Category Archives: Encryption

ACLU and EFF Call DOJ’s Encryption Dream a Nightmare – L.A. Weekly

This past weekend, the Department of Justice joined law enforcement from six other countries in issuing their hopes for the future of encryption.

The letter was signed by U.S. Attorney General William Barr and his counterparts from the United Kingdom, Australia, New Zealand and Canada, with support from India and Japan.

The group started things off in the right direction. The letter goes over just how critical encryption is to our rapidly developing society. They pointed to the crucial role it plays in protecting personal data, privacy, intellectual property, trade secrets and cyber security.

But its a lot deeper than credit card numbers. The letter went further into the impact that encryption has for those living under repressive regimes. Encryption is a life or death thing for a lot of journalists, human rights defenders and other marginalized vulnerable populations.

After setting this bar for how important encryption is to a high-tech society moving forward, the tone starts to change a bit. The letter takes on a new direction that starts by addressing the challenges encryption creates, particularly when it comes to protecting the safety of sexually exploited children.

We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content, the letter read. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions.

The steps?

First off, the international consortium of law enforcement wants companies to embed the safety of the public in the systems they are designing. The letter argues this will enable companies to act against illegal content and activity effectively with no reduction to safety.

The two most direct ways to look at this is its either a clean-your-own-house reference with the idea of embedding a willingness in company cultures to take more intrusive steps to find offenders on their platforms, or its a demand for a backdoor. Their definition of embedding safety includes facilitating the investigations and prosecutions, so its a safe bet its leaning more toward the backdoor perspective.

The letter wants the tech industry to, Enable law enforcement access to content in a readable and usable format where an authorization is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight, and, Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions. The various law enforcement agencies want to be assured they are as deeply embedded in the development process as possible around the globe as encryption continues to develop.

Law enforcement argues that the companies have a responsibility to provide themselves a mechanism to protect the public and stated:

End-to-end encryption that precludes lawful access to the content of communications in any circumstances directly impacts these responsibilities, creating severe risks to public safety in two ways:

By severely undermining a companys own ability to identify and respond to violations of their terms of service. This includes responding to the most serious illegal content and activity on its platform, including child sexual exploitation and abuse, violent crime, terrorist propaganda and attack planning; and

By precluding the ability of law enforcement agencies to access content in limited circumstances where necessary and proportionate to investigate serious crimes and protect national security, where there is lawful authority to do so.

The letter said in light of the threats created by these secure communications, there is increasing consensus across governments and international institutions that something must be done. But they dont provide how these new backdoors might impact the journalists, human rights defenders and vulnerable populations.

While encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online, the letter reads.

Law enforcement believe these mechanisms that would only give the few a window into peoples online lives wouldnt impact data protection or peoples privacy rights. Specifically saying, However, we challenge the assertion that public safety cannot be protected without compromising privacy or cyber security. We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.

The fundamental argument is about being able to maintain the level of data security since this whole letter is about encryption. How could you possibly do that if youre talking about building your window? That window in the structure in itself makes it less secure.

Think of a steel pole with two people talking to each other through it. But Billy wants to cut a hole in and listen. In the process of bringing Billys dream to life theres no way to keep the same integrity of privacy in the conversation. If someone walked up to Billys hole how would we know? Does Billy even know how to tell if someone is standing there next to him looking? The list of variables goes on.

We asked the American Civil Liberties Union for its take on the letter.

End-to-end encryption enables free speech no matter how the Department of Justice tries to spin its longstanding attempts to force technology companies to build government backdoors into our encrypted communications, theres a reason their arguments have been consistently rejected, Kate Oh, policy counsel with the ACLU, told L.A. Weekly.

Oh argues encryption is our strongest defense against repressive governments, hackers and organized crime.

Encryption also enables journalists, dissidents, whistleblowers and human-rights defenders to freely express themselves, organize and expose governmental abuse without fear of retribution, Oh said. Instead of trying to break encryption, which would compromise everybodys communications, the U.S. government should focus on using the substantial powers it already has to investigate crime and protect national security, within the bounds of our Constitution.

Karen Gullo, senior media relations specialist and analyst with the Electronic Frontier Foundation, told L.A. Weekly the plan is more of the same terrible ideas weve heard from the DOJ and the FBI about backdoors to encryption.

Neither agency is credible on this issue, Gullo said. They have a long track record of exaggeration and even false statements in support of their position. The AG has claimed that the tech sector will design a backdoor for law enforcement that will stand up to any unauthorized access, ignoring the broad technical and academic consensus in the field that this risk is unavoidable.

Gullo argues encryption mechanisms that would include law enforcement requests simply arent encryption. Encryption with special access for select entities is just broken encryption security backdoors for law enforcement will be used by oppressive regimes and criminal syndicates, putting everyones security at risk, she said.

Another point is why do we need to lower security around our all data if law enforcement is already finding ways to target the specific people using encryption tools like Tor for nefarious purposes? Last month, the DOJs Joint Criminal Opioid and Darknet Enforcement team joined Europol in a victory lap to announce the results of Operation DisrupTor. The action led to the seizure of 274 kilograms of drugs that included fentanyl, oxycodone, hydrocodone, methamphetamine, heroin, cocaine, ecstasy, MDMA, and medicine containing addictive substances in the United States. It was more than half of the global take on the operation.

The 21st century has ushered in a tidal wave of technological advances that have changed the way we live, said DEA Acting Administrator Timothy J. Shea at the time. But as technology has evolved, so too have the tactics of drug traffickers. Riding the wave of technological advances, criminals attempt to further hide their activities within the dark web through virtual private networks and tails, presenting new challenges to law enforcement in the enduring battle against illegal drugs. Operation DisrupTor demonstrates the ability of DEA and our partners to outpace these digital criminals in this ever-changing domain, by implementing innovative ways to identify traffickers attempting to operate anonymously and disrupt these criminal enterprises.

The DEA said Operation DisrupTor led to 121 arrests in the United States, two in Canada, 42 in Germany, eight in the Netherlands, four in the United Kingdom, three in Austria, and one in Sweden. Plus theyre still working to identify the individuals behind a number of dark web accounts.

This raises the question that if efforts are currently finding success in the age of encryption, why should we destabilize the security of all data period? The name Operation DisrupTor is a pun referencing the Tor operating system. The node-based secure anonymity network is popular with spies, activists, drug dealers and everyone in between on the wrong side of their local ruling classes around the world. The principle the system uses was developed by the United States Naval Research Laboratory, but Tor itself is open source.

These law enforcement entities are waving their victory flags across multiple time zones while theyre asking for more access to our secure data.

See original here:
ACLU and EFF Call DOJ's Encryption Dream a Nightmare - L.A. Weekly

Trustifi Named Overall Encryption Solution Provider of the Year in 2020 CyberSecurity Breakthrough Awards Program – GlobeNewswire

LAS VEGAS, Oct. 14, 2020 (GLOBE NEWSWIRE) -- Trustifi, a pioneer in software that safeguards organizations from email-borne cybercrimes, today announced that it has been named the winner of the Overall Encryption Solution Provider of the Year award in the fourth annual CyberSecurity Breakthrough Awards program conducted byCyberSecurity Breakthrough, a leading independent market intelligence organization that recognizes the top companies, technologies and products in the global information security market today.

Trustifis easy-to-use email encryption software is unmatched in its user-friendliness, flexibility, and cost-effectiveness. The solution adds an extra layer of email security to any existing platform such as Gmail and Outlook and many more email systems without any change in architecture or functionality for the user. Trustifi's email security services include a comprehensive suite of email tools for data loss prevention, and enterprise email encryption. It also offers advanced threat protection against malware and ransomware, virus detection, prevention, protection, and alerts to spoong, phishing, and potential fraud detection with both whitelisting and blacklisting options.

Trustifi uses NSA-grade end-to-end email encryption, plus full inbound and outbound protection and delivers a secure mobile relay for full protection on any device. The Trustifi platform utilizes a one-click decryption feature which also can enable MFA on the recipient so the sender knows with 100% certainty, the recipient is who they say they are. Users know in real time when emails have been received, opened, and read with certified delivery and tracking.

Encryption needs arent one-size-fits-all, so an email security platform shouldnt be either, and Trustifi also offers customized solutions upon request, said Rom Hendler, CEO of Trustifi. Clients of Trustifi really love how abandonment rates of encrypted emails have decreased significantly by allowing recipients to open encrypted emails without ever having to sign up or register for an account to see the email - plus, the recipient's reply will remain encrypted for the entire duration of the email chain.

The mission of the CyberSecurity Breakthrough Awards is to honor excellence and recognize the innovation, hard work and success in a range of information security categories, including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, Email Security and many more. This years program attracted more than 3,750 nominations from over 20 different countries throughout the world.

Email security in general has simply not seen a high level of innovation and Trustifi is stepping in to deliver a breakthrough approach and technology to make it incredibly easy to use and deploy an email encryption solution, said James Johnson, managing director, CyberSecurity Breakthrough. We are thrilled to recognize Trustifi for their well-deserved industry recognition and success, and we are proud to name them the winner of the Overall Encryption Solution Provider of the Year award.

About TrustifiTrustifi is a cyber security firm featuring solutions delivered on software as a service platform. Trustifi leads the market with the easiest to use and deploy email security products providing both inbound and outbound email security from a single vendor. The most valuable asset to any organization, other than its employees, is the data contained in their email, and Trustifis key objective is keeping clients data, reputation, and brand safe from all threats related to email. With Trustifis Inbound Shield, Data Loss Prevention, and Email Encryption, clients are always one step ahead of attackers. The Trustifi solution was created by Israeli military intelligence engineers and programmers as a hassle-free method to send and receive electronic communications with absolute confidentiality, protection, security, and legal compliance. Trustifi adheres to GDPR, HIPAA, CCPA, and PII regulations. http://www.trustifi.com

About CyberSecurity BreakthroughPart of Tech Breakthrough, a leading market intelligence and recognition platform for global technology innovation and leadership, the CyberSecurity Breakthrough Awards program is devoted to honoring excellence in information security and cybersecurity technology companies, products and people. The CyberSecurity Breakthrough Awards provide a platform for public recognition around the achievements of breakthrough information security companies and products in categories including Cloud Security, Threat Detection, Risk Management, Fraud Prevention, Mobile Security, Web and Email Security, UTM, Firewalland more. For more information visit CyberSecurityBreakthrough.com.

Visit link:
Trustifi Named Overall Encryption Solution Provider of the Year in 2020 CyberSecurity Breakthrough Awards Program - GlobeNewswire

Global Database Encryption Market Expected to reach highest CAGR in forecast period : International Business Machines Corporation, Symantec…

This versatile composition of research derivatives pertaining to diverse concurrent developments in the global Database Encryption market is poised to induce forward-looking perspectives favoring unfaltering growth stance.

This extensive research report focusing on global Database Encryption market portrays a detailed analytical assessment of notable trends, future specific market growth opportunities, end-user profile as well as challenge overview of the current Database Encryption market scenario has also been encapsulated in the report. The primary focus of the report is to highlight and understand multiple market developments across the global Database Encryption market ecosystem that influence logical reader discretion.

Vendor Profiling: Global Market_Keywor Market, 2020-27:

This ready-to-refer market intelligence report on global Database Encryption market entails a detailed analysis of the industrial ecosystem, followed by a highly reliable segment overview evaluated on multi-factor analysis, market size and dimensions in terms of volumetric gains and returns.

We Have Recent Updates of Database Encryption Market in Sample [emailprotected] https://www.orbismarketreports.com/sample-request/135230?utm_source=PujaM

Further in the report, readers are also equipped with considerable understanding on overall geographical expanse, highlighting market growth hotspots, also shedding visible light on competent market participants complete with their market positioning, company status, product and service highlights as well.

These highly classified set of information have been optimally sourced from disparate sources following tenacious primary and secondary research practices to devise market specific, growth rendering investment discretion.

Analysis by Type: This section of the report includes factual details pertaining to the most lucrative segment harnessing revenue maximization.

Analysis by Application: Further in the subsequent sections of the report, research analysts have rendered precise judgement regarding the various applications that the Database Encryption market mediates for superlative end-user benefits.

Browse Full Report with Facts and Figures of Database Encryption Market Report at @ https://www.orbismarketreports.com/global-database-encryption-market-analysis-by-growth-and-forecast-2025?utm_source=PujaM

Competitive Landscape Detailed Analysis: Global Database Encryption Market

Followed by constant and thorough research initiatives in data unraveling process pertaining to global Database Encryption market, stringent curation processes have been directed to understand growth prognosis and development spanning across regional hubs and their respective performance and evaluation in terms of various macro and micro elements that decide further growth prognosis in global Database Encryption market.

The competitive analysis section of this report on global Database Encryption market is dedicated to identifying and profiling various players in terms of their market positioning, product and service developments, technological investments as well as milestones achievement.

The report is aimed to enable seamless understanding and comprehension of the multi-faceted developments. Further in the report, readers are also offered substantial cues and hints on market strategies undertaken by various manufacturers operating across local and global realms.

An effortless deduction of the strategies aid market players to know the potential of these business tactics and tricks and their potential in steering high revenue growth and concomitant returns in global Database Encryption market.

North America (U.S., Canada, Mexico) Europe (U.K., France, Germany, Spain, Italy, Central & Eastern Europe, CIS) Asia Pacific (China, Japan, South Korea, ASEAN, India, Rest of Asia Pacific) Latin America (Brazil, Rest of L.A.) Middle East and Africa (Turkey, GCC, Rest of Middle East)

Do You Have Any Query or Specific Requirement? Ask Our Industry [emailprotected] https://www.orbismarketreports.com/enquiry-before-buying/135230?utm_source=PujaM

The report offers a clear and accessible estimation of the global Database Encryption market that are presented as value based and volume based estimations. The report is mindfully structured to present all market relevant information which are designed and presented in the form of graphs, charts and tables to allow market players quickly decipher the peculiarities to invoke mindful business decisions

Global Database Encryption Market: Understanding Scope In-depth research and thorough evaluation of the various contributing factors reveal that the global Database Encryption market is estimated to perform decently in forthcoming years, reaching a total valuation of xx million USD in 2020, and is further poised to register xx million USD in 2027, growing at a healthy CAGR of xx%. This elaborate research report also houses extensive information of various market specific segments, elaborating further on segment categorization comprising type, application as well as end-user sections which successively influence lucrative business discretion.

The report also entails a dedicated section and chapter to offer market relevant highlights denoting consumption and production activities. The report also entails sectional representation of thorough barrier evaluation and threat probabilities. The report clearly highlights the details of vendor activities and promotional investments, crucial to ensure high return on investments.

About Us : We are a team of highly professional researchers dedicated to unravel ongoing market developments. We are recognized as best in industry one stop store, offering intensively researched market-oriented information with superlative standards of impartiality and authenticity in order to rightfully influence favorable business decisions across a range of verticals.

Contact Us : Hector CostelloSenior Manager Client Engagements4144N Central Expressway,Suite 600, Dallas,Texas 75204, U.S.A.Phone No.: USA: +1 (972)-362-8199 | IND: +91 895 659 5155

Read this article:
Global Database Encryption Market Expected to reach highest CAGR in forecast period : International Business Machines Corporation, Symantec...

Feds, ‘Five Eyes’ Allies Take Another Swing at Encryption Policy Changes – MeriTalk

U.S. policy-makers and several close foreign allies issued a statement this weekend calling for technology providers to provide access for governments and law enforcement to encrypted data and protected systems. But based on the failure of numerous similar U.S. government entreaties to the tech sector in recent years, the latest effort likely wont end up moving the needle on the issue.

In an October 11 release signed off on by the Department of Justice, and government officials from the United Kingdom, Australia, New Zealand, and Canada, the governments called on tech providers to embed the safety of the public in system designs in ways that will facilitate government and law enforcement prosecution of criminals, including access to unencrypted content and locked devices.

The five nations signing the agreement are known as the Five Eyes alliance that have signed a treaty for joint cooperation on signals intelligence.

For the past several years and going back to at least 2015 in the case of a Federal suit against Apple seeking to crack open a locked device used by a perpetrator of a mass shooting in San Bernardino, Calif. tech providers have presented a united front opposing what some have said is the governments request to build back doors into their systems for the benefit of law enforcement. Creating such avenues, they argue, will only make systems less secure.

Citing terrorism and criminal threats including from online child sexual predators the governments said in their Oct. 11 statement that there is increasing consensus across governments and international institutions that action must be taken.

While encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online, the governments said.

We are committed to working with industry to develop reasonable proposals that will allow technology companies and governments to protect the public and their privacy, defend cyber security and human rights and support technological innovation, the governments said. While this statement focuses on the challenges posed by end-to-end encryption, that commitment applies across the range of encrypted services available, including device encryption, custom encrypted applications and encryption across integrated platforms.

We reiterate that data protection, respect for privacy and the importance of encryption, as technology changes and global Internet standards are developed, remain at the forefront of each states legal framework, they said. However, we challenge the assertion that public safety cannot be protected without compromising privacy or cyber security. We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.

Here is the original post:
Feds, 'Five Eyes' Allies Take Another Swing at Encryption Policy Changes - MeriTalk

Homomorphic encryption tools find their niche – CSO Online

Organizations are starting to take an interest in homomorphic encryption, which allows computation to be performed directly on encrypted data without requiring access to a secret key. While the technology isnt new (it has been around for more than a decade), many of its implementations are, and most of the vendors are either startups or have only had products sold within the past few years.

While it's difficult to obtain precise pricing, most of these tools arent going to be cheap: Expect to spend at least six figures and sign multi-year contracts to get started. That ups the potential risk. Still, some existing deployments, particularly in financial services and healthcare, are worth studying to see how effective homomorphic encryption can be at solving privacy problems and delivering actionable data insights. Lets look at a few noteworthy examples.

With AML, you want to be able to correlate and query activities by the criminals across multiple banks but cant reveal who the targets are due to privacy regulations. Homomorphic encryption offers the ability to get this information without disclosing who the subject of the query is and instead hides this data from the entity that is processing the query. These bank-to-bank transactions are a natural fit for homomorphic encryption. Resolving some of these fraud cases could take months, but with homomorphic encryption they can be resolved within minutes.

That brings up another important point for homomorphic encryption: Because the encryption algorithms use problem-solving complex mathematics, they take more time to process transactions than non-encrypted methods. That isnt a surprise to anyone who has worked in the data encryption space, and the slower processing has been considered a roadblock to adoption. Homomorphic encryption vendors refute this notion.

Link:
Homomorphic encryption tools find their niche - CSO Online

Mission Impossible: 7 Countries Tell Facebook To Break Encryption – Forbes

The governments want to stop encrypted messaging

This article has been updated with a comment from Facebook.

The governments of seven countries are calling on Facebook and other tech firms to do the technically impossible - to weaken encryption by giving law enforcement access to messages, whilst not reducing user safety.

The governments of the U.S., U.K., Australia, New Zealand, Canada, India and Japan have issued the joint statement which pleads with Facebook specifically, as well as other tech firms, to drop end-to-end encryption policies which erode the publics safety online.

The governments once again raise the issue of child abusers and terrorists using encrypted services such as WhatsApp to send messages without fear of content being intercepted.

We owe it to all of our citizens, especially our children, to ensure their safety by continuing to unmask sexual predators and terrorists operating online, the U.K.s home secretary, Priti Patel, said in a statement.

It is essential that tech companies do not turn a blind eye to this problem and hamper their, as well as law enforcements, ability to tackle these sickening criminal acts. Our countries urge all tech companies to work with us to find a solution that puts the publics safety first.

Once again, the politicians seem unable to grasp one of the fundamental concepts of end-to-end encryption - that putting back doors into the encryption algorithms that allow security services to intercept messages effectively breaks the encryption.

According to the U.K. governments statement, the seven signatories of the international statement have made it clear that when end-to-end encryption is applied with no access to content, it severely undermines the ability of companies to take action against illegal activity on their own platforms.

Yet, end-to-encryption with the ability for third parties to intercept content is not end-to-end encryption in any meaningful sense. Worse, by introducing back doors to allow security services to access content, it would compromise the entire encryption system.

Nevertheless, the international intervention calls on tech companies to ensure there is no reduction in user safety when designing their encrypted services; to enable law enforcement access to content where it is necessary and proportionate; and work with governments to facilitate this.

As has been pointed out to the governments many times before, what they are asking for is technically impossible. An open letter sent to several of the signatory countries by a coalition of international civil rights groups in 2019 made this very point.

Proponents of exceptional access have argued that it is possible to build backdoors into encrypted consumer products that somehow let good actors gain surreptitious access to encrypted communications, while simultaneously stopping bad actors from intercepting those same communications, the letter stated. This technology does not exist.

To the contrary, technology companies could not give governments backdoor access to encrypted communications without also weakening the security of critical infrastructure, and the devices and services upon which the national security and intelligence communities themselves rely.

Critical infrastructure runs on consumer products and services, and is protected by the same encryption that is used in the consumer products that proponents of backdoor access seek to undermine, the letter adds.

In response to the statement from the seven nations, a Facebook spokesperson said: We've long argued that end-to-end encryption is necessary to protect people's most private information. In all of these countries, people prefer end-to-end encrypted messaging on various apps because it keeps their messages safe from hackers, criminals, and foreign interference. Facebook has led the industry in developing new ways to prevent, detect, and respond to abuse while maintaining high security and we will continue to do so."

Read more here:
Mission Impossible: 7 Countries Tell Facebook To Break Encryption - Forbes

Dutton pushes against encryption yet again but oversight at home is slow – ZDNet

(Image: APH)

"We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cybersecurity," wrote a bunch of nations on the weekend -- the Five Eyes, India, and Japan.

As a statement of intent, it's right up there with "Your privacy is very important to us", "Of course I love you", and "I'm not a racist but...".

At one level, there's not a lot new in this latest International statement: End-to-end encryption and public safety.

We like encryption, it says, but you can't have it because bad people can use it too.

"Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems," the statement said.

"Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children."

The obviously important law enforcement task of tackling child sexual abuse framed the rest of the statement's two substantive pages too.

End-to-end encryption should not come at the expense of children's safety, it said. There was only a passing mention of "terrorists and other criminals".

This statement, like all those that have come before it, tries, but of course, fails to square the circle: A system either is end-to-end encryption, or it isn't.

According to renowned Australian cryptographer Dr Vanessa Teague, the main characteristic of this approach is "deceitfulness".

She focuses on another phrase in the statement, where it complains about "end-to-end encryption [which] is implemented in a way that precludes all access to content".

"That's what end-to-end encryption is, gentlemen," Teague tweeted.

"So either say you're trying to break it, or say you support it, but not both at once."

What's interesting about this latest statement, though, is the way it shifts the blame further onto the tech companies for implementing encryption systems that create "severe risks to public safety".

Those risks are "severely undermining a company's own ability to identify and respond to violations of their terms of service", and "precluding the ability of law enforcement agencies to access content in limited circumstances where necessary and proportionate to investigate serious crimes and protect national security, where there is lawful authority to do so".

Note the way each party's actions are described.

Law enforcement's actions are reasonable, necessary, and proportionate. Their authorisation is "lawfully issued" in "limited circumstances", and "subject to strong safeguards and oversight". They're "safeguarding the vulnerable".

Tech companies are challenged to negotiate these issues "in a way that is substantive and genuinely influences design decisions", implying that right now they're not.

"We challenge the assertion that public safety cannot be protected without compromising privacy or cybersecurity," the statement said.

The many solid arguments put forward explaining why introducing a back door for some actors introduces it for all, no they're mere assertions.

"We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions."

This too is an assertion, of course, but the word "belief" sounds so much better, doesn't it.

As your correspondent has previously noted, however, the fact that encryption is either end-to-end or not may be a distraction. There are ways to access communications without breaking encryption.

One obvious way is to access the endpoint devices instead. Messages can be intercepted before they're encrypted and sent, or after they've been received and decrypted.

In Australia, for example, the controversial Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (TOLA Act) can require communication producers to install software that a law enforcement or intelligence agency has given them.

Providers can also be made to substitute a service they provide with a different service. That could well include redirecting target devices to a different update server, so they receive the spyware as a legitimate vendor update.

Doubtless there are other possibilities, all of which avoid the war on mathematics framing that some of the legislation's opponents have been relying on.

While Australia's Minister for Home Affairs Peter Dutton busies himself with signing onto yet another anti-encryption manifesto, progress on the oversight of his existing laws has been slow.

The review of the mandatory data retention regime, due to be completed by April 13 this year, has yet to be seen.

This is despite the Parliamentary Joint Committee on Intelligence and Security having set itself a submissions deadline of 1 July 2019, and holding its last public hearing on 28 February 2020.

The all-important review of the TOLA Act was due to report by September 30. Parliament has been in session since then, but the report didn't appear.

A charitable explanation would be that the government was busy preparing the Budget. With only three parliament sitting days, and a backlog of legislation to consider, other matters had to wait.

A more cynical explanation might be that the longer it takes to review the TOLA Act, the longer it'll be before recommended amendments can be made.

Those amendments might well include having to implement the independent oversight proposed by the Independent National Security Legislation Monitor.

Right now the law enforcement and intelligence agencies themselves can issue the TOLA Act's Technical Assistance Notices and Technical Assistance Requests. One imagines they wouldn't want to lose that power.

Meanwhile, the review of the International Production Orders legislation, a vital step on the way to Australian law being made compatible with the US CLOUD Act, doesn't seem to have a deadline of any kind.

In this context, we should also remember the much-delayed and disappointing 2020 Cyber Security Strategy. That seems to have been a minimal-effort job as well.

For years now, on both sides of Australian politics, national security laws have been hasty to legislate but slow to be reviewed. The question is, is it planned this way? Or is it simply incompetence?

Read the original here:
Dutton pushes against encryption yet again but oversight at home is slow - ZDNet

Western governments double down efforts to curtail end-to-end encryption – The Daily Swig

Security community resists anti-encryption push as counter-productive

ANALYSISWestern governments have doubled down on their efforts to rein-in end-to-end encryption, arguing that the technology is impeding investigations into serious crimes including terrorism and child abuse.

In a joint statement (PDF) published over the weekend the Five Eyes (FVEY) intel alliance countries of Australia, Canada, New Zealand, the UK, and US were joined by India and Japan in calling for tech firms to enable law enforcement access to content upon production of a warrant.

The governments also want tech firm such as Apple and Facebook to consult with them on design decisions that might help or hinder this outcome.

The statements signatories call for tech firms to embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable.

How might this work? GCHQ recently came up with a proposal for adding an extra party into an end-to-end encrypted chat via a ghost feature, a pointer to the sort of approaches intel agencies have in mind.

Security experts have pushed back against the proposals, arguing that they inevitably undermine the privacy and integrity of end-to end encryption the current gold standard for secure comms.

In end-to-end encryption systems the cryptographic keys needed to encrypt and decrypt communications are held on the devices of users, such as smartphones, rather than by service providers or other technology providers. Users therefore dont have to trust their ISPs or service providers not to snoop.

Popular instant messaging apps WhatsApp, iMessage, and Signal have placed E2E encryption in the hands of the average smartphone user.

So if governments come knocking with requests for the keys normally necessary to decrypt encrypted communications, then theres nothing to hand over.

Western government say they support the development of encryption in general, as a means to secure e-commerce transactions and protect the communications of law-abiding businesses and individuals its just E2E encryption they have an issue with. Governments have long argued that E2E encryption is hampering the investigation of serious crimes, at least on a larger scale.

Malware can be used by law enforcement against individuals targeted in surveillance operations, a tactic which if successful gives access to content without needing to break encryption.

And police in countries such as the UK, for example, already have the ability to compel disclosure of encryption secrets from suspects.

As the anonymous privacy activist behind the Spy Blog Twitter account noted: UK already has law for disclosure of plaintext material, regardless of encryption tech, but they want to do it in secret, in bulk.

The tweet referenced the Regulation of Investigatory Powers Act 2000 Part III, which deals with the investigation by law enforcement of electronic data protected by encryption.

Security experts were quick to criticize the latest government moves as a push to mandate encryption backdoors, supposedly accessible only to law enforcement. Several compared it to failed government encryption policies of the 1990s.

These included efforts to control the US export of encryption technologies and attempts to mandate key escrow.

Katie Moussouris, chief exec of Luta Security and an expert in bug bounties, tweeted: The 1st time they did this (look up crypto wars), it weakened e-commerce and all other web transactions for over a decade, enabling crime. I wish we didnt have to repeat these facts.

Encryption of any type can be viewed as a branch of applied mathematics but arguments that anyone can implement encryption in a few lines of code miss the point that what governments are seeking is to make encryption tools inaccessible to the broader public, according to noted cryptographer Matthew Green.

One thing thats different this time around compared to the first crypto wars is that governments have more levers to apply pressure on tech firms, including app store bans. Last month, for instance, the Trump administration threatened to ban TikTok in the US over supposed national security concerns unless owners Byte Dance sold the technology to a US firm.

Green noted: The current administration has demonstrated that app store bans can be used as a hammer to implement policy, and you can bet these folks are paying attention.

I also think that sideloading capability is likely to be eliminated (or strongly discouraged) in a regime where encryption bans are successful, he added.

Cryptographer Alex Muffett expressed fears that the government proposals might eventually result in non-compliant social networks [getting] banned under criminal law.

End-to-end encryption is a key tool towards securing the privacy of everyone on the planet, as the world becomes more connected. It must not be derailed, instead the police should be better funded for traditional investigation, Muffett said on Twitter.

RELATED Are we building surveillance into systems, or are we building in security?

Read more:
Western governments double down efforts to curtail end-to-end encryption - The Daily Swig

Fuse Analytics integration with StrongSalt offers Enterprise Information Archiving with GDPR protections – PR Web

You don't have to let your data out of your hands unless you actually want to and make an active decision to do so.

ATLANTA (PRWEB) October 12, 2020

Fuse Analytics based in Atlanta GA, has been migrating and storing enterprise data since 2014. As companies migrate to the cloud, and now, from one cloud service to another, migrating and storing data is becoming increasingly complex due to data privacy regulations. In addition to providing ETL services (Extraction, Transformation and Loading of data to the new database) Fuse offers a data warehouse SaaS that holds all the legacy data that you need to hold onto, without the cost and complexity of storing in your new database. With proactive legacy data management, clients see a simplification and cost reduction by sunsetting legacy systems and optimizing current ones.

Until recently, Fuse Analytics used standard AES 256 encryption on all its clients data, which is the same level banks are used to. The issue is that by unlocking some of the data, you unlock all the data. Setting user permissions solved for most issues, but with increased Data Privacy laws, and the potential for rogue employees, they sought a superior solution. Enter StrongSalt.

StrongSalt is the leading provider at third party encryption management, providing the customer complete privacy control of their data. This granular level encryption management allows the customer to apply encryption keys to any segment of data, so rather than one master key, the client has infinite keys and a management system to lock portions of data, and manage user access. They have full visibility of who is accessing their data, and can change it or modify it as needed.

With most current cloud based applications, encryption keys are held by vendors so customers have no control over who can decrypt their data. These keys are often shared across customers. Our partnership with StrongSalt enables Fuses customers to manage their own encryption giving them advanced control over who they allow to decrypt and see the data, says Charles Eubanks, COO of Fuse Analytics.

In addition to increased visibility and control, by keeping all PII (Personally Identifiable Information) encrypted at rest, in transit and in use, it solves major data privacy concerns, which can get quickly complex when sharing data with external vendors, especially across different countries.

Tony Scott, the former Federal CIO of the United States under the Obama administration is an advisor to StrongSalt. Scott says You don't have to let your data out of your hands unless you actually want to and make an active decision to do so. That's really the intent of what's behind current regulations, which is a nightmare for a lot of companies. StrongSalt offers a simple solution with a single portal for encryption management across all your data.

In reference to using StrongSalts approach, Lydia de la Torre from Squire Patton Boggs says, ...this approach is the only get out of jail free card. De la Torre provides strategic privacy compliance advice related to US and EU privacy, including data protection and cybersecurity law, GDPR, CCPA, other states privacy and cyber laws and US financial privacy laws.

StrongSalt, the leading privacy API, builds data protection into any application or workflow, allowing both security and usability to co-exist in a privacy-focused world. StrongSalt offers Decentralized Keyless Management, Searchable Encryption, Shareable Encryption and Immutable Auditing.

Share article on social media or email:

View post:
Fuse Analytics integration with StrongSalt offers Enterprise Information Archiving with GDPR protections - PR Web

Is Signal Safe? What to Know About the New Encrypted Messaging App – Parentology

Signal is a free private messaging platform that promises security and privacy to users through end-to-end encryption. The emphasis on every conversations security has Signal quickly rising in popularity, but it may also have many parents asking, How safe is Signal?

With Signal, users can message people one-on-one, create group chats, and make free voice and video calls. With the apps end-to-end encryption, only those involved with the conversation are able to view and access messages.

Users create an encrypted Signal Profile a name and picture that they set up within the app. First names are required, but people can use a nickname, single character, or an emoji as their identifier.

Message Requests give users the option to block, delete, or accept messages from somebody trying to get in touch with them. Users can see the name and photo of the person trying to message them in individual conversations. For group conversations, users can identify who is in the chat prior to joining, giving them better control over who they are talking to.

The protests surrounding George Floyds murder earlier this year started Signals sudden rise. Because its easier to keep group communications private on Signal unlike Facebook, Instagram or TikTok which can be monitored by law enforcement many sought out Signal as a way to safely and securely organize protests.

Signal addressed the heightened use during this time in a blog post. They wrote, Many of the people and groups who are organizing for that change are using Signal to communicate, and were working hard to keep up with the increased traffic. Weve also been working to figure out additional ways we can support everyone in the street right now.

The app also announced a new feature that made it easy to blur faces in photos, and an initiative to distribute face coverings to those protesting on the streets.

However, that same security and privacy many activists seek out in Signal may become a cause of concern for parents of teens using the app.

As mentioned, Signal is equipped with features to keep conversations as private as possible. Each one-on-one chat has a unique safety number that allows users to verify the security of their messages and calls with specific contacts.

For parents, its not hard to guess why this may be an issue. If a teen is using Signal to hide the content of their conversations, they will likely be successful.

The app also has a disappearing message feature, similar to Snapchats chat feature. Once enabled, a users messages will come with a timer and once the timer goes off, the message is deleted from the conversation. As with Snapchat, that doesnt stop a person from taking a screenshot so sending adult messages or images can still come back to haunt someone but its still good for hiding communications.

Signal requires that users must be at least 13 years of age, but there is no real age verification on the app. As long as a child has access to a phone number, they can register a profile on Signal.

Signal is currently available in the iOS App Store, Google Play, and on Chrome.

Omegle The Dangerous New Chat Site Where Kids Meet Strangers 8 Chat Apps That Parents Should Worry About

Signal SupportBlog: Encrypt Your Face

Go here to read the rest:
Is Signal Safe? What to Know About the New Encrypted Messaging App - Parentology