Category Archives: Encryption
Five Eyes nations stare menacingly at tech biz and its encryption – The Register
Officials from the United States, the United Kingdom, Canada, Australia and New Zealand will discuss next month plans to force tech companies to break encryption on their products.
The so-called Five Eyes nations have a long-standing agreement to gather and share intelligence from across the globe. They will meet in Canada with a focus on how to prevent "terrorists and organized criminals" from "operating with impunity ungoverned digital spaces online," according to Australian prime minister Malcolm Turnbull.
In the most forthright call yet from a national leader to break encryption, Turnbull told Parliament: "The privacy of a terrorist can never be more important than public safety never."
Turnbull's comments reflect a more vague but similar response from UK prime minister Theresa May earlier this week in which she said she was focused on "giving the police and the authorities the powers they need to keep our country safe." And the UK authorities have already put in a legislative placeholder for breaking encryption into Blighty's Investigatory Powers Act. Australia's administration is rather enamored with that new UK law, and hopes to implement it Down Under.
The United States meanwhile has been having a long debate on the issue of encryption, with tech firms battling it out with law enforcement in both public and private.
It is in the United States where the issue will ultimately be decided however, since the most widely used encrypted services ranging from Apple's iPhone to Facebook's WhatsApp messaging are developed and run by US companies.
Even the UK's heavily criticized anti-encryption law recognizes that it may be powerless to enforce encryption breaking on products and services that come from overseas and online that geographic boundary doesn't exist.
The Five Eyes group is also going to have to decide how to deal with the mathematical realities of encryption. If companies are forced to insert a backdoor into their encryption products in order to make their contents accessible, there is nothing to stop a malicious third party from doing the same: you cannot wall off a vulnerability.
Security experts have called the argument put forward by law enforcement and politicians that they want access but don't want the bad guys to be able to do the same "magical thinking." The Five Eyes group needs to reach a decision on how to answer the inherent conundrum of magical thinking. Europe, which has been making its own noises about anti-encryption legislation, needs to do the same.
It is also possible of course that the vast and massively powerful spying machinery owned and run by the Five Eyes could be focused on cracking encryption. To isolate specific messages of concern and then throw all computing resources at them.
Or, a third way could be for the security services from the five nations to oblige tech companies to develop a way to undermine specific devices ie, create a piece of software that could be sent to an individual's phone that would allow spies direct access to the device and so enable them to bypass encryption protection.
America's National Security Agency is already known to have developed software that uses undiscovered vulnerabilities in software to give itself access to people's phones. If you have full access to someone's phone (or other device), all the encryption in the world won't make a difference.
Although some tech companies have been public in their determination not to introduce backdoors such as Apple and its feud with the FBI, and Facebook's fight with the Brazilian authorities it is notable that others have been silent or have called for compromise. Google, for example, has stayed out of the fray, while Microsoft has repeatedly implied it is open to a shared solution.
Where exactly the decision comes down will be hard to say not least because the security services will want the details to be as secret as possible. Next month in Canada, they will likely emerge with a plan.
Read more:
Five Eyes nations stare menacingly at tech biz and its encryption - The Register
Labor is likely to support Turnbull’s encryption fight – iTnews
Federal opposition leader Bill Shorten has indicated his party is likely to support the government's push to force technology companies to be able to decrypt user communications.
Over the weekend the government revealed its plans to follow the United Kingdom and introduce new requirements on operators of end-to-end encrypted communications services like WhatsApp, Signal, Telegram and Apple's iMessage.
The UK's so-called "technology capability notices" force communications operators to ensure they are technically able to hand over decrypted data in "near real time" to law enforcementfollowing the issuance of a warrant.
Critics of the scheme in the UK and now Australia say these noticesleave communications operators no choice but to build backdoors into their products.
The UK and Australian governments have both denied they are asking for backdoors, but neither have provided any detail on how they expect operators to meet the requirements of the technical capability notices.
The Australian government intends to discuss the issue with its Five Eyes partners at a conference in Canada in a fortnight.
Speaking to parliament today, opposition leader Bill Shorten said "big internet companies" needed to be "part of our society in the sense of working with us as well as taking from us".
"They need to see this fight as their fight, not just our fight, not just a fight wherethey help when asked, but a fight in which they come to us with ideas," Shorten said.
"We need them to be proactive, not reactive. Terrorism does not self-police, so we cannot rely on a self-policingsystem."
He said terrorists were hiding behind encryption technologies, Bitcoin, andthe so-called dark web to "stay in the shadows" and obscure their activities.
"We must target this threat head-on. As terrorists adapt their methods and seek to hide online, we must ensure our agencies have the tools, resources and technology so terrorism has no place to hide," Shorten said.
"We can allow them no sanctuary, no place torest - we must dislodge them from wherever they hide.
"In doing this, though, we must always be mindful of the rule of law and the properprotections of our citizens. [But] we cannot sit back when our enemies have access to a worldwide system to educate and fund extremists."
Prime Minister Malcolm Turnbull said while encryption was a "vital piece of security" for everything from communication to shopping and banking,"the privacy of a terrorist can never be more important than public safety".
He denied the campaign was about creating backdoors, but did not detail how operators were expected to decrypt communications they do not hold the keys to.
"It is about collaboration with and assistance from industry in the pursuit of public safety," he said.
Turnbull said the government would 'balance the priority of community safety with individual liberties'.
"An online civil society is as achievable as an offline one, and the rights and protections of the vast, overwhelming majority ofAustralians, must outweigh the rights of those who will do them harm,"he told parliament.
"My government is committed to this. We will not take an 'if it ain't broke, we won't fixit' mentality.The government does not set and forget."
Visit link:
Labor is likely to support Turnbull's encryption fight - iTnews
Germany to change law on encryption – The Times (subscription)
Please update your billing information
Your subscription will end shortly
Read the full article
Just register a few details.
Laws to enable security services to see messages before they are encrypted by providers such as WhatsApp are being drawn up in Germany because of concerns over secret communications by Islamist terrorists.
Angela Merkels government believes the same balance of eavesdropping and privacy should exist in the digital age as in democratic societies in the analogue era of letters and phone calls. Mrs Merkel aims to put digital security on the agenda for next months G20 summit she is hosting in Hamburg.
Theresa May has also called for a global approach to regulating digital providers, saying during the election campaign that there should be no safe space for terrorist ideologies.
Germany is known as one of the most protective countries for personal privacy because of
Want to read more?
Register with a few details to continue reading this article.
Unlock quality journalism on the topics that you decide matter most
Subscribe to The Digital Pack for just 1 a month for 3 months. Offer available for 4 weeks only.
Read more from the original source:
Germany to change law on encryption - The Times (subscription)
Australian government is not interested in encryption backdoors: Turnbull – ZDNet
(Image: APH)
Malcolm Turnbull has told Parliament that the Australian government is not going to demand the creation of encryption backdoors, and is instead going to focus on collaboration and receiving greater assistance from social media and telecommunications companies.
"This is not about creating or exploiting backdoors, as some privacy advocates continue to say, despite constant reassurance from us," the prime minister said on Tuesday.
"We need even stronger cooperation from the big social media and messaging platforms in the fight against terrorism and the extremism which spawns it.
"Encryption ... is a vital piece of security for every user of the internet. Protecting all of us as we go about our lives from shopping, to banking, to chatting online. However, encrypted messaging applications are also used by criminals and terrorists."
Turnbull said that despite the "strong libertarian tradition" of companies based in Silicon Valley, the privacy of a terrorist cannot be more important than public safety, and said it is balancing community safety with civil liberties.
"The government has a proven track record of getting a track record between ensuring the safety and security of the people, and defending the liberties and freedoms of that are integral to our way of our life."
Under the Liberal government, with the support of the Labor opposition, the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 was passed in March 2015 and mandated the collection of customers' call records, location information, IP addresses, billing information, and other data to be stored for two years by telecommunications carriers, accessible without a warrant by law-enforcement agencies.
Turnbull said metadata had been used to break up 12 disruptions of terror plots since 2014.
"Metadata has proven vital in nearly every serious criminal investigation conducted today, from organised crime, child sex offences, to counterespionage, cybersecurity, and counterterrorism," he said.
Following the recent WannaCry incident, Turnbull said the government has created a taskforce to quickly respond to online security threats and incidents.
In response, Opposition Leader Bill Shorten said the resources of the Australian Signals Directorate and the Australian Cyber Security Centre should be used to protect small and medium businesses from attacks, and called on big internet companies to do more.
"The big internet companies have very quickly become an essential part of our free, democratic society, but they need to realise this is a two-way relationship," he said. "They need to be part of our society in the sense of working with us, as well as taking from us.
"They need to see this fight as their fight, not just our fight. Not just a fight where they help when asked, but a fight in which they come to us with ideas."
Shorten said social media companies are in a position to tackle the "underbelly of terror propaganda", and are involved in the process of content being put online.
"We need them to be proactive, not reactive. Terrorism does not self-police, so we cannot rely on a self-policing system," he said.
The Labor leader called for the tracking of electronic currencies, such as bitcoin.
In 2014, the Australian Transaction Reports and Analysis Centre, the Australian government agency responsible for countering money laundering and the financing of terrorism, said it was able to track each conversion transaction from bitcoin into or out of Australian dollars.
"Australia is very fortunate among its international counterparts in that we are one of the few countries which currently collects all international funds transfers into or out of Australia," John Schmidt, CEO of Austrac, told Senate Estimates at the time.
"At some point, a person will be purchasing bitcoin using Australian dollars, for example, and then, if they are dealing in substances or services, will want to convert those bitcoins back into the legitimate currencies of wherever they are, so they can gain the benefit of them.
"Because we get the international funds transfers instructions, it is possible using other intelligence sources to identify transactions where people are purchasing bitcoins."
Turnbull said the government would be looking to pass its Telecommunications Sector Security Reforms in this sitting period of Parliament.
The reforms force telco carriers and carriage service providers (CSPs) to do their best to protect their networks from unauthorised access or interference for the purpose of security, with carriers and CSPs to notify the Attorney-General's Department of any changes to their services, systems, or equipment that could have a "material adverse effect" on their ability to comply with this duty.
Over the weekend, British Prime Minister Theresa May and French President Emmanuel Macron said Facebook and Twitter could see hefty fines if they fail to remove extremist and terrorist content.
Continue reading here:
Australian government is not interested in encryption backdoors: Turnbull - ZDNet
Terrorists are using encryption. Our laws need to keep up with the … – The Sydney Morning Herald
As we learn details from investigations into recent terrorist attacks in Tehran, London, Jakarta and Manchester, a common theme is emerging of terrorists using commercial encrypted communications services to plan, support and commit terrorist attacks.
In Australia, the heads of ASIO and the Australian Federal Police have warned of the challenges of "going blind" in their attempts to lawfully keep up with criminal use of rapidly evolving communications technology - a sentiment echoed by their "five eyes" intelligence-sharing partners in the United States, UK, Canada and New Zealand.
The answer isn't just in keeping up with technical intrusion methodologies the modern-day equivalent of wire tapping. This will, of course, always continue to play a part for intelligence agencies. But encrypted communications bring challenges and unintended consequences on another scale from these previous technical interceptions.
The recent "Wannacry" ransomware attack demonstrates the hazards of the back-door approach: information on technical vulnerabilities, first identified by western intelligence agencies, wasobtained by others and used for criminal purposes - harming both public services and business.
Concerns about privacy are another reason to rethink how we go about dealing with this challenge.
In an age where most freely give much of their personal information to global corporations, the paradox of public demands for privacy from government is well known. But it is incumbent on governments in liberal democracies to protect human rights and privacy, in balance with the public interest.
The importance of secure and confidential communication to support a free press is also critical for legitimate governments. This sets a high benchmark for balancing privacy with the complex and global challenge that encrypted communications poses to security.
We must be focused on the principles, not the technology. Communications have evolved substantially from the phone, fax and telegraph technology of the time when much of Australia's existing telecommunications security legislation was introduced. But the principles remain the same.
Where an individual or group is using any form of communications to support terrorism or other designated criminal activity, this may be intercepted by specified authorities and under appropriate authority.
For Australia and the "five eyes" community in particular - and other liberal democracies - this means that both our laws and practices need to be updated to work in partnership with the communications sector to ensure access when needed to prevent and prosecute criminal activities, including terrorism.
Just as the telecommunications sector already works closely with intelligence and law enforcement to access "wires" and call data, so the globalised communications sector is the key to dealing effectively with terrorist use of current and evolving communications and data technology.
This means that these companies - whether headquartered in Australia or overseas - must maintain visibility and access to the service they are providing.
Most businesses understand their shared responsibility for security - including corporate responsibilities to not facilitate crime - they just need to be involved as partners with government in working out how to best do this. This is where a multilateral approach is key: few of the major business players are Australian.
The laws regulating access to communications data would be, in principle, the same as those currently in place for other forms of telecommunications intercepts: companies ensuring data is available to access if required, warrants being issued by the appropriate authority such as the Attorney-General, with both time limits and regular scrutiny and review through the Inspector-General of Intelligence and Security, the Independent National Security Legislation Monitor, parliamentary committees and others.
Encrypted communications are yet another valuable innovation for our society and our economy. As our technology evolves, our policies, practices and laws need to evolve with them.
Jacinta Carroll ishead of the Australian Strategic Policy Institute's Counter-Terrorism Policy Centreand a former national security official in the federal government.
Read the original here:
Terrorists are using encryption. Our laws need to keep up with the ... - The Sydney Morning Herald
Turnbull govt wants to force companies to break encryption – iTnews
The Australian government wants to introduce laws that would force technology companies to ensure their systems are capable of decrypting communications.
The plan is a response to the use of encrypted communications channels by terrorists, and follows in the footsteps of the United Kingdom's moves to force communications operators to make sure they canhand over encrypted messages to law enforcement agencies.
The UK's new 'technology capability notices' were proposed following the Westminster terrorist attack. They impose obligations on operators of communications services to ensure they are technically able to hand over decrypted data in "near real time" to the government.
The Australian government over the weekend revealed its intention to pursue a similar path, but is yet to work out much of the detail of its plans.
Attorney-General George Brandis specifically called out the UK's technical capability notices when revealing the government's plan to "lift the legal obligations on device makers and social media companies to co-operate with authorities in decrypting communications".
He said current Commonwealth legislation 'doesn't go far enough' to impose obligations of "co-operation" on technology companies.
"Now I should also say of course, that in the first instance the best way to approach this is to solicit the cooperation of companies like Apple and Facebook and Google, and so on, and I think there has been a change of the culture in the last year or more," Brandis said.
"There is a much greater conscious proactive willingness on the part of the companies to be cooperative but we need the legal sanction as well."
He insisted the government had no intention of forcing technology companies to introduce backdoors in their products.
"A technical capability notice ... subject to tests of reasonableness and proportionality, imposes upon them a greater obligation to work with authorities where a notice is given to them to assist in breaking a communication," Brandis told Sky News.
"So thats not backdooring."
But it is unclear how the government expects technology companies to break encryption.
The UK's new laws have been fiercely criticised as being vague and giving communications providers no option but to build backdoors into their systems.
End-to-end encryption prevents the operators of Signal, WhatsApp, Telegram and Apple's iMessage, among others, from being able to simply hand over messages: the keys to decrypt the information are held by those involved in the communication.
Because of this some have taken the UK law as an attempt by the government tooutlaw end-to-end encryption.The UK government has avoided answering questions on the matter.
Brandis suggested to the Sydney Morning Heraldthat one option would be to "improve warrant-based access ... at the sender or receiver ends". However, this can largely only be achieved through compromise of an end user device, or the application.
"At one point or more of that process, access to the encrypted communication is essential for intelligence and law enforcement," Brandis told the SMH.
"If there are encryption keys then those encryption keys have to be put at the disposal of the authorities."
Brandis said the details of the plan would be nutted out at the Five Eyes conference in Canada in two weeks' time.
He indicated the government had not yet decided whether warrants would be needed to access decrypted information, but again referenced the UK technical capability notice model.
A notice works as a first step to "prepare the ground" in case an operator receives an interception warrant, ensuring they have the technical ability to comply. It does not, of itself, require an operator to conduct an interception.
"Thats a discussion that we need to have," Brandis said.
"The point at which a power is only exercised under warrant as opposed to a power that resides without the requirement for a warrant in law enforcement and intelligence will always be a part of this discussion and thats one of the issues that will be on the table at Five Eyes in Ottawa in a fortnights time."
He claimed Australians would not be concerned at the privacy implications involved in the government's plan because the "Facebook generation ... put more and more of their own personal data out there".
"I think that there is an entirely different attitude of privacy among young people than there was perhaps a generation or two ago. And I think the social media companies are regardful of that as well. So let the civil liberties point of view be heard, let legitimate privacy considerations always be had regard to," Brandis said.
"But I think where the community is at at the moment is to prioritise their concern about giving law enforcement and intelligence agencies the tools they need to thwart terrorism, and everyone knows that the internet and cyberspace are important vectors for terrorists."
Privacy and civil liberties advocates have warned that moves to decrypt communications would simply push terrorists onto other technology platforms whilst having negative consequences for financial transactions, online commerce, and security of personal data.
A UK public bills parliamentary committee highlighted several technical issues with the legislation and said it should include a specific threshold that recognises it is unreasonable to hand over decrypted content from end-to-end encrypted channels.
"The damage to security may be done as soon as a company finds itself having to comply with such a notice and install a back door, whether or not it subsequently has to provide data under warrant," the committee said.
Read the original here:
Turnbull govt wants to force companies to break encryption - iTnews
Ironically, Tory MPs might be using WhatsApp encryption to plot Theresa May’s downfall – The indy100
Conservative MPs are reportedly plotting the end of Theresa May's premiership via the very communication method she has campaigned against for so long - encrypted WhatsApp messages.
It's almost as beautiful as calling a snap election, after repeatedly promising you wouldn't, to "strengthen your mandate," only to end up with a minority government forced into discussions with the DUP.
According to reports in theWashington Post, some Conservative MPs are now using WhatsApp to discuss who they could replace her with:
Former minister Ed Vaizey told theBBCthat he supports May staying on, but that Tories were discussing possible replacements.
Asked whether members were calling one another to plot May's ouster this weekend, he denied it.
'That's so 20th century,' he said. 'It's all on WhatsApp.'
As part of her campaign Maypledged wide-ranging internet regulation planswhich could force internet companies to let intelligence services read private communications.
The manifesto read:
Some people say it is not for government to regulate when it comes to technology and the internet. We disagree.
The Tories demand that social media companies - like WhatsApp, for example - remove privacy features in order to 'better combat terrorism', as opposed to not cutting police numbers.
The Investigatory Powers act, commonly known as the 'Snooper's Charter', came into lawin December granting security services some of the widest-ranging spying powers in the world and permitting authorities to read browsing records.
The Prime Minister's plans to regulate the internet and encryption werecriticised as "making life easier for terrorists"by campaign group Open Rights Groups.
Jim Killock, the campaign group's executive director, said:
If successful, Theresa May could push these vile networks into even darker corners of the web, where they will be even harder to observe.
Last December,The Telegraphreportedthat Conservative Brexiteers operated within aWhatsApp group of more than 40 members, apparently to agree'lines to take' in public appearances.
Steve Baker, a Tory MP and group admin said at the time:
That requires instant communication, which is what we use the WhatsApp group for... It is extremely effective.
More:How the UK passed the most invasive surveillance law in democratic history and what we can do about it
More:Map: Did your MP vote for the controversial Snoopers' Charter?
Excerpt from:
Ironically, Tory MPs might be using WhatsApp encryption to plot Theresa May's downfall - The indy100
Samsung has added its Secure Folder app and file encryption tool to the Play Store – Android Police
The march of Samsung apps moving to Google Play continues. This time it's Secure Folder that has made its way over to every Android Police reader's favorite app store. Whatever it is you might need to keep hidden from prying eyes, now you have one more way to keep the app up-to-date. Unfortunately, it seems that it's limited to Samsung devices.
For the unfamiliar, Secure Folder is an app by Samsung that allows you to store sensitive information in a secure, encrypted folder. Files and applications can both be moved to the secure folder, and it can be locked by a pin, password, pattern, or fingerprint. You can keep an entire user profile separated and encrypted via the app, making it that much easier to hide your double life as a world-renowned pigeon fancier. It's also tied to Samsung's Knox security platform as well so any tampering with the device, such as rooting or a custom ROM, will lock out access to the folder.
I was able to pull the app down onto a tablet I have with a build.prop that was modified with a fictitious device name (long story), but even then it wouldn't launch. Sideloading the APK on other devices also resulted in failure, so unless you have a Samsung phone or tablet, you are probably out of luck. For non-Samsung users, this is less ( ) and more _()_/, but if you have a compatible device, now you have one more way to keep the app updated.
Now the question is, which Samsung app will be next to move to Google Play? If you've got a Samsung device that somehow doesn't have Secure Folder installed, give it a try at Google Play below, or over on APK Mirror.
Original post:
Samsung has added its Secure Folder app and file encryption tool to the Play Store - Android Police
Blaming the Internet For Terrorism Misses The Point – WIRED
British Prime Minister Theresa May has found something to blame for Saturday night's terror attack in London: the internet.
May, responding to the attack by three young men who killed seven people and injured scores more, called for an end to the "safe spaces" that the internet provides, and for measures to "regulate cyberspace."
"We cannot allow this ideology the safe space it needs to breed. Yet that is precisely what the internetand the big companies that provide internet-based servicesprovide," May said Sunday night outside 10 Downing Street. The statement, which appears on her official Facebook page , is among four solutions she offered for fighting terrorism. "We need to work with allied, democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremism and terrorist planning."
What May suggests will not work. As WIRED and others have explained time and time again, undermining encryptionwhich is what May is calling for hereso the "good guys" can see what the "bad guys" are up to jeopardizes everyone's safety. Simply put, weakened encryption makes everything from world banking to travel and healthcare riskier.
When May and other politicians call for encryption-busting protocols, what they really hope to do is turn back the clock to a time when the internet didn't connecting everyone and everything and underpin how the world works. They need to realize that time is past. Regulation, fines, pleadingnothing will return the world to the pre-internet era.
A British proverb applies well here: If wishes were horses, beggars would ride. May might wish for some way of securely disrupting online cryptography so it can be used only for good, but wishing can't make it so. Instead, May and her ilk must learn to focus on solutions that can make a difference. The British prime minister made four suggestions for combating terrorism. Here, we offer four that experts agree make more sense.
Though the internet helps terrorists communicate (and celebrate their actions), experts agree it does not cause terrorism, or even do much to radicalize. "The internet is often oversold in terms of radicalization," says Colin Clarke, a counterterrorism expert at RAND. Despite what you've heard, he says, most conversations among extremists occur face to face.
Though the internet does play a role in helping terrorists communicate, it is not the cause of terrorism. Not by a long shot.
"Traditionally the way [UK extremist group] Al-Muhajiroun have worked is that most of their radicalization has occurred offline," says Michael Kenney of the University of Pittsburgh who has extensively studied the Al-Muhajiroun extremist group that one of the London attackers has been reportedly linked to. "It occurs in small group settings. Its a group of guys. They gather, they talk, they indoctrinate each other," he says. Expanding online surveillance, eliminating full encryption, and even preventing the spread of violent videos can't eradicate that.
Terrorism researchers note that violence in Europe and the UK follows a familiar pattern, one that can teach governments how to counter the problem if they expend money and resources where they can do the most good. Most European jihadis are young Muslims, usually men, living in poor neighborhoods with high unemployment. They often are second- or third-generation immigrants from countries they have never lived in, they are not well-integrated into society, and they are unemployed or poorly educated. Their lives lack meaning and purpose.
Scapegoating the internet as the root of the problem risks ignoring the underlying problems: a vast swath of youth that have left behind, bullied, or ignored. These disaffected teenagers and young adults also often are angered by what they consider bad foreign policies. "They kind of exist in this netherworld that makes them vulnerable" to radicalization, says Clarke.
Instead, Clarke, Kenney, and experts like Thomas Hegghammer of the Norwegian Defence Research Establishment say the focus must be on offline solutions. Namely, education. Clarke advocates for "a really broad expansive overhaul of education in immigrant areas, and an emphasis on youth work." Hegghammer has called this a "Marshall Plan for improved education in immigrant-heavy areas."
In her approach to improving counterterrorism, May never mentioned education, though it may offer the best way to, as she says, "turn peoples minds away from this violenceand make them understand that our values pluralistic, British valuesare superior to anything offered by the preachers and supporters of hate."
May's suggestions include longer prison sentences for terrorist-linked activity, something experts agree with. Current sentencing, they say, tends to give extremists and terrorists just enough time to develop new contacts, and perhaps plan attacks. "Jail can be a networking event for these guys," says Clarke. Longer sentences could deter that.
Kenney adds another suggestion: empower families and friends to intervene when they see someone being radicalized. Teach them how to counter the rhetoric of jihadism. "Many young men and women when they radicalize its something that takes place over many months, in some cases even years. And if youre a member of a group like Al-Muhajiroun, you're not quiet, youre trying to recruit others."
This poses its own problems, though. In both the London and Manchester attacks, friends of the attackers reportedly reached out to the authorities, but British law enforcement is overwhelmed by the thousands of people already on government watch lists.
Tech companies and governments can work together to combat terrorism. But as US Representative Ro Khanna, who represents Silicon Valley, said Sunday on Fox News, "We have to have a factual approach." Rather than attempt to turn the internet into a world of walled gardens, the government should make smarter investments in certain technologies, like using biometrics at the border to better track people on watch lists. Or encourage tech companies to adopt technologies like eGlyph, a system developed by computer scientist Hany Farid, of the Counter Extremism Project, that can help the likes of Facebook, Twitter, and Google identify violent videos and ban them.
Farid's team hopes to address the problem of groups gathering online to plan attacks by developing an early warning system that uses linguistic analysis on sites like Facebook or Twitter. "Not to say you are bad or you are good but to simply give these companies some ability to monitor content and to say 'look, theres some bad stuff happening here,'" Farid says.
"The idea that we are going to somehow eradicate the problem by more closely monitoring the internet and Facebook is unrealistic and not likely to reach those intended outcomes," says Kenney. "It also reflects a lack of understanding of how radicalization actually occurs." The sooner May and politicians like her accept that reality, the safer the world will be.
See the original post here:
Blaming the Internet For Terrorism Misses The Point - WIRED
Infosec17: Society needs to address encryption dilemma – ComputerWeekly.com
According to one of the directors at Interpol we are facing a tsunami of criminality online, says Mary Aiken, forensic cyber psychologist and advisor to the European Cyber Crime Centre (EC3) at Europol.
The 10 most important things you need to know about GDPR, and a jargon-buster explanation for some of the key terminology.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
We are going to have to think about governance in this space even though this makes some people uncomfortable, she told Infosecurity Europe 2017 in London.
But if we do not have some form of governance in the cyber context, that will negatively affect real-world social order, she said.
Aikens comments coincide with fresh calls by the European Commission (EC) to give law enforcement new powers to obtain information from online service providers such as Facebook and Google as part of new measures to fight terrorism.
The EC has proposed multiple ways to make it easier for police to retrieve data stored in the cloud directly from technology companies in response to complaints about delays in investigations, reports the Telegraph.
The proposals include allowing security forces in one member state to ask a tech firm directly for data without consulting the authorities in that state, introducing an obligation on tech firms to hand over data to any force from a member state when a legal request is made, and giving police forces direct access to servers so they can copy the data they need.
This third option is kind of an emergency possibility which will require some additional safeguards protecting the privacy of people, Vera Jourova, European Union (EU) justice commissioner, told Reuters. These safeguards would include requiring that law enforcement requests are necessary and proportionate, she added.
EU justice ministers are aiming to put forward a proposal for future legislation in this regard by the end of the year or early 2018.
According to Aiken, there are three aims in apparent conflict, which are privacy, collective security and the aim of the vitality of the tech industry.
To achieve a balance in cyber space, none of those aims can have primacy over the other, she said, adding that she is very concerned from a policing and governance point of view that there are encrypted domains that are effectively beyond the law or cannot be accessed easily when necessary.
It will be almost impossible real-time to deliver on collective security when this information in obfuscated, she said, suggesting there needs to be a conversation about how best to resolve these tensions.
We need to stop thinking about things like cyber security and child development in silos and start joining the dots, said Aiken.
It is all connected. We cant look at any one problem in isolation. Hackers dont wake up at 15 and decide to become a hacker. Theres a developmental pathway to hacking, and if we can understand that and address that early on, then we can start tackling that problem over time.
The UK has shown incredible leadership in this regard, said Aiken, in terms of access to online pornography, which is very damaging for young people and looking at online age verification, which is critical in terms of child protection.
This is an issue that everyone in society should be concerned about, she said, because in time these children will begin to shape society. When we are all sitting in a nursing home, they are the ones who are going to be running the country, and they may not have the level of empathy that is conducive to looking after everybody else.
Asked about concerns from the information security community about giving advantages to criminals by making data more accessible to law enforcement, Aiken said this is the crux of the debate, but without being prescriptive about what should be done, there have to be checks and balances in place.
Effectively, if we see increasing amounts of negative behaviour associated with wide use of encryption across social media platforms, for example, and that has a negative impact, then we are going to have to think about it again and have a conversation about where robust encryption is appropriate and where it is not, she said.
Continued here:
Infosec17: Society needs to address encryption dilemma - ComputerWeekly.com