Your daily round-up of some of the other stories in the news

Civil liberties groups have protested at plans by Londons Metropolitan Police to use facial recognition software to scan the faces of people partying at this years Notting Hill Carnival.

Tens of thousands of people party in the streets of west Londons Notting Hill Gate on the last weekend of August, and the civil rights group Liberty has challenged the decision to use the technology to spot troublemakers, saying its racist, as the carnival is rooted in the capitals African-Caribbean community.

The police force trialled facial recognition last year, saying at the time that the technology involves the use of overt cameras which scan the faces of those passing by and flag up potential matches against a database of custody images. The database has been populated with images of individuals who are forbidden from attending Carnival, as well as individuals wanted by police who it is believed may attend Carnival to commit offences.

Nobody was arrested as a result of the trial, said the Met after the event. Stafford Scott of The Monitoring Group, an anti-racism charity, echoed Libertys concerns, saying: It is racial profiling. They are coming and putting everyones face in the system. A technique they use for terrorists is going to be used against young black people enjoying themselves.

Jonathan Evans, a former British spy chief, has come out strongly in favour of encryption, despite the fact that widespread use of encryption has reduced the ability of the agencies to police, to access the content of materials shared by terrorists.

Evans, who led the UKs MI5 spy service between 2007 and 2013, told the BBCs Today programme on Radio 4 that Im not personally one of those who believes we should weaken encryption. He was referring to the calls from Amber Rudd, the home secretary to weaken encryption: just last week she said that real people didnt always want end-to-end encryption.

In his interview, Evans said that he was concerned about cybersecurity more broadly, and particularly mentioned the Internet of Things, the security of which we regularly despair about here at Naked Security. He said: As our vehicles, air transport, our critical infrastructure is resting critically on the internet, we need to be really confident we have that secured because our economic and daily lives are going to be dependent on the security we can put in to protect us from cyberattack.

At Naked Security were very encouraged by Evans words: we are opposed to backdoors and anything that would weaken encryption.

Emojis we love them. And were also keen on equality here at Naked Security, so we very pleased to see that a ginger-haired emoji was among the options in the latest recommendations from Unicodes emoji subcommittee.

As well as our titian-headed friends, silver foxes, the bald and those blessed with curls will also be represented in emojis from June next year if the draft candidates included in the recommendations from the subcommittee are adopted.

The emoji subcommittee meets weekly, by phone, and also holds a week-long meeting every quarter to discuss and advance or reject proposals.

The next stage for gingers, silver foxes, bald folk and curly-topped people is the final quarterly meeting of this year, when the list of final candidates for encoding in Unicode 11.0 will be decided, with the final code points and names for the new emojis being decided at the first quarterly meeting next year.

Catch up with all of todays stories on Naked Security

Follow @NakedSecurityFollow @katebevan

View original post here:
News in brief: facial recognition planned for Carnival; spy chief backs encryption; ginger emoji planned - Naked Security

IBMs new approach to fight cyber criminals is a mainframe that enables encryption of an entire dataset and renders it useless to hackers.

Hackers are everywhere and even ships in high seas can be compromised by their malicious deeds.

According to IBM X-Force Threat Intelligence Index, more than 4 billion records were leaked in 2016 alone, which is over a 500% increase from the previous year.

As cyber criminals keep on keeping up with security companies, theres urgent need to find novel approaches and countermeasures.

Think about it: if all sensitive data is efficiently encrypted and hackers cant decrypt it, they wouldnt be able to take advantage. Their attempts to breach security systems would be pointless.

A recent study by thePonemon Institute reveals that, after using effective incident response teams, the extensive use of encryption is the second factor in reducing the cost of data breach (by anaverage of $16 USD per record).

However some companies show passivity when it comes to data encryption; some just dont bother, while others cant afford to encrypt everything.

Current data encryption solutions (on-premises or cloud-based) can degrade systems performance, aside from being too complex and costly to deploy in the first place.

As a result, IBM estimates that, since 2013, of over 9 billion data records stolen, only 4% of the data was ever encrypted, and the company wants to remedy this.

IBMs security solutions span the whole spectrum, from hardware and software to web services, but the company has a universal encryption approach to the problem of data protection.

As a leading tech company, IBM wants to put an end to the global pandemic of security breaches and to do that it is betting on full encryption of sensitive data.

IBM has been making significant progress in cryptographic technology, mainly with its Z series mainframes. We just witnessed the introduction of the 14th generation of thesystem.

Called IBM Z, or z14, the mainframe is a system that enables the encryption of all data contained in databases, apps or the cloud, at any time, with just one-click.

Powered with a novel encryption engine, IBM Z is much faster and can run 12 billion encrypted transactions per day, without being a detriment to performance.

The IBM Z boasts many other features, including Blockchain technology, for businesses of any scale to make use of it.

Nevertheless, IBMs full encryption system might not keep hackers totally at bay. Cyber attacks can still target sensitive encrypted data and steal it.

It remains to be seen if hackers would ever be able to decrypt it.

Read this article:
Here's why IBM Z Mainframe Wants to Encrypt the World - Edgy Labs (blog)

An increasing danger of our connected, digital world is the rise of hackers, and their potential to inflict serious damage with real-world consequences.

REUTERS

Nothing is precious for us than our data, and protecting that data at all costs is going to be paramount going forward. Good thing IBM has already perfected a full-proof system to foil the attempts of 21st century hackers!

IBM just released its latest Z series mainframe last month, the z14. What's a mainframe I hear you ask? Well, it's a very powerful computer which is used to handle huge volumes of data transactions -- for e.g. in a bank scenario, or for a flight booking website, or an ecommerce platform, among other things.

This is what the new IBM Z14 mainframe looks like

IBM's mainframes are widely used in the tech industry for delivery of critical services, but what the company has done for the first time ever with the newly released z14 mainframe is to allowdata encryption at every level of the system, and then storing everything inside encrypted containers. Multiple levels of encryption to hoodwink even the most diligent hackers out there.

And on top of that, if the system detects an attack like malware or other intrusion, the z14 mainframe has been designed to shut itself down automatically, as per an IBM statement on Techcrunch. Even if hackers could somehow get through all of these defenses, which is highly unlikely, the multiple levels of encryption would still render the data useless.

According to a report published in The Hindu, IBM's India engineering team had a crucial role in the successful development of the z14 mainframe's "pervasive encryption" technology.

The report quoted Gururaj S Rao, IBM Fellow & VP of System Integration, IBM zSystems as suggesting that a key z14 mainframe component designed by the India team was the encryption unit, which gives the z14 mainframe its unparalleled level of security. More than 100 engineers from IBM's India business unit contributed towards the development of the z14 mainframe.

Hopefully, the adoption and deployment of z14's pervasive encryption technology will cause a major dent in the exploits of hackers in the coming months and years. And we'll know that India had an important role in the scheme of things!

Follow this link:
IBM India Helps Create Breakthrough Encryption Technology That's Completely Hacker Proof - Indiatimes.com

August 3, 2017Hon. Malcolm Turnbull MPPrime MinisterParliament HouseCANBERRA ACT 2600

Re: Encryption and Human Rights

Dear Prime Minister Turnbull,

We write to urge you to support the use of strong encryption as essential to security and human rights in the digital age. We call on you to refrain from forcing technology companies to weaken the security of their products or banning the use of end-to-end encryption.

In a July 14 press conference on national security and encryption, you discussed challenges that Australian law enforcement and intelligence agencies faced in accessing encrypted data or communications, even with a lawful court order. You announced your intention to introduce legislation that will in particular impose an obligation upon device manufacturers and upon service providers to provide appropriate assistance to intelligence and law enforcement on a warranted basis, to access data in unencrypted form. While the conference released few details, you stated that the legislation would be modelled on the United Kingdoms Investigatory Powers Act and that you will seek a coordinated approach with international partners, including the Five Eyes intelligence alliance.

Governments have a human rights obligation to investigate and prosecute crime and thwart terrorist attacks. However, any policy response should not do more harm than good, while also be effective at achieving its aim. Forcing companies to weaken encryption or effectively forbidding the use of end-to-end encryption fails on both counts, and would undermine human rights worldwide.

Strong encryption is the cornerstone of cybersecurity in the digital age. Todays cybercriminals are increasingly sophisticated, targeting Internet companies, credit card and identity data, critical infrastructure, and even nation-state intelligence agencies.[1] Strong encryption built into private sector technology protects the dataand the human rights and securityof billions of Internet users worldwide against these growing security threats. You yourself have acknowledged that you use encrypted applications like Wickr and WhatsApp because traditional communication methods are not secure.[2]

Weakening encryption for any purpose effectively weakens it for every purpose, including malicious hacking, financial fraud, and for other illicit purposes. And unfortunately, weak or partial encryption provides not just weak or partial protection, but no protection at all against sophisticated repressive regimes and capable criminals. Some companies that manufacture encrypted apps or devices do not have the ability to disclose conversations or data to law enforcement because that information is encrypted end-to-end and companies do not have the decryption keys. A requirement of assured decryptability for all data would force such companies to redesign their products without security features like end-to-end encryption or to introduce deliberate vulnerabilities, or back doors, into their software.

The overwhelming consensus of information security experts, along with some former Five Eyes intelligence officials, is that there is no technical solution that would allow specific law enforcement agencies to decrypt communications without creating vulnerabilities that would expose all users to harm.[3] Europol has also warned that solutions that intentionally weaken technical protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well.[4] Determined cybercriminals and rival foreign intelligence agencies will find and exploit such back doors, for profit or abuse. This would undermine cybersecurity for all users, including billions that are under no suspicion of wrongdoing.

For human rights defenders and journalists, the harm can be even more serious. Activists and media organizations with whom we work in places like Hong Kong, Vietnam, Thailand, and across the Middle East rely on encryption built into phones and chat applications to protect sources and victims from reprisals. In 2015, the UN special rapporteur on freedom of expression, David Kaye, recognized that encryption enables the exercise of freedom of expression, privacy, and a range of other rights in the digital age.[5] Countries like Russia, China, and Turkey need no encouragement, they are already blurring the line between human rights activism and terrorism in order to justify surveillance and repression of human rights activists.

While strong encryption may limit some existing surveillance capabilities, weakening such security features will only increase the vulnerability of billions of ordinary people to cybercrime, identify theft, and malicious hacking. Such harm would be broadly disproportionate to any gains in law enforcement capabilities that undermining encryption would achieve.

It is also unlikely that limiting strong encryption in Australiaor even in all Five Eyes countries would prevent bad actors from using it. As a recent global survey of encryption products confirms, terrorists and criminals could easily shift to the many available foreign alternatives that would not be subject to Australian law.[6]

Technology companies face an escalating digital arms race to secure their software and devices against cybercriminals, and encryption is a key part of their arsenal. Instead of hindering efforts to protect ordinary users, we urge your government to invest in modernizing investigation techniques and increasing resources and training in tools already at their disposal, consistent with human rights requirements.[7] For example, any limitations encryption poses to police capabilities are greatly offset by the explosion of new kinds of investigatory material enabled by the digital world, including location information and vast stores of metadata that are not encrypted. And encrypted data can often be accessed in unencrypted form through cloud-based backups or by directly accessing it on devices with hacking or forensic tools. Of course, these alternative approaches should also be necessary and proportionate to legitimate security goals, regulated in public law, and subject to strict safeguards to ensure respect for privacy and other rights.

Australias approach to encryption will be emulated by other countries facing similar challenges. Your government can demonstrate true leadership by adapting to a world with strong encryption instead of fighting the gains the private sector has made in shoring up security and human rights in the digital age.

Sincerely,

Elaine PearsonAustralia Director

Cynthia WongSenior Internet Researcher

CC:

Senator the Hon. George Brandis QC, Attorney-General

Mr. Michael Phelan APM, Acting Commissioner of the Australian Federal Police

[1] See, for example, Sam Thielman, "Yahoo hack: 1bn accounts compromised by biggest data breach in history," The Guardian, December 15, 2016, https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-o... (accessed August 2, 2017); Nicole Perlroth & David Sanger, "Hacks Raise Fear Over N.S.A.s Hold on Cyberweapons," New York Times, June 28, 2017, https://www.nytimes.com/2017/06/28/technology/ransomware-nsa-hacking-too... (accessed August 2, 2017).

[2] Eliza Borrello, "Malcolm Turnbull confirms he uses Wickr, WhatsApp instead of unsecure SMS technology," ABC News, March 2, 2015, http://www.abc.net.au/news/2015-03-03/malcolm-turnbull-uses-secret-messa... (accessed August 2, 2017).

[3] Nicole Perlroth, "Security Experts Oppose Government Access to Encrypted Communication," New York Times, July 7, 2015, https://www.nytimes.com/2015/07/08/technology/code-specialists-oppose-us... (accessed August 2, 2017); Mike McConnell, Michael Chertoff and William Lynn, Why the fear over ubiquitous data encryption is overblown, July 28, 2015, https://www.washingtonpost.com/opinions/the-need-for-ubiquitous-data-enc... (accessed August 2, 2017); John Leyden, "Former GCHQ boss backs end-to-end encryption," The Register, July 10, 2017, https://www.theregister.co.uk/2017/07/10/former_gchq_wades_into_encrypti... (accessed August 2, 2017).

[4] Europol and ENISA joint statement, "On lawful criminal investigation that respects 21st Century data protection," May 20, 2016, https://www.enisa.europa.eu/publications/enisa-position-papers-and-opini... (accessed August 2, 2017).

[5] UN Human Rights Council, Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, David Kaye, A/HRC/29/32, May 22, 2015, http://ap.ohchr.org/documents/dpage_e.aspx?si=A/HRC/29/32 (accessed August 2, 2017).

[6] B. Schneier, K. Seidel, and S. Vijayakumar, A Worldwide Survey of Encryption Products, February 11, 2016, https://www.schneier.com/academic/archives/2016/02/a_worldwide_survey_o.... (accessed August 2, 2017).

[7] Orin Kerr and Bruce Schneier, Encryption Workarounds, March 20, 2017, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2938033 (accessed August 2, 2017).

More here:
Letter to Prime Minister Turnbull re Encryption and Human Rights - Human Rights Watch (press release)

In the debate over encrypting our private communications and giving the government backdoor access to better thwart terrorism, it's hard to tell where the British government stands.

"Encryption plays a fundamental role in protecting us all online."

"We need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp."

"To be very clear Government supports strong encryption and has no intention of banning end-to-end encryption."

"There is a problem in terms of the growth of end-to-end encryption."

These statements might sound contradictory, but they have one thing in common: they can all be attributed to the UK's Home Secretary Amber Rudd.

Rudd has said all of these things and more about encryption in various speeches, interviewsover the past few months and aself-penned articlesearlier this week. It's not just you. From reading these statements, even in context, it's all pretty confusing.

The comments are just the latest turn in the debate over encryption, which has become a bugbear of the British government in the wake of multiple terror attacks in the UK during 2017. While he protections guard our privacy, they also prevent the authorities from being able to read messages between terrorists. Prime Minister Theresa May has called multiple times on tech companies to "do more" to tackle the terror threat. Rudd, ahead of attending theGlobal Internet Forum to Counter Terrorism on Tuesdaywrote an editorial in the Telegraph saying that the UK isn't looking to ban encryption, but does want some kind of change.

The back and forth from Rudd is counterproductive because she's seemingly seeking a middle ground that doesn't exist. By parsing her statements, Rudd appears to suggest a version of encryption that is almost, but not absolutely, unbreakable. But end-to-end encryption means that not even the companies that create and enforce security measures can decrypt your messages, so the idea of an emergency access point seems far-fetched.

"Amber Rudd must be absolutely clear on what co-operation she expects from Internet companies," said Jim Killock, executive director of UK digital rights campaign Open Rights Group. "She is causing immense confusion because at the moment she sounds like she is asking for the impossible."

It's not like tech companies aren't willing to help. Facebook, Twitter and Google have shown willingnesswork with governments on tackling terrorism.

Amber Rudd speaking at the Global Internet Forum to Counter Terrorism

But they aren't bending on the issue of putting in backdoors for government access. As tech companies and security experts have repeatedly pointed out, if the companies themselves have a way of accessing these communications, so potentially do more malicious people.

Breakable encryption could also, as numerous experts, including Facebook Chief Operating Officer Sheryl Sandberg, point out, chase terrorists onto other platforms that aren't as willing to cooperate with governments.

"If people move off those encrypted services to go to encrypted services in countries that won't share the metadata, the government actually has less information, not more," Sandberg said in an interview broadcast by the BBC last week.

In fact, it's already happening. On Wednesday, three men were found guilty in the UK of plotting a terrorist attack and had been using the encrypted app Telegram to communicate with one another. Telegram was called out by Europol chief Rob Wainwright earlier this year for "causing major problems," by not being cooperative with law enforcement.

Another allegation Rudd has leveled at end-to-end encryption is that "real people" don't care about it. People don't use WhatsApp because it is secure, she said in her Telegraph editorial, but because it is convenient, cheap and user-friendly. This is more than a huge generalization, it's an assertion for which she provides absolutely no supporting evidence.

Indeed, her comments have attracted criticism from privacy organization Big Brother Watch, which said they were "at best nave, at worst dangerous."

"Suggesting that people don't really want security from their online services is frankly insulting, what of those in society who are in dangerous or vulnerable situations, let alone those of us who simply want to protect our communications from breach, hack or cybercrime," said Renate Samson, the organization's chief executive in a statement.

"Once again the Government are attempting to undermine the security of all in response to the actions of a few," he said. "We are all digital citizens, we all deserve security in the digital space."

Rudd maintains "there are options" for using end-to-end encryption and also making sure terrorists "have no place to hide" online. But what these options are seem to be a mystery to everyone but her. For the sake of the British public, many of whom do care that their communications are kept private and secure, she needs to explain how this will work.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter. Here's what they're up to.

Intolerance on the Internet: Online abuse is as old as the internet and it's only getting worse. It exacts a very real toll.

Read the rest here:
UK flip-flop on encryption doesn't help anyone - CNET