Category Archives: Encryption
Encryption and fighting terror have the UK’s Theresa May and the … – CNET
The UK and the EU are at loggerheads once again, but it's not what you might think. This isn't another Brexit debate, but a tussle over encryption.
The British government is keen to exploit flaws in tech services for intelligence-gathering and surveillance operations. Home Secretary Amber Rudd, backed by Downing Street, has persistently called for access to WhatsApp, a service used by terrorists in the March attack at Westminster.
But on Monday, a European Parliament committee proposed an amendment to incoming legislation that would prevent member states from trying to decrypt encrypted communications, as well as compelling tech companies that don't already use end-to-end encryption to do so.
The proposal would protect internet companies from national governments pressuring them to create security flaws, or backdoors, that they could use to hack into people's emails or other messages.
The different approaches are emblematic of a debate raging around the world, boiling down to whether tech companies poke security holes in their products so that governments can spy on potential terrorists, or whether they should keep communications locked up tight so as to protect the privacy and safety of internet users. You saw it in the fight that Apple put up against the FBI's efforts to compel the company to create a backdoor into a terrorist's iPhone.
While the UK wants to ensure that terrorists have no place to hide, the EU is determined to protect the privacy of law-abiding internet users.
Theresa May makes a statement outside Downing Street following the London Bridge terror attack.
With four terrorist incidents in the country over the last four months, the British government and intelligence agencies are under pressure to explain why they were unable to thwart the attacks. They blame technology.
Following the June 4 attack on London Bridge, Prime Minister Theresa May stood outside Downing Street and in her speech, pointed her finger at "the internet -- and the big companies that provide internet-based services" for providing a safe space for extremist ideologies to flourish.
"As the nature of the threat we face becomes more complex, more fragmented, more hidden, especially online, the strategy needs to keep up," she said, calling for more online regulations.
May has long been in favor of increasing the UK's surveillance powers, introducing two bills nicknamed the "Snooper's Charter." The second of these bills, the Investigatory Powers Act, passed into law under her own leadership of the country.
The Prime Minister wants the internet to be weak and penetrable, say her critics. They also claim she is using this issue right now to reinforce her own image as "strong and stable" -- her slogan during the recent election campaign.
"To push on with these extreme proposals for internet clampdowns would appear to be a distraction from the current political situation and from effective measures against terror," said Jim Killock, director of human rights nonprofit Open Rights Group.
The biggest objection to her proposals is that they will make the internet less safe for users. If governments can exploit backdoors to get to your private communications, so too could criminals or rogue states.
"Government's intrusion into private communications might look useful on paper in order to fight crime, but such legislation is usually the product of people who don't know how technology works," said Marty P. Kamden, CMO of NordVPN. "Backdoors would bring along new security holes, and could result in even more crime."
Another risk of this style of surveillance is that it could force terrorists to use alternative, less pleasant communication services, added Killock. Pushing them underground completely would only make them even harder to monitor than they are right now, he argued.
Unsurprisingly, tech companies don't like the idea of creating security holes in their products either. In 2015, Facebook, Google, Microsoft, Twitter and Yahoo teamed up to submit written evidence to Parliament arguing that encryption is necessary for keeping users safe. Apple Chief Executive Tim Cook has also been outspoken on the subject.
But when it comes to legislation, Silicon Valley companies don't have the last word.
Fortunately for them, the EU does. In this case, the EU is on their side.
The proposals tabled by members of the European Parliament this week are amendments to draft privacy legislation, and forbid member states from "decryption, reverse engineering or monitoring" of encrypted communications, or compelling tech companies to do so.
"Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services," one proposal reads.
Not only could these proposals scupper the UK's plans, but they could conflict with surveillance activities allowed by the Investigatory Powers Act.
"This latest move to ban backdoors in encryption appears to be a calculated slap in the face for Theresa May and her plans for an Orwellian future," said BestVPN.com cybersecurity expert Douglas Crawford.
Because of Brexit, it's hard to know how EU rules on privacy and data will apply once the UK leaves the European Union. But without support from other countries, it's highly unlikely that the British government alone would be able to compel tech companies to create backdoors to allow them to bypass encryption.
The UK's own new surveillance plans are also not yet a done deal. The small and fragile majority the Conservative party currently holds in Parliament means greater consensus and more debate will be needed in order to pass new laws, said Killock.
"We hope that this will mean our parliamentarians will reject reactionary policymaking and look for long-term, effective solutions that directly address the complex causes of terrorism," he said.
Tech companies and government representatives didn't respond to requests for comment.
CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.
Logging Out: Welcome to the crossroads of online life and the afterlife.
Link:
Encryption and fighting terror have the UK's Theresa May and the ... - CNET
End-to-end messaging encryption gives customers key controls – TechTarget
More companies are now using team chat applications, such as Atlassian HipChat, Cisco Spark, Microsoft Teams, RingCentral...
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Glip and Slack. As a result, IT leaders are moving from debating the merits of adopting such applications to practical concerns around security and information protection of corporate data stored within the apps.
Vendors in the team messaging space are increasingly differentiating themselves on the basis of security. For example, Cisco, ClearChat and Symphony tout their end-to-end messaging encryption models as superior to other vendors that only provide messaging encryption at rest or in motion.
The issue of messaging encryption has also spilled into the consumer world, with the European Union recently issuing draft legislation mandating end-to-end encryption for all messaging services.
As team chat applications gain traction in the enterprise, IT leaders should familiarize themselves with the various flavors of messaging encryption:
For IT leaders evaluating various team messaging applications, let risk be your guide.
Consumer messaging services, such as Kik, and many popular business-focused apps, such as Slack, do not yet offer end-to-end encryption, meaning messages are only encrypted at rest and in motion. Therefore, messaging providers could be compelled by court order to decrypt and turn over message data.
In a worst-case scenario, messaging systems could be hacked, resulting in the release of messaging data out into the wild.
Providers offering end-to-end messaging encryption -- with user-held keys -- offer an added layer of security by enabling customers to control access to message stores. With end-to-end encryption, even if a government agency were to show up at the provider's door with a warrant, the provider could only turn over encrypted message data to the agency. The only way of decrypting messages -- short of hacking encryption algorithms -- is by obtaining the keys from the customer of the messaging provider.
Most organizations can accept the risk of not using end-to-end encryption. But for companies in regulated industries or organizations looking for an extra level of protection, evaluate end-to-end encrypted services with a self-owned key management capability.
Take these steps to secure your messaging applications.
Team chat apps see huge growth and fierce competition.
Are business chat apps becoming the next UC platforms?
Read the original here:
End-to-end messaging encryption gives customers key controls - TechTarget
Outloud Audio Adopts Fortium’s MediaSeal File Level Encryption to Meet Heightened Security Threats – SHOOT Online
Outloud Audio Adopts Fortium's MediaSeal File Level Encryption to Meet Heightened Security Threats SHOOT Online Fortium, a leading provider of digital content security solutions for media and entertainment, today announces Outloud Audio, Los Angeles and New York, as a new customer for MediaSeal, its file encryption software, which protects unaired TV and movie ... |
Euro MPs back end-to-end encryption for all citizens – BBC News
BBC News | Euro MPs back end-to-end encryption for all citizens BBC News A European Parliament committee is proposing that end-to-end encryption be enforced on all forms of digital communications to protect citizens. The draft legislation seeks to protect sensitive personal data from hacking and government surveillance. EU Proposes Enforcing Data Encryption and Banning Backdoors ... EU proposes banning encryption backdoors - Engadget End-to-end encryption plan puts Europe on collision course with UK |
See more here:
Euro MPs back end-to-end encryption for all citizens - BBC News
Apple CEO likely to talk immigration, encryption at White House: report – The Hill
Apple CEO Tim Cook will likely address issues such as immigration and encryption Monday during his White House meeting for Technology Week, Axios reported.
About 18 CEOs also including Amazon CEO Jeff Bezos and two dozen more business experts are expected to attend the event and help offer insight about how thegovernments information technology systems could be updated and modernized.
Cook is reportedly slated to attend a session called H-1B/immigration.
Cook has been a longtime advocate of the merits and economic value immigrants provide for the American economy, contrasting largely with President Trump and some of his top advisers views that immigrants are taking jobs from American workers and hurting the economy.
Following the San Bernardino, Calif., shootings in December 2015, Cook refused to provide the FBI with a backdoor encryption to open the terrorists iPhones. Cook argued that if he provided this opening, it would compromise customer's privacy and security and create a precedent.
Trump had urged people to boycott Apple at the time, pointing to Cooks lack of cooperation with the investigation.
Cook also is expected to bring up ways to improve how veterans receive medical care as well as human rights both in the U.S. and abroad.
Jared Kushner's Office of American Innovation organized these tech meetings.
Trump and Vice President Pence are expected to pop by the working sessions.
Kushner, his wife, Ivanka Trump, and many of President Trump's top aides like Treasury Secretary Steven Mnuchin, Commerce Secretary Wilbur Ross, Homeland Security Secretary John Kelly and Office of Management and Budget Director Mick Mulvaney are expected to attend.
More here:
Apple CEO likely to talk immigration, encryption at White House: report - The Hill
A quantum step to a great wall for encryption – The Hindu
The Hindu | A quantum step to a great wall for encryption The Hindu Modern, electronic secrecy works by two parties encrypting the messages they want to exchange and sending each other 'keys' (which are chains of numbers) that can be used to decrypt the information. The trouble is that a third eavesdropper can ... China set to build a 'completely new internet' China's 'Unhackable' Quantum Satellite Has Sent Its First Message Satellite sends First Quantum Signal to Earth |
See the rest here:
A quantum step to a great wall for encryption - The Hindu
EU deals Theresa May encryption setback as MEPs propose ban on government backdoors – Telegraph.co.uk
After the attack the Home Secretary Amber Rudd accused WhatsApp of giving terrorists "a place to hide and said it was completely unacceptable that they could communicate in secret.
This week, Ms Mayand French presidentEmmanuel Macron vowed tougher action on tech companies applying encryption.
As well as outlawing encryption backdoors, the MEPs propose forcing communications providers that do not currently encrypt communications to do so.
Service providers who offer electronic communications services should ensure that such electronic communications data are protected by using specific types of software and encryption technologies,the proposals state.
A Home Office spokesman said: "The Government has been clear that we support the use of encryption. It helps keep peoples personal information safe and ensures secure online commerce.But we have also been clear that we must ensure that, in tightly proscribed circumstances, our law enforcement and security and intelligence agencies are able to access communications of criminals, including terrorists."
Read this article:
EU deals Theresa May encryption setback as MEPs propose ban on government backdoors - Telegraph.co.uk
Facebook defends encryption, says it is countering terrorism using AI – SC Magazine
"There's no place on Facebook for terrorism. We remove terrorists and posts that support terrorism whenever we become aware of them," reads a new Facebook company blog post.
Aware that terrorists take advantage of social media to spread propaganda, Facebook on Thursday divulged some of its methods for combating the problem, including recent efforts to employ machine learning to automatically identify objectionable content.
"Our stance is simple: There's no place on Facebook for terrorism. We remove terrorists and posts that support terrorism whenever we become aware of them," states a company blog postauthored by Facebook officialsMonika Bickert, director of global policy management, andBrian Fishman, counterterrorism policy manager.
The post came shortly after news broke that James Hodgkinson, the man who on Wednesday shot and critically injured House Majority Whip Steve Scalise at a baseball practice, regularly posted angry extremist views on Facebook regarding President Donald Trump and other Republicans. That same Wednesday, Facebook removed Hodgkinson's online profiles, according to various reports.
Facebook on Thursday also acknowledged the controversy surrounding terrorists who use encrypted messaging platforms such as the company's WhatsApp service tosecurely communicate with each other. It was following the March 2017 Westminster terror attack that British home secretary Amber Rudd suggested that UK law enforcement must be able to listen in on WhatsApp conversations, after it was discovered that the attacker, Khalid Masood, used the service before murdering four people.
Defending encryption technology, the blog post notes that these services also have legitimate purposes such as protecting the privacy of journalists and activists. In their joint blog post, Bickert and Fishman wrote that while Facebook does not have the ability to read encrypted messages, "we do provide the information we can in response to valid law enforcement requests, consistent with applicable law and our policies."
Prior to Thursday's post, Facebook had not previously detailed its use of AI to root out terrorist activity on its platforms. According to the post, the company is focusing its most cutting-edge machine-learning techniques on curbing terrorist content submitted by ISIS, Al Qaeda, and related affiliates, adding that its efforts are "already changing the ways we keep potential terrorist propaganda and accounts off Facebook."
Facebook reported that its AI technology allows its systems to image-match photos or videos that have previously been linked to terrorism, and reject such forbidden content before it is displayed.
The company is also experimenting with natural language recognition capabilities in order to identity content that appears to advocate for terrorism. To that end, Facebook has been feeding previously flagged content toits AI engine so that it does a better job recognizing such language in the future.
Additionally, Facebook is using algorithms to determine if various pages, posts, profiles and groups likely support terrorism based on connections and shared attributions with other confirmed terrorist pages. The company also claims it is getting faster at detecting new fake accounts created by repeat offenders.
Facebook has also begun to apply these AI techniques to take down terrorist accounts additional platforms, including WhatsApp and Instagram. "Given the limited data some of our apps collect as part of their service, the ability to share data across the whole family is indispensable to our efforts to keep all our platforms safe," the blog post reads.
Outside the realm of AI, Facebook is also relying on its own human expertise to counter terrorism activity online, including its global Community Operations teams that review user complaints and reports, more than 150 terrorism and safety specialists, and a global team that was formed to promptly respond to emergency law enforcement requests. The company also relies in cooperation with industry partners, governments and various community groups and non-governmental organizations.
Companies are increasingly turning to AI and automation technologies to fight a variety of illegal and forbidden online activity. A new study released this week by cybersecurity and application delivery solution provider Radware found that 81 percent of surveyed executives reported that they either recently implemented or began more heavily relying on automated solutions. Moreover, 57% of these polled executives said that they trust automated systems as much or more than humans to protect their organizations. And 38 percent predicted that automated security systems would be the primary resource for managing cyber security within two years.
See more here:
Facebook defends encryption, says it is countering terrorism using AI - SC Magazine
Jetico’s BestCrypt Container Encryption for Linux – Linux Journal
Cyber-attacks are now constant, threats to privacy are increasing, and more rigid regulations are looming worldwide. To help IT folks relax in the face of these challenges, Jetico updated its BestCrypt Container Encryption solution to include Container Guard.
This unique feature of Jetico's Linux file encryption protects container files from unauthorized or accidental commandslike copying, modification, moving, deletion and re-encryptionresulting in bolstered security and more peace of mind. Only users with the admin password can disable Container Guard, increasing the security of sensitive files.
The BestCrypt update also adds the Resident feature, an automatic password prompt for mounting containers at startup. That same feature will dismount containers after a time period of inactivity as set by the user.
While user-friendly and time-saving, these added features also provide an extra layer of protection when working on shared computers. On endpoints or in the cloud, data encrypted with BestCrypt can be accessed via Linux, Android, Windows and Mac devices.
See more here:
Jetico's BestCrypt Container Encryption for Linux - Linux Journal
Encryption Definition | Investopedia
DEFINITION of 'Encryption'
Encryption is a means of securing data using a password (key). The encryption process is simple data is secured by translating information using an algorithm and a binary key. When the data needs to be read back, the code is decrypted using either the same key or a different key depending on the type of encryption used.
Encryption strength is based on the length of the security key. In the latter quarter of the 20th century, 40 bit encryption, which is a key with 240 possible permutations, and 56 bit encryption was standard. Those keys were breakable through brute force attacks by the end of the century, and the 128 bit system became standard in web browsers. The Advanced Encryption Standard (AES) is a protocol for data encryption created in 2001 by the U.S. National Institute of Standards and Technology. AES uses a 128 bit block size, but key lengths of 128, 192 and 256 bits. AES uses a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. 128-bit encryption is standard but most banks; militaries and governments use 256-bit encryption.
See the original post:
Encryption Definition | Investopedia