Prime Minister Malcolm Turnbull has put the onus on the technology companies providing end-to-end encryption to work out ways law enforcement can access the communications of criminals and terrorists.

In a speech in London overnight, Turnbull said companies should not be able to build end-to-end encryption tools that meant nobody - including courts and law enforcement - could access the content of communications.

The Australian government - along with its G20 counterparts - is looking at ways it can legally gain access to encrypted messages.

The government has repeatedly denied it is asking for backdoors to be built into encrypted messaging products, however technology companiesand security experts say encrypted communications - for which individual users hold the decryption keys - cannot be accessed without doing so.

Attorney-General George Brandislast month saidthe government would try to secure co-operation from technology companies and internet service providers through an agreed set of protocols, rather than legal requirements.

He also hinted at a potential tweaking of warrant exchanges between Australian and Five Eyes law enforcement to more easily access data in those jurisdictions.

"What we need is to develop, and what well be asking the device makers and the ISPs to agree to, is a series of protocols as to the circumstances in which they will be able to provide voluntary assistance to law enforcement," Brandis said.

"There is also, of course, the capacity which exists now in the United Kingdom and in New Zealand under their legislation for coercive powers, but we dont want to resort to that. We want to engage with the private sector to achieve a set of voluntary solutions."

Turnbull overnight told technology companies "the ball is in your court" when it comes to finding a solution to the problem.

"... just as a locked bank vault or filing cabinet cannot resist a court order to produce a document, why should the owners of encrypted messaging platforms like Whatsapp or Telegram or Signal be able to establish end to end encryption in such a way that nobody, not the owners and not the courts have the ability to find out what is being communicated," Turnbull said.

"[We are saying to Sillicon Valley] youhave created messaging applications which are encrypted end to end, they are being used by terrorists and criminals to hide their murderous plans.

"You must ensure that these dark places can be illuminated by the law so that the freedoms you hold dear will not be stripped away by criminals your technologies have made undetectable."

Turnbull conceded it would be a "difficult conversation" but argued the best defence against terrorists was "good intelligence".

"We have in the last few years disrupted 12 major terrorists plots, including several that would have resulted in large mass casualty attacks," he said.

"How many more can we disrupt if every communication, by every conspirator, is encrypted end to end and cannot be read despite every lawful right, indeed duty, so to do?"

The prime minister reiterated that the government would not pursue backdoors or access to technology companies' source code.

View original post here:
Turnbull handballs encryption problem to tech companies - iTnews

Former GCHQ director Robert Hannigan has spoken out against building backdoors into end-to-end encryption (e2) schemes as a means to intercept communications by terrorists and other ne'er do wells.

UK Home Secretary Amber Rudd has criticised mobile messaging services such as WhatsApp, that offer end-to-end encryption in the wake of recent terror outages, such as the Westminster Bridge attack, arguing that there should be no place for terrorists to hide.

Hannigan, who led GCHQ between November 2014 and January 2017, struck a different tone in an interview with BBC Radio 4 flagship news programme Today on Monday morning, arguing there's no simple answer on the national security challenges posed by encryption.

"Encryption is overwhelmingly a good thing," Hannigan said. "It keeps us all safe and secure. Throughout the Cold War and up until 15 years ago it was something only governments could do at scale."

The former spy agency boss described the availability of e2e encryption in smartphone apps available to everyone is, broadly, a good thing.

"The challenge for governments is how do you stop the abuse of that encryption by the tiny amount of people who want to do bad things, like terrorists and criminals," Hannigan said.

"You can't un-invent end-to-end encryption you can't legislate it away," he added.

The former head of GCHQ favours co-operation between government agencies and private (tech) companies "to find a way around it" rather than passing laws that oblige tech providers to weaken the encryption of their technology or install backdoors.

"I don't advocate building in backdoors," Hannigan said. "It's not a good idea to weaken security for everybody in order to tackle a minority.

The best solution is to "target the people who are abusing" encryption systems and go after the smartphone or laptops they are using.

"Trying to weaken the system, trying to build in backdoors won't work and is technically difficult," Hannigan reiterated.

e2e schemes are a subset of encryption in general but present a tougher challenge for law enforcement and government because service provides don't hold the private keys needed to decipher data.

Not all encryption works end to end. As well as malware implants on end point devices, encryption schemes can be broken through protocol weakness and implementation flaws.

Hannigan referenced the 1980s Clipper Chip debacle in saying he doesn't think legislation to weaken crypto would work now either. "The Americans tried that in the 1990s under the Clinton Administration and it didn't work. I can't see, particularly since most of these companies are US based, that legislation is the answer."

The co-operation Hanningan advocates with tech firms is more difficult after the revelations from former NSA sysadmin Edward Snowden. This is not just because of pressure from consumers for tech firms to offer technologies more resistant against government snooping but because firms, such as Google, who co-operate with the US government in handing over data under schemes such as PRISM were angered to discover that the NSA was pulling other tricks such as hacking into links between their data centre too.

Telcos, in particular, co-operated with law enforcement agencies across the world in lawful interception schemes for years before smartphones and endpoint devices rather than telecom switches became the necessary focus of surveillance efforts as the result of advances in technology such as the rise of mobile messaging and apps such as WhatsApp, Apple iMessage and Telegram, among others.

The former GCHQ boss - who started off his tenure criticising tech giants for acting as a "command and control" networks of choice for terrorists and criminals back in November 2014 - underwent something of a conversion in attitudes as a spy agency boss.

By March 2016 he was had softened his stance and begun advocating co-operation with tech giants, such as Google and Apple, a line he expanded and updated during his interview on Monday morning, which is well worth a listen.

Hanningan also wants technology firms to get together and apply their "engineering brilliance" to tackle the abuse of the internet as a vehicle for spreading terrorist propaganda and radicalisation. "Legislation is a blunt last resort," he said.

Lastly, in a wide-ranging interview, Hanningan said Russia as a country was responsible for a "disproportionate amount of mayhem in cyberspace" such as attacks on democratic institutions as well as the activities of cyber-criminal groups. He praised the creation of the UK's National Cyber Security Centre (NCSC) in improving defences ("the private sector needs to get better") as well as French President Emmanuel Macron's public condemnation as positive moves in combating the problem. Hanningan went on to suggest that sanctions and other measures against Russia over cyber espionage might be necessary to set "red lines" while acknowledging much online malfeasance comes from cybercrime elements.

"There is an overlap of crime and state and a deeply corrupt system that allows crime to flourish. But the Russian state could do a lot to stop that and it can certainly rein in its own activity," Hanningan concluded.

See original here:
Former GCHQ boss backs end-to-end encryption - The Register

Symantec Endpoint Encryption provides encryption and centralized management to protect sensitive information while ensuring regulatory compliance.

Bottom Line Symantec Endpoint Encryption protects sensitive information and ensures regulatory compliance with both full-disk and removable-data encryption. It encrypts each drive, sector by sector, ensuring all files are encrypted. It also supports various types of removable media. It also allows removable data users to access their data on any machine, even if its not encrypted.

BitLocker Drive Encryption is an encryption feature that works to provide your operating system and any other drives with increased protection.

Bottom Line BitLocker Drive Encryption is an encryption feature available for recent Windows operating systems and intended to increase the security surrounding your computers drives. Offering increased functionality with a Trusted Platform Module (TPM), BitLocker can generate comprehensive protection for your operating system itself or for any drives that are attached to your computer. BitLocker uses encryption techniques, alongside any additional security measures you choose, to protect sensitive data from hackers.

East-tec InvisibleSecrets is a steganography and file-encryption tool that encrypts confidential file and folder structures and allows users to hide files from other users.

Bottom Line InvisibleSecrets encrypts data and files and keeps them safe for secure transfer in emails or across the internet. The file encryption lets users encrypt and hide files directly from Windows Explorer and automatically transfer them by email or via the internet. Users can also hide files in places that appear innocent, such as pictures, sound files, or webpages.

Cypherix Cryptainer is a data-encryption solution that allows users to encrypt files and protect sensitive data on their hard drives, memory sticks, or other storage media.

Bottom Line Cypherix Cryptainer is an encryption solution for Windows PCs. The software encrypts files and folders, and allows for the creation of multiple encrypted virtual hard drives. Cryptainer is offered in several versions, including the free Cryptainer LE version and a premium Cryptainer SE.

Voltage HPE SecureData Enterprise is a data-protection platform that provides end-to-end encryption for sensitive company data.

Bottom Line Voltage HPE SecureData Enterprise is a data-protection solution that allows companies to ensure that all of their sensitive data is encrypted and kept out of the hands of potentially malicious entities. The software works by continually encrypting and protecting data even as the data is being captured, processed, and stored, so that no vulnerabilities can be exploited. Voltage HPE SecureData Enterprise provides stateless key management, an extremely flexible application programming interface (API) that can integrate with nearly any application, and support for various operating systems and devices.

DriveCrypt data encryption provides secure 1344-bit disk encryption for desktop computers and laptops.

Bottom Line DriveCrypt is a disk encryption product that automatically encrypts data on desktop and laptop personal computers (PCs), as well as universal serial bus (USB) storage devices. The secure 1344-bit encryption is done automatically on the fly, so users do not have to change their workflow.

CipherShed is a free, open-source program that can be used to create encrypted files or to encrypt entire drives including universal serial bus (USB) flash drives and external hard disk drives (HDDs).

Bottom Line CipherShed is a free, open-source program intended to be used to create encrypted files or to encrypt entire drives. This includes being able to encrypt thumb/flash drives and external removable (and back-up) hard disk drives (HDDs). The program is designed to be simple to use and includes a wizard that provides simple step-by-step instructions for users to follow.

MiniLock is simple file-encryption and transfer tool that makes it easier and more convenient to securely send files from one person to another.

Bottom Line MiniLock is a miniature file-encryption and transfer solution that works toward simplifying the process of sending encrypted files from one person to another. By generating unique MiniLock identities for each user and requiring strong passphrases, MiniLock establishes multiple layers of protection to guarantee the security of your files. MiniLock makes it easy to send an encrypted file to someone through a process as simple as sharing a tweet.

Kryptel encryption software allows Windows personal computer (PC) users to encrypt and decrypt one to thousands of files and folders with a single click for secure file storage.

Bottom Line Kryptel encryption software for Windows allows users to encrypt and decrypt files and folders with just a click of the mouse. All editions also include right-click-integration with Explorers browser to look inside encrypted containers and include a data shredder with a variety of settings to increase data-wiping security during encryption and decryption. Upgraded versions add encrypted backups, script-driven encryption, and a command-line interface.

Vormetric Transparent Encryption encrypts data, enables privileged user access control, and creates activity logs.

Bottom Line Vormetric Transparent Encryption encrypts databases and files and removes data access rights from administrators. When integrated with a security information and event management system, it can generate extremely detailed reports.

Gpg4win is open-source solution that encrypts and digitally signs files and emails.

Bottom Line Gpg4win encrypts emails and files with military-grade security. You can also use it to digitally sign your messages and files. The software is open source and free to use even commercially.

Boxcryptor provides encryption for files stored within various platforms the cloud.

Bottom Line With Boxcryptor, users can encrypt any files they plan to store in a cloud-based repository (i.e., Dropbox, Google Drive, Microsoft OneDrive, or any other common cloud-storage provider). Boxcryptor provides applications for all major operating systems and mobile platforms, allowing users to access their encrypted files anywhere at any time regardless of where the files are stored.

VeraCrypt is open-source disk-encryption software (from IDRIX) that protects files and systems and prevents data leaks and data theft.

Bottom Line VeraCrypt open-source disk-encryption software adds enhanced security to the encryption algorithms used for systems and partitions. It makes systems and partitions immune to the latest developments in brute-force attacks and solves many of the security issues and vulnerabilities found in TrueCrypt.

Jeticos BestCrypt products offer comprehensive military-standard data protection for sensitive information in files and/or on hard drives.

Bottom Line Jeticos BestCrypt software products deliver military-standard data protection for active computers, shared workstations, or network storage and for lost or stolen computers and laptops.

Digital Guardian is data-centric encryption and protection software, with a wide array of tools and system coverage.

Bottom Line Digital Guardian is data-centric encryption and protection software, with a wide array of tools and system coverage. Its protection extends to your sensitive files no matter where they are on the network, endpoints, and cloud. With detailed reports on data activity and user policy enforcement, Digital Guardian will provide you with the tools and means to protect your valuable data.

See the original post:
Top Encryption Software for 2016 - PCMag

The growing usage of smartphones and mobility solution is driving the Homomorphic Encryption Market as mobile cloud computing can be described as an infrastructure where both data storage and data computing happens outside the device. Mobile cloud applications move the computing power and data storage away from mobile phones and into the cloud. Nowadays, due to digital transmission people use smartphones in their daily life for bill payments, shopping and mobile banking among others. Due to this people share their personal information with a third-party forum which raises the concern over privacy of an individual's personal information. Internet users are sharing lot of information with each other through a third-party forum. Hence, security of data becomes an important factor which is boosting the growth of homomorphic encryption market.

The Global Homomorphic Encryption Market is expected to reach USD 268.3 million by the end of 2027 with 7.55% CAGR during forecast period 2017-2027.

Homomorphic Encryption Market-Key Players:

The prominent players in the market of Homomorphic Encryption Market are Gemalto (Netherlands), Oracle Corporation (U.S.), Microsoft (U.S.), IBM Corporation (U.S.), Galois Inc (U.S.), CryptoExperts (France), Netskope (U.S.) among others.

Request a Sample Report @ https://www.marketresearchfuture.com/sample_request/1144

Regional Analysis:

North American region accounted for the largest market share majorly from the countries U.S. and Canada. Homomorphic Encryption Market is expected to grow at a fast pace in U.S. The reason is attributed to stable growth rate, better medical facilities, increasing consumption, increasing private sector investments, high exports and increasing number of small and medium scale enterprises. In 2016, North America market has been valued at USD 53.56 million in the year 2016 and is projected to grow at CAGR of 8.02% over the forecast period 2017 to 2027.

Europe is growing at a stable rate over the forecast period. The region is attributed to the increasing security concerns, high adoption of homomorphic encryption solutions rapid industrialization among others. Also, the high investment in the cloud based industries is expected to boost the market over the forecast period. Whereas, factors such as lack of up gradation and complexity are stopping the market to grow in the European region. Countries such as U.K and Germany accounted for the largest market share in the European region majorly being a banking hub and high investment in infrastructure.

Access Report Details @ https://www.marketresearchfuture.com/reports/homomorphic-encryption-market-1144

Market Research Analysis:

Cloud computing provides better solutions for e-governance and it also offers lot of financial benefits in many aspects. Therefore, the implementation of homomorphic encryption in the government sector is growing due to better storage solutions. Also, electronic governance has become an important tool for the government to provide the services to the citizens in more proficient and transparent manner. The increasing usage of homomorphic encryption in this context help to serve better services to citizens, improved interactions with business and industry, citizen empowerment and more efficient government management. Therefore, increases transparency, increased growth of the nation and cost reductions.

The banking and finance sector across the world is adopting homomorphic encryption. Nowadays, the use of online banking system has been increasing drastically. The various government initiatives such as government schemes and transparency in the payment system majority of the population are motivated to have their own bank accounts. Therefore, these are the reasons which lead to enormous computing and storage requirements in the current banking system. Also, the cloud computing system has offered promising prospects in this scenario. The financial inability of banks to procure and maintain private infrastructure and other factors is leading the existing bankers to switch to cloud computing model for their businesses. Also, the main concern is IT security associated with cloud computing services. The security problem is not only with outsourcing but also from internal resources in the organization.

Browse Related Reports:

Data Encryption Market, by Method (Symmetric, Asymmetric), by Deployment (On Cloud, On Premises), End Users (SMEs, Large Organization), by Application (Government, BFSI, Healthcare, Manufacturing, Automotive, Aerospace & Defense) - Forecast 2016-2022

https://www.marketresearchfuture.com/reports/data-encryption-market-1733

Encryption Software Market, by Deployment (Cloud, On-Premise), by Service (Professional Service, Managed Service), by Organization Size (Small & Medium Enterprises, Large Enterprises), by Application (File/ Folder Encryption) - Forecast 2023

https://www.marketresearchfuture.com/reports/encryption-software-market-3125

About Market Research Future:

At Market Research Future (MRFR), we enable our customers to unravel the complexity of various industries through our Cooked Research Report (CRR), Half-Cooked Research Reports (HCRR), Raw Research Reports (3R), Continuous-Feed Research (CFR), and Market Research & Consulting Services.

MRFR team have supreme objective to provide the optimum quality market research and intelligence services to our clients. Our market research studies by Components, Application, Logistics and market players for global, regional, and country level market segments, enable our clients to see more, know more, and do more, which help to answer all their most important questions.

In order to stay updated with technology and work process of the industry, MRFR often plans & conducts meet with the industry experts and industrial visits for its research analyst members

Contact:

Akash Anand,

Market Research Future

+1 646 845 9312

Email: akash.anand@marketresearchfuture.com

View original content with multimedia:http://www.prnewswire.com/news-releases/homomorphic-encryption-market-estimated-to-reach-usd-2683-million-by-2027-at-a-cagr-of-755-300485224.html

SOURCE Market Research Future

https://www.marketresearchfuture.com

Go here to read the rest:
Homomorphic Encryption Market Estimated to Reach USD 268.3 Million by 2027 at a CAGR of 7.55% - PR Newswire (press release)

This statement was originally published on article19.org on 4 July 2017.

ARTICLE 19 joins 82 other organisations in the following letter, calling on governments to protect strong encryption.

To the leaders of the world's governments,

We urge you to protect the security of your citizens, your economy, and your government by supporting the development and use of secure communications tools and technologies, rejecting policies that would prevent or undermine the use of strong encryption, and urging other leaders to do the same.

Encryption tools, technologies, and services are essential to protect against harm and to shield our digital infrastructure and personal communications from unauthorized access. The ability to freely develop and use encryption provides the cornerstone for today's global economy. Economic growth in the digital age is powered by the ability to trust and authenticate our interactions and communicate and conduct business securely, both within and across borders.

Some of the most noted technologists and experts on encryption recently explained (PDF) that laws or policies that undermine encryption would "force a U-turn from the best practices now being deployed to make the Internet more secure," "would substantially increase system complexity" and raise associated costs, and "would create concentrated targets that could attract bad actors." The absence of encryption facilitates easy access to sensitive personal data, including financial and identity information, by criminals and other malicious actors. Once obtained, sensitive data can be sold, publicly posted, or used to blackmail or embarrass an individual. Additionally, insufficiently encrypted devices or hardware are prime targets for criminals.

The United Nations Special Rapporteur for freedom of expression has noted, "encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age." As we move toward connecting the next billion users, restrictions on encryption in any country will likely have global impact. Encryption and other anonymizing tools and technologies enable law yers, journalists, whistleblowers, and organizers to communicate freely across borders and to work to better their communities. It also assures users of the integrity of their data and authenticates individuals to companies, governments, and one another.

We encourage you to support the safety and security of users by strengthening the integrity of communications and systems. All governments should reject laws, policies, or other mandates or practices, including secret agreements with companies, that limit access to or undermine encryption and other secure communications tools and technologies.

Users should have the option to use - and companies the option to provide - the strongest encryption available, including end-to-end encryption, without fear that governments will compel access to the content, metadata, or encryption keys without due process and respect for human rights. Accordingly:

Governments should not ban or otherwise limit user access to encryption in any form or otherwise prohibit the implementation or use of encryption by grade or type;

Governments should not mandate the design or implementation of "backdoors" or vulnerabilities into tools, technologies, or services;

Governments should not require that tools, technologies, or services are designed or developed to allow for third- party access to unencrypted data or encryption keys;

Governments should not seek to weaken or undermine encryption standards or intentionally influence the establishment of encryption standards except to promote a higher level of information security. No government should mandate insecure encryption algorithms, standards, tools, or technologies; and

Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets.

Strong encryption and the secure tools and systems that rely on it are critical to improving cybersecurity, fostering the digital economy, and protecting users. Our continued ability to leverage the internet for global growth and prosperity and as a tool for organizers and activists requires the ability and the right to communicate privately and securely through trustworthy networks.

We look forward to working together toward a more secure future.

Read the letter in full

The rest is here:
Global coalition urges "Five Eyes" to respect encryption - IFEX