a password. And many of our users do this as we can see from the encryption rate: To date already 37% of emails sent from Tutanota are end-to-end encrypted. This is a great success as it makes mass surveillance very, very hard, if not impossible.

John Little: The hacker community is diverse but Edward Snowden’s revelations seemed to have an impact on a significant percentage of the hackers I know. The reaction was an almost universal shift away from cooperation or sympathy with governments in places where there had been some success in getting the two camps to better understand each other. What’s your sense of where the community stands now?

Matthias Pfau: We are not in direct contact with the community so we can’t really say. What we see in Politics, however, is that politicians tend to act against the common opinion of IT security experts when it comes to the internet. One of the best examples is data retention: Even many IT experts and criminal investigators state that data retention does not help to prevent terrorist attacks. Nevertheless, politicians around the world resort to this method to prove to their voters that they do everything they can to increase security. In fact, this is just a big show that every tech-savvy person sees through, thus, they feel appalled by politicians and their actions against their citizen’s rights.

John Little: Let me clarify a bit because I did not intend to imply maliciousness with the term “hacker.” Stepping back away from this specific battle alone (although it is obviously the most extreme point of tension) how do you think governments who absolutely need the skills of developers, cryptographers, and security experts restore some of the goodwill that has been lost over privacy issues?

Matthias Pfau: We did not understand your questions to imply maliciousness. Governments in many cases seem not to understand how to make the Internet more secure, but rather rely on mass surveillance tactics. In my opinion they can only restore the goodwill of the community – not just hackers, but all privacy-advocates – if they get proper consultation from Internet activists such as the EFF or in Germany netzpolitik.org. As long as they tend to work against these groups instead of listening to their advice, the prospects for Internet laws are very bad.

John Little: We’ve seen fundamental changes in the public’s understanding of security in the past few years but there is still a long way to go. Do you think that we are moving towards ubiquitous encryption? Five or ten years from now will we see platforms or apps succeeding without it?

Matthias Pfau: At least that is what we are trying to achieve! We, as tech companies, have to make encryption so easy and running so smoothly in the background that the consumer has no reason anymore to use non-encrypted services. Given the extent of surveillance done by Secret Services and marketing companies around the world, this our only chance. Without self-protection, all our secrets including health issues, family problems, drinking habits and so on will become publicly accessible soon. This is not the kind of world I dream of for my children.

John Little: States have immense capabilities and they have directed significant resources at intercepting encrypted communications. It’s what intelligence agencies do – and always have done. How do you see this battle playing out from a technical perspective? Could consumer level encryption eventually leave even the most sophisticated agencies in the dark? Could large governments essentially render consumer encryption models irrelevant (as some would argue that they have done already)? Or does the situation continue to remain murky as advantages shift slightly back and forth?

Matthias Pfau: The more people use encryption, the harder it gets for governments to monitor the Internet. This also makes mass surveillance as it is currently done impossible. Governments can still try to monitor individuals with targeted attacks. We have to be honest here: Encryption does not protect someone when he is committing crimes. But that’s not the point. The point is that illegal surveillance of everybody’s data becomes impossible and that is well-achievable with encryption technologies such as Tutanota.

John Little: Do you get the sense that governments are starting to come around to the idea that strong consumer encryption, encryption free of backdoors or other weaknesses, is an inevitable necessity? Do you get the sense that you’re winning?

Matthias Pfau: That’s hard to tell. Of course we would wish for such a move, but politics is hard to predict. We do, however, see that governments themselves increasingly understand that they need strong encryption that is easy to use. The more politicians understand that encryption is to their own benefit, the more likely it gets that they will also consider it to be valuable for all their citizens. So, let us say, we are hopeful!

Tweet about this on TwitterShare on FacebookShare on TumblrShare on RedditShare on LinkedInDigg thisPrint this pageEmail this to someone