background preloader

Encryption

Facebook Twitter

Tech pioneer Phil Zimmermann calls Cameron's anti-encryption plans 'absurd' | Technology. David Cameron’s proposals to limit the use of end-to-end encryption technology in the UK are “absurd” according to Phil Zimmermann, creator of the email encryption software, PGP, and now president of secure communications firm Silent Circle. Zimmermann also says intelligence agencies have “never had it so good” and are living in “a golden age of surveillance” in comments highly critical of the prime minister’s call for more powers. In a January speech, Cameron announced plans for new anti-terror laws, including plans to crack down on anti-surveillance techniques: “Are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not,” he said.

In an interview with the Guardian, Zimmermann suggested that any such proposals would be unworkable, given the reliance on encryption by a range of online businesses in 2015. “It’s absurd. “Now, if you aren’t using strong encryption, you have to justify it,” he said. Chaffing-980701. Tyrants will find the key to the internet’s back door.

Harvard vs Cameron: Professors defend encryption. With Gideon Rachman Welcome to the World blog. Gideon Rachman and colleagues offer commentary on international affairs. Follow @ftworldnews Gideon became chief foreign affairs columnist for the Financial Times in July 2006. He joined the FT after a 15-year career at The Economist, which included spells as a foreign correspondent in Brussels, Washington and Bangkok. He also edited The Economist’s business and Asia sections. His particular interests include American foreign policy, the European Union and globalisation To comment, please register for free with FT.com and read our policy on submitting comments.

See the full list of FT blogs. Encrypted communications and real-world security: finding a balance. The latest debate that followed David Cameron’s proposal to ban encrypted personal communications in the UK has raised several very important issues. The proposal would include a ban on messaging services like WhatsApp, iMessage or Snapchat in the UK. Technically this is possible to do, however such a ban on using all encrypted communication channels is not easy to enforce.

And I doubt that it will actually bring significantly more security to offline UK. The mandate of the security services and law enforcement agencies is to keep the general public safe from criminals, terrorists and all sort of other threats. It seems that the security services want to be able to access our communications in order to be able to stop and prevent illegal activities and, ultimately, better protect people.

Encryption is vital for cybersecurity; it’s used first and foremost to keep communications safe from hackers and cybercriminals. Google discloses vulnerability in SSL Web encryption technology. Statement on Internet Confidentiality | Internet Architecture Board. 13 November 2014 In 1996, the IAB and IESG recognized that the growth of the Internet depended on users having confidence that the network would protect their private information. RFC 1984 documented this need. Since that time, we have seen evidence that the capabilities and activities of attackers are greater and more pervasive than previously known.

The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. Newly designed protocols should prefer encryption to cleartext operation. We recommend that encryption be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected. The IAB urges protocol designers to design for confidential operation by default. We believe that each of these changes will help restore the trust users must have in the Internet. Where Congress fails, encryption delivers on privacy. On Tuesday night, Senate Republicans killed the USA Freedom Act, Congress’ flagship effort to reform some of the most invasive surveillance programs revealed by National Security Agency whistleblower Edward Snowden.

The bill would have ended the NSA’s bulk collection of Americans’ phone records and metadata under Section 215 of the Patriot Act — a goal backed by major tech companies and civil liberties groups as well as by multiple independent panels that concluded such collection is unconstitutional and hasn’t stopped any terrorist attacks. But even after being watered down and endorsed by the director of national intelligence, the Department of Justice and the White House, the bill fell two votes shy of the 60 needed to proceed to the Senate floor.

That day, the popular messaging service WhatsApp announced it enabled end-to-end encrypted messages by default on Android devices, using software developed by Open Whisper Systems. Private companies and citizens know this. People Want Safe Communications, Not Usable Cryptography. Security and privacy expert Micah Lee recently described how he helped set up cryptographically protected communications between whistleblower Edward Snowden and the journalists Glenn Greenwald and Laura Poitras, who would share what he had learned about the NSA’s surveillance programs with the world. Lee’s tale of how the three struggled to master the technology was an urgent reminder of a problem that has bugged me for a while and has implications for anyone who wants to ensure the privacy of personal or professional matters.

The cryptographic software we have today hobbles those who try to use it with Rube Goldberg-machine complexity and academic language as dated as a pair of Jordache jeans. Snowden, Poitras, and Greenwald’s tussles with that problem could conceivably have foiled Snowden’s attempts to communicate safely, leaving the world in the dark about U.S. surveillance practices and their effects on our security and privacy. Why is encryption software so horrid to use? Encryption and the Faustian Bargain. In his seminal book Code 2.0, Harvard professor Lawrence Lessig explains that law alone will not solve problems related to privacy in the digital age. Rather, to ensure privacy we'll need a combination of improved coding, law, and policy. Each measure by itself will only bring partial results. Lessig's prescient advice rings true today. As advocates—including PEN American Center—rally for improved legislation that will thwart the spying of the NSA under various legal authorities, other groups have pressed for improved encryption measures by default.

In 2014, Access launched a campaign called Encrypt All the Things, which PEN has joined. Thankfully a number of rights groups and coders have been thinking about this need for some time. That's why governments will simply go after the users of the tools themselves without worrying about the content of their conversations. Ginbot7 is listed as a terrorist group in Ethiopia, and members of Zone 9 vehemently deny any connection. Jacob Appelbaum: Reconstructing narratives - transparency in the service of j... Privacy Groups Pan Cameron’s Encryption Proposals as Unworkable. Encryption. Security. The US government has betrayed the internet. We need to take it. Call for civil desobedience.

Cloud and security. Email encryption. Cameron wants to ban encryption – he can say goodbye to digital Britain | Jam... On Monday David Cameron managed a rare political treble: he proposed a policy that is draconian, stupid and economically destructive. The prime minister made comments widely interpreted as proposing a ban on end-to-end encryption in messages – the technology that protects online communications, shopping, banking, personal data and more. “[I]n our country, do we want to allow a means of communication between people which we cannot read?” , the prime minister asked rhetorically. To most people in a supposed liberal democracy, the answer would surely be “yes”: the right to privacy runs right in parallel to our right for free expression.

This means that even in principle Cameron’s approach is darkly paradoxical: the attack on Paris was an attack on free expression – but it’s the government that intends to land the killing blow. Terrorists must not be allowed to disrupt our way of life, we’re often told in the wake of atrocities. Most messaging apps are global, and not built in the UK. Secret US cybersecurity report: encryption vital to protect private data | US... A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough.

The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies. In the wake of the Paris terror attacks, the prime minister said there should be no “safe spaces for terrorists to communicate” or that British authorites could not access.

Cameron, who landed in the US on Thursday night, is expected to urge Barack Obama to apply more pressure to tech giants, such as Apple, Google and Facebook, which have been expanding encrypted messaging for their millions of users since the revelations of mass NSA surveillance by the whistleblower Edward Snowden. Cameron said the companies “need to work with us. President Obama and Prime Minister Cameron of the United Kingdom Hold a Joint... David Cameron is "technologically illiterate" on encryption ban. The Prime Minister's plans to ban encryption technology are "technologically illiterate", Liberal Democrat MP Julian Huppert has said today (Friday 16 January). Strong encryption technology is used by a number of major websites but under Cameron's plans websites would be required to store data and hand that over to the intelligence agencies.

Responding to David Cameron's proposals to allow British intelligence agencies to have the power to break the encryption technology Julian said: “Cameron’s plan to ban encryption technology means he is either cynically trying to sound tough on terror, or he simply doesn’t have a clue what he’s talking about. I wonder if the Prime Minister realises his ludicrous proposal is technologically illiterate? “We all know online shopping, online banking and private messaging all use encryption, so it is crazy to suggest we should ditch it. It would open ourselves to attack from anyone with 10 minutes hacking experience. Was Times ‘Disgusting’ to Grant Anonymity to Al Qaeda Source? Everybody’s the public editor these days – even the director of the F.B.I.

James B. Comey has smacked The Times for using information from an anonymous Al Qaeda member in a news story about the deadly attacks in Paris. The full text of Mr. Comey’s letter (which became the basis of a news story in Friday’s paper) is as follows: Your decision to grant anonymity to a spokesperson for “Al Qaeda in the Arabian Peninsula” so he could clarify the role of his group in assassinating innocents, including a wounded police officer, and distinguish it from the assassination of other innocents in Paris in the name of another group of terrorists, is both mystifying and disgusting.

It’s an understatement to say that I’m no fan of the rampant use of anonymous sources, but there’s a bit more here than meets the eye. First: some context. I’ve asked the F.B.I.’s press office if Mr. I also talked on Friday with two senior Times editors about the use of this information. Mr. Mr. David Cameron is "technologically illiterate" on encryption ban. Call for submission of Information. The Special Rapporteur on the protection and promotion of the right to freedom of opinion and expression, David Kaye, is currently preparing a report on the legal framework governing the relationship between freedom of expression and the use of encryption to secure transactions and communications, and other technologies to transact and communicate anonymously online.

This report will be presented to the Human Rights Council in June, 2015. To prepare his study, Mr. Kaye is gathering information on national laws, regulations, policies or practices that permit or limit, directly or indirectly, the use of encryption technologies and services or the ability of individuals to communicate anonymously online. All States are being asked called to submit information on their relevant national norms and policies. Yahoo-price-list-letter.pdf. Explicit cookie consent. OVER the past decade Western security agencies have been remarkably successful in keeping jihadist terrorists at bay.

Put it down to diligence, surveillance technology, financial resources, the manageable numbers of potential terrorists and, often, good luck. The spooks have foiled complex plots, such as the one in 2009 to bring down airliners in mid-Atlantic. They have brought a steady stream of would-be terrorists before the courts. Occasionally, loners and misfits have succeeded in carrying out attacks, such as the bombing of the Boston marathon and the beheading of a British soldier in London, both in 2013. The first is a consequence of the collapse of several Arab countries, above all the unending civil war in Syria and the rise of Islamic State (IS). The second is that commando-style assaults, such as the one in Paris, are easy to plan and thus hard to disrupt.

Liberty v security, once again Both sides should give way quickly. MP Julian Huppert Questions Proposed Ban on Encryption. Andrew Bower: The encryption ban makes us look like the Thick Party. Andrew Bower works in the ‘Silicon Fen’, graduated in Computer Science from Cambridge University and has served as an Conservative Association officer. This week the Prime Minister introduced a policy of banning strong encryption in the UK in order to deny terrorists ‘safe spaces’ in which to operate. Sounds robust, doesn’t it?

In practice such a policy is impossible to implement and so would never yield any security benefit. It would, however, leave all of us vulnerable to trivial cyber-attacks and David Cameron’s vision of a Digital Britain in tatters. Encryption is ubiquitous in our everyday devices and the commercial services that enable them. I lost count just trying to number the ways it has been used simply in the process of me writing and submitting this article. The latest evolution of the zombie snoopers’ charter policy reaches new heights of technical absurdity. This proposal is totally unworkable and cannot survive serious scrutiny. Open WhisperSystems >> Blog >> Signal to Noise. A guest post from Corbett, Winter Break Of Code Day 4 I’m not sure those attending their first break of code know what they are getting into.

When I said “sure” to Moxie my first break, I sure didn’t. During that week I had already come to the conclusion “I have to see this (TextSecure iOS) through”. In the intervening time, I’ve become an expert on the Axolotl protocol, come to understand ZRTP, picked up the world’s best collaborator, helped with the final polish of Signal with Redphone support and contributed a lot of code to the TextSecure prototype. I’m pleased to say, thanks in no small part to Fred’s hard work, we’ve graduated Signal with TextSecure support from the prototype phase to the beta phase. Soon, we will launch. And yet I don’t feel “through” in the slightest. . – Christine Corbett Kauai, January 16th, 2015. David Cameron in 'cloud cuckoo land' over encrypted messaging apps ban | Tech... Showthread.