Security community resists anti-encryption push as counter-productive
ANALYSISWestern governments have doubled down on their efforts to rein-in end-to-end encryption, arguing that the technology is impeding investigations into serious crimes including terrorism and child abuse.
In a joint statement (PDF) published over the weekend the Five Eyes (FVEY) intel alliance countries of Australia, Canada, New Zealand, the UK, and US were joined by India and Japan in calling for tech firms to enable law enforcement access to content upon production of a warrant.
The governments also want tech firm such as Apple and Facebook to consult with them on design decisions that might help or hinder this outcome.
The statements signatories call for tech firms to embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable.
How might this work? GCHQ recently came up with a proposal for adding an extra party into an end-to-end encrypted chat via a ghost feature, a pointer to the sort of approaches intel agencies have in mind.
Security experts have pushed back against the proposals, arguing that they inevitably undermine the privacy and integrity of end-to end encryption the current gold standard for secure comms.
In end-to-end encryption systems the cryptographic keys needed to encrypt and decrypt communications are held on the devices of users, such as smartphones, rather than by service providers or other technology providers. Users therefore dont have to trust their ISPs or service providers not to snoop.
Popular instant messaging apps WhatsApp, iMessage, and Signal have placed E2E encryption in the hands of the average smartphone user.
So if governments come knocking with requests for the keys normally necessary to decrypt encrypted communications, then theres nothing to hand over.
Western government say they support the development of encryption in general, as a means to secure e-commerce transactions and protect the communications of law-abiding businesses and individuals its just E2E encryption they have an issue with. Governments have long argued that E2E encryption is hampering the investigation of serious crimes, at least on a larger scale.
Malware can be used by law enforcement against individuals targeted in surveillance operations, a tactic which if successful gives access to content without needing to break encryption.
And police in countries such as the UK, for example, already have the ability to compel disclosure of encryption secrets from suspects.
As the anonymous privacy activist behind the Spy Blog Twitter account noted: UK already has law for disclosure of plaintext material, regardless of encryption tech, but they want to do it in secret, in bulk.
The tweet referenced the Regulation of Investigatory Powers Act 2000 Part III, which deals with the investigation by law enforcement of electronic data protected by encryption.
Security experts were quick to criticize the latest government moves as a push to mandate encryption backdoors, supposedly accessible only to law enforcement. Several compared it to failed government encryption policies of the 1990s.
These included efforts to control the US export of encryption technologies and attempts to mandate key escrow.
Katie Moussouris, chief exec of Luta Security and an expert in bug bounties, tweeted: The 1st time they did this (look up crypto wars), it weakened e-commerce and all other web transactions for over a decade, enabling crime. I wish we didnt have to repeat these facts.
Encryption of any type can be viewed as a branch of applied mathematics but arguments that anyone can implement encryption in a few lines of code miss the point that what governments are seeking is to make encryption tools inaccessible to the broader public, according to noted cryptographer Matthew Green.
One thing thats different this time around compared to the first crypto wars is that governments have more levers to apply pressure on tech firms, including app store bans. Last month, for instance, the Trump administration threatened to ban TikTok in the US over supposed national security concerns unless owners Byte Dance sold the technology to a US firm.
Green noted: The current administration has demonstrated that app store bans can be used as a hammer to implement policy, and you can bet these folks are paying attention.
I also think that sideloading capability is likely to be eliminated (or strongly discouraged) in a regime where encryption bans are successful, he added.
Cryptographer Alex Muffett expressed fears that the government proposals might eventually result in non-compliant social networks [getting] banned under criminal law.
End-to-end encryption is a key tool towards securing the privacy of everyone on the planet, as the world becomes more connected. It must not be derailed, instead the police should be better funded for traditional investigation, Muffett said on Twitter.
RELATED Are we building surveillance into systems, or are we building in security?
- Facebook: Don't expect full end-to-end encryption on Messenger until 2022 'at the earliest' - TechRepublic - May 6th, 2021
- Facebook Is Expanding End-to-End Encryption and Planning On Launching It for Rooms - Digital Information World - May 6th, 2021
- Facebook and Instagram will not get end-to-end encryption until 2022, here is how you can use it for chats - India Today - May 6th, 2021
- Facebook Messenger and Instagram Will Not Support End-to-End Encryption Any Time Soon - TechTheLead - May 6th, 2021
- E-mail Encryption Market Evolving Technology, Trends and Analysis 2021-2026 The Shotcaller - The Shotcaller - May 6th, 2021
- Whatsapp to introduce end-to-end encrypted backups - Pakistan Observer - May 6th, 2021
- Evervault to expand as founder urges encryption not regulation - The Irish Times - May 6th, 2021
- Asia Pacific Homomorphic Encryption Market To Witness Stunning Growth To Generate Massive Revenue Forecast to 2021: 2027| Google LLC,IBM... - May 6th, 2021
- Disk Encryption Market Increasing Demand with Leading Players | Sophos Ltd.; Symantec Corporation; DiskCryptor; Apple Inc. KSU | The Sentinel... - May 6th, 2021
- Researchers say this combo of old-school invisible ink and AI is 'uncrackable' - The Next Web - May 6th, 2021
- Verifyle and The Colorado Society of CPAs (COCPA) Partner to Protect Members and Clients from Hackers - StreetInsider.com - May 6th, 2021
- Facebook Pushes Ahead with Plans for Full End-to-End Encryption of its Messaging Tools - Social Media Today - May 1st, 2021
- Encryption Management Solutions Market Value to Increase over $ 6 Billion During 2021-2025 | Rising Demand for Digitalization to Drive Growth |... - May 1st, 2021
- Boris Johnson's Phone Number Leaks: Turns Out He Uses End-To-End Encryption... While Trying To Ban It For Everyone Else - Techdirt - May 1st, 2021
- G-Technology ArmorLock Encrypted NVMe SSD Review: Your Phone is the Key - Tom's Hardware - May 1st, 2021
- Encryption Software Market Manufacturers, Growth Opportunities, Regions, Type and Application, Revenue Industry Forecast to 2027 NeighborWebSJ -... - May 1st, 2021
- Encryption Software Market Size by Product Type, By Application, By Competitive Landscape, Trends and Forecast by 2027 KSU | The Sentinel Newspaper -... - May 1st, 2021
- Data Encryption Service Market 2021 COVID-19 Impact Analysis by Industry Challenges, CAGR, Business Overview And Forecast Research Study 2027 KSU |... - May 1st, 2021
- #NAMA: The traceability mandate and what it means for end-to-end encryption - MediaNama.com - May 1st, 2021
- Global Cloud Encryption Market To Experience Scalable Growth Heights By 2026 ZMR KSU | The Sentinel Newspaper - KSU | The Sentinel Newspaper - May 1st, 2021
- Nearly half of all malware is concealed in TLS-encrypted communications Urgent Comms - Urgent Communications - April 24th, 2021
- Priti Patel v Facebook is the latest in a 30-year fight over encryption - The Guardian - April 24th, 2021
- Insights and Prediction of Hardware-based Full Disk Encryption (FDE) Global Market (2020-2027) KSU | The Sentinel Newspaper - KSU | The Sentinel... - April 24th, 2021
- Mobile Encryption Market Research Report by Type, by Application, by End User Global Forecast to 2027 Cumulative Impact of COVID-19 NeighborWebSJ -... - April 24th, 2021
- Encryption Software Market 2021 | Industry Analysis, Size, Share, Growth, Trends, Demand And Forecast : Microsoft Corporation Symantec Corporation IBM... - April 24th, 2021
- Global Email Encryption Software Market Research with Size and Growth, key Segments Analysis, Types, Share, Forecast 2021-2028 The Courier - The... - April 24th, 2021
- Cloud Encryption Software Market by Manufacturers, Regions, Type and Application, Forecast To 2026 Gemalto, Netskope, Microsoft, HPE, Ciphercloud ... - April 24th, 2021
- Database Encryption Market Innovative Driving Factors, Trends and Growth Analysis 2020-2026 SoccerNurds - SoccerNurds - April 24th, 2021
- Hardware Encryption Market 2021 Is Booming Across the Globe by Share, Size, Growth, Segments and Forecast to 2027 | Top Players Analysis- Western... - April 24th, 2021
- Residents outraged over police dog attack and they want encryption to end - The Daily Post - April 8th, 2021
- Encryption Has Never Been More Essentialor Threatened - WIRED - April 8th, 2021
- Encryption is either secure or it's not - there is no middle ground - Help Net Security - April 8th, 2021
- Nasdaq and Intel Announce Partnership Over New Encrypted Tech - Business Insider - April 8th, 2021
- The UK Is Trying to Stop Facebook's End-to-End Encryption - WIRED - April 8th, 2021
- Encryption Key Management Market Emerging Trends and Global Demand 2021- Amazon, Ciphercloud, IBM, Gemalto, Thales E-Security, Egnyte, Sepior The... - April 8th, 2021
- Castle Shield Holdings, LLC Announces Typhos, A Secure Messaging App, Built With End-to-End Encryption From the Ground Up - Business Wire - April 8th, 2021
- In the past 5 years, WhatsApp has managed to deliver around 100 trillion encrypted messages - Digital Information World - April 8th, 2021
- New phase of light holds the key to quantum encryption - Digital Journal - April 8th, 2021
- AT&T upgrading FirstNet to 5G, adding encryption across network - ZDNet - April 8th, 2021
- Cloud Encryption Market to become worth US$2912.3 mn by the end of 2025 KSU | The Sentinel Newspaper - KSU | The Sentinel Newspaper - April 8th, 2021
- Why encryption backdoors spell the death of privacy - Business Standard - April 8th, 2021
- Mobile Encryption Market 2021 Industry Size, Share, Growth and Top Companies Analysis- McAfee(Intel Corporation), Blackberry, T-Systems International,... - April 8th, 2021
- The Encryption Debate in the European Union: 2021 Update - Carnegie Endowment for International Peace - April 4th, 2021
- Understanding the Role of Encryption in GDPR Compliance - tripwire.com - April 4th, 2021
- UK Child Welfare Charity Latest To Claim Encryption Does Nothing But Protect Criminals - Techdirt - April 4th, 2021
- Email Encryption Market worth $11.8 billion by 2026 - Exclusive Report by MarketsandMarkets - PRNewswire - April 4th, 2021
- The use of VPNs and Encryption - General Security - BleepingComputer - April 4th, 2021
- The Home Office is preparing another attack on encryption - Wired.co.uk - April 4th, 2021
- EncroChat hearings delayed as lawyers seek disclosure on police hacking - ComputerWeekly.com - April 4th, 2021
- Database Encryption Market 2021 Industry Size, Growth, Revenue, Global Statistics and Forecast to 2025 KSU | The Sentinel Newspaper - KSU | The... - April 4th, 2021
- Ring Floodlight Cam now packs end-to-end encryption at $200 (Save 20%) - 9to5Toys - April 4th, 2021
- IRONCLAD ENCRYPTION CORP : Bankruptcy or Receivership, Other Events, Financial Statements and Exhibits (form 8-K) - marketscreener.com - April 4th, 2021
- Opinion: Police scanners and Civil Rights - The Daily Post - April 4th, 2021
- U.S. Department of Commerce's Bureau of Industry and Security Relaxes Several Classification and Reporting Requirements for Encryption Items - JD... - April 4th, 2021
- Exclusive Report on Encryption Software Industry: Market Size will Witness Substantial Growth by 2026 SoccerNurds - SoccerNurds - April 4th, 2021
- Hard Drive Encryption Software Market 2021 Industry Size, Share, Growth and Top Companies Analysis- Dell, Eset, Gemalto, IBM, Mcafee, etc. The Bisouv... - April 4th, 2021
- Hardware-based Full Disk Encryption Market Top Key Players Like: iStorage Limited, Seagate Technology, Hitachi, Western Digital, and others - The... - April 4th, 2021
- Global Encryption Key Management Market Industry Research, Major Manufacturers, Competitive Analysis and Development Forecast up to 2025 SoccerNurds... - April 4th, 2021
- IoT Security Solution for Encryption Market 2021 Will Reflect Significant Growth in Future with Size, Share, Growth, and Key Companies Analysis- Cisco... - April 4th, 2021
- Global Optical Encryption Market To Witness High Demand During Forecast Period Of 2021 To 2027 The Bisouv Network - The Bisouv Network - April 4th, 2021
- Intel joins forces with DARPA to help build encryption 'holy grail' - IT PRO - March 10th, 2021
- Intel is working with DARPA on advanced cloud encryption - Yahoo Tech - March 10th, 2021
- WhatsApp hopes to adhere to traceability norm without breaking encryption - Techradar - March 10th, 2021
- DARPA picks teams to bring homomorphic encryption to life - GCN.com - March 10th, 2021
- WhatsApp Will Protect Your Cloud Backups Even Better Via Encryption - Android Headlines - March 10th, 2021
- The world's first social network with end-to-end encryption has arrived - PR Web - March 10th, 2021
- Fully Homomorphic Encryption Market 2021 a compressive overview, Growth Prospects and Future Opportunities | IBM Corporation, Galois Inc KSU | The... - March 10th, 2021
- Instagram working on Clubhouse-like audio rooms, end-to-end encryption in chats - The Express Tribune - March 10th, 2021
- Instagram might be working on Clubhouse competitor and end-to-end encryption - HT Tech - March 10th, 2021
- WhatsApp working on encrypted chat backups for iCloud and Google Drive - Business Standard - March 10th, 2021
- Finally! WhatsApp is working on encrypting iCloud and Drive backups - Pocketnow - March 10th, 2021
- What is end-to-end encryption & how does it work? - Security Boulevard - March 8th, 2021
- Can WhatsApp stop misinformation without compromising encryption? - Quartz - March 8th, 2021
- End-to-End Encryption Coming to Teams - UC Today - March 8th, 2021
- Feds warn threats are harder to track as extremists shift to encryption - Axios - March 8th, 2021
- SecureMyEmail Offers Free Encrypted Email Service Without the Need to Switch Email Providers - PRNewswire - March 8th, 2021
- DSCI, Ashoka University launch CIPHER for promoting holistic encryption regime - Business Today - March 8th, 2021
- IT Rules 2021: CEO Will Cathcart says WhatsApp hopes to find solution to traceability without breaking encryption - MediaNama.com - March 8th, 2021
- WhatsApp brings end-to-end encrypted video and audio calls to its desktop app - 9to5Mac - March 8th, 2021
- Global Encryption Software Market 2020 Regional Landscape, Market Dynamics, Manufacture Analysis, Industry Demand and Forecast to 2025 KSU | The... - March 8th, 2021