IT professionals have spoken out against a government-backed campaign to limit end-to-end encryption, arguing that it will not make the world safer and is likely to cause more harm than good.

In a survey carried out by BCS, The Chartered Institute for IT, 78% of industry professionals said they did not believe restricting the use of end-to-end encryption (E2EE) in messaging would protect users.

The poll of 1,000 IT professionals was launched in response to the UK government-backed No Place to Hide campaign, which warns that further roll-out of end-to-end encryption would make it more difficult to police child sexual abuse.

The Home Office-backed campaign claims that social media sites are willfully blindfolding themselves to child sexual abuse by introducing end-to-end encryption on messaging services.

Meta, the owner of Facebook, has come in for particular criticism over its plans to introduce end-to-end encryption to its Instagram and Facebook messenger services.

End-to-end encryption is already widely available in messaging apps such as Signal, Telegram, Wickr and Metas WhatsApp, which offer varying degrees of security, depending on how they are configured.

A steering group of charities, led by Barnardos, the Lucy Faithful Foundation, the Marie Collins Foundation and SafeToNet, are driving the work. Police forces, including the National Crime Agency (NCA), are also backing the campaign.

Rolling out end-to-end encryption without safety measures in place would be like turning the lights off on the ability to identify child sex abusers online. These plans will mean that social media companies can no longer see the abuse that happens on their platforms, the campaign groups said in January.

BCS director of policy Bill Mitchell said: Whilst we can appreciate the governments aim is to make the internet a safer place, a balance has to be struck when it comes to end-to-end encryption.

Now is not the time to weaken technology that is so fundamentally important to our security. There should be more exploration of the alternatives before we go down the road of rolling back E2EE, especially in this time of war, when secure messaging is a vital tool for truth-telling across the world.

According to the poll, 66% of specialists said restricting end-to-end encryption would have a negative impact on protecting society at large.

Encrypted messaging has since become increasingly important to the people of Ukraine, with a large rise in usage being reported, including by journalists, the BCS said.

Some 70% of IT professionals were not confident it was possible to have both truly secure encryption and the ability to check encrypted messages for criminal material.

Many industry experts said they were worried about the possibility of increased surveillance from governments, police and the technology companies that run the online platforms. Other concerns were around the protection of financial data from hackers if end-to-end encryption was undermined.

There were concerns that wider sharing of secret keys, or centralised management of encryption processes, would significantly increase the risk of compromising the confidentiality they are meant to preserve.

BCSs Mitchell said: Its odd that so much focus has been on a magical backdoor when other investigative tools arent being talked about. Alternatives should be looked at before limiting the basic security that underpins everyones privacy and global free speech.

Government and intelligence officials are advocating, among other ways of monitoring encrypted material, technology known as client-side scanning (CSS) that is capable of analysing text messages on phone handsets and computers before they are sent by the user.

Proposals by Apple to compel iPhone users to accept updates that would automatically and covertly search shared images for possible abuse material and send reports to Apple or law enforcement agencies were condemned by 14 top computer scientists and cryptographers in October last year.

They concluded in a research paper, Bugs in our pockets: The risks of client-side scanning, published by Columbia University, that the plans were unworkable, vulnerable to abuse, and a threat to safety and security, citing more than 15 ways in which states or malicious actors, and even targeted abusers, could turn the technology around to cause harm to others or society.

The No Place to Hide campaign states: We are not opposed to end-to-encryption in principle and fully support the importance of strong user privacy. Instead, our campaign is calling for social media companies to work with us to find a solution that protects privacy, without putting children at even greater risk.

Originally posted here:
IT professionals wary of government campaign to limit end-to-end encryption - ComputerWeekly.com

BEDMINSTER, N.J.--(BUSINESS WIRE)--During the most recent, annual, international Optical Fiber Communications Conference (OFC 2022) in San Diego, at the expert panel session entitled, Will Quantum Always Remain Basic Research or is it Ready to Power Great Products?, the world-renowned telecommunications expert, Dr. Peter Winzer, stated categorically that Quantum key distribution (QKD) has yet to yield practical products that solve real-world problems.QKD only strives to provide a secure key, typically at kbps to mbps rates, which is unsuitable for todays massive traffic needs. Significantly higher speed physical-layer security systems exist, including Apriori Network Systems method for secure, high-capacity optical data transmission.

There has been a raging debate as to whether QKD will solve the problem of the vulnerability of optical fibers to physical hacking. Despite much research into QKD technology, there remains a lot of skepticism. A United Kingdom National Cyber Security Centre1 (NCSC) white paper referring to QKD, states that it does not endorse its use in government or military applications and the NSA2 asserts QKD, suffers from limitations and implementation challenges that make it impractical for use in National Security System (NSS) operational networks.

The U.S. Governments Committee on National Security Systems3 (CNSS) specified a product that monitors fibers for breaches using more conventional technology.

Gary Weiner, CEO of Apriori, points out that the CNSS4 solutions are designed to detect fiber hacks, but the emphasis is on detection of tampering and not prevention of fiber hacking or dealing with the tapping problem. Mr. Weiner contends, the ability of a person-in-the-middle hacker accessing transmission data to monitor, influence and control critical infrastructure could be devastating financially, security-wise, and even impact lives. The sooner service providers recognize this risk and act on it, the better we will all be."

The Apriori PrivaC fiber links guarantee privacy-asssured transmission service by intrinsically defending itself from eavesdropper attacks over an entire protected fiber span.

About Apriori Network Systems

Apriori Network Systems, as a privately held N.J. company, is positioned to be the world leader in cost-effective, privacy-assuring, efficient, practical prevention of physical hacking of optical fiber communications systems. Aprioris first product, the PrivaC fiber platform, based on a patented solution, is presently in final development and available for demonstrations.

Links

1United Kingdom: https://www.ncsc.gov.uk/whitepaper/quantum-security-technologies

2https://www.apriorinetwork.com/complementary-to-quantum-key-distribution/

2https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2394053/nsa-cybersecurity-perspectives-on-quantum-key-distribution-and-quantum-cryptogr/

3 CNSS https://en.wikipedia.org/wiki/Committee_on_National_Security_Systems

4 CNSSI https://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf

View post:
Apriori Network System's Innovative Optical Fiber Hack-Proof Solution a Better Value Proposition than Quantum Encryption - Business Wire

While most messaging apps promise end-to-end encryption, they suffer from 2 fundamental flaws.

Firstly, they are usually governed by a central authority and depend on centralized servers. These servers store all the metadata of your conversations and are vulnerable to attacks. Further, the central authority also controls your data, and they can use it as they deem fit.

The second problem is that end-to-end encryption will become obsolete once we enter the age of quantum computing (more on this later).

To address these issues, a new generation of messaging apps has emerged. They are decentralized, quantum-resistant and will effectively future-proof private communication. And at the forefront of these up-and-coming messaging apps is the xx messenger.

The xx network

The xx network is a full-stack platform with a layer one blockchain that is quantum resistant. It is one of the most private communications networks in the world right now. One unique aspect of the network is that its communication layer even obfuscates the metadata of your chats. This provides an added level of security.

Any application or blockchain platform can route its traffic to the xx network for secure and quantum-proofed end-to-end communication.

The crowning jewel of the network is its decentralized messaging application, xx messenger. It embodies all the features that the xx network promises. It is an end-to-end quantum secure messaging application that obfuscates metadata.

Both the xx network and the messenger are the creation of David Chaum, a computer scientist and cryptographer known as the 'godfather of cryptocurrency'. In 1982, way before Satoshi Nakamoto published his now-famous white paper, Chaum published a dissertation titled, "Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups,". This was the first blockchain protocol to exist.

Features of the xx messenger

xx messenger is not just a proof-of-concept utilizing state of the art quantum technology; it is a full-fledged messenger with modern features expected from any top-of-the-line messaging application. It offers popular features such as group chats, audio, and video sharing. It is also very easy to sign up on xx messenger. You do not have to link an existing account, number, or email ID.

Instead, you only have to provide a pseudonym. This makes it free from any form of real-world identification. The application only relies on its underpinning privacy-preserving technology to give users the ultimate privacy communication experience.

The quantum computing problem

We have repeatedly used the phrase quantum protected or quantum proofing, but to really appreciate this feature, we must understand what quantum computing refers to in this context.

Quantum computing applies the principle of quantum physics to the world of computers. Quantum physics relates to understanding problems and physical concepts at atomic and sub-atomic levels. The working of a computer or its smallest unit, a transistor, can also be put in terms of quantum physics.

Today's computers use the binary digits - 0 and 1 - as the most basic levelled instructions. In machine language, 1 refers to a true statement, and 0 refers to a false statement. A combination of these digits can be used to form complex instructions, and that is how all computer instructions are formed.

But due to the concept of 'Quantum superposition', it is possible for a machine to read both digits simultaneously. While quantum computers do not exist now, experts believe that it is only a matter of time before they do. These computers will be extremely powerful and would be able to crack the encryption standards we use today in minutes.

Chaum and his team at xx network have developed a quantum secure consensus algorithm known as xxBFT consensus to circumvent this problem.

The consensus model ensures that the network is protected from quantum computing attacks. The application's message mixing protocol called xx Cmix ensures that encryption cannot be broken and also provides a metadata shredding feature.

A decentralized network

On the other side of privacy is decentralization. It ensures that no organization, third-party or even the xx network itself can access a sender's or recipient's data. The xx messenger is built on top of the decentralized xx network.

The xx network uses a randomly selected pool of nodes on the network to help encrypt messages in sets of 1,000. The nodes continuously shuffle these messages and encrypt them. The nodes have an incentive to participate in the encryption they are rewarded in the blockchain's native currency for their effort in securing the network.

The xx network is also an open-source platform, meaning anyone with the technical know-how can contribute to the network and any application on it, including the xx messenger. The source code of the application is written in the Golang programming language.

The xx messenger aims to fill a gap in the market by providing a decentralized and quantum secure infrastructure that is robust and easy to use. The application is currently available on both IOS and Android Play Store for download.

Visit link:
Is the XX messenger the future of private communication? - CNBCTV18

Encrypted data communications are at the forefront of a war in which Russia is establishing itself as the second most powerful military in Ukraine. The lack of encrypted communications already led to the death of one Russian general and many incidents of intercepted communication.

Although most military communications are designed to be encrypted, investigative reporter Christo Grozev from Bellingcat explains the role of the Era phone and that the infrastructure required to run it was destroyed:

Many citizens in Ukraine are leveraging full end-to-end encrypted communication systems, with Signal as the most popular. Cloudflare published statistics for Ukraine and Russia indicating that Signal has surpassed Telegram for the first time. Although both applications prominently define themselves as encrypted messengers, the role that encryption plays is different:

Signal founder Moxie Marlinspike published a warning to Ukranian internet users that Telegram does not use end-to-end encryption. A main aspect of Marlinspikes objection is the way that leverage can be applied against an encrypted service because it is possible for the service to read messages, the right leverage can eventually yield a result. During a tweet exchange with Elon Musk, Marlinspike provided additional technical information and details of how Signal responds to government demands. The primary difference between these encrypted messengers is key management and the role that whoever has the key has the data.

Anastasiia Voitova, head of customer solutions at Cossack Labs explains the difference of end-to-end encrypted messengers. Cossack Labs provides open source encryption technologies, with research based in London and Kyiv, Ukraine.

Cossack Labs provides several encryption tools deployed across the world that protect data in motion as well as data at rest. When used in applications, each component acts as a data safeguard. The open source Themis library provides a suite of tools that make encrypted communication easier for developers. Instead of making many cryptographic decisions and different APIs, Themis simplifies the decisions about which algorithms to use and how, spread across fourteen different platforms - this interoperability enables teams to coordinate between software skillsets like React, Java, web/JS, Go, Kotlin, Swift, and others.

Cossack Labs also offers Acra, a library for managing data at rest. Designed for distributed applications, Acra provides a way to encrypt/decrypt sensitive data on a client yet still store the data on a centralized system. Using Acra, developers can perform transparent encryption, knowing only as much about the encryption technology as they want to know at a single time. While many cryptographic APIs offer the burden of choice, Acra provides a series of pre-made decisions that result in the correct, properly-secure outcome.

Those looking to assist Ukraine can use the Official NBU Special Account to Raise Funds for Ukraines Armed Forces or Official NBU Fundraising Account for Humanitarian Assistance to Ukrainians Affected by Russias Aggression.

Excerpt from:
Encryption in the Ukrainian War - InfoQ.com