THE other day we alluded to Truecrypt in this post, not quite mentioning the holes in the argument that Truecrypt can be "audited" [1-3]. Unless everyone can view the code and compile it independently (or rely on others to do so independently), we must assume that Truecrypt is not secure and that it might contain back doors (either unidentified or deliberately planted). This whole Internet 'debate' about Truecrypt "audit" should remind us that Free software is vital for dodging surveillance.

The NSA has used corporations to facilitate snooping and it may not be alone [4]. This is happening at many levels [5-7] based on new leaks and revelations, so rather than look for evidence of insecurity (e.g. back door) we should pursue real assurance of security. You know what the spies like to tell us: if you have nothing to fear, you have nothing to hide, right? So come on, Truecrypt, share your source code. What have you got to hide? ⬆

1. Should Truecrypt be audited?

   Truecrypt is a cross-platform, free disk encryption software for Windows and Unix-like operating systems. It is generally considered a good disk encryption software, and not too long ago, I wrote a tutorial that showed how to encrypt the Windows installation of a Windows-Linux dual-boot setup (see Dual-boot Fedora 18 and Windows 7, with full disk encryption configured on both OSs).





2. New effort to fully audit TrueCrypt raises $16,000+ in a few short weeks





3. Can you trust 'NSA-proof' TrueCrypt? Cough up some dough and find out

   The source code for the Windows, Linux and Mac OS X utility is publicly available for people to inspect and verify, but this has not been enough to convince every cryptography guru that it's entirely secure.





4. After Snowden’s leaks, China’s Huawei calls for more transparency in the tech industry

   With all of the recent revelations about the US National Security Agency’s surveillance programs, it must be hard for the Chinese telecom equipment manufacturer Huawei not to gloat a little bit.
   
   After all, the leaks from former contractor Edward Snowden showed that the NSA enlisted US technology companies to enable its snooping on global telecommunications networks—which is exactly what US intelligence officials have accused Huawei of doing on behalf of the Chinese government.





5. Europe Moves to Shield Citizens’ Data

   Lawmakers here have introduced a measure in the European Parliament that could require American companies like Google and Yahoo to seek clearance from European officials before complying with United States warrants seeking private data.





6. Dutch Telcos Used Customer Metadata, Retained To Fight Terrorism, For Everyday Marketing Purposes

   
   
   One of the ironies of European outrage over the global surveillance conducted by the NSA and GCHQ is that in the EU, communications metadata must be kept by law anyway, although not many people there realize it.





7. NSA Harvesting Contact Lists

   A new Snowden document shows that the NSA is harvesting contact lists -- e-mail address books, IM buddy lists, etc. -- from Google, Yahoo, Microsoft, Facebook, and others.