Category Archives: Encryption
US Department of Justice reignites the Battle to Break Encryption – Naked Security
The US Department of Justice (DOJ), together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption.
Last weekend, the DOJ put out a press release co-signed by the governments of the UK, Australia, New Zealand, Canada, India and Japan, entitled International Statement: End-To-End Encryption and Public Safety.
You might not have seen the press release (it was put out on Sunday, an unusual day for news releases in the West), but you can almost certainly guess what it says.
Two things, mainly: think of the children, and something needs to be done.
If youre a regular reader of Naked Security, youll be familiar with the long-running tension that exists in many countries over the use of encryption.
Very often, one part of the public service the data protection regulator, for instance will be tasked with encouraging companies to adopt strong encryption in order to protect their customers, guard our privacy, and make life harder for cybercriminals.
Indeed, without strong encryption, technologies that we have come to rely upon, such as e-commerce and teleconferencing, would be unsafe and unusable.
Criminals would be trivially able to hijack financial transactions, for example, and hostile countries would be able to eavesdrop on our business and run off with our trade secrets at will.
Even worse, without a cryptographic property known as forward secrecy, determined adversaries can intercept your communications today, even if they arent crackable now, and realistically hope to crack them in the future.
Without forward secrecy, a later compromise of your master encryption key might grant the attackers instant retrospective access to their stash of scrambled documents, allowing them to rewind the clock and decrypt old communications at will.
So, modern encryption schemes dont just encrypt network traffic with your long-term encryption keys, but add in what are known as ephemeral keys into the mix one-time encryption secrets for each communication session that are discarded after use.
The theory is that if you didnt decrypt the communication at the time it was sent, you wont be able to go back and do so later on.
Unfortunately, forward secrecy still isnt as widely supported by websites, or as widely enforced, as you might expect. Many servers still accept connections that reuse long-term encryption keys, presumably because a significant minority of their visitors are using old browsers that dont support forward secrecy, or dont ask to use it.
Similarly, we increasingly rely upon what is known as end-to-end encryption, where data is encrypted for the sole use of its final recipient and is only ever passed along its journey in a fully scrambled and tamper-proof form.
Even if the message is created by a proprietary app that sends it through a specific providers cloud service, the company that operates the service doesnt get the decryption key for the message.
That means that the service provider cant decrypt the message as it passes through their servers, or if it is stored there for later not for their own reasons; not if theyre told to; and not even if you yourself beg them to recover it for you because youve lost the original copy.
Without end-to-end encryption, a determined adversary could eavesdrop on your messages by doing the digital equivalent of steaming them open along the way, copying the contents, and then resealing them in an identical-looking envelope before passing them along the line.
Theyd still be encrypted when they got to you, but you wouldnt be sure whether theyd been decrypted and re-encrypted along the way.
At the same time, another part of the government will be arguing that strong encryption plays into the hands of terrorists and criminals especially child abusers because, well, because strong encryption is too strong, and gets in the way even of reasonable, lawful, court-approved surveillance and evidence collection.
As a result, justice departments, law enforcement agencies and politicians often come out swinging, demanding that we switch to encryption systems that are weak enough that they can crack into the communications and the stored data of cybercriminals if they really need to.
After all, if crooks and terrorists can communicate and exchange data in a way that is essentially uncrackable, say law enforcers, how will we ever be able to get enough evidence to investigate criminals and convict them after something bad has taken place?
Even worse, we wont be able to collect enough proactive evidence intelligence, in the jargon to stop criminals while they are still at the conspiracy stage, and therefore crimes will become easier and easier to plan, and harder and harder to prevent.
These are, of course, reasonable concerns, and cant simply be dismissed out of hand.
As the DOJ press release puts it:
[T]here is increasing consensus across governments and international institutions that action must be taken: while encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online.
After all, in countries such as the UK and the US, the criminal justice system is largely based on an adversarial process that starts with the presumption of a defendants innocence, and convictions depend not merely on evidence that is credible and highly likely to be correct, but on being sure beyond reasonable doubt.
But how can you come up with the required level of proof if criminals can routinely and easily hide the evidence in plain sight, and laugh in the face of court warrants that allow that evidence to be seized and searched?
How can you ever establish that X said Y to Z, or that A planned to meet B at C, if every popular messaging system implements end-to-end encryption, so that service providers simply cannot intercept or decode any messages, even if a court warrant issued in a scrupulously fair way demands them to do so?
Impasse.
We cant weaken our current encryption systems if we want to stay ahead of cybercriminals and nation-state enemies; in fact, we need to keep strengthening and improving the encryption we have, because (as cryptographers like to say), attacks only ever get better.
But were also told that we need to weaken our encryption systems if we want to be able to detect and prevent the criminals and nation-state enemies in our midst.
The dilemma here should be obvious: if we weaken our encryption systems on purpose to make it easier and easier to catch someone, we simultaneously make it easier and easier for anyone to prey successfully on everyone.
O, what a tangled web we weave!
Theres an additional issue here caused by the fact that uncrackable end-to-end encryption is now freely available to anyone who cares to use it for example, in the form of globally available open source software. Therefore, compelling law-abiding citizens to use weakened encryption would make things even better for the crooks, who are not law-abiding citizens in the first place and are unlikely to comply with any weak crypto laws anyway.
Governments typically propose a range of systems to solve the strong encryption problem, such as:
The problem with all these solutions is that they can all be considered variations on the master key theme.
Endpoint interception only when its needed is just a specialised, once-in-a-while case of general message escrow; message escrow is just a specialised case of a master key; and a deliberate cryptographic flaw is just a complicated sort of master key wrapped up in the algorithm itself.
They all open up a glaring threat, namely, What happens when the Bad Guys uncover the secrets behind the message cracking system?
Simply put: how on earth do you keep the master key safe, and how do you decide who gets to use it anyway?
The DOJ seems to think that it can find a Holy Grail for lawful interception, or at least expects the private sector to come up with one:
We challenge the assertion that public safety cannot be protected without compromising privacy or cyber security. We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.
Wed love to think that this is possible, but in case you were wondering were sticking to what we call our #nobackdoors principles:
[At Sophos,] our ethos and development practices prohibit backdoors or any other means of compromising the strength of any of our products network, endpoint or cloud security for any purpose, and we vigorously oppose any law that would compel Sophos (or any other technology supplier) to intentionally weaken the security of its products.
Where you do stand in this perennial debate?
Have your say in the comments below. (If you omit your name, you will default to being Anonymous.)
Read more:
US Department of Justice reignites the Battle to Break Encryption - Naked Security
Five Eyes Call for Tech World to Weaken Encryption – ClearanceJobs – ClearanceJobs
This week, representatives of the Five Eyes intelligence alliance the U.S., UK, Canada, Australia and New Zealand along with the intelligence services of Japan and India issued a joint call for the tech world to provide lawful access into commercial encryption.
In a statement that was posted on the website of the United States Department of Justice, the intelligence services noted that an understanding that encryption continues to play a crucial role in protecting personal data, privacy, intellectual property, trade secrets, and cyber security. Encryption was also understood to provide a vital purpose in repressive states to protect journalists, human rights defenders, and other vulnerable individuals.
However, the intelligence services also noted, Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children.
The services urged industry to address the joint concerns where encryption is applied in a way that wholly precludes any legal access to content. Additionally, the statement called on technology companies to work with governments to take the necessary steps, which are focused on reasonable, technically feasible solutions to provide that lawful access.
This included:
*Embedding the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
*Enabling law enforcement access to content in a readable and usable format where an authorization is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
*Engaging in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.
This is not the first time the Five Eyes alliance have called upon the tech giants to address the issue of end-to-end encryption (E2EE) into their respective products. Similar calls were made in 2018 and 2019, as the intelligence services have argued that way that E2EE could be supported on many major tech platforms essentially prohibits law enforcement from investigating crime rings and other illicit activities.
The issue is whether enabling access to law enforcement could in turn create potential back doors that could be used by cyber criminals or even foreign actors.
Its impossible to create an encryption backdoor that only law enforcement can take advantage of, warned Paul Bischoff, privacy advocate with Comparitech, via an email to ClearanceJobs.
If backdoors are in place, criminals will move on to other end-to-end encrypted messaging apps, while legitimate users suffer security and privacy violations, Bischoff added. If our analysis of U.S. wiretapping orders is any indication, only a fraction of law enforcement requests to decrypt data will actually be incriminating or lead to convictions. Theres little consideration for innocent parties whose communications are intercepted by law enforcement, and 99% of interception requests are granted by courts.
An argument could be made that the intelligence community and even the U.S. Department of Justice (DoJ) would be interest in relaxed standards to make it easier for investigators to do their jobs. Of course if the digital thugs were to find it easier to access information that too would be the DoJs problem.
The only down side for DoJ would be if they must abide the same standards, and we dont hear anyone in the government begging for less security in DoJ systems, do we, explained Jim Purtilo, associate professor of computer science at the University of Maryland.
What the feds call for are more ways to access protected information, and this means criminals get more bites at the apple too, Purtilo told ClearancesJobs. The algorithms will be more complex, but not in a good way. Normally computational complexity makes it tough for an unauthorized agent to reverse encryption; more complexity means more protection. However, once we architect multiple ways to access information, the programs complexity will go up there is more a programmer must get right yet the computational complexity that protects goes down.
An alternate solution that has been suggested would be for the tech community to work to provide greater access to law enforcement or the IC. Of course that falls back on the often asked question Quis custodiet ipsos custodies or who watches the watchmen.
Giving keys to the DoJ just in case they might want your information also creates a single point of failure that would have grim consequences if breached, added Purtilo. Then everyones data are exposed. This might sound unlikely, but lets remember it was the fed (Office of Personnel Management) that a few years back exposed sensitive personal records of all people who ever applied for security clearances.
The Five Eyes Alliance, which was formed in 1946 among the five English-speaking nations as a way to share security information, has increasingly had to deal with the issue of cybersecurity in recent years. That included joining with 22 other nations to determine what constitutes fair or foul play in cyberspace. Last year, the Five Eye nations were amongst those who agreed to a broadly written agreement for all nations to follow international law even online.
An issue of cybersecurity also caused the largest riff among the alliance when the UK opted to move forward with a plan to have Chinese-based Huawei build out the nations 5G network. While the telecom company would have been blocked from the core parts of the system, the fact that it was involved at all caused a serious divide within the Five Eyes. However, in July Prime Minister Boris Johnson announced that the UK would follow its IC partners and ban Huawei from its 5G network and all components and equipment deployed and/or made by the Chinese firm would be removed from the UK by 2027.
See the original post here:
Five Eyes Call for Tech World to Weaken Encryption - ClearanceJobs - ClearanceJobs
Zoom Begins Rollout of End-To-End Encryption – My TechDecisions – TechDecisions
Zoom next week will begin rolling out its end-to-end encryption offering as a technical preview for 30 days as the company seeks feedback form its users, the company announced during its two-day virtual Zoomtopia event.
The enhanced encryption for both free and paid users comes after Zoom in May announced plans to build an end-to-end encryption (E2EE) model into the popular videoconferencing platform to increase meeting security. In a press release, the company says this initial roll out is the first of four phases in releasing the E2EE model.
Zoom earlier this year took 90 days to address security concerns with the platform after reports of meeting hijackers easily joining calls as usage skyrocketed in the early days of the COVID-19 lockdown. The company added on new security features like better meeting controls, stronger password protections, and enhanced encryption.
According to the company, its E2EE uses the same GCM encryption currently offered to Zoom users, but where those encryptions live has changed. Zooms cloud typically generates encryption keys and distributes them to meeting participants using Zoom apps as they join. With this new offering, the meetings host generates encryption keys and uses public key cryptography to distribute keys to the other meeting participants.
Read Next: Zoom Publishes Draft of Encryption Design
That turns Zooms servers into oblivious relays that never see the encryption keys required to decrypt meeting content, according to the company.
All participants must have the setting enabled to join a call that is end-to-end encrypted. Hosts can enable the setting at the account, group and user level, and can be locked at the account or group level, according to the company.
In the first phase, all participants must join from the Zoom desktop client, mobile app or Zoom Rooms.
End-to-end encryption is another stride toward making Zoom the most secure communications platform in the world, said Zoom CEO Eric S. Yuan in a statement. This phase of our E2EE offering provides the same security as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the worlds largest enterprises.
At least in this version, enabling E2EE will disable some features, like joining before the host, cloud recording, streaming, live transcription, breakout rooms, polling, 1:1 private chat and meeting reactions.
The company is planning to roll out better identity management and E2EE SSO integration as part of the second phase, which is tentatively scheduled for 2021.
View original post here:
Zoom Begins Rollout of End-To-End Encryption - My TechDecisions - TechDecisions
Could homomorphic encryption be the solution to big data’s problem? – Siliconrepublic.com
Helical founder Eric Hess discusses how homomorphic encryption could change the way data is transferred and processed securely.
While advances in data analytics have enabled businesses to gain expanded insight into large structured and unstructured datasets, these advances have come with increased privacy and misappropriation risks.
Exercising greater control over the life cycle of data and confidentiality agreements has mitigated these risks but outsourcing of sensitive or regulated components of data processing to third parties is still widely viewed as fraught with risk.
If all sensitive data or data processes and algorithms could be shared with or processed by any third party (including competitors) subject to the providers controls, however, it would open up unimagined avenues of enterprise collaboration, specialisation and integration.
Homomorphic encryption solves for this significant gap and, while commercial viability is still a challenge, compelling use cases are emerging. In the coming years, any organisation endeavouring to become a centre of excellence in big data analytics will have no choice but to embrace homomorphic encryption.
Encryption is a digital safe where information is secured while locked inside. Plaintext data is converted to ciphertext using an algorithm that is sufficiently complicated to make the data unreadable without a decryption key. It can be stored and transmitted in this format and recipients can decrypt it, provided they have the key. Once encrypted data is needed for analysis, compliance or any other use case, it must be converted back to plaintext, which can sacrifice security.
Homomorphic encryption addresses this core weakness by allowing analysis on data in its ciphertext form. Craig Gentry, an early homomorphic encryption innovator, described the process as manipulating the contents of a locked box through gloves that are accessed through ports on the outside of the box.
One party places and locks contents in the box for a third party to manipulate without seeing what they are working on. The box is returned to the controller when the processor has completed the assigned task and custody is never surrendered.
Gentrys dissertation made homomorphic encryption attainable with one major barrier: computational overhead. Processing ciphertext creates a lot of overhead as the calculations are performed bit by bit. IBM has improved processing overhead, claiming it now runs 75 times faster than before, and a wide range of alternative schemes have further improved processing speeds.
Spurred by the collaborative models being deployed in connection with potential Covid-19 vaccines and treatments, homomorphic encryption will likely experience the highest relative rates of adoption and innovation in clinical research.
Homomorphic encryption can provide a mechanism for the life sciences industry to continue protecting intellectual property while leveraging the collaborative benefits from Covid-19 in other medical research.
Use cases will also be compelling for financial services, where data analytics defines the success or failure of algorithms and is becoming increasingly important as relative high-frequency trading advantages become more elusive. National security and critical infrastructure also provide early compelling use cases.
Encrypted processing will create new opportunities, applications and even industries
New opportunities will be created for data controllers (those with custody of data) to engage with data processors, as well as collaborative opportunities where the parties are both controllers and processors of data. Collaborative opportunities not only offer the benefits of specialisation but the promise of data collectives as well, where members will be able to define terms of use and disclosed outputs among its members.
Data collectives are not a new concept to securities markets. For example, in 2005 the US Securities and Exchange Commission mandated regulated security markets to act jointly to disseminate consolidated information on quotations and transactions in securities markets.
Now, homomorphic encryption could empower competitive financial firms to not only provide alternatives to these sources, but innovate collectively to create their own proprietary market data products.
For all the promise of machine learning, the process of training and tuning machine learning applications requires big datasets.
Industry collectives could aggregate encrypted data and assign processes to collective members or vendors. Not only would this permit greater specialisation, but the collective dataset would accelerate machine learning in a way that additional computing power or PhDs cannot.
A recent IBM case study leveraging machine learning on a homomorphically encrypted database sought to predict whether bank customers would likely need a loan in the near future. A machine learning algorithm selected the most relevant variables for predicting loan status. The algorithm was trained on both encrypted and unencrypted data to measure accuracy and efficiency. The result was a near identical rate of accuracy and a manageable level of slowdown a persuasive positive indicator for the arrival of homomorphic encryptions commercial viability.
Homomorphic encryption will also accelerate the movement of big data analytics to cloud environments. Organisations leveraging big data have been reticent about cloud security since downloading big datasets from the cloud for processing can be impractical.
On the other hand, performing data processing for their most sensitive data in the cloud also requires storing the data encryption key in the cloud, making an organisations security only as strong as the cloud environment. With homomorphic encryption, processing can occur in ciphertext form in the cloud with encryption keys stored offline.
Many initiatives endeavouring to harness the power of big data have struggled with resource limitations, current technologies and regulations. Take, for example, financial regulators who struggle with the burdens of monitoring financial audit trails across multiple markets, asset types and participants.
Aggregating and disseminating this data to regulators is critical for surveillance, but creates a treasure trove of highly sensitive, unencrypted data while it is processed, and this occurs across multiple regulators.
This big data problem and the risk that this information will be used to engage in manipulative trading or even destabilise financial markets will only continue to grow unless encryption is deployed throughout the datas life cycle. In fact, regulators only require audit trails related to red flags that their surveillance algorithms identify, which can all be done in a fully encrypted format.
The competing concerns of privacy regulation and the value of data analytics is also an issue that the healthcare industry has struggled with.
Fragmentation of health information is compounded by privacy concerns, which are a significant roadblock to data sharing and has prevented the integration of health data that could facilitate better health outcomes.The utility of digital health information systems could be greatly enhanced by the deployment of homomorphic encryption.
Encrypted processing will create new opportunities, applications and even industries by greatly minimising intellectual property and regulatory concerns. It may even turn competitors into collaborators.
Homomorphic encryption will also force a re-examination of baseline assumptions related to confidentiality and security.How will restrictions on disclosure apply to encrypted processing by third parties? What are appropriate access controls where the entire life cycle of data is encrypted?What is reasonable security for processors of such data?
Privacy regulation will need to be re-examined in light of personal information being mined in an encrypted format. If an organisation is prohibited from sharing or selling data, what are the legal implications of their sharing and processing encrypted data that is never exposed?
Lastly and importantly, how will we know that the technologies we are deploying to accomplish not only homomorphic encryption but homomorphically encrypted processes are complying with the applicable laws, standards and obligations? Solutions will need to be auditable by design.
Homomorphic encryption is about more than big data. It is about solving for trust with tools that have never been available before and for which no similar workaround existed.
By Eric Hess
Eric Hess is the founder ofHess Legal Counsel and Helical. Hess Legal advises securities and digital asset firms on contract, security and privacy, governance, technology licensing and financing issues. Helical offers a cybersecurity-as-a-service platform.
Read more:
Could homomorphic encryption be the solution to big data's problem? - Siliconrepublic.com
U.S., UK and other countries warn tech firms that encryption creates ‘severe risks’ to public safety – CNBC
David Goddard | Getty Images News | Getty Images
LONDON Lawmakers from countries within the Five Eyes intelligence-sharing alliance have warned tech firms that unbreakable encryption technology "creates severe risks to public safety."
Ministers from the U.S., U.K., Canada, Australia and New Zealand published a statement Sunday calling on the tech industry to develop a solution that enabled law enforcement to access tightly encrypted messages.
"We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content," the statement, which was signed by U.S. Attorney General William Barr and U.K. Home Secretary Priti Patel, said.
The statement, published on the website of the U.S. Department of Justice, was also signed by India and Japan, which are not part of the Five Eyes alliance.
Technology companies like Apple and Facebook encrypt user's communications "end-to-end," meaning that only users can access their own messages. It applies to written messages, as well as audio and video communications.
While citizens benefit from additional privacy, law enforcement agencies see end-to-end encryption as a barrier to their investigations and have been calling on tech companies to introduce backdoors that would give law enforcement agencies access.
"We call on technology companies to work with governments on reasonable, technically feasible solutions," the governments said.
They added that end-to-end encryption poses a "significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children."
Although the nations did concede that some forms of encryption "play a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security."
Ultimately, they said they wanted to develop a solution with the tech firms that enabled users to continue communicating privately and securely, but also allow law enforcement and tech firms to monitor criminal activity.
Last year, a group of companies including Apple, Microsoft and WhatsApp opposed a proposal by British spy agency GCHQ that would enable spooks to access people's encrypted messages.
Under the proposal, GCHQ suggested adding "ghost" recipients to suspicious message threads that the sender and the receiver would be oblivious to.
In an open letter published last May, tech firms and privacy groups said such a feature would "threaten fundamental human rights."
Is Signal secure? How the messaging app protects privacy – Business Insider – Business Insider
You might know that Signal is a popular messaging app that bills itself as being very secure, offering end-to-end encryption for a very high level of privacy.
It's not necessarily obvious, though, what all that means, and how Signal's technology affords any more protection than other messaging apps.
Signal offers end-to-end encryption, which essentially means that your messages are scrambled into an unintelligible collection of characters before leaving your device and are not decrypted back into meaningful content until reaching the Signal app on the recipient's device.
The Signal app boasts more privacy than its competitors. Signal
These encrypted messages can only be unlocked using a key that is shared between the two private conversations. No one else has access to the key or can decrypt the message not even the developers of the Signal app.
Because there is no "back door" to decrypting Signal messages, Signal can't decrypt messages for the government, for example, even under subpoena not because of policy, but because it's not technically possible.
Signal's encryption algorithm isn't proprietary or even unique. The encryption software used by Signal is open-source (and used by other messaging apps, including WhatsApp) and available for download on GitHub. This actually allows Signal to be more secure, because the open-source software is subject to public scrutiny by developers and security experts. It exposes bugs, flaws, and vulnerabilities sooner than if the software were closed and proprietary.
While the encryption software in Signal might not be unique, the app still has privacy advantages over other messaging apps. Signal records no data about its users or the conversations taking place within the app.
This is in contrast to other apps, like Apple iMessage and WhatsApp, to name two examples, which often store significant amounts of metadata, such as who you spoke to and detailed time logs of when those conversations occurred.
In a recent blog post, Signal creator Matthew Rosenfeld (known online as Moxie Marlinspike) explains that the Federal government used a subpoena in 2016 to access Signal's user data.
But as Rosenfeld writes, "there wasn't (and still isn't) really anything to obtain. The only Signal user data we have, and the only data the US government obtained as a result, was the date of account creation and the date of last use not user messages, groups, contacts, profile information, or anything else."
Continued here:
Is Signal secure? How the messaging app protects privacy - Business Insider - Business Insider
AeroVironment and Viasat to aim to improve radio encryption for Puma AE – Flightglobal
Up against increasingly sophisticated electronic warfare threats from countries such as Russia and China, drone maker AeroVironment and satellite communications company Viasat are partnering to develop better encrypted radio communications for the Puma AE reconnaissance unmanned air vehicle (UAV).
The two companies are working together under a contract granted through the US Army Reconfigurable Communications for Small Unmanned Systems initiative, AeroVironment said on 15 October. Viasat is the prime contractor for the award.
The two companies will seek to strengthen the communications and transmission security of AeroVironments Digital Data Link radios currently used by the US Army by converting them into a Type 1 crypto communication system for video and data transmission, says AeroVironment.
AeroVironments Digital Data Link is a small, manportable digital radio that controls the companys hand-launched tactical UAVs. A Type 1 crypto communication system is equipment classified or certified by the National Security Agency for encrypting and decrypting classified and sensitive national security information.
The US Army, which is one of the main operators of AeroVironments tactical drones, is pushing to network its various UAVs, aircraft, vehicles and soldiers so that battlefield information can be quickly shared. However, existing tactical communications systems have already been shown to be vulnerable to electronic warfare, including jamming and spoofing. Transmissions have also been used in conflict zones, for example in eastern Ukraine, to geolocate targets for attacks.
The Puma AE is a small fixed-wing UAV used for short-range intelligence, surveillance and reconnaissance. Depending on the ground antennae used, the drone can fly out to 32.3nm (60km) and can carry electro-optical and infrared cameras within a gimbal.
Read the original here:
AeroVironment and Viasat to aim to improve radio encryption for Puma AE - Flightglobal
Encryption Backdoor? The Trump Administration Wants It. – The National Interest
Theres been a battle going on for the last several years, across multiple presidential administrations, between the government and the big tech companies, about encryption.
To simplify a complex issue, several major tech companies, including Apple with the iPhone, offer end-to-end encryption, which gives only users the ability to access their own devices.
Various law enforcement entities have made it clear over the years that they would like to have a way around such encryptionknown as a back doorwhen it comes to conducting investigations into crime, as well as terrorism. Apple, and other tech companies, have long resisted such efforts.
Most notably, that company and the government had a standoff in 2015, over government efforts to unlock an iPhone belonging to one of the San Bernadino shooters, a fight that was repeated earlier this year in the case of a phone belonging to the Pensacola shooter. However, the FBI was eventually able to unlock both the San Bernadino and Pensacolas phones, with the help of third parties, and law enforcement and prosecutors are often able to access the iCloud data of criminal targets, with use of subpoenas, something that users agree to when they sign up for iClouds terms of service.
Now, the Justice Department has teamed up with its counterparts in several other countriesknown as the Five Eyes to author a letter with concerns about end-to-end encryption, and offering a potential solution.
The letter, described as an international statement, was authored by U.S. Attorney General William Barr, British Home Secretary Priti Patel, Australian Minister for Home Affairs Peter Dutton, New Zealand Minister of Justice Andrew Little and Canadian Minister of Public Safety Bill Blair. Also signed to the letter are India and Japan, with no particular individual listed.
The statement says that the undersigned support strong encryption, but that they are concerned that particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children.
The letter recommends that technology companies work with governments to take certain steps: Embed the safety of the public in system designs, enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight, and engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.
Apple and other tech companies have consistently opposed such efforts, but they have not responded to the most recent statement.
In the event that a new administration takes power in January, its unclear whether a Biden Administration would take a different posture than that taken by the Trump Department of Justice. Biden has not addressed the issue during the campaign, although he was vice president during the San Bernadino affair, and Wired reported eight years ago that Biden, as a senator in 1991, added language to an anti-terrorism bill that would have required providers of electronic communications services and manufactures of electronic communications services shall ensure that communications systems permit the government to obtain theplaintext contentsof voice, data, and other communications when appropriately authorized by law.
Stephen Silver, a technology writer for The National Interest, is a journalist, essayist and film critic, who is also a contributor to Philly Voice, Philadelphia Weekly, the Jewish Telegraphic Agency, Living Life Fearless, Backstage magazine, BroadStreet Review and Splice Today. The co-founder of the Philadelphia Film Critics Circle, Stephen lives in suburban Philadelphia with his wife and two sons.Follow him on Twitter at @StephenSilver.
Image: Reuters
Here is the original post:
Encryption Backdoor? The Trump Administration Wants It. - The National Interest
How to use private conversations on Skype to send encrypted calls and messages – Business Insider India
If you use the Skype mobile app or desktop app, you can have private text conversations and voice calls. Private conversations have full end-to-end encryption, so they're more secure than standard messages.
Because they are designed to be secure, private conversations aren't copied or shared between devices in the same account, so you can't continue a private conversation on a different device.
3. In the pop-up window, choose the contact you want to chat with.
Advertisement
1. Open the Skype app and tap the New Chat icon (it's shaped like a pencil).
4. If this is the first time you're having a private conversation with this person, an invitation will be sent automatically, and the conversation will start after the invite is accepted. If you've already had a private conversation with this person on this phone, you can start messaging right away.
1. Start or continue a private text conversation.
3. In the pop-up window, choose "Private call."
1. Open the private conversation on your phone or computer.
Original post:
How to use private conversations on Skype to send encrypted calls and messages - Business Insider India
AES Encryption Software Industry Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top…
Global AES Encryption Software Industry Industry Research Report Provides Detailed Insight Covering all Important Parameters Including Development Trends, Challenges, Opportunities, Key Insights and Competitive Analysis of AES Encryption Software Industry Market.
With industry-standard accuracy in analysis and high data integrity, the report makes a brilliant attempt to unveil key opportunities available in the global AES Encryption Software Industry market to help players in achieving a strong market position. Buyers of the report can access verified and reliable market forecasts, including those for the overall size of the global AES Encryption Software Industry market in terms of both revenue and volume.
Get Exclusive Sample Report on AES Encryption Software Industry Market is available at https://inforgrowth.com/sample-request/5973165/aes-encryption-software-industry-market
Impact of COVID-19: AES Encryption Software Industry Market report analyses the impact of Coronavirus (COVID-19) on the AES Encryption Software Industry industry. Since the COVID-19 virus outbreak in December 2019, the disease has spread to almost 180+ countries around the globe with the World Health Organization declaring it a public health emergency. The global impacts of the coronavirus disease 2019 (COVID-19) are already starting to be felt, and will significantly affect the AES Encryption Software Industry market in 2020
COVID-19 can affect the global economy in 3 main ways: by directly affecting production and demand, by creating supply chain and market disturbance, and by its financial impact on firms and financial markets.
Get the Sample ToC to understand the CORONA Virus/COVID19 impact and be smart in redefining business strategies. https://inforgrowth.com/CovidImpact-Request/5973165/aes-encryption-software-industry-market
Top 10 leading companies in the global AES Encryption Software Industry market are analyzed in the report along with their business overview, operations, financial analysis, SWOT profile and AES Encryption Software Industry products and services
Market Segmentation:
Top Players Listed in the AES Encryption Software Industry Market Report are
Based on type, The report split into
Based on the end users/applications, this report focuses on the status and outlook for major applications/end users, consumption (sales), market share and growth rate for each application, including
Get Special Discount Up To 50%, https://inforgrowth.com/discount/5973165/aes-encryption-software-industry-market
The study objectives of this report are:
FOR ALL YOUR RESEARCH NEEDS, REACH OUT TO US AT:Address: 6400 Village Pkwy suite # 104, Dublin, CA 94568, USAContact Name: Rohan S.Email:[emailprotected]Phone: +1-909-329-2808UK: +44 (203) 743 1898
Continue reading here:
AES Encryption Software Industry Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top...