Caroline Lucas has been forced to clarify the Green Partys position on mass internet surveillance after accidentally saying she wanted to ban companies from using end-to-end encryption as part of the fight against terrorism.

During a live television interview on Sunday morning, the Green Partys co-leader said services such as the popular messaging service WhatsApp should be stopped from scrambling peoples data.

Too many ends in one question! To be clear, Greens do not want to end end to end encryption

Caroline Lucas

Many technology companies currently use end-to-end encryption to protect their users against eavesdropping. However critics of the measures argue that such security makes them more attractive for terrorists looking for a safe way to communicate.

End-to-end encryption renders messages meaningless if they are intercepted by a third party. The potential issue with banning end-to-end encryption is that moves to stop such data scrambling could allow everyones messages to be read- by security services as well as other potential snoopers not just those of suspected terrorists.

Read more:Amber Rudd must realise a back door in encryption wont make us more secure itll help criminals

Asked on the BBCs Andrew Marr Show if she was in favour of putting a stop to this, Ms Lucas replied: Do I think that ending end-to-end encryption is wrong? No.

But shortly after her appearance on the programme, she reversed her position, telling her Twitter followers that she had misunderstood the question.

Too many ends in one question! To be clear, Greens do not want to end end to end encryption, she wrote.

The partys manifesto states that the internet should be free of state and corporate surveillance to protect the rights and freedoms of individual citizens.

Our policy is about opposing the mass industrial scale surveillance of emails, she said, claiming that having to sift through so much information could actually make the job of the security services more difficult.

The bigger you make the haystack in which youre looking for the needle, the harder it is to find it, she added.

Encryption explained as simply as possible

Having all of that extra surveillance doesnt work. Its targeted surveillance that really makes the difference.

She also pointed out that she and other Green Party colleagues such as Baroness Jenny Jones were on a list of UK domestic extremists due to their environmental activism, arguing that this was a waste of police resources.

The issue of end-to-end encryption has come back under the spotlight in the wake of last weeks terrorist attack on Manchester.

Following the Westminster attack in March, Home Secretary Amber Rudd said it was completely unacceptable that security services were unable to read WhatsApp messages sent by the perpetrator Khalid Masood.

However she too appeared to misunderstand the intricacies of such technology in an embarrassing appearance on the Andrew Marr show.

See the article here:
Caroline Lucas in ending end-to-end encryption gaffe on Andrew Marr show - iNews

Home secretary Amber Rudd has denied she suggested an encryption ban, and said the government was making "good progress" with firms using end-to-end encryption.

In March, Rudd came in for criticism after saying end-to-end encryption on messaging apps like WhatsApp and iMessage was "completely unacceptable".

Read more: WhatsApp encryption is "completely unacceptable" warns home secretary

"We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorist to communicate with each other," she said in the wake of the attack on parliament, when it emerged the attacker Khalid Masood used WhatsApp minutes before the attack.

Speaking today on the Andrew Marr show, when asked about banning end-to-end encryption in its entirety and the damage it would do to the internet, Rudd said: "I never did suggest it."

"What I have always said is the internet provides an incredibly important place for people to do business, encryption is important for banking, for everything else as you say," she said. "But we need to do better to stop terrorists being able to use it."

"We are making good progress with the firms that have put in place end-to-end encryption. Some of them are being more constructive than others, but we will continue to build on that," Rudd said.

"The area that I am most concerned about is the internet companies who are continuing to publish the hate publications, the hate material that is contributing to radicalising people in this country."

Discussing terrorism threats and the UK's security in the wake of the Manchester attack last week which left 22 dead, Rudd said the police and security services have the tools they need and further legislation isn't required.

She said the government has started to use temporary exclusion orders (TEOs) for the first time; until recently, zero had been issued. Rudd would not disclose the number that have now been issued.

Introduced by David Cameron during his tenure as Prime Minister, the TEO are meant to disrupt and control the return to the UK of British citizens who have engaged in terrorism-related activity abroad.

They are approved by a judge before being issued by the home secretary and make it illegal for the person in question to return to the UK without informing the authorities and agreeing to be monitored.

Their travel documents are cancelled and they are also added to watchlists.

Read more: Here's what Tim Berners-Lee had to say about encryption after Rudd comments

Read this article:
Home secretary Amber Rudd denies she wanted an encryption ban and says progress is being made with tech giants - City A.M.

Image aware: encryption of pictures in cameras is becoming a hot topic for photo journalists Bloomberg

When a group of more than 150 filmmakers and photojournalists last December called on Canon, Nikon and other well-known camera manufacturers to add encryption features to their products, the campaign exposed a sore spot for the camera industry.

The arrival of billions of devices connected to the internet has left everything from the television in your living room to the printer in your office and soon the car in your garage vulnerable to cyber attacks. Cameras that link to the internet are no exception.

Phonemakers and technology companies including Apple, Samsung and Google have battled to protect user information from being hacked by installing encryption technology into products and operating systems. In the world of photography, however, pictures and footage have frequently been seized by authoritarian governments or stolen by criminals. Yet cameras do not have built-in encryption to protect their contents.

Because the contents of the cameras are not and cannot be encrypted, there is no way to protect any footage once it has been taken. This puts ourselves, our sources, and our work at risk, said the US-based Freedom of the Press Foundation in an open letter in December.

We face a critical gap between the moment we shoot our footage and the first opportunity to get that footage on to more secure devices, added the letter, which was sent to companies including Sony and Olympus.

Analysts say the lack of security measures underscores a deeper struggle for the traditional camera industry, which has wrestled for years to adapt its products to the digital age.

The market, particularly for low-cost point and shoot cameras, has suffered a big downturn as consumers have turned to the convenience of smartphone cameras that allow them to take photos that can be instantly shared on social networking sites such as Facebook and Instagram.

In 2016, global shipments of digital cameras declined 32 per cent from a year earlier to 24.2m units, according to the Camera and Imaging Products Association, a Tokyo-based industry group. This compared with a peak of 121.5m units in 2010.

Companies have tried to adapt to shrinking sales and consumer trends by shifting their focus to more expensive products with internet connectivity through WiFi-equipped cameras. Sonys latest mirrorless digital camera, the Alpha 9 boasts a 24.2-megapixel image sensor and retails for about $4,500. It allows image files to be encrypted while being transferred to an online server, but only when using a wired connection over a home or work local area network internet connection. This does not, however, address the problem the Freedom of the Press Foundation complained about, which is the lack of built-in encryption to protect images if a camera is stolen or confiscated.

The industrys slow response is partly down to cost and battery matters. This has led to a lack of interest in security measures among manufacturers and consumers, although more WiFi cameras are becoming available.

Since security awareness for digital cameras among consumers is not that high, the issue is inevitably a lower priority in terms of camera development, says Hiromi Yamaguchi, senior research analyst at Euromonitor, the business intelligence group. Still, consumers are becoming more sensitive to [the protection of their] personal information so we can expect demand for security measures to increase in the future.

Japans biggest camera makers including Canon, Nikon, Sony and Olympus all declined to provide details on what security measures they were studying following the calls from filmmakers and photojournalists to add encryption features to their products.

We will consider responding if the market and user needs for security increase in the future, says Canon, the worlds biggest maker of digital single-lens-reflex cameras, the preferred choice for professional and dedicated amateur photographers. Canon added, however, that it did not yet consider the overall market demand for security measures to be high.

Other companies point to security measures that are already built into image storing devices, although such safeguards are of little use if cameras are stolen or confiscated.

Experts say it would be a challenge to implement encryption features such as the inclusion of a four-digit security code without compromising convenience and user experience. This would be the case especially for professional photographers that are working under stress in combat zones and fighting against deadlines.

Critics say the lack of attention given to security measures by the most established manufacturers of cameras is testimony to the industry being hesitant to address the disruption caused by the rise of online platforms such as Instagram and smartphone photography.

Japanese camera makers have been globally successful but that historical success is now a drag, hampering the transition to a new business model, says Mr Yamaguchi. Thats one of the reasons why security measures have been slow to advance.

New industry players may fill that void for consumers who want the sophisticated imaging quality of top-quality photography, and solid security measures, combined with the convenience of compact smartphones.

Light, a Silicon Valley start-up, plans shortly to launch its first product, the L16, which claims to replace a professional digital single-reflex camera with a compact $1,700 device that fits in the palm of your hand. It can create pictures of up to 52 megapixels by computationally merging images from the cameras 16 lenses. On the security side, the camera uses the Android operating system, which comes with inbuilt encryption as standard.

There is nothing that has ever stopped any of the big legacy camera companies from innovating, says Dave Grannan, Lights co-founder and chief executive. They have been stuck in the past literally at every level, he adds. Encryption is like an insurance package for a car. You never think about it until you have a car crash. But it only helps the consumer.

See the rest here:
Cyber encryption is out of sight for camera makers - Financial Times

Every election campaign has its story, its place in the political history of this country. 2017 will forever be known for Manchester and the horror of the attack on Britain's young; and fighting terrorism will be a theme, overt or underlying, of what we see and hear between now and polling day.

The broadcasters have covered the events comprehensively yet sensitively. But they are aware that we're in an election campaign too; and when other news drives aside the carefully-balanced campaign formats, ministerial appearances give them a dilemma.

The fact is that what the Prime Minister and Home Secretary are doing in response to Manchester is newsworthy. It was Theresa May's duty to implement the recommendations of her security advisers on the elevation of the terror alert, and it would have been unthinkable for the news channels not to broadcast her various statements.

But it is also true that, if the bomb hadn't been detonated, Tuesday would have been a day in which the PM would have been under relentless damaging scrutiny for her u-turn on social care.All the opposition parties would have been in full cry across the airwaves. Yet in the tragic circumstances we found ourselves, nobody could argue that Downing Street appearances on the terror attack should prompt equal airtime for everyone from Labour to Plaid Cymru.

There are precedents for ministers needing to step out of their party roles during a campaign, and not be counted against the stopwatch balance of coverage. Irish terrorism was a factor in previous elections and the PM or Northern Ireland secretary were able to speak on behalf of the UK government. It applied to the foot and mouth epidemic that was occupying ministers' time in 2001. Prime ministers have gone to foreign meetings before, too. Mrs Thatcher went to an economic summit in photogenic Venice with her soulmate Ronald Reagan three days before the 1987 election, to the irritation of Neil Kinnock.

There are plenty of critics who will be vigilant about any quest for party advantage in the way that Theresa May and Amber Rudd now make their TV and radio appearances; and its inevitable that a party arguing that it offers strength and stability will not object to being judged against these criteria in extreme and distressing times.

So it's necessary for both broadcasters and politicians to be careful, and there are some fine judgements to be made. For instance, it was completely justifiable to interview Amber Rudd about the latest information from Manchester and her annoyance with American intelligence leaks. I was less comfortable with her being asked in the same interview about the Prevent strategy, and with her response that actions would follow "after June", which edges into party territory and would be a legitimate area to seek an opposition response.

When the campaigning resumes, these challenges become even greater. Deciding when the Prime Minister is speaking for the government and nation, or when she is leader of the Conservative Party, will never be black and white. But I would expect to see the broadcast bulletins trying to draw clearer lines about what is a political report and what is the latest from Manchester or from G7. They must also resist any efforts to time ministerial pronouncements with what's convenient for the party strategists' campaign grid.

There might also usefully be more effort to report straight what the parties are saying in the final days, with less spin and tactical analysis from the correspondents. The narrative of this election has been changed by tragedy, and the best response is to let the politicians and the public engage as directly as possible in deciding what direction the nation should now take.

Read the original post:
The problems with ending encryption to fight terrorism - New Statesman

There are many encryption challenges in the tech world today, particularly as the importance of encryption as a fundamental, rather than nice to have for data security, becomes the norm for businesses. An increasing number of organisations worldwide are adopting encryption to address the growing concerns of data safety and data privacy for compliance regulations.

The prevalence of data breaches has played a huge role in this along with the growth of mobile and public cloud services becoming the norm in the enterprise IT infrastructure. For example, there have been a number of hacks that have underlined the risks of using 3rd party storage or Enterprise File Sync and Share (EFSS) solutions as either a primary storage solution for corporate data or where employees are allowed to put corporate data onto their personal accounts.

But its not just the cloud services, working with files or cloud services through unauthorised hardware such as home computers or mobile devices, increases the risks to a company of a security breach taking place. This could be a hack, or data being shared accidentally in an unencrypted format to an unauthorised person. Devices off the corporate network, and in the shadows, are not protected to the same level as those known to corporate IT, and the same is true of cloud services. They will not be subject to the same corporate, regulatory (HIPPA, SOX, PCI, etc.) policies in relation to encryption, authentication, identity and access management, threat detection, device management, or something as straightforward as password policy. The new EU General Data Protection Regulation (GDPR) set to come into force in from 25th May 2018 will place significant responsibilities and penalties on those that process, or store data related to EU citizens, regardless of the companys location in the world.

It is critical to take the attitude that data must be protected at source. This means knowing what controls are in place to control the way data moves to internal and external network resources, and how its protected in those locations. Any data that you would fear losing, or is sensitive in any way, should always be encrypted at the end point in the organisation. Taking that approach will ensure that when data leaves the organisation it is encrypted at those external end points meaning access to the files remains completely under the control of the organisation, and the centrally controlled encryption key server.

One example of where this is very valuable, is when a personal cloud service account is used by an employee, who then leaves the organisation. Without encryption the user retains access to those files, and the organisation would have no way of removing them from the cloud service, or in fact any other device. Using centrally managed encryption, the users access can be removed in the policy engine of software the user instantly loses the ability to decipher and read the encrypted files.

Data encryption is a time-tested tool that can severely hinder attackers in their goal to steal confidential user and customer data, trade secrets, and more. In addition, to the complex regulations, the increasing adoption of new technologies such as mobility, cloud and virtualisation have also found the need for encryption more than ever before.

With more organisations encrypting more and more data, the key management still remains one of the biggest challenges. The problem with encryption has always been around the management strategy, if youre working with the different platforms, such as FDE, servers, file and folder, removable media, mobile devices, cloud IaaS, and cloud EFSS you should prep your management strategy before undergoing the project. Having a unified tool that can perform the key management responsibilities and also maintain the different platforms is an essential part of not only implementation, but ensuing solid ongoing security.

There are a lot of things to think about today when managing encryption and keys. Organisations should make sure they have a product that could reach the many different platforms within their organisation; all platforms at one point in time could require encryption. In addition, organisations should make sure the product they choose can manage all the keys spanning those different platforms. Below are just some examples of the different environments in which encryption might need to be managed for a typical enterprise.

FDE (Full Disk Encryption)

o BiLocker (Take over and manage) o Software Encryption o Apple FileVault (Take over and manage) o SED (Self Encrypting Drives)

File and Folder Encryption

o SFE (Secure File Encryption) with persistence

Removable Media and Container encryption Mobile Device Encryption Cloud IaaS (Private, Hybrid, Public) o AWS o Azure o VMWare o Citrix Zen o HyperV

Cloud EFSS o Google Drive o Dropbox o OneDrive o Box

Control over your data is one of the major benefits of centralised key encryption, rather than with external service providers, such as cloud storage services. This adds yet another level of protection should a breach of usernames/passwords occur at a 3rd party cloud service provider they cant get the encryption keys.

Its easy to see how things can quickly get very complex, and why Its important that organisations enforce encryption automatically through their security policy to help avoid disaster. Encrypting at the source may not stop a hacker from gaining access to data, but it will prevent the data itself from being disclosed.

Data encryption, when executed properly, protects the sensitive information stored within any given organisation. Although there are many myths attributed to data encryption, the surprising truth of the matter is that at its core, data encryption provides a foundational piece to any data security and cloud strategy. Many companies, when asked think they are well protected from attack, but ultimately every company should expect to become the victim of a data breach, whether accidentally at the hands of a miss-sent employee email, lost device, hacktivists, or the nefarious intentions of cyber criminals. Its only by taking that attitude that well ensure we have the best protection we can in place.

Mark Hickman, Chief Operating Officer, WinMagic Image Credit: Sergey Nivens / Shutterstock

See the original post:
It is critical to take the attitude that data must be protected at source. - ITProPortal