Melon Farmers Unrated

US Crypto Wars


US authorities look to breaking the encryption used to keep people safe


 

The US Army bans Chinese App TikTok from government phones...

Given Chinese dominance of internet infrastructure plus control over ever more apps, how long before the US government changes its stance and mandates strong encryption for all US internet users?


Link Here 2nd January 2020
The US Army has banned the use of popular Chinese social media video app TikTok, with Military.com first reporting it was due to security concerns. The US Navy have followed suit.

It is considered a cyber threat, a US Army spokesperson told Military.com . We do not allow it on government phones.

The ban comes in the wake of Democrat Senator Charles Schumer and Republican Senator Tom Cotton writing a letter to US Director of National Intelligence Joseph Maguire insisting an investigation into TikTok would be necessary to determine whether the Chinese-owned social media video app poses a risk to national security.

Given these concerns, we ask that the Intelligence Community conduct an assessment of the national security risks posed by TikTok and other China-based content platforms operating in the US and brief Congress on these findings, the letter said.

 

 

Seeking the back door to cloud cuckoo land...

The US Senate Judiciary Committee joins the UK and Australia Wanting Everyone to Know It's Concerned About Encryption


Link Here 11th December 2019

Yesterday the US Senate Judiciary Committee held a hearing on encryption and lawful access. That's the fanciful idea that encryption providers can somehow allow law enforcement access to users' encrypted data while otherwise preventing the bad guys from accessing this very same data.

But the hearing was not inspired by some new engineering breakthrough that might make it possible for Apple or Facebook to build a secure law enforcement backdoor into their encrypted devices and messaging applications. Instead, it followed speeches, open letters, and other public pressure by law enforcement officials in the U.S. and elsewhere to prevent Facebook from encrypting its messaging applications, and more generally to portray encryption as a tool used in serious crimes, including child exploitation. Facebook has signaled it won't bow to that pressure. And more than 100 organizations including EFF have called on these law enforcement officials to reverse course and avoid gutting one of the most powerful privacy and security tools available to users in an increasingly insecure world.

Many of the committee members seemed to arrive at the hearing convinced that they could legislate secure backdoors. Among others, Senators Graham and Feinstein told representatives from Apple and Facebook that they had a responsibility to find a solution to enable government access to encrypted data. Senator Graham commented:

My advice to you is to get on with it, because this time next year, if we haven't found a way that you can live with, we will impose our will on you.

But when it came to questioning witnesses, the senators had trouble establishing the need for or the feasibility of blanket law enforcement access to encrypted data. As all of the witnesses pointed out, even a basic discussion of encryption requires differentiating between encrypting data on a smartphone, also called encryption at rest, and end-to-end encryption of private chats, for example.

As a result, the committee's questioning actually revealed several points that undercut the apocalyptic vision painted by law enforcement officials in recent months. Here are some of our takeaways:

There's No Such Thing As an Unhackable Phone

The first witness was Manhattan District Attorney Cyrus Vance, Jr., who has called for Apple and Google to roll back encryption in their mobile operating systems. Yet by his own statistics, the DA's office is able to access the contents of a majority of devices it encounters in its investigations each year. Even for those phones that are locked and encrypted, Vance reported that half could be accessed using in-house forensic tools or services from outside vendors. Although he stressed both the high cost and the uncertainty of these tools, the fact remains that device encryption is far from an insurmountable barrier to law enforcement.

As we saw when the FBI dramatically lowered its own estimate of unhackable phones in 2017, the level of security of these devices is not static. Even as Apple and Google patch vulnerabilities that might allow access, vendors like Cellebrite and Grayshift discover new means of bypassing security features in mobile operating systems. Of course, no investigative technique will be completely effective, which is why law enforcement has always worked every angle it can. The cost of forensic tools may be a concern, but they are clearly part of a variety of tools law enforcement use to successfully pursue investigations in a world with widespread encryption.

Lawful Access to Encrypted Phones Would Take Us Back to the Bad Old Days

Meanwhile, even as Vance focused on the cost of forensic tools to access encrypted phones, he repeatedly ignored why companies like Apple began fully encrypting their devices in their first place. In a colloquy with Senator Mike Lee, Apple's manager of user privacy Erik Neuenschwander explained that the company's introduction of full disk encryption in iOS in 2014 was a response to threats from hackers and criminals who could otherwise access a wealth of sensitive, unencrypted data on users' phones. On this point, Neuenschwander explained that Vance was simply misinformed: Apple has never held a key capable of decrypting encrypted data on users' phones.

Neuenschwander explained that he could think of only two approaches to accomplishing Vance's call for lawful access, both of which would dramatically increase the risks to consumers. Either Apple could simply roll back encryption on its devices, leaving users exposed to increasingly sophisticated threats from bad actors, or it could attempt to engineer a system where it did hold a master key to every iPhone in the world. Regarding the second approach, Neuenschwander said as a technologist, I am extremely fearful of the security properties of such a system. His fear is well-founded; years of research by technologists and cryptographers confirm that key escrow and related systems are highly insecure at the scale and complexity of Apple's mobile ecosystem.

End-to-End Encryption Is Here to Stay

Finally, despite the heated rhetoric directed by Attorney General Barr and others at end-to-end encryption in messaging applications, the committee found little consensus. Both Vance and Professor Matt Tait suggested that they did not believe that Congress should mandate backdoors in end-to-end encrypted messaging platforms. Meanwhile, Senators Coons, Cornyn, and others expressed concerns that doing so would simply push bad actors to applications hosted outside of the United States, and also aid authoritarian states who want to spy on Facebook users within their own borders. Facebook's director for messaging privacy Jay Sullivan discussed ways that the company will root out abuse on its platforms while removing its own ability to read users' messages. As we've written before, an encrypted Facebook Messenger is a good thing , but the proof will be in the pudding.

Ultimately, while the Senate Judiciary Committee hearing offered worrying posturing on the necessity of backdoors, we're hopeful that Congress will recognize what a dangerous idea legislation would be in this area.

Comment: Open Rights Group joins international outcry over UK government calls to access private messages

11th December 2019. See article from openrightsgroup.org

See letter from openrightsgroup.org

Open Rights Group has joined dozens of other organizations signing an open letter to the UK government to express significant concerns raised by their recent statements against encryption.

The UK Home Secretary, Priti Patel, has joined her US counterparts in demanding weaker encryption and asking i nternet companies to design digital back doors into their messaging services. The UK government suggests stronger capabilities to monitor private messages will aid inf fighting terrorism and child abuse. ORG disagrees, arguing that alternative approaches must be used as the proposed measures will weaken the security of every internet user.

ORG is concerned that this attack on encryption forms a pattern of attacks on digital privacy and security by the UK government. Only last week leaked documents showed that the UK wants to give the US access to NHS records and other personal information, in a free flow of data between the two countries.

The open letter was also addressed to US and Australian authorities, and was coordinated by the US-based Open Technology Institute and was signed, among others, by Amnesty International, Article 19, Index on Censorship, Privacy International and Reporters Without Borders.

Javier Ruiz Diaz, Policy Director for Open Rights Group, said:

The Home Secretary wants to be able to access our private messages in WhatsApp and similar apps, demanding that companies remove the technical protections that keep out fraudsters and other criminals. This is wrong and will make the internet less safe. Surveillance measures should be targeted and not built into the apps used by millions of people to talk to their friends and family.

Comment: Facebook has also responded to UK/US/Australian government calls for back doors

11th December 2019. See article [pdf] from about.fb.com

As the Heads of WhatsApp and Messenger, we are writing in response to your public letter addressing our plans to strengthen private messaging for our customers. You have raised important issues that could impact the future of free societies in the digital age and we are grateful for the opportunity to explain our view.

We all want people to have the ability to communicate privately and safely, without harm or abuse from hackers, criminals or repressive regimes. Every day, billions of people around the world use encrypted messages to stay in touch with their family and friends, run their small businesses, and advocate for important causes. In these messages they share private information that they only want the person they message to see. And it is the fact that these messages are encrypted that forms the first line of defense, as it keeps them safe from cyber attacks and protected from falling into the hands of criminals. The core principle behind end-to-end encryption is that only the sender and recipient of a message have the keys to unlock and read what is sent. No one can intercept and read these messages - not us, not governments, not hackers or criminals.

We believe that people have a right to expect this level of security, wherever they live. As a company that supports 2.7 billion users around the world, it is our responsibility to use the very best technology available to protect their privacy. Encrypted messaging is the leading form of online communication and the vast majority of the billions of online messages that are sent daily, including on WhatsApp, iMessage, and Signal, are already protected with end-to-end encryption.

Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere. The backdoor access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm. It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it. People's private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do.

 

 

Messing with people's shit via their backdoors...

DOJ and FBI Show No Signs of Correcting Past Untruths in Their New Attacks on Encryption


Link Here 1st August 2019

Last week, US Attorney General William Barr and FBI Director Christopher Wray chose to spend some of their time giving speeches demonizing encryption and calling for the creation of backdoors to allow the government access to encrypted data. You should not spend any of your time listening to them.

Don't be mistaken; the threat to encryption remains high . Australia and the United Kingdom already have laws in place that can enable those governments to undermine encryption, while other countries may follow. And it's definitely dangerous when senior U.S. law enforcement officials talk about encryption the way Barr and Wray did.

The reason to ignore these speeches is that DOJ and FBI have not proven themselves credible on this issue. Instead, they have a long track record of exaggeration and even false statements in support of their position. That should be a bar to convincing anyone--especially Congress--that government backdoors are a good idea.

Barr expressed confidence in the tech sector's ingenuity to design a backdoor for law enforcement that will stand up to any unauthorized access, paying no mind to the broad technical and academic consensus in the field that this risk is unavoidable. As the prominent cryptographer and Johns Hopkins University computer science professor Matt Green pointed out on Twitter , the Attorney General made sweeping, impossible-to-support claims that digital security would be largely unaffected by introducing new backdoors. Although Barr paid the barest lip service to the benefits of encryption--two sentences in a 4,000 word speech--he ignored numerous ways encryption protects us all, including preserving not just digital but physical security for the most vulnerable users.

For all of Barr and Wray's insistence that encryption poses a challenge to law enforcement, you might expect that that would be the one area where they'd have hard facts and statistics to back up their claims, but you'd be wrong. Both officials asserted it's a massive problem, but they largely relied on impossible-to-fact-check stories and counterfactuals. If the problem is truly as big as they say, why can't they provide more evidence? One answer is that prior attempts at proof just haven't held up.

Some prime examples of the government's false claims about encryption arose out of the 2016 legal confrontation between Apple and the FBI following the San Bernardino attack. Then-FBI Director James Comey and others portrayed the encryption on Apple devices as an unbreakable lock that stood in the way of public safety and national security. In court and in Congress, these officials said they had no means of accessing an encrypted iPhone short of compelling Apple to reengineer its operating system to bypass key security features. But a later special inquiry by the DOJ Office of the Inspector General revealed that technical divisions within the FBI were already working with an outside vendor to unlock the phone even as the government pursued its legal battle with Apple. In other words, Comey's statements to Congress and the press about the case--as well as sworn court declarations by other FBI officials--were untrue at the time they were made .

Wray, Comey's successor as FBI Director, has also engaged in considerable overstatement about law enforcement's troubles with encryption. In congressional testimony and public speeches, Wray repeatedly pointed to almost 8,000 encrypted phones that he said were inaccessible to the FBI in 2017 alone. Last year, the Washington Post reported that this number was inflated due to a programming error. EFF filed a Freedom of Information Act request, seeking to understand the true nature of the hindrance encryption posed in these cases, but the government refused to produce any records.

But in their speeches last week, neither Barr nor Wray acknowledged the government's failure of candor during the Apple case or its aftermath. They didn't mention the case at all. Instead, they ask us to turn the page and trust anew. You should refuse. Let's hope Congress does too.

 

 

Offsite Article: US Attorney General gets aggressive about encryption...


Link Here 24th July 2019
'The status quo is exceptionally dangerous, it is unacceptable and only getting worse. It's time for the United States to stop debating whether to address it and start talking about how to address it'

See article from apnews.com

 

 

Offsite Article: Facebook is fighting the FBI demanding to snoop on Messenger...


Link Here 21st August 2018
Both encryption and the law are stacked against Facebook

See article from theverge.com

 

 

Offsite Article: Facebook under pressure...


Link Here18th August 2018
US reportedly pressuring Facebook to break Messenger's encryption over MS-13 investigation

See article from theverge.com

 

 

Offsite Article: Endangering the people...


Link Here10th April 2018
US 'Democrats' re-visit legislation demanding that the US authorities should be given a backdoor key to encrypted communications

See article from theregister.co.uk

 

 

Update: Next battle in the US Crypto Wars...

US authorities turn their attention to breaking the end to end encryption used by WhatsApp


Link Here14th March 2016

In Saturday's edition of the New York Times, Matt Apuzzo reports that the Department of Justice is locked in a prolonged standoff with WhatsApp. The government is frustrated by its lack of real-time access to messages protected by the company's end-to-end encryption . The story may represent a disturbing preview of the next front in the FBI's war against encryption.

It appears that the Department of Justice is considering pursuing another, similarly dangerous legal attack on encryption. The fact that the government is even considering such an action proves that our worst fears were right.

This time they're targeting WhatsApp, the Facebook-owned messaging app which started adding strong end-to-end encryption in 2014 . According to the New York Times, the government has obtained a wiretap order, authorizing real time acquisition of the WhatsApp messages (probably text chats rather than voice calls, but that's unclear at this stage) in an ongoing criminal investigation. WhatsApp is, of course, unable to provide decrypted text in response to the wiretap order, just as it was unable to comply with a similar order by a Brazilian court earlier this month. The whole point of end-to-end encryption is that no one but the intended recipient of a message is able to decipher it.

From the New York Times' reporting, it looks like the government has so far only obtained an initial wiretap order--demanding WhatsApp to turn over message content it can't access. The Department of Justice has not yet decided whether to ask the court for a follow-on order that would compel WhatsApp to decrypt the messages. Presumably, that second order would look similar to the San Bernardino order and direct WhatsApp to write code that would break its own encryption and allow it to provide plain text in response to the wiretap order.

If the government decides to seek that second order against WhatsApp, it would almost certainly be grounded, not in the All Writs Act but in the technical assistance provision of the Wiretap Act . So while the result of the All Writs Act litigation in San Bernardino wouldn't directly control the outcome of any Wiretap Act case against WhatsApp, courts apply similar tests in the two contexts. In both All Writs and Wiretap Act cases, courts evaluate whether compliance with an order would constitute an undue burden. Therefore all the rather convincing arguments Apple has made in San Bernardino would be available to WhatsApp as well.

As of now, we're unable to find any additional publicly available information regarding the order against WhatsApp. The New York Times reports that, unlike in the San Bernardino case, the WhatsApp litigation is being kept under seal. We'll keep an eye out for any additional documents, and will continue to blog as more becomes public. For now however, we applaud WhatsApp (and Facebook) for standing strong in the face of orders, whether Brazilian or American, to do the impossible or to compromise our security for the sake of enabling click-of-the-mouse surveillance.




 

melonfarmers icon

Home

Index

Links

Email

Shop
 


US

World

Media

Nutters

Liberty
 

Film Cuts

Cutting Edge

Info

Sex News

Sex+Shopping
 


Adult Store Reviews

Adult DVD & VoD

Adult Online Stores

New Releases/Offers

Latest Reviews

FAQ: Porn Legality

Sex Shops List

Lap Dancing List

Satellite X List

Sex Machines List

John Thomas Toys