Facebook is planning end-to-end encryption on all its messaging services to increase privacy levels.

The tech giant started experimenting with this earlier this year. Soon, end-to-end encryption will be standard for every Facebook message.

But Australian, British and United States governments and law makers arent happy about it. They fear it will make it impossible to recover criminal conversations from Facebooks platforms, thus offering impunity to offenders.

For instance, this was a major concern following the 2017 London terror attacks. Attackers used WhatsApp (Facebooks end-to-end encrypted platform), and this frustrated police investigations.

But does Facebooks initiative place the company between a political rock and an ethical hard place?

End-to-end encryption is a method of communicating more securely, compared to non-encrypted communications.

It involves using encryption (via cryptographic keys) that excludes third parties from accessing content shared between communicating users.

When the sender wants to communicate with the receiver, they share a unique algorithmic key to decrypt the message. No one else can access it, not even the service provider.

Read more: Social media and crime: the good, the bad and the ugly

Facebooks plan to enact this change is paradoxical, considering the company has a history of harvesting user data and selling it to third parties.

Now, it supposedly wants to protect the privacy of the same users.

One possible reason Facebook is pushing for this development is because it will solve many of its legal woes.

With end-to-end encryption, the company will no longer have backdoor access to users messages.

Thus, it wont be forced to comply with requests from law enforcement agencies to access data. And even if police were able to get hold of the data, they would still need the key required to read the messages.

Only users would have the ability to share the key (or messages) with law enforcement.

Implementing end-to-end encryption will positively impact Facebook users privacy, as their messages will be protected from eavesdropping.

This means Facebook, law enforcement agencies and hackers will find it harder to intercept any communication done through the platform.

And although end-to-end encryption is arguably not necessary for most everyday conversations, it does have advantages, including:

1) protecting users personal and financial information, such as transactions on Facebook Marketplace

2) increasing trust and cooperation between users

3) preventing criminals eavesdropping on individuals to harvest their information, which can render them victim to stalking, scamming and romance frauds

4) allowing those with sensitive medical, political or sexual information to be able to share it with others online

5) enabling journalists and intelligence agencies to communicate privately with sources.

However, even though end-to-end encryption will increase users privacy in certain situations, it may still not be enough to make conversations completely safe.

Read more: End-to-end encryption isn't enough security for 'real people'

This is because the biggest threat to eavesdropping is the very act of using a device.

End-to-end encryption doesnt guarantee the people we are talking to online are who they say they are.

Also, while cryptographic algorithms are hard to crack, third parties can still obtain the key to open the message. For example, this can be done by using apps to take screenshots of a conversation, and sending them to third parties.

When Facebook messages become end-to-end encrypted, it will be harder to detect criminals, including people who use the platform to commit scams and launch malware.

Others use Facebook for human or sex trafficking, as well as child grooming and exploitation.

Facebook Messenger can also help criminals organise themselves, as well as plan and carry out crimes, including terror attacks and cyber-enabled fraud extortion hacks.

The unfortunate trade-off in increasing user privacy is reducing the capacity for surveillance and national security efforts.

Read more: Can photos on social media lead to mistaken identity in court cases?

End-to-end encryption on Facebook would also increase criminals feeling of security.

However, although tech companies cant deny the risk of having their technologies exploited for illegal purposes they also dont have a complete duty to keep a particular countrys cyberspace safe.

A potential solution to the dilemma can be found in various critiques of the UKs 2016 Investigatory Powers Act.

It proposes that, on certain occasions, a communications service provider may be asked to remove encryption (where possible).

However, this power must come from an authority that can be held accountable in court for its actions, and this should be used as a last resort.

In doing so, encryption will increase user privacy without allowing total privacy, which carries harmful consequences.

So far, several governments have pushed back against Facebooks encryption plans, fearing it will place the company and its users beyond their reach, and make it more difficult to catch criminals.

End-to-end encryption is perceived as a bulwark for surveillance by third parties and governments, despite other ways of intercepting communications.

Many also agree surveillance is not only invasive, but also prone to abuse by governments and third parties.

Freedom from invasive surveillance also facilitates freedom of expression, opinion and privacy, as observed by the United Nations High Commissioner for Human Rights.

In a world where debate is polarised by social media, Facebook and similar platforms are caught amid the politics of security.

Its hard to say how a perfect balance can be achieved in such a multifactorial dilemma.

Either way, the decision is a political one, and governments - as opposed to tech companies - should ultimately be responsible for such decisions.

Read the original here:
Facebook's push for end-to-end encryption is good news for user privacy, as well as terrorists and paedophiles - The Conversation AU

The ConversationDec 16, 2019 16:16:27 IST

Facebook isplanning end-to-end encryption on all its messaging servicesto increase privacy levels. The tech giant startedexperimentingwith thisearlier this year. Soon, end-to-end encryption will be standard for every Facebook message.

But Australian, British and United States governments andlawmakersarenthappy about it. They fear it will make it impossible to recover criminal conversations from Facebooks platforms, thus offering impunity to offenders.

For instance, this was a major concern followingthe 2017 London terror attacks. Attackers used WhatsApp (Facebooks end-to-end encrypted platform), and this frustrated police investigations.

Image: Reuters

But does Facebooks initiative place the company between a political rock and an ethical hard place?

(Also read:Facebook to encrypt conversations on more of its messaging services: Mark Zuckerberg)

End-to-end encryptionis a method of communicating more securely, compared to non-encrypted communications. It involves using encryption (via cryptographic keys) that excludes third parties from accessing content shared between communicating users.

When the sender wants to communicate with the receiver, they share a uniquealgorithmic key to decryptthe message. No one else can access it, not even the service provider.

Facebooks plan toenact this change is paradoxical, considering the company has a history ofharvesting user dataandselling it to third parties. Now, it supposedly wants to protect the privacy of the same users.

One possible reason Facebook is pushing for this development is because it will solve many ofits legal woes. With end-to-end encryption, the company will no longer havebackdooraccess to users messages.

Thus, it wont be forced to comply with requests from law enforcement agencies to access data. And even if police were able to get hold of the data, they would still need the key required to read the messages.

Only users would have the ability to share the key (or messages) with law enforcement.

(Also read: Facebook is requested not to use encrypted messages as it does not let officials peek)

Implementing end-to-end encryption will positively impact Facebook users privacy, as their messages will be protected from eavesdropping. This means Facebook, law enforcement agencies and hackers will find it harder to intercept any communication done through the platform.

And although end-to-end encryption is arguably not necessary for most everyday conversations, it does haveadvantages, including:

1) protecting users personal and financial information, such as transactions on Facebooku Marketplace

2) increasing trust and cooperation between users

3) preventing criminals eavesdropping on individuals to harvest their information, which can render them victim tostalking, scamming and romance frauds

4) allowing those with sensitive medical, political or sexual information to be able to share it with others online

5) enabling journalists and intelligence agencies to communicate privately with sources.

(Also read:Facebooks end-to-end encryption could come to an end as us, UK fight child abuse and terrorism)

However, even though end-to-end encryption will increase users privacy in certain situations, it may still not be enough to make conversations completely safe.

This is because the biggest threat to eavesdropping is the very act of using a device.

End-to-end encryption doesntguaranteethe people we are talking to online are who they say they are.

Also, while cryptographic algorithms are hard to crack, third parties can stillobtain the key to open the message. For example, this can be done by using apps totake screenshotsof a conversation, and sending them to third parties.

When Facebook messages become end-to-end encrypted, it will beharder to detect criminals, including people who use the platform to commitscamsand launchmalware.

Others use Facebookfor humanor sex trafficking, as well aschild groomingandexploitation. Facebook Messenger can also helpcriminals organise themselves, as well as plan and carry out crimes, including terror attacks and cyber-enabled fraud extortion hacks.

The unfortunatetrade-offinincreasing user privacyis reducing the capacity for surveillance and national security efforts. End-to-end encryption on Facebook would also increase criminals feeling ofsecurity.

However, although tech companies cant deny the risk of having their technologies exploited for illegal purposes they also dont have acomplete duty to keep a particular countrys cyberspace safe.

A potential solution to the dilemma can be found in variouscritiquesof theUKs 2016 Investigatory Powers Act. It proposes that, on certain occasions, a communications service provider may be asked to remove encryption (where possible). However, this power must come from an authority thatcan be held accountablein court for its actions, and this should be used as a last resort.

In doing so, encryption will increase user privacy without allowing total privacy, which carriesharmful consequences. So far, several governments have pushed back against Facebooks encryption plans, fearing it will placethe company and its users beyond their reach, and make it more difficult tocatch criminals.

End-to-end encryption is perceived as a bulwark for surveillance by third parties and governments, despiteother ways of intercepting communications. Many also agree surveillance is not onlyinvasive, but also prone to abuseby governments and third parties.

Freedom from invasive surveillance alsofacilitates freedom of expression, opinion and privacy, as observed by the United Nations High Commissioner for Human Rights. In a world where debate is polarised by social media, Facebook and similar platforms are caught amid the politics of security. Its hard to say how a perfect balance can be achieved in such a multifactorial dilemma. Either way, the decision is a political one, and governments as opposed to tech companies should ultimately be responsible for such decisions.

Roberto Musotto, Cyber Security Cooperative Research Centre Postdoctoral Fellow, Edith Cowan UniversityDavid S. Wall, Professor of Criminology, University of Leeds

This article is republished fromThe Conversationunder a Creative Commons license. Read theoriginal article.

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.

View post:
Facebook's end-to-end encryption will enhance user privacy but its not good news for law enforcement - Firstpost

OPINION: The technology and privacy debate has just taken a turn for the worse, with US Senator Lindsey Graham directing some colourful threats towards Apple and Facebook during a Senate Judiciary Committee hearing this week.

"This time next year, if we haven't found a way that you can live with, we will impose our will on you."

"You're going to find a way to do this or we're going to go do it for you."

Those are just two of the explosive threats Graham made, referring to the two companies' use of end-to-end encryption on their platforms.

READ MORE:* Republicans back US Attorney General William Barr at extraordinary hearing* US Democrats subpoena uncensored Mueller report, some in party calling for Trump impeachment* A redacted version of the Mueller report could be released by mid-April

Graham's comments followed a tone set by US Attorney General William P. Barr, who on Monday said that dealing with how big tech used encryption was one of the Justice Department's "highest priorities."

Barr claimed that cartels and child pornographers used the feature to hide their criminal activities, saying the companies' message to customers was "no matter what you do, you're completely impervious to government surveillance". "Do we want to live in a society like that? I don't think we do."

From a technical point-of-view, he's not wrong. That makes the row over encryption, from a law-maker and law-enforcement point of view, a maddening one. Big tech companies like the two mentioned above are, in some scenarios, actively (but inadvertently) preventing governments from doing their jobs as effectively as they could do.

J SCOTT APPLEWHITE/AP

US Senator Lindsey Graham has warned tech companies that official action will be taken if they can't come up with a solution.

In a rare display of cross-party unity, both Democrats and Republicans argued that Apple and Facebook's use of encryption was getting in the way of justice.

Graham even went as far as to say "We're not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion."

Strong stuff. But the Senator's colourful words don't tell the whole story.

End-to-end encryption isn't there to prevent justice from being served. It's just one of the unfortunate byproducts as we found out when Apple refused to grant the FBI backdoor access to the San Bernardino mass shooter's iPhone back in 2015.

Apple's message at the time was a sensible one: "Up to this point, we have done everything that is both within our power and within the law to help them. But now the US government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone."

In plain English, this means Apple couldn't provide the FBI with a one-time backdoor to the shooter's iPhone. The only way Apple could deliver this, as I understand it, would be to roll out a software update to all iPhone users. That would provide the FBI with a backdoor to all iPhones.

My view on this is similar to Apple and Facebook's. Encryption is there to offer us, the user, one of our basic human rights, privacy. It's a widely-used, and pretty basic, piece of technology that allows personal messages to remain how they were intended. Personal.

Apple's user privacy manager, Erik Neuenschwander, put across an eloquent argument for encryption when he said: "We've been unable to identify any way to create a back door that would work only for the good guys."

Likewise, WhatsApp head Will Cathcart and Messenger head Stan Chudnovsky put the argument against encryption across eloquently with a written testimony that read: "The 'backdoor' access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimesThat is not something we are prepared to do."

But there was a definite lack of unity when the two tech giants offered possible solutions for the problem.

With Facebook's Sullivan suggesting that "on-device scanning" could be a viable option, Apple's Neuenschwander said, "We don't have forums for strangers to contact each other ... and our business doesn't have us scanning material of our users to build profiles of them."

What's going to happen now? Nothing. Not in the immediate future anyway. The next significant step will likely come as William Barr hopes to have his Justice Department investigations of the big tech platforms - Facebook, Google, Amazon and Apple - completed next year.

Whatever is eventually decided in the US will, no doubt, have repercussions throughout the rest of the world.

Read more here:
US Government steps up fight on Apple and Facebook's use of encryption - Stuff.co.nz

from the good-for-him dept

There are very few things in life that former NSA and CIA director Michael Hayden and I agree on. For years, he was a leading government champion for trashing the 4th Amendment and conducting widespread surveillance on Americans. He supported the CIA's torture program and (ridiculously) complained that having the US government publicly reckon with that torture program would help terrorists.

But, there is one thing that he and I agree on: putting backdoors into encryption is a horrible, dreadful, terrible idea. He surprised many people by first saying this five years ago, and he's repeated it a bunch since then -- including in a recent Bloomberg piece, entitled: Encryption Backdoors Won't Stop Crime But Will Hurt U.S. Tech. In it, he makes two great points. First, backdooring encryption will make Americans much less safe:

We must also consider how foreign governments could master and exploit built-in encryption vulnerabilities. What would Chinese, Russian and Saudi authorities do with the encrypted-data access that U.S. authorities would compel technology companies to create? How might this affect activists and journalists in those countries? Would U.S. technology companies suffer the fate of some of their Australian counterparts, which saw foreign customers abandon them after Australia passed its own encryption-busting law?

Separately, he points out that backdooring encryption won't even help law enforcement do what it thinks it wants to do with backdoors:

Proposals that law-enforcement agencies be given backdoor access to encrypted data are unlikely to achieve their goals, because even if Congress compels tech firms to comply, it will have no impact on encryption technologies offered by foreign companies or the open-source community. Users will simply migrate to privacy offerings from providers who are not following U.S. mandates.

Indeed, this is the pattern we have seen in Hong Kong over the last six months, where pro-democracy protesters have moved from domestic services to encrypted messaging platforms such as Telegram and Bridgefy, beyond the reach of Chinese authorities. Unless Washington is willing to embrace authoritarian tactics, it is difficult to see how extraordinary-access policies will prevent motivated criminals (and security-minded citizens) from simply adopting uncompromised services from abroad.

None of this is new, but it's at least good to see the former head of various intelligence agencies highlighting these points. At this point, we've seen intelligence agencies highlight the value of encryption, Homeland Security highlight the importance of encryption, the Defense Department highlight the importance of encryption. The only ones still pushing for breaking encryption are a few law enforcement groups and their fans in Congress.

Filed Under: backdoors, encryption, michael hayden

Go here to see the original:
Michael Hayden Ran The NSA And CIA: Now Warns That Encryption Backdoors Will Harm American Security & Tech Leadership - Techdirt

A study has found laws which allow governments to access companies' encrypted data are putting private information at risk.

Law enforcement can ask companies to give them access to encrypted data under the Search and Surveillance Act, and that could be misused, an expert says. Photo: Unsplash / Markus Spiske

That's one of the findings from the University of Waikato and New Zealand Law Foundation's study, A matter of security, privacy and trust: A study of the principles and values of encryption in New Zealand.

Lead investigator, University of Waikato legal professor Dr Michael Dizon, said law enforcement could ask companies to give them access to encrypted data under the Search and Surveillance Act, and that could be misused.

"There is something in the law that allows governments to ask any service provider, including your bank, including Facebook, to render reasonable assistance for them to access, to let's say, a criminal's account but the problem there is, it's not very clear what reasonable assistance means, and that becomes a really big problem because they can overstep their bounds."

The study also cited a case in the US where the FBI sought a court order to gain access to a shooter's locked iPhone, after Apple refused to comply on the grounds it would endanger the privacy and security of all its users.

Dizon was concerned that governments could ask companies to create weaknesses in their security systems, such as encrypted internet banking, so they could access the information of terrorists or criminals.

"If you create a backdoor or a weakness in one system, it can be exploited, not just by the police but any other person that can access it so it can be abused by criminals, by malicious state actors - say somebody from another country that has nefarious motives - so the point is there, if there is a weakness, anyone can exploit it," Dizon said.

The researchers recommended that people suspected or charged with a crime should not be forced to disclose their passwords.

They also recommended that companies should only provide information to police or law enforcement authorities if it does not undermine the information security of its products, services and the privacy of its clients.

Visit link:
Private information at risk from laws allowing access encrypted data - RNZ