Category Archives: Encryption
How the B-Team watches over Australia’s encryption laws and cybersecurity – ZDNet
The cybersecurity of the Attorney-General's Department (AGD) has not been independently assessed by the Australian Signals Directorate (ASD) despite it being made an action item nearly four years ago.
The nation's Cyber Security Strategy of April 2016 said that government agencies "at higher risk of malicious cyber activity" would receive "independent cybersecurity assessments".
Adiscussion paper[PDF] for the 2020 strategy,releasedin September 2019, reported that "ASD has conducted active vulnerability assessments of a number of key government agencies".
But in written evidence given to the Senate Standing Committee on Legal and Constitutional Affairs this week, AGD revealed it wasn't one of them.
"ASD has not conducted an independent security assessment against Attorney-General's Department networks," it wrote.
"No additional funding has been provided to AGD for cybersecurity remediation activity."
AGD has vastly increased its spend on cybersecurity across the last four years, however.
From a base of AU$47,197 in 2015-2016, when they began tracking the annual operational spending of the IT Security Section, it rose to AU$225,826 in 2016-2017, then to AU$641,985 in 2017-2018. In 2018-2019, it declined slightly to AU$562,222.
"Other sections, projects, and activities make a substantial contribution to improving the overall cybersecurity posture, but are associated to other cost centres," AGD wrote.
But the department declined to answer specific questions about its compliance with theASD Essential Eightcybersecurity controls, citing security concerns.
"Publicly identifying details of any briefings provided to the Attorney-General on cybersecurity vulnerabilities on departmental networks would provide an individualised snapshot in time and may provide a heat map of vulnerabilities for departmental networks, which malicious actors may exploit and thus increase the agency's risk of cyber incidents," it wrote.
It's bad enough that most telecommunications interception warrants arenot approved by judgesbut by members of the Administrative Appeals Tribunal (AAT).
What's worse is that these less-qualified officials can spend mere minutes making their decision with no legal support from AAT staff.
After so little thought, and without further independent oversight, law enforcement agencies are free to use theircontroversial new powersunder the controversialTelecommunications and Other Legislation Amendment (Assistance and Access) Act 2018.
They can issue a "voluntary" Technical Assistance Request (TAR) to get a communications provider to help access the contents of an encrypted communication. Or they can issue a compulsory Technical Assistance Notice (TAN) to the same end.
Someseven TARs or TANs were issuedby law enforcement in the first seven months of the Act's operations. The number issued by the spooky agencies, meanwhile, is unknown.
The concern, first raised byThe Saturday Papera year ago, is that AAT members mightmore readily approve warrantsthan judges, although there's no data on this one way or the other.
There have been concerns that many AAT members are political appointees with no legal qualifications. More than 60% of members appointed since 1 July 2015 are not legally trained, according to further AGD evidence to the Legal and Constitutional Affairs Committee.
And whilesection 5DAof theTelecommunications (Interception and Access) Act 1979states that only AAT members who are "enrolled as a legal practitioner of the High Court, of another federal court, or of the Supreme Court of a State or of the Australian Capital Territory" for at least five years are approved to issue warrants -- a lawyer with five years experience is not a judge.
"Some legal experts argue that judges are more experienced and therefore more qualified to assess warrant applications than a lawyer with five years' practising experience,"The Saturday Paperwrote.
"Key to this is the fact that during these warrant proceedings, there is no party making an opposing argument."
Judges are experienced in weighing up the pros and cons of a case to ensure fairness. Lawyers are experienced at arguing for their client's position. They're not the same.
Also concerning is the amount of support given to AAT members in this role: None.
The Senate was told that "members undertake these functions in a personal capacity (as apersona designata) and not as part of their duties as a member of the AAT".
"AAT staff do not provide any legal support in respect of applications considered by an AAT member under the Act," AGD wrote.
"The AAT and AAT staff provide limited assistance to facilitate the performance of these functions, particularly scheduling appointments."
Those appointments can be very brief indeed.
"Since 1 July 2015 the average (mean) length of all appointments with AAT members for warrant-related purposes is just 18 minutes," AGD wrote.
"The shortest amount of time recorded for an appointment that proceeded is 1 minute. The data is not subject to auditing."
Maybe the members spend hours of their own time wrestling over whether to approve each warrant. On that matter, your writer has a simple response: Prove it.
Either way, it might well be argued that one minute doesn't allow for a serious challenge to a warrant application's claimed merits.
Australia's health sector continues to be the most affected by data breaches, according to the Office of the Australian Information Commissioner (OAIC).
Some58 notifiable data breaches(NDBs) were received by the OAIC between 1 January 2019 and 31 March 2019.
"The OAIC's 2019-20 corporate plan includes a continued focus on the health sector, particularly centred on uplifting the health sector's security posture," it told the Senate this week.
In September 2019, the OAIC released aGuide to Health Privacy.
"[The OAIC] is currently undertaking an associated outreach and social media campaign. This campaign includes the development of a toolkit to assist health service providers improve their information handling practices," it said.
Also during Estimates in November, the OAIC was asked if it was conducting an investigation into an alleged AU$10 million international identity theft scam that had affected several of Australia's largest super funds, including REST Super, AustralianSuper, and HESTA.
"The Information Commissioner has not opened an investigation into the named organisations in relation to the media report of an alleged identity theft scam," the OAIC said.
It did add, however, that the maximum current penalty that the Federal Court can impose for a serious or repeated interference with privacy is AU$2.1 million for a body corporate.
In recent years, the OAIC has found it difficult to process Freedom of Information (FOI) requests promptly. A substantial increase in all types of requests has since widened the gap, resulting inincreased delays and backlogs.
This week the OAIC revealed that meeting the demand for FOI regulatory work would require nine more staff at a cost A$1.65 million a year, plus A$300,000 in the first year for accommodation.
Your writer is of the view that this is back-of-the-couch money, given that it would deliver a significant increase in government transparency.
Read the rest here:
How the B-Team watches over Australia's encryption laws and cybersecurity - ZDNet
Kids Need End-to-End Encryption for Protection Against Corporations – The Mac Observer
In areport from theFinancial Times (paywall), a letter signed by 129 non-profits, think tanks, and academics urge Facebook to reconsider encrypting its apps. They use the think of the children argument because encryption could enable more child sexual abuse. But Justin Myles Holmes says weshould think of the children andenable end-to-end encryption for them, so their data isnt used and abused by corporations precisely like Facebook.
If we fail to take action now, we risk a world in which unsavory actors domestic and foreign have built rich, comprehensive profiles for every one of our children, following the trajectories of their education, home life, consumer habits, health, and on and on. These profiles will then be used to manipulate their behavior not only as consumers, but as voters and participants in all those corners of society which, in order for freedom and justice to prevail, require instead that these kids mature into functional, free-thinking adults.
Check It Out: Kids Need End-to-End Encryption for Protection Against Corporations
View post:
Kids Need End-to-End Encryption for Protection Against Corporations - The Mac Observer
Encryption Backdoors: The Achilles Heel to Cybersecurity? – Techopedia
The war against cybercrime is ongoing and should not be halted or terminated because cybercriminals are not on the verge of giving up any time soon. Rather, they seem to be getting tech savvier on a daily basis. (Read How Cybercriminals Use GDPR as Leverage to Extort Companies.)
Taking a look at the IC3 Complaint Statistics 2014-2018, it becomes very glaring that we are really facing a cyberwar across the globe.
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
IC3 statistics showing a significant increase in total losses during 2018 (source: FBI IC3)
Different technological and non-technological measures such as weak and strong passwords, single, double, and multi-factor authentication are being fashioned out to arrest the menace caused by hackers but due to the fact that technology itself is advancing rapidly, it will still take some level of work to be able to have full control of the situation. (Read Is Security Research Actually Helping Hackers?)
Some of the measures that have been posited to use in tackling cybercrime include:
While the zero-trust strategy is not technologically based, both VPN and blockchain are based on technology. Despite the fact that they may have their different shortcomings especially as even renowned VPN providers can have privacy issues the good news is that both have encryption as a feature.
Its rather unfortunate that despite all the effort being put in place to ensure that organizations, governments, and individuals are secured, it is the government that may be constituted a stumbling block in checkmating the activities of cybercriminals.
Get insights into data center priorities and IT trends.
Governments and law enforcement agents around the globe, especially in the Five Eyes (FVEY) intelligence alliance, are not relaxing in their efforts to ensure that there are encryption backdoors.
They claim this is necessary for the interests of national safety and security as criminals and terrorists increasingly use encrypted messages to communicate online.
The FVEY governments believe that there is a widening gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data, which they term "a pressing international concern." In their opinions, this clearly demands "urgent, sustained attention and informed discussion."
Encryption is the method by which your data is converted into a secret code that conceals the information's true meaning. (Read Trusting Encryption Just Got a Lot Harder.)
It's based on the science known as cryptography. Any data that is not encrypted in computing, unencrypted data is referred to as plaintext, while the encrypted data is called ciphertext.
You make use of encryption algorithms or ciphers to encode or decode messages. If an unauthorized party manages to intercept your encrypted data, the only way such data can be meaningful to the intruder is by haphazardly guessing which cipher was used to encrypt the message and also what keys were used as variables.
The best way to crack any encryption key is a brute-force attack. For example, AES with 256-bit keys has a key length that is 256-bit.
The possible number of combinations that can be used to crack this type of encryption can keep a hacker working throughout life without success. This makes encryption a very valuable asset and security tool.
Encryption can be said to be the basic block on which information technology (IT) assets are built and without it, cybercriminals will be having a field day as things are currently. Before going through the tunnel, your data gets encrypted with a special pre-configured algorithm.
Then going out of your device, the encrypted traffic goes via the tunnel to a blockchain or VPN server. The server contacts the requested Internet resource, traffic is decrypted and reaches the resource in an unencrypted way.
The process is the same backward: your data from the website is unencrypted, then it becomes encrypted and conveyed through the tunnel to you where it is finally decrypted.
The Federal Bureau of Investigation (FBI), are brimming hell on technology companies that offer end-to-end encryption (E2EE). Their argument is that such encryption restricts law enforcement from accessing data and communications even with a warrant.
The FBI described this issue as "going dark," and the U.S. Department of Justice (DOJ) is not taking it with a pinch of salt either. The DOJ is calling for what they termed "responsible encryption" that can be unbarred by technology companies under a court order.
Taking it to the extreme, Australia enacted a law that made it compulsory for visitors to render passwords for all digital devices when before entering the country. A five-year jail term is a punishment for failure to comply.
Even when you fail to have security behind your mind, the fact that you must meet up with the worlds best standards makes it mandatory for you to encrypt your data since you must meet compliance regulations.
Quite a number of organizations and standard bodies recommend or mandate that sensitive data must be encrypted in order to prevent unauthorized third parties or hackers from accessing the data.
A case in point is that of the Payment Card Industry Data Security Standard (PCI DSS) where it is absolutely necessary that merchants must encrypt customers' payment card data when it is both stored at rest and broadcasted over unrestricted channels.
Making use of link-level encryption, you have your data encrypted data when it leaves your network, decrypted at the next link, which may be a host or a relay point, and then its re-encrypted before it is sent to the next link. You have the advantage of using a different key or even a different algorithm for data encryption by each link.
This process keeps on repeating until your data gets to its destination.
The world is talking Cloud storage and hence the encryption of data in the cloud cannot be overemphasized. Cloud storage providers are able to encrypt data using encryption algorithms and the data is then placed in cloud storage.
The fundamental difference between cloud encryption and in-house encryption is that cloud customers must take time to learn about the provider's policies and procedures for encryption and encryption key management in order to ensure that encryption is in league with the level of sensitivity of the data being stored.
With Network-level encryption you are able to apply crypto services at the network transfer layer above the data link level but below the application level. The implementation of network encryption is facilitated through Internet Protocol Security (IPsec) as a set of protocols and authentication methods developed for data protection just at the dawn of the Internet, which is a set of open Internet Engineering Task Force (IETF) standards that, when used in conjunction, design a structure for private transmission over IP systems.
This is based on the quantum mechanical properties of particles to protect data. Going by the Heisenberg uncertainty principle which posits that the two identifying properties of a particle its location and its momentum cannot be measured without changing the values of those properties, quantum cryptography is strongly positioned to ensure the security of your data.
For this reason, its practically impossible to copy any quantum-encoded data since any attempt to access the encoded data will change the data. This will raise a red flag and the authorized parties to the encryption will be notified of the attempted breach.
E2EE ensures that any data being sent between two parties cannot be viewed by an attacker who may have one way or the other intercepted the communication channel. However, the use of an encrypted communication circuit, as provided by Transport Layer Security (TLS) between web client and web server software, is not always enough to ensure E2EE.
You should ensure that the actual content you are transmitting is encrypted by client software before being passed to a web client and decrypted only by the recipient. Examples of messaging apps that provide E2EE include Facebook's WhatsApp and Open Whisper Systems' Signal.
Its also possible for Facebook Messenger users to get E2EE messaging with the Secret Conversations option.
Looking at this succinctly from all angles, what the government is trying to do maybe for the intended good of the populace with encryption backdoors will clearly and overwhelmingly jeopardize the privacy and security of everyone. They should ponder on the gravity of cybercriminals exploiting these same backdoors they are clamoring for.
Without encryption backdoors, the cybercrime situation is barely containable as it stands. What will the scenario look like if we open up our last line of defense to them?
And this is exactly what we shall obtain. The risks are of mammoth proportions.
See the article here:
Encryption Backdoors: The Achilles Heel to Cybersecurity? - Techopedia
US Lawmakers Seeking to Ban Companies From Using End-to-End Encryption With a New Draft Bill – Bitcoin Exchange Guide
US lawmakers and the Department of Justice are looking to ban end-to-end encryption, making Internet users vulnerable to a host of attacks on their privacy from both malicious hackers and from the government.
Attorney General William Barr along with Sen. Senator Richard Blumenthal (D-CT) and Sen. Lindsey Graham (R-SC) seeking to ban companies from using end-to-end encryption with a new draft bill called Eliminating Abusive and Rampant Neglect of Interactive Technologies (or EARN IT) Act.
If companies do not follow the practices set by a national commission, that would be comprised of 15 people and led by Barr himself, the act would make them liable in state criminal cases and civil lawsuits over child abuse and exploitation.
The ban, however, is potentially unconstitutional under the First, Fourth, and Fifth Amendments, said Riana Pfefferkorn, a member of the Stanford Law Schools Center for Internet and Society.
If passed, the law would also require companies like Telegram to allow backdoor government access to encrypted information.
Bitcoin bull and Fundstrats Tom Lee also said it would have some negative impact on crypto and digital assets which are grounded by cryptography.
Barr claimed to want to protect the children by this move. Last week, at the White House Summit on Human Trafficking, Barr said encryption was aiding human traffickers.
We live in a digital age, and like everyone else, human traffickers are relying increasingly on digital communication and the Internet and more and more, the evidence we rely on to detect and to deal with these predators is digital evidence.
However, increasingly, this evidence is being encrypted.
Barr said that while encryption is important to protect consumers from cybercriminals, military-grade encryption means they cant get access to this data. He said,
We just cant have chat rooms and websites that are involved in grooming children victims or selling trafficked women sites that are impenetrable to law enforcementand we have to do something about this.
Previously Barr said that technology companies using end-to-end advanced encryption are effectively turning devices into law-free zones.
Brett Max Kaufman, a senior staff lawyer in the Center for Democracy at the American Civil Liberties Union is in opposition to this as he said,
Encryption reliably protects consumers sensitive data.
There is no way to give the F.B.I. access to encrypted communications without giving the same access to every government on the planet. Technology providers should continue to make their products as safe as possible and resist pressure from all governments to undermine the security of the tools they offer.
A similar Act was passed in Australia. The Assistance and Access Act in late 2018 was passed that gives Australian authorities and agencies the power to compel technology companies and their employees to provide access to encrypted data.
The Act was widely criticized for undermining the security of encryption and potential abuse of the new powers. During the second half of last year, 18 technical requests were issued. Assistant minister for cybersecurity Tim Watts said last year,
It was a failure of parliamentary process, a failure of bipartisanship on national security and a failure of the Morrison government to keep its word. Since then, Australias technology sector, particularly our cyber security sector, has been paying the price of these failures. Labor is acting to right these wrongs.
Now, the amendments to the Act are being debated in the Senate.
United States: a invoice towards end-to-end encryption? – Sahiwal Tv
Representatives of the Senate and the Department of Justice from the United States seem like preventing head-to-head towards encryption messaging. Behind the noble trigger of kid safety, hides a large-scale liberticide threat, as solely the United States has the key.
According to the ZeroHedge web site, the legal professional common William Barr on the one hand, and the senator Lindsey Graham alternatively, each want prohibit full encryption from sender to recipient messages despatched through purposes comparable to WhatsApp, iCloud or Telegram.
"Although we use encryption to improve cybersecurity, we must ensure that we maintain the ability to legally access data and communications when necessary to respond to criminal activity. " William Barr
The drawback of making such again doorways, is that theyd contain a " grasp key " (or " golden key ") From decipherment. And who might guarantee us that this grasp key wont be used for dangerous actions, comparable to monitor conversations political dissidents, or leaders of huge overseas corporations? Not to say hackers who handle to get their fingers on it: it could give new that means to the expression "a treatment worse than the illness".
With the assist of senators Lindsey Graham and Richard Blumenthal, Barr needs to introduce a regulation known as EARN IT Act ".
Acronym for " An Act to get rid of extreme and common neglect of interactive applied sciences "(Just that!), It goals to make criminally accountable corporations in instances of kid abuse and exploitation, if these courier corporations dont transmit any proof associated to suspected customers.
A sneaky manner drive them to supply these well-known backdoors of their purposes (usable by all those that can have the gold key, whether or not theyre "good" or "bad"). And this might additionally, subsequently, additionally concern the case of nationwide safety pointsDo you see the wolf coming from afar?
In addition to the apparent threats to particular person freedoms, and the dangers of cybersecurity, such a regulation would even have implications eminently adverse for the cryptosphere.
Indeed, blockchain networks function on of the trade of worth and knowledge primarily based on encryption, carried out from begin to end.
Financial analyst Thomas Lee of Fundstrat, Explain in addition to :
"(If this bill) becomes reality, it would have a negative impact on cryptography and digital assets".
These needs for hypersurveillance, which all the time begin from "good intentions", additional scale back the freedoms and the safety of privateness of the overwhelming majority of harmless people. All that continues to be is to hope that this regulation which guarantees to be double-edged solely stays on the undertaking stage.
Continued here:
United States: a invoice towards end-to-end encryption? - Sahiwal Tv
TLS 1.0/1.1 end-of-life countdown heads into the danger zone – The Daily Swig
Web admins have about one month to upgrade
Websites that support encryption protocols no higher than TLS 1.0 or 1.1 have only a few weeks to upgrade before major browsers start returning secure connection failed error pages.
Google, Apple, Microsoft, and Mozilla jointly agreed in October 2018 to deprecate the aging protocols by early 2020 a move likely to throttle the traffic flowing to laggard sites yet to upgrade to TLS 1.2 and above.
Mozilla will likely be first to jettison support for TLS 1.0 and 1.1 21 and 14 years old, respectively with the release of Firefox 74on March 10.
Google Chrome 81, slated for launch on March 17, will disable support too, while Apples next Safari update is expected to land, with support for older encryption suites removed, by the end of the month.
Microsoft is expected to remove support for the moribund protocols from Edge 82 in April and Internet Explorer at around the same time.
Webmasters have been notified about the upcoming switch, for instance by advice to migrate issued within developer tools in Firefox 68 and Chrome 72, which were launched last year.
In December, Firefox 71 arrived with support disabled in Nightly mode to uncover more sites that arent able to speak TLS 1.2.
SSL Pulses latest analysis of Alexas most popular websites, conducted in February, reveals that of nearly 140,000 websites, just 3.2% fail to support protocols higher than TLS 1.0, and less than 0.1% have a ceiling of TLS 1.1.
Some 71.7% support a maximum of TLS 1.2, while the remaining 25% support the latest version, TLS 1.3.
According to these figures, then, 3.3% of sites could soon be returning secure connection failed error pages to visiting surfers.
The Internet Engineering Task Force (IETF), the global guardian for internet standards, is formally deprecating both TLS 1.0 and 1.1.
The National Institute of Standards and Technology (NIST) says it is no longer practical to patch the protocols existing vulnerabilities, such as the POODLE and BEAST man-in-the-middle attacks.
The protocols neither support the latest cryptographic algorithms nor comply with todays PCI Data Security Standards (PCI DSS) for protecting payment data.
While TLS 1.3, launched in 2018, is now the gold standard, TLS 1.2 is PCI DSS-compliant and remains in good standing despite being more than a decade old.
Both TLS 1.2 and 1.3 are supported by all major browsers. Both support the latest cryptographic cipher suites and algorithms, remove mandatory, insecure SHA-1 and MD5 hash functions as part of peer authentication, and are resilient against downgrade-related attacks like LogJam and FREAK.
Michal paek, developer at Report URI and Password Storage Rating, urges webmasters to take action before it's too late.
If theyre unsure about their sites SSL configuration, he recommends using tools like SSL Labs Server Test and Mozilla Observatory.
If checks reveal that a websites fails to support at least TLS 1.2, how should webmasters proceed?
The short answer is to check with their vendors, paek told The Daily Swig. The slightly longer (and maybe better) answer is to run recent encryption libraries (like OpenSSL) and servers (like Apache or Nginx), all of which support TLS 1.2 and TLS 1.3 - and the latter might even be a one-line change in the supported protocols config option.
He added: You can also check what protocol is used to access the site in the browser devtools, Security tab.
In a recent blog post, security researcher Scott Helme points out that you don't necessarily have to remove support for these Legacy TLS versions, you simply have to make sure that you support at least TLSv1.2 for clients like Chrome/Firefox/Safari to be able to connect.
In a message addressed to developers in September 2019 Mozilla engineer Martin Thomson said: This is a potentially disruptive change, but we believe that this is good for the security and stability of the web, noting that the number of sites that will be affected is reducing steadily.
READ MORE Chrome SameSite cookie change expected to result in modest website breakage
Read this article:
TLS 1.0/1.1 end-of-life countdown heads into the danger zone - The Daily Swig
Officials Ask Public to Weigh in on Encrypting Police Calls – Government Technology
(TNS) The question of whether police radio transmissions should be encrypted inspires strong opinions on both sides and one local police department has asked the public to weigh in on the issue.
Those in favor argue encryption which would prevent the public from listening to police communications is an officer-safety issue, since criminals listen to scanner transmissions.
Those opposed argue that encryption denies the public access to information it has the right to know, and poses a danger of police operating without accountability.
Encryption is a timely issue in Luzerne County, Pa., where a new digital 911 communication system is being rolled out this year. The system offers the option to encrypt police transmissions.
On Saturday, Wilkes-Barre Twp., Pa., police started a poll on the departments Facebook page, asking readers to vote whether they support encryption for some or all police calls. The post generated hundreds of responses.
Comments to the post from township police seem to indicate support for encryption, giving an example of a fleeing suspect who listened to a scanner app playing live audio of police looking for him.
West Pittston police Chief Michael Turner favors encryption.
I definitely support it, Turner said Sunday. It gives us some protection as far as bad guys having a radio.
Turner described encryption as an officer-safety issue, though he said no officers from his department have been injured because of open scanner transmissions.
Officers have found portable radios programmed to police frequencies in the possession of suspects, Turner said.
There are some operations we go out on we are using cell phones because we dont want transmissions done on the radio, the chief said.
Comments on the Wilkes-Barre Twp. Facebook page show a wide range of opinions on encryption.
Mary Jarrett, of Plymouth, who frequently posts to social media about borough and community issues, said she has become a big supporter of police from listening to scanner broadcasts. She said a three-minute delay would be acceptable but that police calls should be open to the public, noting sunshine disinfects and removes the we/they that permeates our society today.
Others who commented said transmissions about tactical incidents such as hostage situations should be encrypted, but not standard police calls.
A man who said he is a firefighter in Connecticut said he has gotten a head start on emergency calls by listening to open police transmissions.
Some expressed support for encrypting all police calls, to ensure officer safety and protect the privacy of innocent people.
Others took the polar opposite view, that a publicly funded communication system should be open to the public without restriction.
As of Sunday night, 616 people had voted in the poll. The results were:
Luzerne County does not plan to encrypt fire or emergency medical calls, officials said last week at a demo of the new radios and equipment.
Questions remain as to whether police transmissions will be encrypted once the new system goes live, and whether that decision will be made countywide or left up to individual police departments.
Following last weeks equipment demo, Andy Zahorsky, data and technical support manager for Luzerne County 911, said the county will not mandate the use of encryption.
Emergency responders interviewed since then have given conflicting opinions as to whether the county will stipulate encryption of police calls countywide, or if police departments will have the option whether or not to encrypt transmissions.
Fred Rosencrans, county 911 executive director, said in an email sent Thursday that issues involving encryption are under review and there is no deadline for decisions to be finalized.
2020 The Citizens' Voice (Wilkes-Barre, Pa.) Distributed by Tribune Content Agency, LLC.
Follow this link:
Officials Ask Public to Weigh in on Encrypting Police Calls - Government Technology
How Would a US Ban on End to End Encryption Affect Cryptocurrency? – Bitcoinist
According to reports US lawmakers and the Department of Justice want to ban end-to-end encryption in the name of protecting the children. This could have implications for cryptocurrency.
The reports are suggesting that Attorney General William Barr has questioned the use of encryption to turn devices into law-free zones.
The primary concern is firms like Apple which have full control over their devices and refuse to provide a backdoor to aid law enforcement in criminal investigations and other matters of national security.
US Senator Lindsey Graham, chair of the Senate Judiciary Committee, is drafting a new bill that could potentially outlaw the use of encryption in the name of protecting children. He has repeatedly called the iPhone a safe haven for criminals.
At the White House Summit on Human Trafficking last week Barr joined those calls with his views on the technology.
We all recognize that encryption is important in the commercial world to protect consumers like us from cybercriminals, but now, were seeing military-grade encryption being marketed on consumer products like cellphones and social media platforms and messaging services, and that means that we cannot get access to this data.
Senior staff lawyer in the Center for Democracy at the American Civil Liberties Union, Brett Max Kaufman, said encryption reliably protects consumers sensitive data. He added that technology providers should continue to make their products as safe as possible and resist pressure from all governments to undermine the security of the tools they offer.
The new draft bill called the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act will modify the Communications Decency Acts Section 230 to make companies liable in state criminal cases and civil lawsuits over child abuse and exploitation.
Many of these suggested best practices such as offering parental controls and setting age limits are acceptable but the bill also requires tech firms to preserve, remove from view, and report and material as well as retain any evidence that may pertain to such cases which effectively turns them into digital crypto cops.
If passed, the law would also require companies such as Telegram to allow backdoor government access to encrypted information. This would also provide a golden key vulnerability for hackers and malicious actors. It may also affect the cryptocurrency industry.
Fundstrats Tom Lee commented on the possible implications to the cryptocurrency industry.
If true, would have some negative impact on crypto and digital assets which are grounded by cryptography
Cryptocurrency does not appear to be the target here and the concerns are largely focused on the likes of Apple which keeps a tight leash on its products, even from its own customers.
Digital finance is a completely different arena to social media and data, especially involving minors, so it is unlikely there will be any great impact on decentralized crypto assets.
Will the new law affect cryptocurrency? Add your thoughts below.
Follow this link:
How Would a US Ban on End to End Encryption Affect Cryptocurrency? - Bitcoinist
Bluefin and FroogalPay Partner to Provide PCI-Validated Point-to-Point Encryption (P2PE) – Benzinga
Leading provider of multi-gateway, hardware agnostic solutions to provide the reduced scope, cost beneft and brand protection of P2PE to their client base.
ATLANTA and MOUNTAIN VIEW, Calif. (PRWEB) February 05, 2020
Bluefin, the leading provider of payment security technologies and PCI-validated point-to-point encryption (P2PE) solutions, today announced its partnership with payment provider specialist FroogalPay. Through this partnership, users of FroogalPay's multi-gateway, hardware agnostic platform will benefit from Bluefin's PCI-validated P2PE solution.
FroogalPay is a user-friendly Virtual Terminal/Invoicing System/Hosted Payment Pages platform for merchants that turbocharges how 120+ payment gateways process credit cards and ACH.
In addition, FroogalPay is middleware that provides software developers specializing in higher education, retail and entertainment a quick and easy way to accept payments from within their application. With a single integration, software developers can access all of FroogalPay's 120+ turbocharged gateways.
Bluefin's PCI-validated P2PE technology secures credit and debit card transactions by encrypting all data within a PCI-approved point of entry device. This prevents clear-text cardholder data from being available within the device, or in the merchant's system where exposure to malware is possible. Data decryption always occurs offsite in a Bluefin hardware security module (HSM), ensuring the highest level of security.
"FroogalPay has evolved to become a leading provider of payment processing and security services, with over 120 integrations to global processors, payment gateways and software vendors serving a variety of industries," said Greg Cornwell, Chief Revenue Officer, Bluefin. "By partnering with FroogalPay, Bluefin will now be able to offer PCI-validated P2PE to the company's large network of existing partners and in future integrations. We are very pleased that FroogalPay chose Bluefin to power their P2PE solution."
Bluefin enables PCI-validated P2PE on partner platforms using their Decryptx Decryption as a Service (DaaS) product. More than 125 connected partners including gateways, ISV's, and processors interact directly with Bluefin for the P2PE service.
"This is a great partnership for FroogalPay and Bluefin because FroogalPay is able to enhance its software while opening up a new distribution channel for Bluefin," said Jonathan Reinsdorf, CEO, FroogalPay.
The benefits of the Bluefin and FroogalPay P2PE solution include reducing PCI scope from 329 to 33 questions on the P2PE self-assessment questionnaire (SAQ), which in turn provides significant cost and efficiency savings; online management of the P2PE device process with Bluefin's P2PE Manager; and seamless integration with FroogalPay's platforms.
About Bluefin
Bluefin specializes in payment and data security technologies that protect point-of-sale (POS) and online transactions. Our security suite includes PCI-validated point-to-point encryption (P2PE) for retail, call center, mobile and unattended payments, and our ShieldConex data security platform for the protection of personally Identifiable Information (PII), Personal Health Information (PHI), and payment data entered online. Bluefin is a Participating Organization (PO) of the PCI Security Standards Council (SSC) and is headquartered in Atlanta, with offices in New York, Chicago, Tulsa and Waterford, Ireland. For more information, please visit http://www.bluefin.com.
About FroogalPay
FroogalPay is a user-friendly Virtual Terminal/Invoicing System/Hosted Payment Pages platform for merchants that turbocharges how 120+ payment gateways process credit cards and ACH.
In addition, FroogalPay is middleware that provides software developers a quick and easy way to accept payments from within their application. With a single lightning-fast integration, software developers can access all of our 120+ turbocharged gateways, FroogalPay is headquartered in Chicago with an office in Montreal, Canada. Visit https://froogalpay.com/.
For the original version on PRWeb visit: https://www.prweb.com/releases/bluefin_and_froogalpay_partner_to_provide_pci_validated_point_to_point_encryption_p2pe/prweb16888566.htm
See more here:
Bluefin and FroogalPay Partner to Provide PCI-Validated Point-to-Point Encryption (P2PE) - Benzinga
Facebook to allow parents to monitor their kids’ chat messages – Sussex Express
Facebook has announced plans to add new parental tools to its Messenger app for users under the age of 13.
This will allow concerned parents to finally monitor their children's chats online, months after concerns were raised around the app's safety.
"Messenger Kids" was launched back in 2017 and allowed children who are too young to have a full Facebook account to still benefit from Facebook chat features.
'One stop grooming shop for predators'
In August, Facebook fixed a flaw within the app that accidentally allowed thousands of children to join group chats in which not all children participating in the chats were approved by parents.
End-to-end encryption hides whoever is receiving and sending messages from a third party.
Facebook has also been moving to encrypt its messaging services, which include Facebook Messenger and Instagram.
Facebook has said that the new features on Messenger Kids will include access for parents to see their childrens chat history.
WhatsApp, also owned by Facebook, is already encrypted and child protection agencies worry that overwhelming encryption may make detecting online predators more difficult.
The child protection agency NSPCC said in August that Facebook risked becoming a "one stop grooming shop" for children if they continued to enforced end-to-end-encryption.
Encryption can make it difficult to source predators online (Photo: Shutter)
Predators can hide behind encryption
Data obtained by the NSPCC via freedom of information requests to the police between April 2018 and 2019 showed that, out of 9,259 instances of children being groomed on a known platform, 4,000 were identified as being on Facebook platforms including Instagram and Whatsapp.
However, only 299 instances were identified as being from WhatsApp, which the NSPCC says highlights how difficult it becomes to detect crimes on an end-to-end encrypted platform.
The charity believes criminals will be able to carry out more serious child abuse on Facebook's apps undetected without needing to lure them off to encrypted platforms, if it goes ahead with changes.
Facebook has not confirmed whether Messenger Kids will be encrypted or not. The company said it will inform Messenger Kids users on the types of information others can see about them.
The rest is here:
Facebook to allow parents to monitor their kids' chat messages - Sussex Express