Apple and the US government are at loggerheads for the second time in four years over unlocking iPhones connected to a mass shooting, reviving debate over law enforcement access to encrypted devices.

Attorney General Bill Barr said Monday that Apple failed to provide "substantive assistance" in unlocking two iPhones in the investigation into the December shooting deaths of three US sailors at a Florida naval station, which he called an "act of terrorism."

Apple disputed Barr's claim, while arguing against the idea of "backdoors" for law enforcement to access its encrypted smartphones.

"We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation," the company said in a statement.

The US attorney general claimed Apple has failed to provide enough help to unlock iPhones used in a deadly December shooting spree, reviving a debate on law enforcement access to encrypted devices Photo: GETTY IMAGES / JUSTIN SULLIVAN

"Our responses to their many requests since the attack have been timely, thorough and are ongoing."

Late on Tuesday, President Donald Trump weighed in on Twitter, saying the government was helping Apple on trade issues "yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements."

"They will have to step up to the plate and help our great Country, NOW!" he added.

The standoff highlighted the debate between law enforcement and the tech sector about encryption -- a key way to protect the privacy of digital communications, but which can also make investigations difficult, even with a court order.

The latest battle is similar to the dispute between Apple and the US Justice Department after the December 2015 mass shooting in San Bernardino, California, when the iPhone maker rejected a request to develop software to break into the shooter's iPhone.

Attorney General Bill Barr has called on both Facebook and Apple to provide better access to law enforcement seeking access to encrypted devices and content Photo: GETTY IMAGES / BILL PUGLIANO

That fight ended in 2016 when the government paid an outside party a reported $1 million for a tool that circumvented Apple's iPhone encryption.

Barr last year called on Facebook to allow authorities to circumvent encryption to fight extremism, child pornography and other crimes. The social network has said it would move ahead with strong encryption for its messaging applications.

Digital rights activists argue that any privileged access for law enforcement would weaken security and make it easier for hackers and authoritarian governments to intercept messages.

Apple has been implementing stronger encryption on its iPhones, making it harder for law enforcement to access the devices Photo: AFP / Philip FONG

"We have always maintained there is no such thing as a backdoor just for the good guys," Apple's statement said.

"Backdoors can also be exploited by those who threaten our national security and the data security of our customers."

Apple and others argue that digital "breadcrumbs" make it increasingly easy to track people, even without breaking into personal devices.

The government's latest demand "is dangerous and unconstitutional, and would weaken the security of millions of iPhones," Jennifer Granick of the American Civil Liberties Union said in a statement.

"Strong encryption enables religious minorities facing genocide, like the Uighurs in China, and journalists investigating powerful drug cartels in Mexico, to communicate safely."

Granick added that Apple cannot allow the FBI access to encrypted communications "without also providing it to authoritarian foreign governments and weakening our defenses against criminals and hackers."

Kurt Opsahl of the Electronic Frontier Foundation echoed that sentiment, saying Apple "is right to provide strong security" for its devices.

"The AG (attorney general) requesting Apple re-engineer its phones to break that security is a poor security trade-off, and imperils millions of innocent people around the globe," Opsahl tweeted.

James Lewis of the Center for Strategic and International Studies, a Washington think tank, said he believes it's possible to allow law enforcement access without sacrificing encryption.

"You're not weakening encryption, you're making it so it's not end-to-end," Lewis told AFP.

"It means that there's a third party who can look at it under appropriate authority."

But Lewis said he does not expect either side to come out a winner in the battle, and that US officials will likely find another outside party to crack the two iPhones belonging to the shooter, Royal Saudi Air Force 2nd Lieutenant Mohammed Saeed Alshamran, who died in the attack.

"It's a repeat of the movie we saw in San Bernardino," he said.

"It's going to be harder because Apple probably fixed the trick that worked in San Bernardino."

More:
Encryption Battle Reignited As US Govt At Loggerheads With Apple - International Business Times

The encryption wars are alive and well.

On Monday, Attorney General William Barr asked Apple to unlock two iPhones used by the gunman in last month's shooting at a naval air base in Pensacola, FL. President Trump chimed in last night, tweeting that Apple should step up to the plate and unlock the phones.

Apple said it's given law enforcement "all of the data in our possession," meaning the shooter's iCloud account and transaction data. But it won't unlock the phones...because they're encrypted. Apple has enhanced security protections for iPhones so it can't see customer data, and the company has built its entire privacy marketing pitch around this premise.

The government has requested that tech companies add backdoors into their encrypted services to allow law enforcement to peep on their contents if necessary. In October, the U.S., U.K., and Australia asked Facebook to pause plans to build end-to-end encryption into its products.

Tech companies say they can't build backdoors for good guys only. Microsoft CEO Satya Nadella weighed in on Monday, calling backdoors "a terrible idea," though he thinks there's another solution.

Next steps:We could see a legal showdown between Apple and the government, the NYT reported, a redux of previously unresolved court battles.

View post:
Encryption Tensions Flare Between U.S. Government and Tech Industry - Morning Brew

A New York Times report claims that Apple is privately preparing for a legal battle with the Justice department over iPhone encryption.

According to the report:

Apple is privately preparing for a legal fight with the Justice Department to defend encryption on its iPhones while publicly trying to defuse the dispute, as the technology giant navigates an increasingly tricky line between its customers and the Trump administration.

Timothy D. Cook, Apple's chief executive, has marshaled a handful of top advisers, while Attorney General William P. Barr has taken aim at the company and asked it to help penetrate two phones used by a gunman in a deadly shooting last month at a naval air station in Pensacola, Fla.

The report further states that executives at Apple "have been surprised by the case's quick escalation", that's according to people familiar with the company who were not authorized to speak publicly. The New York Times also reports that there is "frustration and skepticism" within Apple:

And there is frustration and skepticism among some on the Apple team working on the issue that the Justice Department hasn't spent enough time trying to get into the iPhones with third-party tools, said one person with knowledge of the matter.

Read the original here:
Apple is privately preparing for legal battle with DOJ over iPhone encryption - iMore

MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--Fortanix Inc., the Runtime Encryption company, today announced it had a record year in 2019, which saw sales climb 285 percent over the previous record year. Important new partnerships with Equinix, Google, IBM and Intel set the stage for both innovation and go-to-market success. The company doubled its workforce and expanded geographically in 2019 with new offices in the United Kingdom and the Netherlands to support its growing European customer base and attract engineering talent.

We believe 2020 will mark a turning point for the industry in data protection and privacy, said Ambuj Kumar, CEO, Fortanix. New privacy legislation such as the California Consumer Privacy Act (CCPA), advances in hardware for Runtime Encryption, and cloud service providers partnering with Fortanix will undoubtedly drive accelerated investment and demand for data protection and confidential computing solutions.

Strategic Partnerships

In 2019, Equinix selected the Fortanix Self-Defending Key Management Service (SDKMS), to power Equinix SmartKey HSM-as-a-service. As a result of this collaboration, Equinix SmartKey is available as a global SaaS-based key management and Hardware Security Module (HSM) service hosted on Platform Equinix, Equinixs global interconnection and data center platform. Users gain a solution that is backed by strong SLAs, world-class infrastructure, and connectivity from Equinix.

Fortanix also collaborated with Google Cloud Platform (GCP) to integrate its new Google External Key Manager Service with the Fortanix Self-Defending Key Management Service (SDKMS) to enable businesses to migrate new classes of sensitive data and applications to the public cloud. The announcement of the new functionality at Google Next London featured PayPal demonstrating their use of the technology.

IBM Cloud Data Shield, powered by Fortanixs Runtime Encryption Platform, in 2019 began offering data-in-use protection for applications. With Runtime Encryption, organizations can now run data-centric workloads with security in the cloud and take advantage of the scale that the cloud provides. Common use cases include securing data-centric workloads such as blockchain, databases, AI/machine learning, and analytics.

Fortanix Secures Key Industry Certifications and Consortium Appointments

Last year, Fortanix earned the Federal Information Processing Standard (FIPS) 140-2 Level 3 certification from the National Institute of Standards and Technology (NIST), which is part of the U.S. Department of Commerce. This achievement enables businesses to replace legacy encryption technologies, including Hardware Security Modules (HSM), with the Fortanix SDKMS encryption platform for protecting the most sensitive data in the U.S. Government, and technology, financial services, and healthcare industries.

Fortanix also became an inaugural member of the newly formed Confidential Computing Consortium, an organization created by the Linux Foundation dedicated to accelerating the adoption of technologies to protect data while in use by applications through Trusted Execution Environments (TEEs). Fortanix was elected to leadership positions as both the Chair of the outreach committee and General Members Representative to the Governing Board.

Key Investors and Executives Join Fortanix To Drive Growth

Supporting this years continued expansion, Fortanix in early 2019 announced $23 million in Series B financing, led by new investor Intel Capital with participation by existing investors Foundation Capital and Neotribe. The funding is being used to expand business operations as the company accelerates new product development and customer rollouts to meet growing global demand, including investments in sales and marketing.

The company also saw a significant increase in hiring last year, and expanded operations into Europe. New key executives hired in 2019 included Chief Product and Strategy Officer Faiyaz Shahpurwala, former VP and GM for IBM Cloud; Chief Revenue Officer David Greene, former CEO of ZeroStack; VP of Marketing Seth Knox, former VP of Marketing at Agari; and VP of Customer Success Sameer Phatarpekar, former VP of Global Customer Success at Usermind.

About Fortanix

Fortanixs mission is to solve cloud security and privacy challenges. Fortanix allows customers to securely operate even the most sensitive applications without having to trust the cloud. Fortanix provides unique deterministic security by encrypting applications and data everywhere at rest, in motion, and in use with its Runtime Encryption technology built upon Intel SGX. Fortanix secures F100 customers worldwide and powers IBM Data Shield and Equinix SmartKey HSM-as-a-service. Fortanix is venture backed and headquartered in Mountain View, Calif. For more information, see https://fortanix.com/.

Fortanix and Runtime Encryption are registered trademarks of Fortanix, Inc. Self-Defending Key Management Service is a trademark of Fortanix, Inc. All other marks and names mentioned herein may be trademarks of their respective companies.

See the rest here:
Fortanix Reports Record Year with Sales Growing 285 Percent, Strategic Partnerships and Global Expansion in 2019 - Business Wire

KeyFactors latest study shows that many IoT device manufacturers aregenerating insecure RSA keys

1 in 172. Thats the number of RSA public key certificatesavailable through the internet that could be vulnerable to compromise due toshared cryptographic key factors.

These findings are according to a recent report on RSA certificate vulnerability from KeyFactor, a leading provider of secure digital identity management solutions and an established authority in the cybersecurity industry. A team of KeyFactor researchers presented their findings at the First IEEE Conference on Trust, Privacy, and Security in Intelligent Systems and Applications in December. The data indicates that due to improper random number generation, many RSA public keys are at risk of compromise because the researchers were able to use them to derive their private keys through a method known as factoring.

Essentially, the research indicates that RSA is stillsecure, but many companies are implementing it in insecure ways. As such, it underscoresthe importance of organizations and manufacturers being crypto agile andadhering to cryptographic best practices to maintain trust and security.

But just how big of a potential impact would compromising RSA keys have? While theres no single reliable resource we can point you to that shows X% of certificates issued use RSA keys, what we can tell you as a company that sells a lot of them is that its a lot. Considering that Gartner forecasts that there will be 25 billion IoT devices in use by 2021, thats potentially a lot of vulnerable RSA certificate keys in the wild that cybercriminals could exploit.

In this article, well break down the data from the study,rehash what RSA is, and explore the implications of what the research means foryour organization.

Lets hash it out.

KeyFactor, a company we work with at The SSL Store, has made a name for itself as an IoT device security leader in the industry since the companys inception in 2001. A force to be reckoned with, theyre dedicated to empowering enterprises of all sizes through their award-winning PKI-as-a-service platform. Theyre also known for their research collaborations with other respected organizations such as The Ponemon Institute.

This particular report on RSA certificate vulnerabilites,written by JD Kilgallin, states that the company collected and analyzed 175million RSA certificate public keys 75 million they discovered on theinternet, plus 100 million that were available through certificate transparency(CT) logs. They used a single Microsoft Azure cloud-hosted virtual machine and agreatest common divisor (GCD) algorithm for shared factors to conduct their analysis.

Heres what they discovered:

The big takeaway here is that some IoT device manufacturersare using random number generators that lack strong entropy. Its more a matterof operator error than an actual weakness in the RSA algorithm itself. As aresult of using random number generators (RNGs) with low entropy, theyregenerating prime numbers with poor randomness, which leads to the generation ofprivate keys that can be compromised more easily.

But what does this mean in terms of information security?

Kilgallin cautions the following:

In 2019, with the large number of devices on the Internet and in other data sets like Certificate Transparency (CT) logs,this attack presents a serious threat if proper precautions are not in place. As the number of keys grows, it is more likely that weakly generated factors in RSA public keys will be discovered. Coupled with the availability of cheap computing resources and sensitivity of communications, the attack is as potent as ever.

At the most basic level, RSA public keys are the result of two large, randomly generated prime factors. Theyre created using random number generators. This means that the entire security premise of the RSA algorithm is based on using prime factorization as a method of one way encryption. So, in other words, its operating under the assumption that no one can determine two randomly-generated prime numbers within a reasonable amount of time that no one can crack the encryption of an SSL/TLS certificate until long after its replaced or expired.

Well, considering that it took a group of researchers more than 1,500 years of computing time (across hundreds of computers) to factor a 232-digit algorithm, that assumption seems plausible. But in reality, RSA is sometimes not as secure as wed like it to be. Its not that RSA itself is insecure its that some companies implement it in a weak way.

Thats because some random number generators arent reallythat random. Furthermore, considering that the same RNGs are frequently usedtime and again, it reduces their effectiveness. If RSA public keys are generatedwith poor randomness, it means they could be vulnerable to a factoringcyberattack.

In this type of attack, cybercriminals collect large sums ofpublic keys from the internet and analyze them to determine whether any twoshare the same factor. If two RSA moduli share one prime factor, it couldresult in a collision when applied to a large dataset. What this does is allowthe actor to crack the corresponding private key.

All of this leads to this concern:

As the number of keys grows, it is more likely that weakly generated factors in RSA public keys will be discovered. Coupled with the availability of cheap computing resources and sensitivity of communications, the attack is as potent as ever.

Yikes. But there is a bit of light at the end of the tunnel.

According to the report concerning the factoring attacks, only 5 of 100million certificates found in a sample from Certificate Transparency logs arecompromised by the same technique. What this means is that only the fivecompromised certificates found in CT logs were publicly-trusted (and no longerin use online) the rest were self-signed, privately-rooted, or devicecertificates. But, still, thats five too many for our taste.

Weve talked about the risks of using self-signed certificates in external-facing applications in the past. Its one thing to use them on intranets and internal-facing applications; its another to use them to secure sites or devices that are discoverable via the internet.

Thediscrepancy between the number of CA-signed certificates that were compromisedand the others, the researchers say, is likely due to IoT devices being moreeasily accessible on the internet and by the design constraints and entropylimitations of power-restricted devices.

In thereport, Kilgallin says:

These concerning findings highlight the need for device manufacturers, website and network administrators, and the public at large to consider security, and especially secure random number generation, as a paramount requirement of any connected system.

Manage Digital Certificates like a Boss

14 Certificate Management Best Practices to keep your organization running, secure and fully-compliant.

We keep talkingabout RSA encryption, RSA algorithms, and RSA keys. But what exactly is RSAitself? Lets take a moment for a brief review for those of us who arent asfamiliar with this type of cryptography.

RSA, named after the MIT cryptographers who created it (RonRivest, Adi Shamir, and Leonard Adleman), is one of the two most popular publickey encryption algorithms in use today. In SSL/TLS, it can be used for digitalsignatures and key exchange to establish a secure, encrypted communicationchannel. This way, you dont leave your sensitive data at risk by transmittingit through a non-secure channel.

The RSA algorithm is comprised of four essential components:

But, wait, were talking about the RSA algorithm. Ithought we were supposed to be talking about RSA encryption keys?

We are in a roundabout sort of way. RSA refers to both asignature algorithm (a cryptographic operation) and an encryption key pair. TheRSA algorithm is used to generate an RSA key pair that includes both privateand public keys. The first generates digital signatures, whereas the secondverifies those created signatures.

But when we talk about an encryption key, what do we reallymean?

A cryptographic key, in a nutshell, is a string ofrandomly-ordered bits (binary digits) meaning a gargantuan string of hundredsor even thousands of 1s and 0s. Keys are integral to modern day public keyinfrastructure (PKI) and encryption as a whole. Keys in cryptography are like therice to your sushi or the cream filling for your Oreo cookies theyreessential components.

In the olden days (you know, before modern technology), akey was the secret roadmap, if you will, of an encryption technique. Its whatthe sender would use to encrypt the message, and the recipient would use todecrypt the message. Its much the same today, but instead of using hand-writtenkeys that are written in invisible ink or hidden away, theyre digital bits ofinformation that are transmitted electronically.

A key can be either asymmetric or symmetric. RSA keys are asymmetric. Every asymmetric key comes in a pair of mathematically-related but different public and private keys, and each key serves as different purpose to encrypt (public key) and to decrypt (private key) data, as well as to create a shared key.

If a certificates RSA public key that was generated withweak entropy is targeted through a factoring attack, then its shared primenumbers could be used to derive the certificates private key, making RSAessentially useless.

But, thankfully, RSA isnt the only hitter in the game. Theresanother type of key that we havent mentioned yet ECC.

ECC, or elliptic curve cryptography, is an approach to cryptography that offers greater security and performance than RSA. Thats because it doesnt rely on random number generation. Instead of RNG, ECC takes advantage of the math behind elliptic curves. If you dont know what Im talking about, think back to your school days and the joys of plotting using coordinates on the Y- and X- axes (yeah, thats still a thing of nightmares for me, too).

I wont get into the actual calculations of elliptic curveshere you can read more about that in one of our other blogposts on ECC. But the point here is that its a public key cryptosystemthat relies on mathematical calculations based on specific points on anelliptic curve rather than a random number generator that could fail.

Another benefit of ECC over RSA is that ECC scales well. Thatsbecause its keys are smaller, which results in less computational overhead andbetter performance.

See what I mean?

A third advantage ECC has over RSA is that theres a variation of it supersingular elliptic curve isogeny cryptography thats also less vulnerable to concerns that stem from quantum computing. The National Institute of Standards and Technology (NIST) predicts that the public key cryptography we know and use today will fail once quantum computing becomes mainstream.

But the impact of quantum computing on existing cryptosystems is a whole nother conversation in and of itself. And dont worry, the sky isnt falling CAs are ahead of the curve in developing new cryptographic methods that will be quantum secure.

The drawback of ECC is that it isnt frequently used becauseits not as widely supported as RSA. While its supported by most modernoperating systems and web browsers including Chrome, Safari, Firefox, and IE ECC isnt yet supported by a lot of the web hosting control panels (such as cPanel)as of yet. Unfortunately, this means that many website owners cant yet use ECCeven if they want to.

Overall, the KeyFactor research showcases how weak some RSAkeys are that are currently in use across the internet. It also drives home thepoint that organizations and device manufacturers in particular need to do moreto protect the consumers who trust them to protect their sensitive orconfidential information and privacy.

What this means for device manufacturers is that they needto:

KeyFactor researchers define crypto agility as knowingeverywhere cryptography is used across your organization (i.e. certificates,algorithms, protocols, and libraries), and being able to quickly identify andremediate vulnerabilities, without disruption.

To be crypto agile, you need to stay abreast of compromisesand breaches in security and also try to stay one step ahead of cybercriminals.You also need to be responsive to changes. In IoT device security, that meansyou need to be able to maintain trust by keeping your devices secure throughouttheir lifecycles.

In PKI, it in part boils down to using automated certificate management solutions. A reliable certificate management solution provides visibility into your network and helps you to easily track, monitor, and renew your certificates to avoid certificate outages. Throw away the spreadsheets and get rid of your manual tracking processes automation is the name of the game.

So, let us take a moment to summarize everything wevereally touched on in this article. KeyFactor research shows that:

Read more here:
How Secure is RSA in an Increasingly Connected World? - Hashed Out by The SSL Store - Hashed Out by The SSL Store

Technology that allows police officers to gather data from digital devices without the need for a password is to be rolled out from next week.

Police Scotland confirmed on Tuesday that the so-called cyber kiosks - digital triage devices - will be given to officers on January 20.

The kiosks are laptop-sized machines that enable the user to override encryption on devices such as mobile phones and tablets.

Technology was due to be deployed earlier but the roll-out was hit by delays as MSPs called for greater clarity over the legal framework for their use.

A total of 14 kiosks have already been bought by Police Scotland and will be located across all policing divisions.

It is expected all of the kiosks will be operational before May 1.

Police Scotland believe having the kiosks will allow lines of inquiry to be progressed at a faster pace, with officers being able to return mobile devices to their owners when they are having to assess them for potential evidence.

Officers will only examine the device of an individual when there is a legal basis and it is "necessary, justified and proportionate" to the crime under investigation.

They will not be enabled to store data from any devices and when an examination is complete all data will be securely deleted.

Deputy Chief Constable Malcolm Graham said having the ability to quickly assess which devices either do or do not contain evidence on them will minimise the intrusion into people's lives.

"We are committed to providing the best possible service to victims and witnesses of crime," he said.

"This means we must keep pace with society. People of all ages now lead a significant part of their lives online and this is reflected in how we investigate crime and the evidence we present to courts.

"Many online offences disproportionately affect the most vulnerable people in our society, such as children at risk of sexual abuse, and our priority is to protect those people."

He added: "Increases in the involvement of digital devices in investigations and the ever-expanding capabilities of these devices mean that demand on digital forensic examinations is higher than ever.

"Current limitations, however, mean the devices of victims, witnesses and suspects can be taken for months at a time, even if it later transpires that there is no worthwhile evidence on them.

"By quickly identifying devices which do and do not contain evidence, we can minimise the intrusion on people's lives and provide a better service to the public."

Have you downloaded the new and improved Glasgow Live app? Get all the latest news and events at the touch of a button on Android and Apple .

Read the original here:
Police Scotland to roll out encryption bypass technology - Glasgow Live

Apple and the US government disagree for the second time in four years by unlocking iPhones connected to a mass shooting, reviving the debate about police access to encrypted devices.

Attorney General Bill Barr said on Monday that Apple did not provide "substantive assistance" by unlocking two iPhones in the shooting investigation of three US sailors in December at a Florida naval station, which he called an "act of terrorism. "

Apple disputed Barr's claim, while arguing against the idea of "back doors" for the police to access their encrypted smartphones.

"We reject the characterization that Apple has not provided substantive assistance in Pensacola's investigation," the company said in a statement.

"Our responses to your many requests since the attack have been timely, thorough and ongoing."

On Tuesday night, President Donald Trump intervened on Twitter and said the government was helping Apple in business matters "but they refuse to unlock phones used by murderers, drug dealers and other violent criminal elements."

"They will have to step forward and help our great country, NOW!" he added.

The confrontation highlighted the debate between the police and the technology sector on encryption, a key way to protect the privacy of digital communications, but that can also hinder investigations, even with a court order.

The last battle is similar to the dispute between Apple and the US Department of Justice. UU. After the mass shooting of December 2015 in San Bernardino, California, when the iPhone manufacturer rejected a request to develop software to enter the shooter's iPhone.

That fight ended in 2016 when the government paid a $ 1 million report to an outside party for a tool that eluded Apple's iPhone encryption.

Last year, Barr asked Facebook to allow authorities to bypass encryption to combat extremism, child pornography and other crimes. The social network has said it would move forward with strong encryption for its messaging applications.

Digital rights activists argue that any privileged access to law enforcement would weaken security and make it easier for hackers and authoritarian governments to intercept messages.

"We have always maintained that there is no backdoor just for the good guys," Apple's statement said.

"The back doors can also be exploited by those who threaten our national security and the security of our customers' data."

Apple and others argue that digital "bread crumbs" make it easier and easier to track people, even without entering personal devices.

The governments latest lawsuit "is dangerous and unconstitutional, and would weaken the security of millions of iPhones," Jennifer Granick of the American Civil Liberties Union said in a statement.

"Strong encryption allows religious minorities facing genocide, such as Uyghurs in China, and journalists investigating powerful drug cartels in Mexico to communicate safely."

Granick added that Apple cannot allow the FBI to access encrypted communications "without also providing it to authoritarian foreign governments and weakening our defenses against criminals and hackers."

Kurt Opsahl, of the Electronic Frontier Foundation, echoed that sentiment and said Apple "is right to provide solid security" for its devices.

"The AG (attorney general) asks Apple to redesign its phones to break that security is poor security compensation and endangers millions of innocent people around the world," Opsahl tweeted.

James Lewis of the Center for Strategic and International Studies, a group of Washington experts, said he believes it is possible to allow police access without sacrificing encryption.

"You are not weakening encryption, you are doing it so that it is not from end to end," Lewis told AFP.

"It means that there is a third party who can see it under the proper authority."

But Lewis said he does not expect either party to win the battle, and that US officials will likely find another outside party to decipher the two iPhones that belong to the shooter, the 2nd lieutenant of the Royal Saudi Air Force Mohammed Saeed Alshamran, who died in the attack

"It's a repeat of the movie we saw in San Bernardino," he said.

"It's going to be more difficult because Apple probably solved the trick that worked in San Bernardino."

. (tagsToTranslate) Apple disagrees with us the government as battle of reactive encryption grindr (t) okcupid (t) tinder

Continue reading here:
Apple disagrees with the US government. UU. While the encryption battle restarts - NewsDio