U.S. officials have been insisting to tech platforms that overly strong encryption is a threat to public safety and that "back doors" must be provided for law enforcement to bypass security, all in the name of fighting crime.

Meanwhile, U.S. officials have also been claiming that China-based tech company Huawei can use secret security bypasses that are intended for law enforcement use only in order to access data that could be used by the Chinese government for surveillance purposes.

In summation: The same U.S. government that wants tech companies and telecoms to create secret software doors that would allow it to snoop on our private communications and data is also worried that other governments will be able to use those same back doors to do the same thing. This is what tech privacy experts have been warning U.S. officials (and U.K. officials and Australian officials) all along: Any back door that allows law enforcement to circumvent user privacy protections will ultimately be used by people with bad intentions.

The context here is a Wall Street Journal report that reveals U.S. officials have been quietly telling allies that Huawei can secretly access data from its phone networks through taps that the company built into the hardware it sells to cellphone carriers. Laws mandate that Huawei (and other telecom companies) install these "interception interfaces" into their equipment, but only authorized law enforcement officials are supposed to have access. Even Huawei itself is not supposed to be able to gain access without the permission of the phone carriers. But U.S. officials are insistent that Huawei has maintained secret access to these taps since at least 2009.

Huawei says these claims are not true and that these hardware taps can only be accessed by "certified personnel of the network operators." The company also insists it is not surveilling data and passing it along to the Chinese government.

The story leans heavily on U.S. claims from secret intelligence that has recently been declassified, but it's not exactly proof of the claims.

On a surface level, this is about the global tech market and the competition between China and the United States. But dig deeper and you can see the relevance to our encryption fight.

The FBI and Department of Justice insist that tech companies need to be adding similar, virtual back doors in our communication tools, phones, and apps in the name of fighting crime and terrorism. People like FBI Director Christopher Wray and Attorney General William Barr are willing to discuss encryption back doors only in terms of how it helps the U.S. government. But this Wall Street Journal report makes it clear that the U.S. government is abundantly aware that any access point (real or virtual) to look at private data is a point of vulnerability.

If this intelligence is true, it means that any government-mandated encryption bypass is potentially abusable and the U.S. should not be demanding tech companies make them, lest the Chinese government (or Saudi government, or Russian government, or United Arab Emirates, or identity thieves with hacking skills) get their hands on whatever mechanism created for law enforcement use only.

If the intelligence is not true, it nevertheless makes it clear that the United States understands that back doors create huge vulnerabilities. Government officials know full well that the Justice Department's demands are unreasonable and should be shut down, and lawmakers like Sen. Lindsey Graham (RS.C.) should not be proposing bills to force companies to implement encryption back doors.

But then, perhaps I should simply stop treating the Justice Department and Congress as though they're making these arguments in good faith. You see, yesterday, the Washington Post published a very different story about encryption and data privacy. It turns out that, for decades, the CIA and German intelligence owned and secretly operated an encryption company named Crypto AG. They sold compromised encryption technology to other countries, then secretly spied on them. The Washington Post reports that

they monitored Iran's mullahs during the 1979 hostage crisis, fed intelligence about Argentina's military to Britain during the Falklands War, tracked the assassination campaigns of South American dictators and caught Libyan officials congratulating themselves on the 1986 bombing of a Berlin disco.

Germany left the partnership in the 1990s, fearing exposure. So the CIA ran the company until 2018 when it liquidated Crypto AG and sold it off to two companies, one of whom apparently had no idea about its secret background.

We should be wary of the U.S. government doubling down on its efforts to compromise encryption, especially now that Crypto AG is not of use to the CIA. We know full well those back doors are going to be used for a lot more than trying to track down alleged pedophiles, and the federal government knows that, too.

Here is the original post:
CIA Encryption Meddling and Chinese Espionage Allegations Make It Clear: We All Need Strong Data Protection - Reason

Apple has reopened a privacy battle with the FBI after refusing to unlock the iPhones of the Saudi pilot who opened fire at Naval Air Station Pensacola Buzz60

NEW YORK Inside a steel-encased vault in lower Manhattan, investigators bombard an Apple iPhone 7 with ajumble of numerical codes generated by nearby computers.

The grinding exercise has continued for the past 21 months with a singular aim: Crack the phone's passcode, so police can extract potentialevidence in an aging attempted murder investigation.

Despite the formidable resources ofa $10 million cyberlaboperated by the Manhattan District Attorneys Office including costly assistance provided by privatesleuths the phone has won.

Last month, Attorney General William Barr revived the titanic struggle betweenlaw enforcement and Big Techwhen he disclosedthat the FBI couldn'tunlock two iPhones used by a Saudi officer who opened fireat a Navy base in Florida in December.

The breadth of the ground war wagedagainst encrypted phones, tablets and other devices seized in criminal inquiries is perhaps best appreciated withinthe securedoors of this Manhattanlaboratory.

Steven Moran, director of the High Technology Analysis Unit at the Manhattan District Attorneys Office, describes how investigators try to crack encrypted smartphones in a special steel-encased vault. It was built to block outside radio frequencies, preventing suspects from remotely erasing their devices.(Photo: Kevin Johnson, USA TODAY)

More than 8,000 devices have poured into the facility since 2014.Each year, more of them are locked, rising from 24% in 2014 to 64%last year. For Apple devices, it's gone from 60% to 82%.

Nearly 2,500 of the locked devices remain inaccessible to investigators, hindering investigations into child exploitation, financial fraud, theft, violence and other crimes.

The numbers illustrate afrustration shared by law enforcement agencies across the country.

"I don't think there is an awareness of the scope of the problem," Manhattan District Attorney Cyrus Vance said.

Duffie Stone, president of the National District Attorneys Association, describedthe challenge as a technological tidal wave overwhelming agencies across the country, particularly smaller oneswithout Manhattan's considerable resources.

It's been difficult to measurehow much of a problem locked devices are for law enforcement. There is no national data repository tracking how often investigators areblockedby phones "going dark," as they say.

In 2018, the FBI estimated federal authorities recovered nearly 8,000 locked phones for analysis,butthe bureau acknowledged that figure was overstated.The FBI has not publicly updated the data since, leaving Vance as law enforcements most vocal authority in the struggle between law enforcement and privacy interests.

Tech giant Apple is law enforcement's favorite target because of its commercial popularity and its efforts to bolster user privacy.In the past six years, law enforcement officials said, Apple and other companies have made their devices virtually warrant-proofby enabling encryption by default and moving fromfour-digit passcodes to six.

Law enforcement vs. consumer privacy: Should Apple help DOJ unlock terrorist's iPhones?

"We have always maintained there is no such thing as a backdoor just for the good guys," Apple said in a statement last month, responding to Barr's claims that the company had not helped unlock the two iPhones recovered from the Pensacola shooter.

"Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations," Apple said. "We feel stronglyencryption is vital to protecting our country and our users' data."

"We might need more shelving," says Steven Moran, director of the High Technology Analysis Unit. Inside the unit's vault, computers bombard seized smartphones with codes to crack encryptions and enable investigators to access their data.(Photo: Kevin Johnson, USA TODAY)

It looks like a bomb shelter. In a sense, it is.

Just off the main corridor of the Manhattan cyberlaboratory, protected by a heavy steel door, is a small chamber where some of the lab's most consequential work is carried out in isolation.

About 100 locked cellphones,seized in various criminal investigations, arestacked neatly on two shelves. Nearby,computerssilently batter the devices with spurts of numerals as they attempt toguess thepasscodes.

Only when the lights are offis the workvisible, in flashes of blinking lights.

Success can come in minutes, hours, days ormonths. Or not at all.

Of the 1,035 devices that were locked on arrival at the lab last year, 405 remain inaccessible, according to lab records. The year before, 666 of the 1,047 locked phones could not be opened.

New batches of phones are moved into the chamber like unbaked cookies. Others are moved out before they're done.

"We might need more shelving," said Steven Moran, director of the High Technology Analysis Unit.

The room's heavy drape of security, Moran said, is not for show. It was built to block outside radio frequencies, preventingsuspects from remotely erasing their devices before examiners can break the locks.

"It is a real concern," Moran said, adding that some suspects released on bond have sought to do just that.

In particularlyurgent cases, or when devices prove especially resistant, they are hand-delivered to private contractors who subject the phones tonew types of hacking.

From 2014 to 2019, Vance said,his office paid those contractors $1.5 million for software and assistance.

New York District Attorney Cyrus Vance says there's a lack of awareness about the frustrations law enforcement faces over unaccessible cellphone data.(Photo: ANGELA WEISS, AFP via Getty Images)

Their help has become critical not only in Manhattan but in places such as South Carolina's 14th Judicial Circuit, a five-county area in the state's low countrywhere Duffie Stone is the prosecutor.

"The use of technology by criminals is probably the biggest change in the criminal justice system," Stone said. "We are confronting this kind oftechnology, and the challenge of penetrating it, in virtually every case we are prosecuting."

Stone credits Vance with helping other prosecutors take on the new investigative burdens.

"The value of digital evidence is not limited to proving a defendant's guilt," Vance told a Senate panel in December. "In some instances, evidence recovered from devices mitigates the culpability of an accused or exonerates a defendant entirely."

In 2018, Vance said, an internal survey revealed 17 casesin which his office "reduced or dismissed charges because of evidence recovered from a smartphone."

Ordinarily, few would confuse William Barr with Cyrus Vance.

As President Donald Trump's attorney general, Barr has shielded his boss from Vance's subpoenas and document requests. Their fight over the president's tax records is before the Supreme Court.

On the issue of encryption, they have found common ground.

Last month, Barr rekindled a long-standing dispute between the Justice Department and Apple when he accused the company of failing to provide "substantive assistance" in unlocking two iPhones used by the Saudi attacker who killed three people atNaval Air Station Pensacola in December.

Airman Mohammed Hathaim, Ensign Joshua Watson and Airman Apprentice Cameron Walters were killed in the shooting at Naval Air Station Pensacola. USA TODAY

One of the devices was damaged by a bullet, possibly fired by the gunman in an attempt to destroy anyevidence it contained.

The attorney general said investigators rebuilt both phones, but they had not been able to bypass the passcodes to gain access to the data.

"This situation perfectly illustrates why itis critical that investigators be able to get access to digital evidence once they have obtained a court order based on probable cause," Barr said.

Apple rejected Barr's rebuke, saying it responded quickly to investigators' many requests. The company said itlearned only a week earlier that the Justice Department needed help unlocking the phones.

Barr's criticismmirrored a standoff between the FBI and Apple over an iPhone recovered after a mass shooting in San Bernardino, California, that left 14 people dead in 2015.

In that case, the FBI went to federal court todemand Apple assist investigators in accessing the device recovered from terrorist Syed Farook, who was killed withhis wife, Tashfeen Malik, in a shootout with authorities after the attack.

The FBI's effort was led by then-director James Comey, whomaintained the bureau wanted accessonly in that case. Apple and other tech companies feared granting access to Farook's phone would ultimately require them to build so-called backdoors that would allowlaw enforcement around the country to access their devices.

Nothing to see here: FBI blacks out most details on hack of terrorist's iPhone

Law enforcement officers search for suspects in a mass shooting Dec. 2, 2015, in San Bernardino, Calif.(Photo: Patrick T. Fallon, AFP via Getty Images)

The FBI dropped its challenge after it secured the assistance of an outside contractor that bypassed the iPhone's passcode.

Vance, who supported Comey's efforts, said theSan Bernardino caseraised public awareness of the problem,but it"deflated because there was mutual finger-pointing."

If Barr were to challengeApple again, Vance said, he probably would support it, thoughthe district attorney said courts won't offer a long-term solution.

"Nothing really has changed" since San Bernardino,Vance said.

"Companies are not going to redesign their devices to open for search warrants," he said. "The only way to move forward is the threat of federal legislation."

Read or Share this story: https://www.usatoday.com/story/news/politics/2020/02/11/manhattan-vault-investigators-try-unlock-encrypted-iphones/4670518002/

See the article here:
The code breakers: This vault is the epicenter in law enforcement's battle to unlock encrypted smartphones - USA TODAY

Applying encryption adds a level of security to the data that can help prevent the file contents from being understood by any unauthorized person who gets hold of it. Even if the data is accessed, it requires decryption to extract its meaning.

When more than one key is involved in the process, it's also possible to use to authenticate the sender. (Read Expert Feedback: What Data Encryption Advancements Should Businesses Be Aware Of?)

Encryption is the process of using an algorithm to transform information to make it unreadable for unauthorized users. Once the information is encoded, it requires decryption to be understood. (Read Encryption Just Isn't Enough: 3 Critical Truths About Data Security.)

Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.

Decryption is the process of transforming data that has been rendered unreadable through encryption back to its unencrypted form.

The encoded data reverts back to its original form, whether it contains texts or images, so that it makes sense to the human reader and/or the computer system. This process may be automated or be conducted manually.

Typically, there is a form of key involved. (Read 10 Best Practices for Encryption Key Management and Data Security.)

This eBook makes it easier than ever to get everything out of this powerful data tool. Free offer expires 2/18/2020.

CC BY-SA 3.0

A Scytale was what ancient Greeks used to make a simple transposition cipher. All it took was a strip of leather on which the letters were written and cylinder around which to wrap it. The sensitive data that was protected this way was likely centered around battle strategies. (Read Encryption Backdoors: The Achilles Heel to Cybersecurity?)

The encryption is the result of the letters being taken out of the order necessary to read and make sense of the message when they are unwrapped. In this case, the right cylinder functions as the key because it is what would get the letters properly aligned once the strip was wrapped once again.

The cylinder would be what is called a pre-shared key (PSK) in cryptography, that is a secret key that was shared ahead of the secret message being sent on it. Its letting the other party know what code the hidden message will be in. (Read Cryptography: Understanding Its Not-So-Secret Importance to Your Business.)

The Scytale method of encryption is the first one mentioned in A Brief History of Cryptological Systems, an instructive and entertaining read about strategies to prevent unauthorized people from reading secret message.

What may be the most famous stone in the world is housed in the British Museum. The museumss blog on the historic Rosetta Stone explains that Napoleons army found it in the Nile delta town for which it is named in 1799. At that time, no one had the capability to read hieroglyphs. It was a code with no key.

That is until scholars studied the Rosetta Stone. It opened the way to meaning through two components. One was that the same message was carved into in three languages, including Ancient Greek, which scholars could read.

The other was an identifiable cartouche that indicated which symbols stood for the name of the king Ptolemy.That was the basis of finding which of the 53 lines of Ancient Greek corresponded to the 14 lines of hieroglyphics and figure out the meaning of individual symbols.

It then took a couple of scholars 20 years to work it all out.

While the Rosetta Stone did function effectively as a decryption key, we need something easier to work with than a 1,680 pound rock for our everyday needs. The keys used in computer encryption are based on algorithms which scramble the plaintext data to render it into apparently random gibberish.

Applying the decryption key will put it back into understandable plaintext. There are different possible setups with single or double sets of keys.

Symmetric key encryption is based on algorithms that apply the same keys for both encryption and decryption. Its the same concept that worked for the Scytale in which the same size cylinder is used both to set the code and to rewrap the strips to make sense of the apparently random letters.

The same key that rendered the plaintext into ciphertext will turn the ciphertext back into plaintext In his blog, Panayotis Vryonis offers the analogy of locking something away in a box. The same key used to remove the contents from view is used to unlock the box and reveal them.

This is also sometimes called public key encryption. The name is a bit misleading because the asymmetry actually depends on having both a public and a private key. The public key is used to encrypt the message that is decrypted with the private key.

You can also encrypt data with the private key and have the receiver decrypted with the public key. The point is just that different keys are used for two functions.

Vryonis once again offers an image of a locked box to understand the concept: This lock has three states: A (locked), B (unlocked) and C (locked). And it has two separate (yes, two) keys. The first one can only turn clockwise (from A to B to C) and the second one can only turn anticlockwise (from C to B to A).

He names the one who locks it Anna, and she has an exclusive on one key the private key. The second key is the public one, which is copied and distributed.

So. Anna has her private key that can turn from A to B to C. And everyone else has her public-key that can turn from C to B to A. This opens up the possibility of locking up what you dont have the power to unlock.

"First of all, imagine you want to send Anna a very personal document. You put the document in the box and use a copy of her public-key to lock it. Remember, Annas public-key only turns anticlockwise, so you turn it to position A. Now the box is locked. The only key that can turn from A to B is Annas private key, the one shes kept for herself."

Anyone with the public key can make sure the box is locked, and only the person in possession of the private key can unlock it. Back to the world of algorithms, only the private key can decrypt what was encrypted by the public key. But it also has the possibility of allowing the public key to decrypt what was decrypt what was encrypted with the private key.

That opens up the possibility of attaching digital signatures, which Vryonis explains as follows:

"Someone delivers me this box and he says its from Anna. I dont believe him, but I pick Annas public-key from the drawer where I keep all the public-keys of my friends, and try it. I turn right, nothing. I turn left and the box opens! Hmm, I think. This can only mean one thing: the box was locked using Annas private key, the one that only she has.

In that scenario, the lock that is only possible from the private key guarantees that the sender is the one represented, which is the function of the digital signature. It would be like an unbroken seal on a letter formed by the persons signet ring used in the days of quill pens.

Accordingly, the asymmetric key offers more possible functions than the symmetric key system. Anyone with the public key can secure their data transmission to be decrypted only by the one in possession of the private key.

Plus anyone who receives data encrypted by the private key can trust the source. That preserves the integrity of the files and the validation of origin for digital communication, both of which are essential for functional and secure digital interactions.

View post:
Encryption Vs. Decryption: What's the Difference? - Techopedia

The Australian Labor Party said on Monday it would be debating a Private Senator's Bill to fix the encryption laws that it voted for in 2018.

The changes would include judicial authorisation that make the laws compatible with the US CLOUD Act, as well as changes in theprevious Bill that was stranded prior to the May 2019 election.

"Tech companies report that customers are less likely to seek out contracts with Australian companies because the encryption laws pose risks that they would be required by the government to introduce systemic weaknesses into their products and systems," Shadow Minister for Home Affairs Kristina Keneally said.

Labor was warned of this exact situation in 2018 before it voted for the laws.

Australian security vendor Senetas called for the laws to be dumped in 2018 because it would damage Australian reputations and trust.

"The Bill will damage Australian developers' and manufacturers' reputations in international markets, resulting in loss of trust and confidence in Australian cybersecurity R&D and products," Senetas said at the time.

"Rather than protecting the interests of citizens, this Bill compromises their security and privacy as a consequence of weaker cybersecurity practices and easier access to new tools for cyber criminals."

As long as the government majority holds, and there are no signs it would not, then Labor's fixes will die on the House of Representatives floor.

"Today is a test for the Morrison government -- will they stand up for the 700,000 Australians working in our technology industry and Australia's law enforcement agencies ... or continue with their broken promises and do-nothing plan?" Keneally said without a hint of irony.

Labor had previously said it would fix the "rushed legislation" it passed if it won government in May. The ALP did not win.

On Friday it was revealed that the nation's metadata laws were capable of handing to the cops the web browsing history of Australians.

At the time, Labor Senator Anthony Byrne noted his "grave concern" this was happening despite assurances.

Updated at 19:17pm AEDT, 10 February 2020: Article headline originally said the Bill was being introduced. The Bill was up for second reading debate.

AFP and NSW Police used Australia's encryption laws seven times in 2018-19

Seven Technical Assistance Requests made with no Technical Assistance Notices or Technical Capability Notices issued.

How the B-Team watches over Australia's encryption laws and cybersecurity

Most telco interception warrants are issued by non-judges. Important cybersecurity work isn't being done. The Information Commissioner lacks funding. Does the government actually care about privacy and security?

Home Affairs report reveals deeper problems with Australia's encryption laws

The first seven months of Australia's controversial encryption laws didn't see an explosion of decryptions. Worry instead about the cops bypassing judges to get their interception warrants approved.

End-to-end encryption means Huawei bans are about availability, not interception

Former Prime Minister who brought in Australia's anti-encyption laws says the technology can prevent potential tapping by telco equipment manufacturers.

Labor says it will fix encryption laws it voted for last year

Better late than never for agreeing to judicial authorisation, but legislation is unlikely to pass the House of Representatives.

Read more here:
Labor Bill to fix Australian encryption laws it voted for hits second debate - ZDNet

WASHINGTON New opponents confronted Facebook on Wednesday as it moves forward with a plan to encrypt all of its messaging platforms: child welfare advocates who said that encryption would allow child predators to operate with impunity across the companys apps.

Facebook has a responsibility to work with law enforcement and to prevent the use of your sites and services for sexual abuse, a group of 129 child protection organizations, led by the National Society for the Prevention of Cruelty to Children, said in a letter to the Silicon Valley company. An increased risk of child abuse being facilitated on or by Facebook is not a reasonable trade-off to make.

The letter indicates how activists and law enforcement agencies have seized on child exploitation as a new way to combat the expanded use of encryption in consumer technology.

The Justice Department and its counterparts in Britain and Australia previously used the threat of terrorist activity to rail against encryption, saying that tech companies were shielding malicious and dangerous criminals. But they have recently shifted their focus to child exploitation as tech companies have made good on plans to make it harder to see or stop illicit activity on those platforms.

In a statement, Facebook said, Encryption is critically important to keep everyone safe from hackers and criminals. The company said it was building safety measures for children and working closely with child safety experts.

We have led the industry in safeguarding children from exploitation and we are bringing this same commitment and leadership to our work on encryption, Facebook said.

Last March, Mark Zuckerberg, Facebooks chief executive, announced that he planned to knit together and encrypt the companys various messaging services, including WhatsApp, Instagram and Facebook Messenger. The products serve billions of people globally.

Facebook has been grappling with its role in the explosion of online child pornography. In 2018, tech companies reported more than 45 million online photos and videos of children being sexually abused. Facebook accounted for more than 90 percent of reports that tech companies flagged that year. Once Facebook Messenger the companys main source of such imagery is fully encrypted, it will be nearly impossible for Facebook to detect such images.

Tech companies said they had found other ways to combat abuse of their services, even if they introduce encryption. Those methods include scanning and matching the profile photos of users to those of known predators, as well as relying on user reports and complaints. WhatsApp, which is already fully encrypted, has said it bans more than 250,000 users every month for posting imagery of exploited children.

The scope and severity of online child pornography has grown exponentially along with the rise of social networks.

It is possible to find images and videos of children as young as infants being raped and abused online, and some services allow people to watch pay-per-view live streams of assaults of victims from around the world. Many victims live in fear of being recognized, thanks to the near impossibility of deleting these images from the internet.

It would take nearly every agent at the F.B.I. to pursue every child pornography lead that came into the bureau, according to F.B.I. and Justice Department officials who have fought to obtain information that companies like Apple say they cannot give because of the strengthened security in their products.

In a hearing with the House Judiciary Committee on Wednesday, Christopher Wray, director of the Federal Bureau of Investigation, also criticized Facebook on its encryption plans, calling it a dream come true for predators and child pornographers who use the services to traffic in illicit material.

If Facebook moves forward with the plans that they have at the moment, we will be blinded, Mr. Wray said. They will blind themselves and law enforcement.

Mr. Wray said Facebook should not be able to decide unilaterally to shut out law enforcement, leaving open the possibility that American lawmakers could try to mitigate the problem through legislation, as Australia has done. In 2018, the Australian Parliament passed a bill that required tech companies to provide law enforcement authorities with access to encrypted communications.

Tech companies like Facebook have a vital responsibility to balance privacy with the safety of vulnerable children, Priti Patel, the British home secretary, said in a statement on Wednesday. We have also submitted detailed evidence to the U.S. Senate about these concerns.

In a recent meeting with Sheryl Sandberg, Facebooks chief operating officer, Ms. Patel said the social networks encryption plans could not be allowed to hamper law enforcements ability to protect children online.

Facebook and other tech companies have received support for encryption from a coalition of civil liberties organizations, techno-libertarian groups and former national security experts, many of whom served in the Obama administration.

While many of these groups agree that there needs to be a balance between public safety and the privacy of people who use technology to communicate, they said encryption was a public good that helps ensure a safer world.

The future of cybersecurity, robotics, communications and other technologies depends on better encryption, said Ari Schwartz, managing director for cybersecurity services at Venable.

Law enforcement officials have long been frustrated by this argument. They said companies like Facebook and Apple did not encrypt parts of their services that would make it impossible for users to do things like reset their passwords when they forget them a decision that keeps those products generally usable and appealing, and makes it possible for law enforcement authorities to see into services such as Apples iCloud.

The question, some law enforcement officials said, is why tech companies choose not to encrypt when it serves their bottom line, but choose to encrypt when it could harm public safety.

Katie Benner reported from Washington and Mike Isaac from San Francisco.

More:
Child-Welfare Activists Attack Facebook Over Encryption Plans - The New York Times