There are only two types of companies, it is commonly said: those that have been hacked, and those thatjust don't know ityet.

IBM, the computing giant, wants to get rid of both. The company said Monday that it has achieved a breakthrough in security technology that will allow every business, from banks to retailers to travel-booking companies, toencrypt their customer data on a massive scale turning most, if not all, of their digital information into gibberish that is illegible to thieves with its new mainframe.

The last generation of mainframes did encryption very well and very fast, but not in bulk, Ross Mauri, general manager ofIBM's mainframe business, said in an interview. Mauri estimates that only 4 percent of data stolen since 2013 was ever encrypted.

As the number of data breaches affecting U.S. entities steadily grows resulting in theleakage every year ofmillions ofpeople'spersonal information IBM argues that universal encryption could be the answer to what has become an epidemic of hacking.

The key, according toIBM officials, is an update to the computer chipsdriving the powerful mainframe serversthat house corporate or institutional information and process millions of transactions a day worldwide, from ATM withdrawals to credit card payments to flight reservations.

Cryptography,the scienceofturning legibleinformation into coded gobbledygook, is already commonly used among certain email providers and storage services. But because of the enormous computational power needed to quickly encrypt and decrypt information as it passes from one entity to another, many businesses use encryption only selectively, if at all. A December report by the security firm Sophos found that while 3 out of 4 organizations routinely encrypt customer data or billing information, far more do not encrypt their intellectual property or HR records. Sixty percent of organizations also leave work files created by employees unencrypted, the study found.

All of these represent opportunities for digital criminals, said Austin Carson, executive director of the technology think tank TechFreedom.

One of the big problems is that way too much information is stored in clear text, he said. But universal or pervasive encryption, he added, could help ensure that even if hackers successfully broke into a company's network, any information they found there would be impossible to decode. That would be a huge step forward just in terms of protecting a much larger body of information, Carson said.

But the same technology could frustrate law enforcement, which in recent years has waged a furious battle with Silicon Valley over encryption technology and how extensively it should be used. In a high-profile dispute last year with Apple, the Justice Department argued that the companyshould help officials break into an encrypted iPhone used by one of the San Bernardino shooters. Apple refused, saying that developing tools to break encryption would undermine its customers' security, particularly if the tools were to fall into the wrong hands. Apple's concern is not theoretical: This year's WannaCry ransomware attack, which held thousands of PCs hostage, has been linked to a Windows vulnerability that was secretly discovered and exploited by the National Security Agency long before it leaked into the wild.

In its push to expand universal encryption, IBM is taking Apple's side in the debate.

IBM fully supports the need for governments to protect their citizens from evolving threats, the company said in a statement on the issue. Weakening encryption technology, however, is not the answer. Encryption is simply too prevalent and necessary in modern society.

For IBM, encryption is also a massive business opportunity. Businesses spend over $1 trillion a year making sure that their security meets government standards, according to company officials. One aspect of IBM's new approach to mainframes is the concept of automating that compliance work, using artificial intelligence to check that what's being protected passes regulatory muster in various industries. In doing so, IBM expects to turn a chunk of that annual compliance spending into revenue for itself. And that's on top of the roughly $500,000 it expects to charge new customers for using IBM's newest mainframe technology. Most businesses, said Mauri, will be upgrading from an existing setup, so the cost for those clients could be less.

For some small businesses, that may still be too expensive. Still, the history of technology suggests that with time, those prices may fall.

This is the turning point. The idea here is that you can start to encrypt all data, saidMauri. But even as IBM makes encrypting everything a priority, security experts like Mauri already have their eyes set on the next holy grail: the ability to securely edit and manipulate encrypted files without ever having to decrypt them in the first place.

Read the original:
To battle hackers, IBM wants to encrypt the world - Washington Post

Avalon.red/NewscomAustralia's Prime Minister Malcolm Turnbull is getting mocked by the encryption savvy for asserting that the laws of mathematics are subservient to the laws of Australia.

The Australian government is considering legislation that would require online communication companies decrypt messages on demand of law enforcement officials in order to fight crime. The problem is end-to-end encryption blocks companies from decrypting the communications. It's a safety and security measure to make it much harder for people with sinister intentionseither criminals or dangerous governmentsto access users' private data.

Turnbull's quote may make him look like an idiot, but the fundamental attitude he's expressing is shared by lawmakers and government officials in other countries, including the United States and England. These people want to deliberately jeopardize everybody's data privacy and security in order to serve the demands for information by law enforcement and the intelligence community.

Government officials have been wanting to force "back doors" into encryption so that they can get access to data in order to fight crime and terrorism. But there's no such thing as a back door that only the government can access.

Once there is a key to break encryption, it can be (and frequently has been) either discovered or reverse engineered by others. Furthermore, no single government, no matter how powerful it is, has the ability to prevent new, unheard of encryption tools from becoming available for criminals and terrorists to access. The inevitable outcome would be average users of commonly distributed communication apps having their data compromised, and actual criminals finding new ways to keep their communications secret.

In this context, Turnbull was asked whether this mathematical reality trumped government's desire to get access on demand to encrypted communication. His response:

"Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia."

We should actually appreciate the blunt stupidity of Turnbull's response, because it highlights how stubbornly unwilling government officials have been in recognizing the actual consequences of their proposals. We've seen it from American senators on both the left and the right like Dianne Feinstein (D-California) and Richard Burr (R-North Carolina). We've seen it from British Prime Minister Theresa May's administration.

Throughout this encryption fight we have seen government and law enforcement officials lean on their power to legally demand access to information with warrants and investigatory tools in a bid for the authority to compromise everybody's security. The quote from Turnbull vividly demonstrates their belief that the existence of a government law outweighs consideration of other consequences.

The quote should be used as a rhetorical weapon against the likes of Feinstein and May to force them (and law enforcement representatives) to deal with the dangerous consequences of the laws they propose.

Read the original post:
Australian Leader's Stupid Quote About Laws Trumping Math Is Encryption Fight in a Nutshell - Reason (blog)

Australias Attorney-General has said he will be meeting with Apple as the country becomes the latest to demand that the company cease offering end-to-end encryption, reportsSky News.

Attorney-General George Brandis says he will hold talks with tech giant Apple this week in bid to get co-operation on the Turnbull governments proposed laws compelling tech companies to give police and intelligence agencies access to encrypted information messages from suspected terrorists and criminals

Australia is apparently determined to join the US and UK in the hall of fame of governments who dont understand how encryption works. Brandis said that the new laws would be directly modelled on the UKsInvestigatory Powers Act, introduced last year.

So far, there has been no clash between the British government and Apple on the subject, though a future one seems inevitable. The law requires Apple and other tech companies to hand over details of messages sent through services such as iMessage and FaceTime, but Apples use of end-to-end encryption means that it will be unable to comply.

Apple will doubtless be making the point that the only way to comply with such a law would be to cease using end-to-end encryption, compromising everyones privacy.

Brandis says that he will be seeking voluntary cooperation first, and legislating if needed.

Senator Brandis says the government will be seeking voluntary cooperation as a first preference. But we will also be legislating so that we do have that coercive power if need be if we dont get the cooperation we seek, he told Sky News On Sunday.

Apple has of course demonstrated its willingness to stand up to government attempts to force it to compromise user privacy through the San Bernardino case in the USA.

Check out 9to5Mac on YouTube for more Apple news!

View post:
Apple meeting with Australian Attorney-General to discuss proposed ban on end-to-end encryption - 9to5Mac

Legislating against cryptography will drive encryption underground, says Tim Gallagher

The chief executive of a Swiss digital encryption app provider has lambasted the Australian governments proposed new laws that will compel tech companies to help local security forces access encrypted messages.

Theproposed lawsare expected to be put to Parliament by the end of this year, and are expected to resemble the UKsInvestigatory Powers Act 2016. This legislation obligates messaging platform operators such as Facebook and Google to cooperate with investigators looking to access encrypted messages.

SafeSwiss CEO Tim Gallagher said on Monday that the nature of his companys free messaging service for Android, iOS and Windows devices places it beyond the legal jurisdiction of the Australian government."

Gallagher warned users who are concerned about their privacy that serious design flaws in products such as WhatsApp, Telegram Messenger and WICKR potentially make them vulnerable to government-mandated backdoors.

Banning or legislating encryption apps is not the answer, this is a true paradox of security against privacy, Gallagher said.

Legislating against cryptography will drive encryption underground. It will open the doors to malicious attacks from adversaries everywhere.

Gallagher noted that encryption also applies to banking, purchasing goods online and in keyless ignition systems.

A good preview on how backdoors operate is to look at the US transport security administration (TSA) requirement that all baggage passing or travelling within the USA must be equipped with travel sentry locks that are designed to allow anyone with a readily available master key access.

As a result, a CNN investigation found thousands of incidents of theft, he said.

Gallagher added that to consider governments to be a trusted third-party is extremely misguided.

Governments would be better placed to put resources into the source of the problem the continued brainwashing of predominantly youth under the guise of medieval religion.

We are most certainly not anti-government or anti-police. We are pro privacy, and we firmly believe that both privacy and freedom of speech are two basic fundamental human rights.

Follow CIO Australia on Twitter and Like us on FacebookTwitter: @CIO_Australia,Facebook: CIO Australia, or take part in the CIO conversation onLinkedIn: CIO Australia

Follow Byron Connolly on Twitter:@ByronConnolly

Error: Please check your email address.

Tags WhatsAppdigital encryption appTelegram MessengerWickrswissTim GallagherAustralian GovernmentUSA

More about AustraliaCNNFacebookGoogleMessengerTwitter

Go here to read the rest:
Government's encryption backdoor plan flawed: SafeSwiss chief - CIO Australia

The people were most worried about will circumvent it and the ones who most need it are the ones who are going to lose their privacy.

In a press conference this FridayPrime Minister Malcolm Turnbull announced the Governments intention to introduce new encryption laws that would compel tech companies to provide Australian security agencies with access to encrypted messages. The laws are intended to make it easier for law enforcement to access the messages of suspected terrorists and criminals.

Unfortunately, Turnbull also used the press conference to demonstrate a deep misunderstanding of how encryption works. Specifically, he said that the laws of mathematics are very commendable but do not apply in Australia. This did not inspire confidence.

Given the importance of encryption for security and privacy, and the enormous potential consequences of inserting so called backdoors in software, people are understandably pretty freaked out. The UK laws the Australian laws are supposedly based on have also been roundly criticised as an invasion of privacy, and have been nicknamed the Snoopers Charter for that reason.

For the time being, though, its not totally clear exactly what the Australian laws will entail, whether theyll work, and whether theyll be much of a threat. Heres what you need to know at the moment:

Apart from that the laws of mathematics dont apply down under? Not much.

Basically, Turnbull said the government is concerned about making sure the rule of law applies online as well as offline so that the internet is not used as a dark place for bad people to hide their criminal activities from the law.

Attorney-General George Brandis emphasised that the new laws are not changing any existing legal principle. It has always been accepted that in appropriate cases, under warrant, there can be lawful surveillance of private communications. He characterised the new laws as bringing these up to date with technology.

As far as how the government plans to ensure this, we got vague mixed messages. Turnbull insisted that the legislation will require [tech companies] to provide assistance, except not through backdoors, but legitimately, appropriately.

The problem? Its not clear what this means, or whether its possible.

End-to-end encryption, which is used by messaging applications like WhatsApp, works by scrambling a message as its transmitted such that it can only be unscrambled by the intended recipient. The Guardian has an excellent explainer on how encryption works here, but the basic takeaway you need is this: the service provider (i.e. WhatsApp), cannot unscramble the message.

This is the point on which the governments vague press conference doesnt make a lot of sense. The law may compel companies like WhatsApp to provide assistance, but theres not a lot that WhatsApp can do. In the words of independent cybersecurity researcher Troy Hunt, you cant break the mathematics in that way, its just not how it works.

This brings us to the question of backdoors. A backdoor is a method of bypassing security or encryption, which can end up in a program by design or by mistake. One way that the government could hypothetically obtain encrypted messages is if they were able to compel an encrypted messaging provider to remove encryption, or to implement some kind of backdoor allowing messages to be retrieved from a device.

The problem with inserting backdoors, as Troy Hunt puts it, is that you cant ensure theyll only be used by legitimate forces. Once there is a way of exploiting devices, sooner or later it tends to fall into the hands of people its not meant to, he told Junkee.

The global WannaCry ransomware attacks several months ago, for example, were the result of a backdoor in Windows operating systems being exploited by malicious hackers. When security is compromised through backdoors or the removal of encryption, everybody loses.

Of course, Turnbull was adamant that no backdoors would be used. But given that he was cagey on how exactly the laws would work, people are a bit worried.

Troy Hunt told Junkee what the laws might actually mean in practice.

He thinks that rather than trying to compel services like WhatsApp to remove their encryption, were more likely to see the government proactively pursue intercepting messages at the end points, for example by using exploits to gain access to it on phones of suspects, which makes a lot more sense technically than what some of the headlines say at the moment.

This would entail trying to work with companies like Apple and Samsung to break into their devices something that has received huge pushback from such companies in past. Given that in the past tech companies have stood their ground, and ultimately it took the FBI paying about a million bucks to get some exploit tool to get in, Troy isnt particularly worried about the Australian governments use of backdoors becoming particularly widespread in practice, even if thats their tool of choice.

While it might be unlikely that the government manages to force tech companies to bypass encryption, Troy cautions that it wouldnt be great for most of us if they did.

If they managed to do that, we still have all of these mechanisms of encryption that are outside the scope of any one company or service we still have things like PGP mail. And all of these channels will still exist for people who want to use them and keep their messages private.

The people were most worried about will circumvent it and the ones who most need it are the ones who are going to lose their privacy.

Basically, at the moment what the governments proposing is pretty unclear, and sounds a bitdodgy, but nothings actually been finalised. The takeaway for now is that this is one to watch further details of the actual laws will emerge as the bills themselves are drafted.

Sam Langford is Junkees Staff Writer. She tweets at@_slangers.

Originally posted here:
Everything You Should Know About The Government's New Encryption Laws - Junkee