Category Archives: Cryptography

Tim Berners-Lee has publicly called for programmers to develop better, more user-friendly cryptography. That way, he …

Posted on by

At a time of heightened national security and privacy paranoia, Switzerland holds all the aces. Not only does it have a culture of keeping secrets, but it is also home to a group of physicists who appreciate the universes predilection for privacy.

Tim Berners-Lee, the man widely credited with creating the internet during his time working at Cern, the particle physics facility in suburban Geneva, has publicly called for programmers to develop better, more user-friendly cryptography. That way, hesays, we can all get back to living private lives again.

Interestingly, it is out of Cern that the best hope for the fulfilment of that vision may arise. A gaggle of its particle physicists became so concerned at last years revelations of mass surveillance by the US National Security Agency (NSA) that they decided to do something about it. The result is ProtonMail, an email encryption service that Forbes describes as the only email system the NSA cant access.

That inaccessibility is partly because ProtonMails servers are in Switzerland, where the law prevents government agencies from gaining access to them. It is also partly because the servers wont even contain decryption keys. But mostly its because maths shows that its not hard to conceal information if you know what youre doing.

There are ways to perform reversible mathematical operations on data that will render it indecipherable to prying eyes. As long as you have the key that is, you know exactly what the mathematical operation was you can undo the obfuscation. If you dont have the key, there is no way to winkle out the original data. In many ways, it is astonishing how reluctant we are to take advantage of this. But things do seem to be changing.

ProtonMail was quickly oversubscribed there is a waiting list for accounts even though the system is still in its beta-testing phase. The company has rejected offers of investment from venture capital firms. Instead, it raised more than $500,000 through crowdfunding.

In August, ProtonMail held a hackathon at the Massachusetts Institute of Technology. The idea was to improve security by allowing the experts to look for weaknesses. Now, with that exercise complete, a more secure version will be released. The aim is to make it open-source, so that its code can be checked and strengthened.

The laws of physics actually allow researchers to go much further than maths-based encryption. The technology known as quantum cryptography uses a fundamental rule, one that governs the smallest scales of the natural world, to achieve the ultimate freedom from eavesdropping.

When natures basic particle building blocks interact,in the right circumstances, theycan become entangled. Information encoded on entangled particles is shared between them. In a weird twist of nature, these particles can retain a link even when separated physically. Its almost like a telepathic connection: reading the information on one can affect the other in ways that allow monitoring of any eavesdropping activity.

Physicists have exploited this to create tamper-proof seals for information encoded on photons, the particles that make up light. The technology is not yet perfect, but its good enough that it is starting to be used for financial transactions and various other sensitive communications. The market leader, ID Quantique, was developed at a fundamental physics lab based in you guessed it Switzerland.

Read the rest here:
Tim Berners-Lee has publicly called for programmers to develop better, more user-friendly cryptography. That way, he ...

Volokh Conspiracy: Apple’s dangerous game

Posted on by

Apple has announced that it has designed its new operating system, iOS8, to thwart lawful search warrants. Under Apples old operating system, if an iPhone is protected by a passcode that the government cant bypass, the government has to send the phone to Apple together with a search warrant. Apple will unlock at least some of the contents of the phone pursuant to the warrant. Under the new operating system, however, Apple has devised a way to defeat lawful search warrants. Unlike our competitors, Apples new privacy policy boasts, Apple cannot bypass your passcode and therefore cannot access this data. Warrants will go nowhere, as its not technically feasible for [Apple] to respond to government warrants for the extraction of this data from devices in their possession running iOS 8. Anyone with any iPhone can download the new warrant-thwarting operating system for free, and it comes automatically with the new iPhone 6.

I find Apples new design very troubling. In this post, Ill explain why Im troubled by Apples new approach coded into iOS8. Ill then turn to some important legal issues raised by Apples announcement, and conclude by thinking ahead to what Congress might do in response.

Lets begin with a really important point: In general, cryptography is an awesome thing. Cryptography protects our data from hackers, trespassers, and all sorts of wrongdoers. Thats hugely important. And under Apples old operating system, cryptography protects iPhones from rogue police officers, too. Thanks to the Supreme Courts recent decision in Riley v. California, the Fourth Amendment requires a warrant to search a cell phone. Apples old operating system effectively enforced the warrant requirement technologically by requiring the government to serve a warrant on Apple to decrypt the phone.

Up to that point, I think its all good. But the design of Apples new operating system does something really different.

If I understand how it works, the only time the new design matters is when the government has a search warrant, signed by a judge, based on a finding of probable cause. Under the old operating system, Apple could execute a lawful warrant and give law enforcement the data on the phone. Under the new operating system, that warrant is a nullity. Its just a nice piece of paper with a judges signature. Because Apple demands a warrant to decrypt a phone when it is capable of doing so, the only time Apples inability to do that makes a difference is when the government has a valid warrant. The policy switch doesnt stop hackers, trespassers, or rogue agents. It only stops lawful investigations with lawful warrants.

Apples design change one it is legally authorized to make, to be clear. Apple cant intentionally obstruct justice in a specific case, but it is generally up to Apple to design its operating system as it pleases. So its lawful on Apples part. But heres the question to consider: How is the public interest served by a policy that only thwarts lawful search warrants?

The civil libertarian tradition of American privacy law, enshrined in the Fourth Amendment, has been to see the warrant protection as the Gold Standard of privacy protections. The government cant invade our private spaces without a showing that the invasion is justified by the expectation that the search will recover evidence. And the government must go to a neutral magistrate and make that case before it conducts the search. When the government cant make the showing to a neutral judge, the thinking runs, the public interest in privacy outweighs the public interest in solving crime. But when the government does make that showing, on the other hand, the public interest in solving crime outweighs the privacy interest. Thats the basic balance of the Fourth Amendment, most recently found in the stirring civil libertarian language in Riley just a few months ago.

Apples new policy seems to thumb its nose at that great tradition. It stops the government from being able to access the phone precisely when it has a lawful warrant signed by a judge. Whats the public interest in that?

One counterargument I have heard is that there are other ways the government can access the data at least some of the time. With the warrant required under Riley, agents could take a stab at guessing the passcode. Perhaps the phones owner used one of the popular passwords; according to one study, the top 10 most often-used passcodes will unlock about 15% of phones. Alternatively, if the phones owner has backed up his files using iCloud, Apple will turn over whatever has been backed up pursuant to a lawful warrant.

These possibilities may somewhat limit the impact of Apples new policy. But I dont see how they answer the key question of whats the public interest in thwarting valid warrants. After all, these options also exist under the old operating system when Apple can comply with a warrant to unlock the phone. And while the alternatives may work in some cases, they wont work in other cases. And that brings us back to how its in the public interest to thwart search warrants in those cases when the alternatives wont work. Id be very interested in the answer to that question from defenders of Apples policy. And Id especially like to hear an answer from Apples General Counsel, Bruce Sewell.

Read more:
Volokh Conspiracy: Apple’s dangerous game

PGP creator, other top cryptographers head 2014 National Cyber Security Hall of Fame class

Posted on by

Accomplished cryptographers are among the five inductees into this year's National Cyber Security Hall of Fame.

Accomplished cryptographers, including Pretty Good Privacy creator Philip Zimmerman, are among the five inductees into this year's National Cyber Security Hall of Fame. They'll officially be enshrined on Oct. 30 in Baltimore.

Zimmerman, in addition to developing the widely used PGP email encryption software is founder of mobile privacy company Silent Circle and is known for his work in securing VoIP via protocols such asZRTP and Zfone.

+ ALSO on NetworkWorld: 2014 Women in Technology Hall of Fame inductees|Whirlwind tour of networking and computing's top prizes, awards & honors|Why there's no Nobel Prize in Computing+

The other inductees, chosen from among 200 nominations, are:

*Columbia University Professor of Computer ScienceSteven Bellovin,a noted security and networking researcher. Claims to fame include serving as chief technologist for the Federal Trade Commission.

*Vinton Cerf, widely considered one of the Fathers of the Internet for his work on TCP/IP. He is vice president and chief Internet evangelist for Google, as well as the member of more halls of fame than we can count.

*Paul Kocher designed the cryptographic elements of Secure Sockets Layer 3 in the mid-1990s while a Stanford University undergrad. He's now president of Cryptography Research, Inc.

*Richard Alan Clarke is the former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, and under President George W. Bush, he served as the Special Advisor on cybersecurity.

Nominees were considered for their accomplishments in areas such as technology, policy, public awareness, education and business. The Hall was formed by companies and organizationsto honor individuals and organizations whose vision and leadership established the building blocks for the cybersecurity industry.

Read more here:
PGP creator, other top cryptographers head 2014 National Cyber Security Hall of Fame class