A group of Senate Republicans want to force technology companies to comply with “lawful access” to encrypted information, which basically means they're targeting end-to-end encryption again, and specifically taking aim at the type of security offered by the popular messaging service WhatsApp. Read the rest
For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret. That company was secretly run by the CIA, which had the ability to read all those communications for decades. Read the rest
Once again, the FBI is putting pressure on Apple to help them break into the phone of a mass shooter. And once again, Apple has been largely resistant to the effort. Which is good, because a government having control over a private company that gives them secret backdoor access into people's personal technology devices is an authoritarian wet dream waiting to happen.
It also doesn't matter anyway because — as Reuters pointed out this week — Apple already buckled under FBI pressure a few years and cancelled their plans to add end-to-end encryption to all iPhone backups in iCloud:
The company said it turned over at least some data for 90% of the requests it received [from the FBI]. It turns over data more often in response to secret U.S. intelligence court directives, which sought content from more than 18,000 accounts in the first half of 2019, the most recently reported six-month period.
But what if the FBI wants access to someone's locked iPhone, and they haven't backed it up to iCloud? They still don't need Apple's help, because — as with the San Bernardino shooting — there are plenty of third-party companies that can and will gladly solve the problem in exchange for money.
Read the rest
Over the past three months, OneZero sent Freedom of Information Act (FOIA) requests to over 50 major police departments, sheriffs, and prosecutors around the country asking for information about their use of phone-cracking technology. Hundreds of documents from these agencies reveal that law enforcement in at least 11 states spent over $4 million in the last decade on devices and software designed to get around passwords and access information stored on phones.
A young Massachusetts woman who recently graduated from Tufts University is convinced that she has found a 'secret' encoded message in “Paradise Lost,” the poem by John Milton. Read the rest
"We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety."
“You have the right to remain silent.” We’ve heard the Miranda warning countless times on TV, but what good is the right to remain silent if our own cellphones testify against us? Imagine every incriminating and embarrassing secret our devices hold in the hands of prosecutors, simply because you’ve been accused of a minor crime. This is the brave new world that Attorney General Bill Barr advocated
when he recently addressed the International Conference on Cyber Security and called for an end to encryption as we know it. Read the rest
Many large-scale data-breaches involve attackers gaining access to administrators' database logins; from there, they can clone the whole database and plunder it at will; but leading nosql database vendor Mongodb proposes to add another layer of security it's calling "Field Level Encryption" which encrypts the data in database fields with its own key -- possibly a different key for every user or every field. That means that attackers will have to compromise a lot of cryptographic keys as well as breaking into a server.
Read the rest
A really bad new law in Australia gives police the right to force companies like Apple to 'backdoor', or create encryption circumvention alternatives, in all their products. The issue has been controversial in the U.S. for a long time, and spiked in 2016 after the mass shooting in San Bernardino. Read the rest
Signal is an encrypted messaging app for smartphones and desktops that I and a lot of other folks use on a daily basis to communicate with discretion and security. I like it so much that I've moved away from using other services on my iOS and Android phones to using Signal for all of the texting I do, even with those who don't use the app. Unfortunately, according to The Verge, the Signal team is having a difficult time trying to provide its services to users in the UAE, Egypt and Oman, where the app has been banned by the government. Considering the fact that these states aren't known for treating political dissidents and minorities none too well, that's a big deal. For some people, encrypted comms are essential to avoiding incarceration or worse.
The crux of Signal's issues with providing services to users in these countries is that Amazon, whose CloudFront web services Signal's parent company, Open Whisper System, uses, has banned domain-fronting. Domain-fronting, put simply, is a technique for making traffic from one site look like it's from another site. In an email received by Open Whisper System's founder, Moxie Marlinspike (best damn name in the business,) the General Manager of Amazon CloudFront called Open Whisper Systems' domain-fronting out, telling Marlinspike that Amazon would love to have their business, but not his company refuses to comply with their no domain-fronting policies.
From the email:
Read the rest
When access to Signal was originally censored in Egypt, Oman, Qatar, and UAE, we responded by through Google App Engine.
In a recent presentation at the Real World Crypto symposium, researchers affiliated with Brown University and a startup called Pixek presented their work developing an app that encrypts photos at the moment they're taken and uploads them in encrypted form to a cloud server, in such a way that the keys remain on the user's device, meaning the service provider can't view the photos.
Read the rest
Earlier this month, UK Home Secretary Amber Rudd idiotically insisted that "real people" don't need encrypted messaging apps; but as foolish a statement as that was, there was a kernel of truth to it. Read the rest
An article at News From the Lab (pdf) has 30 pages of copy from the support chat of a ransomware app: desperate pleas from victims for their files back, or, failing that, discounts on the unlock fee. [via]
Read the rest
A state judge in the Brazilian state of Sergipe has ordered all mobile phone operators in the country to block Facebook-owned WhatsApp for 72 hours, nationwide. Those five telecom providers put the ban into effect today, and it affects about 100 million people. In Brazil, WhatsApp is the most popular messaging app. Read the rest
There's been an awful lot of talk about “cyber pathogens” and “cyber bombs” lately from the mouths of American officials discussing terrorism, and how we will vanquish it. President Obama mentioned “cyber ops” against Islamic State terrorists in one recent address. Today, we know a little more about what was behind last week's cyber-hawkish hacking headlines. Read the rest
Federal investigators have discovered major security vulnerabilities in the state health insurance websites for California, Kentucky and Vermont that could allow criminals to access sensitive personal data for hundreds of thousands of people. Read the rest
The #FBIvsApple legal case may be over, but the fight over security, privacy, and the right to live free of surveillance has just begun. The Justice Department is expected to drop its legal action against Apple, possibly as soon as today, because an 'outside method' to bypass security on the San Bernardino gunman's iPhone has proven successful, a federal law enforcement official said Monday. Read the rest