Weve seen a lot of chat services rolling out end-to-end encryption lately (or, in Facebook Messengers backwards world, optional end-to-end encryption), but now Viber wants to take that one step further. Viber already launched end-to-end encryption for all conversations held over its service a few months back, but starting today, you can host secret chats for a little extra security.

With secret chats, you can set the conversation to self-destruct and automatically delete after a certain amount of time. While regular chats in Viber have this self-destruct option, it only applies to video and picture messages in secret chats, on the other hand, the self-destruct feature applies to all messages.

Secret chats offer two more features that regular Viber chats do not. Messages in secret chats cant be forwarded, and secret chats also offer some kind of protection from screenshots. According to Viber, screenshots are completely disabled on Android. Screenshots can be taken on iOS, but the sender will received an notification alerting them to the fact that the recipient of their message is snapping pictures.

While you can turn existing chats into secret chats, you also have the options of keeping separate regular and secret chats with your Viber contacts. You can also use secret chats to hold one-on-one conversations or group conversations with up to 199 contacts. If youre hosting a secret chat with 200 people, though, we wonder how secret the chat really is.

So, all in all, this sounds like a nice companion feature to end-to-end encryption, and it should do something to pull in users who are concerned about security more than anything else. Secret chats are available in the latest version of Viber, which is already appearing on the Google Play Store. What do you think of this new feature? Head down to the comments section and let us know!

Read more:
Viber launches secret chats to go beyond encryption - SlashGear

Turn on and set up FileVault

FileVault 2 is availablein OS X Lion or later.When FileVault is turned on, your Mac always requires that you log in with your account password.

If other users have accounts on your Mac, you might see a message that each user must type in their password before they will be able to unlock the disk. For each user, click the Enable User button and enter the user's password. User accounts that you add after turning on FileVault are automatically enabled.

Choose how you want to be able to unlock your disk and reset your password, in case you ever forget your password:

If you lose or forget both your account password and your FileVault recovery key, you won't be able to log in to your Mac or access the data on your startup disk.

When FileVault setup is complete, your Mac restarts and asks you to log in with your account password. Your password unlocks your disk and allows your Mac to finish starting up.FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.

After your Mac starts up, encryption of your startup disk occurs in the background as you use your Mac. This takes time, and it happens only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences. Any new files that you create are automatically encrypted as they're saved to your startup disk.

If you forget your account password or it doesn't work, you might be able toreset your password.

If you want to change the recovery key used to encrypt your startup disk, turn off FileVault in Security & Privacy preferences. You can then turn it on again to generate a new key and disable all older keys.

If you no longer want to encrypt your startup disk, you can turn off FileVault:

After your Mac starts up, decryption of your startup disk occurs in the background as you use your Mac. This takes time, and it happens only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences.

* If you storeyour recovery key with Apple or your iCloud account, there's no guarantee that Apple will be able to give you the key if you lose or forget it. Notall languages and regions are serviced byAppleCareor iCloud, and not allAppleCare-serviced regionsoffer support in every language. If youset up your Mac for a languagethat AppleCare doesn't support, then turn on FileVault and store your key with Apple (OS X Mavericks only),your security questions and answers could be in a language that AppleCare doesn't support.

Here is the original post:
Use FileVault to encrypt the startup disk on ... - Apple Support

BT is to offer transparent encryption to its customers in 180 countries, in order to protect corporate information and critical data including big data that is held in the cloud and elsewhere.

The company has signed a deal with the e-security unit of French multinational Thales to provide its Vormetric transparent encryption to customers. The system will allow customers to encrypt data-at-rest, control privileged user access and manage a collection of security intelligence logs without re-engineering applications, databases or infrastructure.

David Stark, vice president of BTs security portfolio, said: "Security and integrity of data remains one of the biggest concerns for our customers when deploying cloud solutions. Through our agreement with Vormetric, we provide our customers with an additional layer of security that helps them protect data stored in the cloud as well as enhance access control."

Mike Coffield, vice president of global channel strategy at Thales e-Security, said that organisations "have never faced a more significant threat from cyberattacks, with breaches not only potentially costing vast sums of money in fines, but also longer term damage to brand, reputation and market value".

The companies said that the collaboration "represents a significant step forward for organisations seeking to address todays growing business challenge of protecting mission-critical data and corporate information assets".

BT Security said it provides managed services to 6,500 customers worldwide, including both private and public-sector organisations. Customers will be able to buy the service as a licence or a subscription.

Coffield added: "With organisations increasingly deploying techniques such as cloud computing and big data to drive up customer service, it is critical that this proliferation of data is safeguarded from getting into the wrong hands."

Topics: BT, Thales, security, e-security, cloud, big data, encryption, Vormetric

Excerpt from:
BT to offer customers encryption service for data - Capacity Media (registration)

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

Answers to your questions about privacy and security

Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and othertechnology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers personal data because we believe its the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the governments efforts to solve this horrible crime.We have no sympathy for terrorists.

When the FBI has requested data thats in our possession, we have provided it.Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case.We have also made Apple engineers available to advise the FBI, and weveoffered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software which does not exist today would have the potential to unlockanyiPhone in someones physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limitedto this case, there is no way to guarantee such control.

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In todays digital world, the key to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But thats simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades ofsecurity advancements that protect our customers including tens of millions of American citizens from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by brute force, trying thousands or millions of combinations with the speed of a modern computer.

The implications of the governments demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyones device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phones microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBIs demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBIs intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Read this article:
Customer Letter - Apple

Archives: By Topic Select a Topic 113th Congress 114th Congress 1267 terrorist sanctions 1997 Mine Ban Treaty 2001 AUMF 2002 AUMF 2016 Presidential Electio 9/11 Commission Review Aamer v. Obama Abdirahman Sheik Mohamud Abdullah al-Shami Abu Ghaith Abu Ghraib Abu Khattala Abu Omar Abu Wa'el Dhiab Abu Zubaydah v. Poland Accountability ACLU ACLU v. CIA ACLU v. Clapper ACLU v. DOJ act of state Adam Schiff Additional protocol I Adnan Syed Adobe Afghanistan Africa African Commission on Hum African Court of Human an African Court of Justice African Union African Union Mission in African Union Regional Ta Aggression Ahmad Al Faqi Al Mahdi Ahmed Ghailani Ahmed Godane Ahmed Warsame Airstrikes Ajam v. Butler Akbar Akhtar Muhammad Mansur Al Bahlul IV Symposium Al Qaeda Al Shabaab Al Shumrani Al-Bahlul al-Iraqi Al-Janko v. Gates Al-Libi Al-Maqaleh v. Hagel Al-Nashiri Al-Nashiri v. Poland Al-Shimari v Caci et al. Al-Skeini v. United Kingd Al-Zahrani v. Rodriguez Alexander Litvinenko Algeria Ali v. Obama Alien Tort Statute All Writs Act Ambassador Robert Ford Ambassador Stephen Rapp Amends Amerada Hess American Law Institute American Samoa American Society of Inter Americans Amicus Brief amnesty Amnesty International Amos Guiora and Ibrahim al-Qosi Andrew Kleinfeld Andy Wright Angela Merkel Anonymity Ansar Dine Anthony Kennedy Anti-Muslim discriminatio Anti-Terrorism Act (ATA) Anti-Torture Amendment Antonin Scalia Anwar al-Awlaki AP I AP II APA Appellate Jurisdiction Apple AQAP AQIM Arab Spring armed attack armed conflict Armed Opposition Groups Arms Control army field manual Artesia Article 51 Article II Article III Ash Carter Ashraf Ghani Aspen Publishers Assad Assassination Ban Associated Forces asylum Atomic Energy Act atrocities prevention Attacks on Cultural Herit Attorney General attribution Auden AUMF AUMFs Australia authorization for the use Automated Searches Automated Weapons Autonomous Weapons Autonomous Weapons System Avril Haines Ba Odah v. Obama back doors Bagram Air Force Base Bankovic v. Belgium Baraawe Barack Obama Barbara Tuchman Barrel Bombs Barton Gellman Bashar al-Assad Bashir Belfast Peace Agreement Belgium Belhaj v. Straw Bemba Ben Emmerson Ben Wittes Benghazi Bernand Kleinman Bill Banks Bimenyimana Biodefense Bioterror Bivens Suit Black Sites Blackwater Blue Ribbon Study Panel o BND Boasberg body cameras Boim v. Holy Land Foundat Boko Haram Bond v. US Book Reviews Books We've Read Bosnia-Herzegovina Botnets Boumediene v. Bush Brad Heath Brazil Brett Kavanaugh Brexit Brian Egan British Library Bruce Ackerman Brussels Attacks BSA bulk collection Burkina Faso Burundi Bush Administration CAAF CALEA California Call for Papers Cambodia Cameron Munter Canada Canadian Security Intelli Canadian Supreme Court Cardozo Law Review Carly Fiorina Carnegie Mellon Universit Castro v. DHS CAT Ceasefire Cell Site Location Inform cell tracking Censorship Center for Civilians in C Center for Constitutional Center for Democracy and Center for National Secur Center for Naval Analysis Central African Republic Central District of Calif cert petitions Cessation of Hostilities Chad Chapter VII Charles Taylor Charleston Church Shootin Charlie Hebdo Charlie Savage Chatham House mini forum Chelsea Manning Chemical Weapons Chilcot Report Chile China Chivalry Chris Jenks Church Commission CIA CIDT CISA Civil Liberties Civil service Civilian Casualties Civilian-Military divide Civilian-Military relatio Claire McCaskill Clapper Clapper v. Amnesty Intern Clarence Thomas Classified Information Clipper Chip Cluster Munitions CMCR collective self-defense Colombia Colvin v. Syria combat troops Comey Commission on the Wartime Committee Against Torture Committee on the Eliminat Common Article 1 Common Article 3 Community Outreach Compliance with Court Ord Complicity Computer Security Inciden Conflict of interest Conflicts of Interest Congress congressional authorizati Congressional Hearing Congressional Hearings Congressional Investigati Congressional Oversight Consolidated Appropriatio Conspiracy Constitution constitutional law Contempt Content Continuous Combat Functio Convention Against Tortur Convention on Cluster Mun Convention on Conventiona Corporate Liability corporations Corruption Council of Europe Council on Foreign Relati Countering Violent Extrem Counterinsurgency counterintelligence Counterterrorism Court of Appeals for the Court of Military Commiss Courts Martial Couture-Rouleau Covert Action CQ Roll Call crime crime of aggression Crimea Crimes Against Humanity criminal trial Critical Infrastructure Cross-Border Data Request cross-ruffing Cruel cryptography CSIS Cuba Cully Stimson Customary International L CVE CWC Cy Vance Cyber Cyber Bonds Cyber Warfare Cyberattacks Cybersecurity Cybersecurity Act of 2015 Daily News Daily News Roundup Dan Markel Data Data Localization Data Protection Data Sharing David Barron David Ellis David Golove David Hicks David Kaye David Kris David Medine David Miranda David Sentelle David Tatel DC Circuit DC District Court DDoS DEA Deborah Pearlstein Deep Web Defense Directive 2310.01 Defense Select Committee Democracy Democratic Republic of Co Denmark Department of Defense Department of Homeland Se Department of Justice Department of State deradicalization detainee treatment Detention Detention Review Boards development Device Encryption DHS DIA Dianne Feinstein Diarmuid O'Scannlain Diplomacy diplomatic assurances Direct Participation in H Disinformation Dissent Dissent Channel Cable Distinction Division 30 Djibouti DNC DNC Hack DOD DoD Directive 2310.01E DOD Directive 5230.09 DOD Instruction 5230.29 DOJ Domestic Surveillance Dominic Ongwen Donald Trump Dreyer drone court Drone Papers Drones Drones Report due process Duncan Hunter Dustin Heard Dylann Roof Early Edition Ebola ECHR Economic Espionage ECPA ECPA Reform Editors' Picks EDNY Edward Snowden EFF v. DoJ Effective Control Egypt el salvador Electronic Frontier Found Elena Kagan Email Privacy Act Emergency Powers Emoluments Clause Empirical Research Encryption End-to-End Encryption Enemy Belligerents Engines of Liberty EO 12333 EPIC Eric Garner Eric Holder Espionage Act Ethics EU Data Retention Directi Europe European Commission European Convention on Hu European Convention on Na European Court of Human R European Court of Justice European Parliament European Union Evan Liberty event Events evidence Executive Order 12333 Executive Order 13470 Executive Order 13567 Executive Orders Executive Power Executive Privilege extradition Extrajudicial Release Extraordinary African Cha Extraordinary Renditions Extraterritoriality F Facebook FARC Fast & Furious Fatou Bensouda FBI FBI Director FBI v. Apple Featured Federal Communications Co Federal Courts federal program Federal Trade Commission federalism Feminism Ferguson Fifth Amendment Filartiga financing First Amendment FISA FISA Amendments Act of 20 FISA Improvements Act FISA Reform FISC Five Eyes Florence Hartmann FOIA force-feeding Foreign Affairs Foreign Claims Act Foreign Fighters Foreign Law Foreign Policy Foreign Sovereign Immunit foreign sovereign immunit Foreign Surveillance foreign terrorist fighter Foreign Terrorist Organiz Forever War Fourth Amendment Fourth Circuit France Frank Wolf Fred Korematsu Freedom of Association freedom of expression Freedom of the Press FSIA FTC fugitive Gabor Rona Gabriel Schoenfeld Gag Order Garcetti v. Ceballos Gaza GCHQ Gender General Warrants Geneva Conventions genocide Geoff Corn George W. Bush Georgia Gerald Seib Germany Gideon v. Wainwright GJIL Summit Glenn Greenwald Going Dark golden key golden number Google Goran Hadi Government Shutdown Greece Group of Governmental Exp Guantanamo Guardian Guatemala Guest Post Guide to Torture Report Gulf War Guns of August Guns of September Habeas Habre hacking Hae Min Lee Hagel Haiti Hamdan Hamdi v. Rumsfeld Hamid Karzai Handschu Agreement Harold Koh Harvard Law Review Harvard Law School Hassan v. City of New Yor Hate Crimes Hate Speech Hatim v. Obama Heikkila v. Barber Helms Amendment Hernandez v. United State Hezbollah Hicks High commissioner for hum High-Value Detainee Inter Hillary Clinton Hoffman report Holder v. Humanitarian La Holidays Holocaust Holy See Hossam Bahgat Hostage Act Hostile Intent House Armed Forces Commit House Committee on Foreig House Demolitions House Judiciary House lawsuit House Permanent Select Co House Un-American Activit HPSCI HTTPS Huawei Human Right Law human rights Human Rights Committee Human Rights Council Human Rights First Human Rights Law Human Rights Watch Human Shields human trafficking Humanitarian Intervention Humanitarian Law Humanitarian relief opera Hussain v. Obama Hybrid Justice IACHR Ibrahim v. DHS Ibrahim v. US ICC ICCPR ICRAC ICRC ictr ICTY IDF IHL IHR immigration Imminent Threat Immunity immunity for official act Imran Khan Incendiary Weapons India individual self-defense Information Sharing inhuman and degrading tre injury in fact INS v. St. Cyr Inspector General Insular Cases Insurance Intelligence activities Intelligence and Security intelligence community Intelligence Community Di Intelligence Reform International Arm International Armed Confl International Convention international court International Court of Ju International Courts International Criminal Co International Criminal La International Law International Law Commiss International Right to En International Right to Pr internet Internet freedom Internet of Things Interrogation Investigatory Powers Bill Investigatory Powers Trib Iqbal Iran Iran Negotiations Act Iran Nuclear Agreement Re Iran nuclear deal Iran nuclear negotiations Iran Nuclear Negotiations Iraq Iraqi Kurdistan Irek Hamidullan Ireland ISAF ISIL ISIL AUMF Islam Islamic Islamic State Israel Italy Jack Goldsmith James Clapper James Comey James Foley James Risen Jamie Orenstein Jamshid Muhtorov Janice Rogers Brown Jason Smith Jean Pierre Bemba Jeffrey Brand Jeh Johnson Jennifer Granick Jeremy Ridgeway Jerry Brown Jim Sensenbrenner Joe Biden John Bellinger John Brennan John Gleeson John Kerry John McCain John Reed John Walker Lindh John Yoo Joint Committee on Human joint criminal enterprise Jon Cornyn Jonathan Horowitz Jones v. UK Jordan Joseph McCarthy Joshua Arap Sang Journalist journalists JSOC Judge Bates Judge Raymond Randolph Judicial Appointments Judicial Review Judith Rogers Junaid Hussain Jus ad Bellum jus cogens violations jus in bello Just Security Just Security anniversary Just Security Candidates Just Security interns Just Security internship Just security jobs Just War Justice Against Sponsors Justin Raimondo Karen Greenberg Karen LeCraft Henderson Katz v. United States Kazemi v. Iran Keith Alexander Kennedy v. Mendoza-Martin Kenneth Dahl Kenya Kevin Heller Khadr Khalid Sheikh Mohammed Khouzam Killer Robots Kiobel v. Royal Dutch Pet Kiyemba v. Obama Klayman v. Obama Korean landmines Korematsu Korematsu v. United State Kristen Gillibrand KSM Kunduz Kyrgyzstan Laird vs Tatum Lakhdar Brahimi landmines Latif v. Holder Laurence Silberman Lavabit Law enforcement Law Enforcement Hacking Law of Armed Conflict Law of War Manual Law of War Manual Forum Law of War Manual. ICRC Lawfare Lawful Hacking Laws of War Leak Investigations Leaks Lebanon Legal Adviser Legal Adviser, DoS legal offices Legal Services Corp. v. V Letters to the Editor Lewis Kaplan Lex Specialis LGBT Libertarianism Libya Limburg Lindsey Graham Lithuania Livestream Logan Act Lord Peter Goldsmith Lords Resistance Army LTTE Luban Lujan v. Defenders of Wil Luther v. Borden Mac Thornberry Magistrate Judges Maher Arar Mahmoud Abbas Majid Khan Mali Manmohan Singh Mar-a-Lago Marco Rubio Marcy Wheeler Margo Brodie Marine Corps Mark Martins Mark VIsger Marketplace of Ideas Marne Marsha Berzon Martin Luther King Jr. Marty Lederman Material Support Matt Blaze Matthew Waxman Mauritania Mavi Marmara MCA McCain-Feinstein Amendmen McCarthyism McClatchy Mdecins Sans Frontire Media Media Shield Law Medical Personnel membership Memorial Day Mercenaries Merrick Garland Meshal v. Higgenbotham Metadata Mexico Michael Brown Michael Flynn Michael Ratner Michael Weiss Michel Foucault Microsoft Microsoft v. DOJ Microsoft Warrants Case Middle East midterm elections midterms Migrant migration Mike Rogers Military Military aid Military Commissions Military Extraterritorial Military Justice Review G military justice system Military Objective Minimization Procedures Ministry of Defense v. Ra Mitch McConnell MLAT Mohamed v. Jeppesen Datap Mohammed v. MOD Monday Reflection Money Monsanto Montreaux Document Mootness Mosaic Theory Mosul Munitions murder Muslim ban Muslim Brotherhood Mustafa al-Shamiri Mutual Legal Assistance namibia narco-trafficking Nasr v. Italy Nathalie Weizmann National Archives National Institute of Sta national security National Security Council National Security Lawyeri National Security Letters NATO Nawaz Sharif NCIS NCTC NDAA NDU Speech negotiations Network Investigative Tec New York Times New York Times v. DOJ Nicholas Lewin Nicholas Merrill Nicholas Slatten Niger Nigeria No-Fly List Non-international Armed C non-refoulement non-self-executing treati Nonproliferation Treaty Noor Uthman Muhammed Norms Watch North Korea Northern Ireland Notice NSA NSA Reform NSLs Nuclear Nuclear Weapons Nuremberg NYPD Obama administration occupation October Office of Legal Counsel Office of the Director of official act immunity OLC Drone Memo Oman Omar al-Bashir Omar Khadr Oona Hathaway Operation Operation Barkhane Operation Inherent Resolv Operation Protective Edge Operation Storm of Resolv Opinion Poll OPM Organization for Security Organization for the Proh Orin Kerr Osama bin Laden OTP Strategic Plan Ottawa Convention Ottawa shootings Oversight Oversight v. Holder Pakistan Palestine Palmer Raids Panetta Panetta Review Paris Attacks Paris Climate Accord parli Particularity Partition Parwan Patrick Leahy Patrio Patriot Act Paul Slough Paul Wolfson PCLOB Peace Talks Peacekeeping Pen Registers Pentagon Pentagon Papers perfidy Periodic Review Boards Periodic Review Boards (P persecution Peter Burke Peter Margulies Peter Raven-Hansen Philippines Pinochet Plea Agreement PMC PNSDA Poland Police militarization political question doctri Posse Comitatus Power Wars Symposium PPD-28 PPD-30 PPG PRB Pre-publication Review Pr President Obama President's NDU Spee President's Review G Presidential Campaign 201 Presidential Policy Guida Presidential Powers Presidential Review Board Presidents Day PRISM Privacy Private Military and Secu private military contract proportionality protected persons Provisional measures Public Surveys Q+A Qualified Immunity Queen's Speech R2P Rachel Kleinfeld racial discrimination Radovan Karadi Ramzi Bin al-Shibh Rand Paul Raner Collins Ranger School Ransomware rape Rasul v. Bush Ray Mabus Raza v. City of New York Readers' Guide Reagan Real Estate Recusal Red Scare reddit Reengagement Assessment refugee Refugee Crisis Religion remedies Rendition Rep. Adam Schiff Republic of Korea Resolution 2170 Responsibility to Protect Restis Restis v. United Against Rewards for Justice Rex Tillerson Reyaad Khan Rhetoric Richard Burr Richard Leon Right to Be Forgotten Right to Life Right to Privacy Right to Truth Riley v. California Robert Gates Robert H. Jackson Robert Litt Robert Sack Rodriguez v. Swartz Rogue Justice Rome Statute Ron Wyden Roof Knocking Rosenberg vs Pasha Rothstein v. UBS AG Roy Cohn Royce Lamberth Rule 41 Rules of Engagement Rumsfeld v. Padilla Russia Rwanda Ryan Vogel Saddam Hussein SAFE Act of 2015 Safe Harbor safe zones Sahel Salahi Saleh v. Titan Corp Salim v. Mitchell Samantar v. Yousuf San Bernardino Shooting sanctions Sarah Cleveland Sarah Koenig SASC Saudi Arabia Schengen Zone Schlesinger v. Councilman Schrems Scotland Scott Shane SCOTUS SDNY Second Circuit Secrecy Secret Law Secret Service Section 215 Section 702 Security security agreement Security Assistance security clearance self-defense Senate Senate Armed Services Com Senate Foreign Relations Senate HSGAC Senate Intelligence Commi Senate Judiciary Committe Senegal Separation of powers Serdar Mohammed v. SSD Serial Service Providers Sexual Assault Sexual Violence Seymour Hersh SFRC SGBV Sgt. Bowe Bergdahl Sharia shooting Siege Warfare signals collection Silicon Valley Sir John Chilcot SJC Slahi slavery Smith v. Maryland Smith v. Obama Snooper's Charter Snowden Snowden Treaty social Social Media Solicitor General Somalia Sonia Sotomayor Sony South Africa South Ossetia South Sudan Special Forces special rapporteur Spying Sri Lanka SSCI SSCI Report SSCI Torture Report standing Stanley McChrystal Starvation state immunity State of the Union State Responsibility state secrets state secrets privilege State v. Andrews Statehood Staten Island Status of Forces Agreemen status-based immunity statute of limitations StellarWind Stephen Williams Steve Dycus Stimson Center StingRays Stored Communications Act Sudan Sunshine Week superior responsibility Supreme Court Supreme Court of Canada Surveillance Suspension Clause Sustainable Development G Sweden Syria Syrian opposition Syrian refugees Szabo v. Hungary TACT 2000 Tadic Tahir-ul-Qadri Taliban Taliban Sources Project Tallinn Manual target Targeted Killing Targeting Decisions Taylor v. KBR Teaching Technology Ted Cruz term limits terrorism terrorist Terrorist Expatriation Ac Third Circuit Thomas Ambro Thomas Griffith Thomas Lubanga Dyilo Tim Kaine Tim Starks Title III Tony Blair Tor Tor Browser torture Torture Report trafficking transitional justice Transparency transparency reports Treasury Department Treaties Treaty Implementation Treaty Law Trump Trump Administration Trump Administrations truth commission Tuaua Tunisia Turkey Turkmen Turkmenv.Hasty Turner v. Safley Tweet Roll Twitter UANI UDHR Uganda Uhuru Kenyatta Uighurs UK UK Elections UK High Court UK Parliament UK Supreme Court UK Terrorism Act 2000 Ukraine Umm Sayyaf UN Assistance Mission in UN Charter UN High Commissioner for UN High Commissioner on H UN Human Rights Committee UN Security Council Uniform Code of Military United Kingdom United Nations United Nations General As United Nations Human Righ United Nations Human Righ United States ex rel. Acc United States v. Graham United States v. Moalin Universal Declaration of Universal Jurisdiction Universal Periodic Review Unlawful Combatants UNSC UNSC Resolution 1441 UNSC Resolution 2178 UNSC Resolution 2249 unwilling or unable US AID US Army US Holocaust Museum and M US v. al-Darbi US v. al-Shibh US v. Garcia US v. Khadr US v. Mehanna US v. Mohammed US v. Warshak USA Freedom USA Freedom Act Use of Force USS Cole Vance v. Terrazas Verdugo-Urquidez Veterans Veterans Day Veto Victor Restis Video Vietnam Vladimir Putin Vojislav eelj voluntary manslaughter Vulnerabilities Equities war War Crimes War Crimes Act war memorial War on Drugs War on Terror War Powers War Powers Resolution Warafi warrant canary Warsame Wartime Contracts Washington Post Wassenaar Arrangement Waziristan weapons Weapons of Mass Destructi Weekly Recap West Bank Westgate WhatsApp Whistleblowing White House Wikimedia v. NSA William Bradford William Ruto William Samoei Ruto Wiretap Women Women in combat Women's Rights Wong Kim Ark Yahoo Year End 2015 Year End 2016 Yemen Yezidis Yugoslavia Zakharov v. Russia Zehalf-Bibeau Zero-Day Vulnerabilities Zimbabwe Zivotofsky v. Clinton Zivotofsky v. Kerry

Surely without a hint of irony, just a day after WikiLeaks dumped a vault-load of documents detailing the Central Intelligence Agencys use of hacking tools and software exploits, FBI Director James Comey told an audience at a Boston College conference on cybersecurity that [t]here is no such thing as absolute privacy in America. Comeys elevator pitch in support of his claim was that there is no place outside of judicial reach, citing the fact that even time-tested testimonial privileges of the spousal, clergypenitent, and attorneyclient sort can be pierced by judges in appropriate circumstances. Comeys argument, which hes made at a steady drumbeat for several years now, is that sure, privacy is important, but law-enforcement access is paramount. The government and judges, not technology, should decide when the government can get to your private information.

If only things were that simple. Comey has at various times tried to disclaim any desire to have Congress mandate backdoors to encryption-enabled devices and services, even getting himself laughed off of C-SPAN when he suggested that his approach would provide a front door instead. When it comes to encryption, doors are doors, andas Julian Sanchez comprehensively explained more than two years ago, at the dawn of the Crypto Wars sequelthey are a truly terrible idea. To briefly recapitulate Julians post: it is damn near impossible to create a security vulnerability that can only be exploited by the good guys; there are lots of governments out there that no freedom-loving person would classify as the good guys (an observation that takes on a chilling new cast in light of recent events); any backdoor or retention mandate both implicitly assumes and, if it is to be effective, must effectivelyencouragecentralized over decentralized computing and communications architectures; and even if encryption really is law enforcements digital-age bte noire, it is a small price to pay in the Golden Age of Surveillance.

So what does this all have to do with the Vault 7 leak? Its a fair question. Software exploits of the type disclosed by Wikileaks and encryption backdoors might both technically be lines of computer code, but the stakes surrounding each are distinct. For the reasons Julian put forward (and more), encryption backdoors should be a complete non-starter. Mandating backdoors would present a grave security threat to critical internet infrastructure. As a quartet of leading security researchers put it in a highly regarded paper in 2014, mandating built-in encryption backdoors amounts to intentionally and systematically creating a set of predictable new vulnerabilities that despite best efforts will be exploitable by everyone.

When law enforcement or intelligence agencies exploit existing security vulnerabilities, things are perhaps less clear cut. Unlike with backdoors, not every exploit of a software vulnerability poses a systemic risk. (While a backdoor to the iPhone would put a hole in every pocket, the targeted deployment of an exploit would not.) Still, many vulnerability exploits have widespread consequences, putting internet security at risk. As the security quartet put it, the danger of proliferation means each use of an exploit, even if it has previously run successfully, increases the risk that the exploit will escape the targeted device. Call it the Jurassic Park Rule of Internet Security:

Jim, the kind of control youre attempting simply is . . . its not possible. If there is one thing the history of internet security has taught us its that vulnerabilities will not be contained. Vulnerabilities break free, they expand to new territories and crash through barriers, painfully, maybe even dangerously, but, uh . . . well, there it is. . . . Im simply saying that vulnerabilities . . . find a way.

For example, despite reportedly rigorous testing before deployment, the Stuxnet worm used by the United States and Israel to attack an Iranian nuclear facility unexpectedly spread to non-target computers. And when the government sits on a zero-day exploit to be able to exploit it later, there is always the chance that an adversary is doing the same thing. These risks are, for the most part, inherently unknowable beforehand.

While its true that there are unknown risks associated with both exploits and encryption backdoors, only the latter amount to deliberately introduced vulnerabilities. Nevertheless, Comey has been quite skeptical of the notion that giving the government a golden key into the encrypted devices of millions of users would present a broad threat to the security of the internet. His theory, after all, is that the governmentwith judges as gatekeeperwill use such a key responsibly and with oversight. But Vault 7 is a visceral reminder that the public cant trust the government to keep this stuff safehell, not even the government can trust the government to do so. And backdoors present an even more cut-and-dried case than exploits.

Even if an exploit or a backdoor is yours and yours alone for now, your monopoly is either a chimera, or it will be short-lived. And the consequences of spillover can beas Jeff Goldblum learned the hard wayequally unpredictable and devastating. While WikiLeaks did not publish any malicious code this week, it did claim that the contents of Vault 7 have been circulating among former U.S. government hackers and contractors in an unauthorized manner.

What happens when a highly weaponized suite of hacking tools makes its way into the broader internet? I hope we are not about to find outbut if we are, I suspect that Comey and his colleagues at the FBI are unlikely to be happy with what they find. Heres hoping the experience gives them pause the next time they ponder whether their solution to the threat of absolute privacy is really such a good one after all.

Image: Darin McCollister/Getty.

Read the rest here:
Encryption Backdoors, Vault 7, and the Jurassic Park Rule of Internet Security - Just Security