• Tag Archives encryption

  • The Burr-Feinstein Proposal Is Simply Anti-Security

    Posted on by Azrael Comment

    Sens. Richard Burr and Dianne Feinstein recently released a draft bill forcing nearly all U.S. companies to decrypt any encrypted data they may handle. Specifically, it would place a new, sweepingly broad duty on device manufacturers, software developers, ISPs, online services and others to decrypt encrypted data or offer “such technical assistance as is necessary” if ordered to do so by any court anywhere in the country.

    The draft reflects an ignorance of everyday computer security practices that safeguard your devices and information from criminals. As currently written, the draft likely even outlaws forward secrecy, an innovative security feature that many major tech providers, including WhatsApp, have implemented to limit the damage to user privacy in the event encryption keys are compromised.

    The draft shows how out of touch Senate Intelligence Committee leaders Sens. Burr and Feinstein are with the needs of the American people. Millions of Americans suffer the loss, theft, or compromise of intimate communications, trade secrets, and identities each year. We desperately need more security, not less. Yet this bill would strongly discourage companies from providing it. The draft should never be introduced in a bill and should never advance in the Senate.

    It’s also unclear why this bill was drafted for the Senate Intelligence Committee. The committee does not have jurisdiction over this issue, and similar bills—like the Communications Assistance for Law Enforcement Act (CALEA)—were overseen by the Judiciary and Commerce Committees.

    Despite being in a golden age of surveillance, the senators are pushing Congress to destroy fundamental aspects of computer security. We already use encryption every day to protect our devices from criminals, ensure the privacy of our communications, and protect routine online transactions. Forcing companies to undermine their products will stifle the very innovation that built the American tech industry. American innovators and companies will just lose out since foreign companies will still be offering these protections to their users.

    We have no doubt that the Intelligence Committee will try to pass this draft out of committee behind closed doors and without any public input. That’s why we urge senators to oppose cosponsoring, or otherwise voting on advancing the measure.

    In the coming weeks, we’ll be calling on our community of digital rights supporters to join us in fighting back against this draft bill, or one that looks anything like it. Our goal is clear: stopping Burr-Feinstein and safeguarding the future of security for all Americans.

    Source: The Burr-Feinstein Proposal Is Simply Anti-Security | Electronic Frontier Foundation


    📂This entry was posted in News and Politics 📎and tagged

  • Whatsapp adds end-to-end encryption

    Posted on by Azrael Comment

    With end-to-end encryption, messages are scrambled as they leave the sender’s device and can only be decrypted by the recipient’s device.

    It renders messages unreadable if they are intercepted, for example by criminals or law enforcement.

    Whatsapp, which has a billion users worldwide, said file transfers and voice calls would be encrypted too.

    The Facebook-owned company said protecting private communication was one of its “core beliefs”.

    Encryption was thrown under the spotlight after the FBI asked Apple to help it access data on an iPhone used by California gunman Syed Farook.

    Whatsapp said: “The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.”

    Users with the latest version of the app were notified about the change when sending messages on Tuesday. The setting is enabled by default.

    Amnesty International called the move a “huge victory” for free speech.

    “Whatsapp’s roll out of the Signal Protocol, providing end to end encryption for its one billion users worldwide, is a major boost for people’s ability to express themselves and communicate without fear,” the organisation said in a statement.

    “This is a huge victory for privacy and free speech, especially for activists and journalists who depend on strong and trustworthy communications to carry out their work without putting their lives at greater risk.”

    Whatsapp’s decision was also welcomed by security professionals.

    “Wire-tappers lament, law-abiding citizens rejoice, for WhatsApp’s latest update is a victory for communications privacy,” said Lee Munson, a security researcher for Comparitech.

    “With the ability to access data removed even from the company behind the app, only ill-informed law enforcement agencies are likely to mutter ‘terrorists’ as the masses enjoy the encrypted text messages, photos, video and phone calls they’ve been demanding ever since Edward Snowden blew the lid on government surveillance.”

    The move is likely to irk law enforcement agencies, particularly the US Department of Justice which has recently expressed concern over “unreachable” information contained in devices. The DoJ did not respond to the BBC’s request for comment on Tuesday.

    Indeed, FBI attorney James Baker has reportedly criticised the move saying encryption threatens the work of law enforcement.

    “It has public safety costs. Folks have to understand that, and figure out how they are going to deal with that,” he said, according to the US News and World Report news site.

    “Do they want the public to bear those costs? Do they want the victims of terrorism to bear those costs?”

    Source: Whatsapp adds end-to-end encryption – BBC News


    📂This entry was posted in News and Politics 📎and tagged

  • FBI might have way to unlock attacker’s iPhone without Apple

    Posted on by Azrael Comment

    A much-anticipated court hearing on the federal government’s effort to force Apple Inc. to unlock the iPhone used by one of the shooters in the San Bernardino terror attack was abruptly vacated Monday after the FBI revealed it may have a way to access data without the company’s help.

    Federal prosecutors made the surprising announcement on the eve of Tuesday’s hearing in U.S. District Court in Riverside, California. In court papers they said the FBI has been researching methods to access the data on Syed Rizwan Farook’s encrypted phone since obtaining it on Dec. 3, the day after the attack.

    “An outside party” came forward over the weekend and showed the FBI a possible method, the government said in court papers requesting the hearing be postponed. Authorities need time to determine “whether it is a viable method that will not compromise data” on the phone.

    If viable, “it should eliminate the need for the assistance from Apple,” according to the filing.

    The government did not identify the third party or explain what the proposed method entailed.

    Magistrate Judge Sheri Pym granted that request and ordered the government to file a status report by April 5. Pym also stayed her Feb. 16 order compelling Apple to create software that would disable security features on the phone, including one that erases all information if a passcode is incorrectly entered more than 10 times.

    In a conference call with reporters, Apple attorneys said it’s premature to declare victory in the case because it’s possible that authorities could come back in a few weeks and insist they still need the company’s help. The attorneys spoke under an Apple policy that wouldn’t allow them to be quoted by name.

    The company hopes the government will tell Apple about whatever method it uses to access the phone’s encrypted files. But the attorneys said it may be up to the FBI to decide whether to share the information.

    The fact that a third party may have found a way into the phone without Apple’s help appears to contradict every sworn affidavit and filing put that the Justice Department has put forward in the last month. The government has argued in each of its filings that Apple’s help is necessary and that the company was the only entity that could provide investigators with what was needed.

    FBI Director James Comey told the House Judiciary Committee in sworn testimony earlier this month that agency investigators had approached even the National Security Agency for help but did not have success.

    Apple has previously said in court filings that the government did not exhaust all its options, and lawmakers have criticized the FBI for not doing more to try to crack the iPhone itself before seeking Apple’s help.

    “To me, it suggests that either the FBI doesn’t understand the technology or they weren’t giving us the whole truth when they said there is no other possible way” of examining the phone without Apple’s help, said Alex Abdo, staff attorney for the American Civil Liberties Union. “Both of those are scary to me.”

    The ACLU has filed a court brief supporting Apple’s position.

    Robert Cattanach, a former U.S. Department of Justice attorney who handles cyber-security cases for the Dorsey & Whitney law firm, said the government would likely not have disclosed it had a lead on possibly unlocking the phone unless it was almost certain the method would work. That’s because the disclosure weakens the government’s case by introducing doubt that it could only access the phone with Apple’s help, he said.

    “They’ve created ambiguity in a place where they’ve previously said there is none,” he said.

    Prosecutors have argued that the phone used by Farook probably contains evidence of the Dec. 2 attack in which the county food inspector and his wife, Tashfeen Malik, slaughtered 14 at a holiday luncheon attended by many of his work colleagues. The two were killed in a police shootout hours later.

    The FBI has said the couple was inspired by the Islamic State group. Investigators still are trying to piece together what happened and find out if there were collaborators.

    The couple destroyed other phones they left behind, and the FBI has been unable to circumvent the passcode needed to unlock the iPhone, which is owned by San Bernardino County and was given to Farook for his job.
    Apple has argued that the government was seeking “dangerous power” that exceeds the authority of the All Writs Act of 1789 it cited, and violates the company’s constitutional rights, harms the Apple brand and threatens the trust of its customers to protect their privacy. The 18th-century law has been used on other cases to require third parties to help law enforcement in investigations.

    It’s not clear what method the government now wants to test. But even as the FBI has insisted that only Apple is able to provide the help it needs, some technical experts have argued there are other options.

    The most viable method involves making a copy of the iPhone’s flash memory drive, said Jonathan Zdziarski, a computer expert who specializes in iPhone forensics. That would allow investigators to make multiple tries at guessing the iPhone’s passcode. A security feature in the phone is designed to automatically erase the data if someone makes 10 wrong guesses in a row.

    But if that happens, Zdziarski said, investigators could theoretically restore the data from the backup copy they have created.

    The data itself would remain encrypted until the phone is unlocked, but it would remain viable while investigators continued to guess the passcode, he added.

    “It’s a lot more involved than it sounds,” Zdziarski cautioned, and no one has demonstrated that it would work in this case.

    Full article: FBI might have way to unlock attacker’s iPhone without Apple – San Jose Mercury News


    📂This entry was posted in News and Politics 📎and tagged