The Australian Labor Party said on Monday it would be debating a Private Senator's Bill to fix the encryption laws that it voted for in 2018.

The changes would include judicial authorisation that make the laws compatible with the US CLOUD Act, as well as changes in theprevious Bill that was stranded prior to the May 2019 election.

"Tech companies report that customers are less likely to seek out contracts with Australian companies because the encryption laws pose risks that they would be required by the government to introduce systemic weaknesses into their products and systems," Shadow Minister for Home Affairs Kristina Keneally said.

Labor was warned of this exact situation in 2018 before it voted for the laws.

Australian security vendor Senetas called for the laws to be dumped in 2018 because it would damage Australian reputations and trust.

"The Bill will damage Australian developers' and manufacturers' reputations in international markets, resulting in loss of trust and confidence in Australian cybersecurity R&D and products," Senetas said at the time.

"Rather than protecting the interests of citizens, this Bill compromises their security and privacy as a consequence of weaker cybersecurity practices and easier access to new tools for cyber criminals."

As long as the government majority holds, and there are no signs it would not, then Labor's fixes will die on the House of Representatives floor.

"Today is a test for the Morrison government -- will they stand up for the 700,000 Australians working in our technology industry and Australia's law enforcement agencies ... or continue with their broken promises and do-nothing plan?" Keneally said without a hint of irony.

Labor had previously said it would fix the "rushed legislation" it passed if it won government in May. The ALP did not win.

On Friday it was revealed that the nation's metadata laws were capable of handing to the cops the web browsing history of Australians.

At the time, Labor Senator Anthony Byrne noted his "grave concern" this was happening despite assurances.

Updated at 19:17pm AEDT, 10 February 2020: Article headline originally said the Bill was being introduced. The Bill was up for second reading debate.

AFP and NSW Police used Australia's encryption laws seven times in 2018-19

Seven Technical Assistance Requests made with no Technical Assistance Notices or Technical Capability Notices issued.

How the B-Team watches over Australia's encryption laws and cybersecurity

Most telco interception warrants are issued by non-judges. Important cybersecurity work isn't being done. The Information Commissioner lacks funding. Does the government actually care about privacy and security?

Home Affairs report reveals deeper problems with Australia's encryption laws

The first seven months of Australia's controversial encryption laws didn't see an explosion of decryptions. Worry instead about the cops bypassing judges to get their interception warrants approved.

End-to-end encryption means Huawei bans are about availability, not interception

Former Prime Minister who brought in Australia's anti-encyption laws says the technology can prevent potential tapping by telco equipment manufacturers.

Labor says it will fix encryption laws it voted for last year

Better late than never for agreeing to judicial authorisation, but legislation is unlikely to pass the House of Representatives.

Visit link:
Labor Bill to fix Australian encryption laws it voted for hits second debate - ZDNet

A private bill to change the Encryption Act was debated in the senate yesterday, with both Liberal and Greens senators taking Labor to task for helping pass the controversial legislation on the last sitting day of 2018.

Senator Kristina Keneally put the amendments forward, saying they were in line with initial recommendations made by the Parliamentary Joint Committee on Intelligence and Security (PJCIS).

Labors proposed amendments aim to reign in some of the Encryption Acts power, in part by limiting discretionary powers of the Home Affairs minister such as making Encryption Act determinations based on anything the minister considers relevant.

The amendments also seek to repeal the ministers ability to edit and delete information from departmental reports about the use of the Act.

Labor also wants to see more judicial oversight in the issuing of technical assistance notices and a repeal of the definitions of systemic vulnerability and systemic weakness.

Keneally said the bill would fix problems that the tech industry and international security agencies have taken issue with the legislation.

We have listened carefully and closely to these concerns, and we will continue to work closely with our intelligence and law enforcement agencies and technology experts throughout the course of the current PJCIS inquiry, Keneally said.

The amendments proposed in this bill are an important step towards repairing Australia's encryption laws for the sake of our national security and the growth of a key sector in our domestic economy and the jobs it would create.

Liberal Senator, Eric Abetz, was highly critical of Keneallys move to amend the Encryption Act which Labor supported while it is currently being reviewed by the PJCIS.

So here we have Senator Keneally, along with the Australian Labor Party, not only voting for the initial legislation that she now condemns, but also supporting the committee being given extra time to consider elements that might be required to amend the legislation, Abetz said.

And yet she comes in here today to, first of all, deny that she voted for the legislation in the first place, and now she's in here with this tawdry attempt to circumvent the committee inquiry.

The PJCIS had the length of its review into the Encryption Act extended and will hand down its recommendations by the end of September.

Greens senator, Nick McKim, said his party would support the amendments but called the actions of the major parties on rushing the Encryption Act quite reprehensible.

The government should not have proceeded with the legislation as it did, knowing full well the recommendations of the Parliamentary Joint Committee on Intelligence and Security, McKim said.

But neither should Labor have rolled over and allowed the government to tickle their collective tummy on this issue.

McKim echoed Keneallys sentiments that the Encryption Act has caused harm to the tech sector.

Not only does this act that is, the original act passed by the government with Labor's support attack the fundamental rights of people to privacy and the security of Australia's digital economy and our community, it also dealt a significant blow to Australia's tech sector, McKim said.

With Australian companies and coders forced to write the snitch ware, Australian-based tech companies are losing sales and other commercial opportunities. Many are actively considering either moving offshore or employing only offshore coders.

The bill to amend the Encryption Act will be voted on in the senate at a later date.

Read the original post:
Encryption Act amendments reach the senate - ACS

from the stop-it-guys dept

We've highlighted in the past that there are large parts of the federal government that recognize that strong encryption is actually very, very important for national security, and that the framing by Attorney General William Barr, FBI Director Christopher Wray, and even President Trump -- that there need to be back doors to encryption for "security" reasons -- is utter nonsense. The intelligence community has long recognized the importance of strong encryption. Even many people within the FBI think their bosses' position on this issue is bonkers. Late last year, we were pleasantly surprised to see the Defense Department step up as well, with a letter to Congress talking about just how important encryption is for national security.

Over at Cyberscoop, former National Security Council cybersecurity expert Ari Schwartz has a nice article explaining just how important encryption is to protecting the military. It won't tread any new ground for anyone who understands the basics here, but it's nice to see more and more people highlighting this.

Last month, a brigade of U.S. soldiers deployed to the Middle East received instructions from their superiors to use two commercial encrypted messaging applications, Signal and Wickr, on their government issued cell phones. These leadership cues trickled down from the Department of Defenses (DoD) position that strong encryption is critical to national security. While U.S. Attorney General William Barr continues to push for a broad mandate for backdoors for law enforcement, those on the front lines of protecting America have notably decided on a different approach. Simply put, weakening encryption means putting our military service members at risk.

The key point -- and one that many of us have made for years is that the framing by Wray/Barr (and, for what it's worth, James Comey before them) is that there's some sort of conflict here between "security" and "privacy." But that's always been bullshit. The issue has always been between having both security and privacy vs. giving law enforcement easier access to data and information they can almost always get elsewhere with a little more effort. In short, it's a debate between having security and privacy widely available against a bit of convenience for law enforcement. As such, this should be no debate at all.

Lets stop wasting time suggesting that we need universal solutions that may solve law enforcements short-term needs, but then put consumers and our military at risk.

Somehow, I don't think the time wasting is going to go away any time soon, unfortunately.

Filed Under: dod, doj, encryption, going dark, military, national security, william barr

More:
How Attorney General Barr's War On Encryption Will Harm Our Military - Techdirt

The Global Encryption Software Market is expected to grow from USD 6,253.12 Million in 2018 to USD 15,532.65 Million by the end of 2025 at a Compound Annual Growth Rate (CAGR) of 13.88%.

The global Encryption Software Market is influenced by several strategic factors and demand dynamics, a detailed study of which is presented in this report. The growth of the Encryption Software market can be attributed to governmental regulations in key regions and the emerging business landscape. The report on the global Encryption Software market covers these notable developments and evaluates their impact global market landscape.

The report presents a comprehensive analysis of market dynamics including growth drivers and notable trends impacting the future growth of the market. The report studies prominent opportunities, recent technological advances, and market changing factors in various nations. The factor affecting the revenue share of key regional markets are briefly analyzed in the report.

Get a Sample Copy of this Report @ https://www.regalintelligence.com/request-sample/11472

The Major Players Covered in this Report:International Business Machines Corporation, McAfee, LLC, Microsoft Corporation, Symantec Corporation, Thales e-Security, Inc., Check Point Software Technologies Ltd., ESET, spol. S r. o., Proofpoint, Inc., Sophos Group plc, and Trend Micro Incorporated.

On the basis of Function Cloud Encryption, Communication Encryption, Database Encryption, Disk Encryption, and File or Folder Encryption.

On the basis of Deployment On-Cloud and On-Premise.

On the basis of End User Aerospace & Defence, BFSI, Healthcare, and IT & Telecommunication.

The rise Encryption Software Industry have stimulated the competition between established market players and new entrants. The growing demand as result of vast majority of the population depends on the Encryption Software industry to satisfy their daily requirements. The Encryption Software industry is well known for its high standards of manufacturing, product quality, packaging and constant innovation. Further, prominent companies in the global industry are focused on providing more reliable Encryption Software for various applications. The manufacturers are focused on providing high-performance devices and equipment to all sectors.

Reach us to quote the effective price of this report: https://www.regalintelligence.com/check-discount/11472

Table of TOC: 1. Preface1.1. Objectives of the Study1.2. Market Segmentation & Coverage1.3. Years Considered for the Study1.4. Currency & Pricing1.5. Language1.6. Stakeholders2. Research & Forecasting2.1. Research Methodology2.1.1. Research Process2.1.2. Research Framework2.1.3. Research Reliability & Validity2.1.4. Research Assumptions2.2. Forecasting Methodology2.3. Research Outcome2.3.1. Competitive Strategic Window2.3.1.1. Leverage Zone2.3.1.2. Vantage Zone2.3.1.3. Speculative Zone2.3.1.4. Bottleneck Zone2.3.2. FPNV Positioning Matrix2.3.2.1. Quadrants2.3.2.1.1. Forefront2.3.2.1.2. Pathfinders2.3.2.1.3. Niche2.3.2.1.4. Vital2.3.2.2. Business Strategy2.3.2.2.1. Business Growth2.3.2.2.2. Industry Coverage2.3.2.2.3. Financial Viability2.3.2.2.4. Channel Support2.3.2.3. Product Satisfaction2.3.2.3.1. Value for Money2.3.2.3.2. Ease of Use2.3.2.3.3. Product Features2.3.2.3.4. Customer Support3. Executive Summary3.1. Outlook in the Encryption Software Market3.2. Opportunities in the Encryption Software Market

Why you should consider this report?

Key methods of major players

Enquire Before Buying this report @ https://www.regalintelligence.com/enquiry/11472

About Us:We, Regal Intelligence, aim to change the dynamics of market research backed by quality data. Our analysts validate data with exclusive qualitative and analytics driven intelligence. We meticulously plan our research process and execute in order to explore the potential market for getting insightful details. Our prime focus is to provide reliable data based on public surveys using data analytics techniques. If you have come here, you might be interested in highly reliable data driven market insights for your product/service,reach us here 24/7.

Contact Us:Regal Intelligencewww.regalintelligence.comsales@regalintelligence.comPh no: +1 231 930 2779 (U.S.)

Follow Us:https://in.linkedin.com/company/regal-intelligence https://www.facebook.com/regalintelligence/ https://twitter.com/RI_insights

See more here:
Encryption Software Market: Global Growth by Manufacturers, Regions, Product Types, Major Application Analysis and Forecast to 2025 - Galus Australis

The research report Encryption Software Market Analysis 2020 provides an estimate of the market size from 2020 to 2026 in terms of value and volume. It also includes a full assessment of key market segments and Encryption Software Market shares with the latest Trends and technologies used in the energy industry, as well as an instructive overview of the vendor landscape and geographic expansion of the market. The research study examines the Encryption Software Market based on a number of criteria such as Product Type, Application and geographic extent. The market shares of these segments are formulated in such a way that they offer readers of the Encryption Software Market an opportunistic Roadmap.

Global Encryption Software Market was valued at USD 3.32 billion in 2016 and is projected to reach USD 30.54 billion by 2025, growing at a CAGR of 27.96% from 2017 to 2025.

Looking for custom Encryption Software Market knowledge to strengthen your business for the future, Request a Sample Report @https://www.verifiedmarketresearch.com/download-sample/?rid=1826&utm_source=ITN&utm_medium=002

[Note: our free sample report provides a brief introduction to the table of contents, table of contents, list of tables and figures, competitive landscape and geographic segmentation, as well as innovations and future developments based on research methods.]

The Encryption Software Market report is an important research document for target groups such as manufacturers, raw material suppliers and buyers, industry experts and other companies. First, the report talks about the Encryption Software Market Overview, which helps in the Definition, classification and statistical Details of the market gives information about the current market status and the future forecast. In the next part in a row, the report describes the drivers and constraints that influence the market, as well as various market trends that shape the supply and distribution chains of the market. The Encryption Software Market report also looks at market dynamics covering emerging markets and growing markets, although new opportunities and business challenges for emerging market participants along with key industry news and business policy by region.

The top manufacturer with company profile, sales volume, and product specifications, revenue (Million USD) and market share

Global Encryption Software Market Competitive Insights

The competitive analysis serves as a bridge between manufacturers and other participants that are available on the Encryption Software Market. The report includes a comparative study of Top market players with company profiles of competitive companies, Encryption Software Market product innovations and cost structure, production sites and processes, sales details of past years and technologies used by them. The Encryption Software Market report also explains the main strategies of competitors, their SWOT analysis and how the competition will react to changes in marketing techniques. In this report, the best market research techniques were used to provide the latest knowledge about Encryption Software Market to competitors in the market.

Global Encryption Software Market Segmentation information

The report provides important insights into the various market segments presented to simplify the assessment of the global Encryption Software Market. These market segments are based on several relevant factors, including Encryption Software Market product type or services, end users or applications and regions. The report also includes a detailed analysis of the regional potential of the Encryption Software Market, which includes the difference between production values and demand volumes, as well as the presence of market participants and the growth of each Region over the given forecast period

Ask For Discount (Exclusive Offer) @ https://www.verifiedmarketresearch.com/ask-for-discount/?rid=1826&utm_source=ITN&utm_medium=002

Encryption Software Market: Regional Analysis :

As part of regional analysis, important regions such as North America, Europe, the MEA, Latin America, and Asia Pacific have been studied. The regional Encryption Software markets are analyzed based on share, growth rate, size, production, consumption, revenue, sales, and other crucial factors. The report also provides country-level analysis of the Encryption Software industry.

Table of Contents

Introduction: The report starts off with an executive summary, including top highlights of the research study on the Encryption Software industry.

Market Segmentation: This section provides detailed analysis of type and application segments of the Encryption Software industry and shows the progress of each segment with the help of easy-to-understand statistics and graphical presentations.

Regional Analysis: All major regions and countries are covered in the report on the Encryption Software industry.

Market Dynamics: The report offers deep insights into the dynamics of the Encryption Software industry, including challenges, restraints, trends, opportunities, and drivers.

Competition: Here, the report provides company profiling of leading players competing in the Encryption Software industry.

Forecasts: This section is filled with global and regional forecasts, CAGR and size estimations for the Encryption Software industry and its segments, and production, revenue, consumption, sales, and other forecasts.

Recommendations: The authors of the report have provided practical suggestions and reliable recommendations to help players to achieve a position of strength in the Encryption Software industry.

Research Methodology: The report provides clear information on the research approach, tools, and methodology and data sources used for the research study on the Encryption Software industry.

What will you find out from the global Encryption Software Market Report?

The report contains statistical analyses of the current and future Status of the global Encryption Software Market with a forecast to 2026.The report contains detailed information on manufacturers, Encryption Software Market raw material suppliers and buyers with their trade outlook for 2020-2026.The report informs you about the most important drivers, technologies and Trends that will shape the global Encryption Software Market in the near future.The report added an exclusive market segmentation, broken down by Product Type, Encryption Software Market end user and Region.The strategic perspectives on Encryption Software Market Dynamics, current production process and applications.

Complete Report is Available @ https://www.verifiedmarketresearch.com/product/global-encryption-software-market-size-and-forecast-to-2025/?utm_source=ITN&utm_medium=002

About Us:

Verified market research partners with clients to provide insight into strategic and growth analytics; data that help achieve business goals and targets. Our core values include trust, integrity, and authenticity for our clients.

Our research studies help our clients to make superior data-driven decisions, capitalize on future opportunities, optimize efficiency and keeping them competitive by working as their partner to deliver the right information without compromise.

Contact Us:

Mr. Edwyne FernandesCall: +1 (650) 781 4080Email:[emailprotected]

Read more from the original source:
Trending 2020 : Encryption Software Market Report Examines Analysis by Latest Trends, Growth Factors, Key Players and Forecast to 2026 - Instant Tech...

SYDNEY, Australia 11 Feb, 2020 nCipher Security, an Entrust Datacard company, and provider of trust, integrity and control for business-critical information and applications, andDNA Connect, a leading specialist distributor of security solutions based in Sydney, Australia, have finalised an agreement to offer nCiphers data protection and cybersecurity solutions across Australia and New Zealand.

Our partners are telling us that risk management, cost reduction and compliance with the regulatory environment, especially in multi-cloud deployments, are driving customer conversations, said Munsoor Khan, executive director of DNA. "nCiphers solutions address these concerns and are a perfect addition to our security portfolio. Were looking forward to a strong partnership based on nCiphers superior technology and channel-first strategy and our decades of experience taking enterprise solutions to market.

Organisations around the globe depend on nCiphersnShieldfamily of hardware security modules (HSMs) to protect against threats to their sensitive data, network communications and enterprise infrastructure. This same proven technology also underpins the security of technologies such as cloud, the internet of things (IoT), blockchain and digital payments while helping meet compliance mandates.

According to nCiphers2019 Global Encryption Trends Study, 51% of Australian organisations have an overall encryption plan or strategy that is applied consistently across the entire enterprise indicating an understanding of and appetite for data protection technologies. Three quarters (75%) of Australian respondents also rate HSMs as either very important or important to their organisations encryption or key management activities.

The Australian market is a growth region for nCipher Security, and one that is evolving at a rapid pace, says Scott Kemish, global VP of channel sales at nCipher Security. Global data compliance regulations such as GDPR and Australias Privacy Act, along with increased cloud and IoT adoption, have put data protection at the forefront of customers security strategy. As a result, were seeing heavy demand for our data security products throughout the region, particularly within the financial services industry, government, and healthcare sectors. These trends have in turn informed our decision to embrace a 100% channel model.

The rest is here:
Press Release: DNA Connect signs on as Australia and New Zealand distributor for nCipher Security to meet region's critical data security and...

In areport from theFinancial Times (paywall), a letter signed by 129 non-profits, think tanks, and academics urge Facebook to reconsider encrypting its apps. They use the think of the children argument because encryption could enable more child sexual abuse. But Justin Myles Holmes says weshould think of the children andenable end-to-end encryption for them, so their data isnt used and abused by corporations precisely like Facebook.

If we fail to take action now, we risk a world in which unsavory actors domestic and foreign have built rich, comprehensive profiles for every one of our children, following the trajectories of their education, home life, consumer habits, health, and on and on. These profiles will then be used to manipulate their behavior not only as consumers, but as voters and participants in all those corners of society which, in order for freedom and justice to prevail, require instead that these kids mature into functional, free-thinking adults.

Check It Out: Kids Need End-to-End Encryption for Protection Against Corporations

Follow this link:
Kids Need End-to-End Encryption for Protection Against Corporations - The Mac Observer

The cybersecurity of the Attorney-General's Department (AGD) has not been independently assessed by the Australian Signals Directorate (ASD) despite it being made an action item nearly four years ago.

The nation's Cyber Security Strategy of April 2016 said that government agencies "at higher risk of malicious cyber activity" would receive "independent cybersecurity assessments".

Adiscussion paper[PDF] for the 2020 strategy,releasedin September 2019, reported that "ASD has conducted active vulnerability assessments of a number of key government agencies".

But in written evidence given to the Senate Standing Committee on Legal and Constitutional Affairs this week, AGD revealed it wasn't one of them.

"ASD has not conducted an independent security assessment against Attorney-General's Department networks," it wrote.

"No additional funding has been provided to AGD for cybersecurity remediation activity."

AGD has vastly increased its spend on cybersecurity across the last four years, however.

From a base of AU$47,197 in 2015-2016, when they began tracking the annual operational spending of the IT Security Section, it rose to AU$225,826 in 2016-2017, then to AU$641,985 in 2017-2018. In 2018-2019, it declined slightly to AU$562,222.

"Other sections, projects, and activities make a substantial contribution to improving the overall cybersecurity posture, but are associated to other cost centres," AGD wrote.

But the department declined to answer specific questions about its compliance with theASD Essential Eightcybersecurity controls, citing security concerns.

"Publicly identifying details of any briefings provided to the Attorney-General on cybersecurity vulnerabilities on departmental networks would provide an individualised snapshot in time and may provide a heat map of vulnerabilities for departmental networks, which malicious actors may exploit and thus increase the agency's risk of cyber incidents," it wrote.

It's bad enough that most telecommunications interception warrants arenot approved by judgesbut by members of the Administrative Appeals Tribunal (AAT).

What's worse is that these less-qualified officials can spend mere minutes making their decision with no legal support from AAT staff.

After so little thought, and without further independent oversight, law enforcement agencies are free to use theircontroversial new powersunder the controversialTelecommunications and Other Legislation Amendment (Assistance and Access) Act 2018.

They can issue a "voluntary" Technical Assistance Request (TAR) to get a communications provider to help access the contents of an encrypted communication. Or they can issue a compulsory Technical Assistance Notice (TAN) to the same end.

Someseven TARs or TANs were issuedby law enforcement in the first seven months of the Act's operations. The number issued by the spooky agencies, meanwhile, is unknown.

The concern, first raised byThe Saturday Papera year ago, is that AAT members mightmore readily approve warrantsthan judges, although there's no data on this one way or the other.

There have been concerns that many AAT members are political appointees with no legal qualifications. More than 60% of members appointed since 1 July 2015 are not legally trained, according to further AGD evidence to the Legal and Constitutional Affairs Committee.

And whilesection 5DAof theTelecommunications (Interception and Access) Act 1979states that only AAT members who are "enrolled as a legal practitioner of the High Court, of another federal court, or of the Supreme Court of a State or of the Australian Capital Territory" for at least five years are approved to issue warrants -- a lawyer with five years experience is not a judge.

"Some legal experts argue that judges are more experienced and therefore more qualified to assess warrant applications than a lawyer with five years' practising experience,"The Saturday Paperwrote.

"Key to this is the fact that during these warrant proceedings, there is no party making an opposing argument."

Judges are experienced in weighing up the pros and cons of a case to ensure fairness. Lawyers are experienced at arguing for their client's position. They're not the same.

Also concerning is the amount of support given to AAT members in this role: None.

The Senate was told that "members undertake these functions in a personal capacity (as apersona designata) and not as part of their duties as a member of the AAT".

"AAT staff do not provide any legal support in respect of applications considered by an AAT member under the Act," AGD wrote.

"The AAT and AAT staff provide limited assistance to facilitate the performance of these functions, particularly scheduling appointments."

Those appointments can be very brief indeed.

"Since 1 July 2015 the average (mean) length of all appointments with AAT members for warrant-related purposes is just 18 minutes," AGD wrote.

"The shortest amount of time recorded for an appointment that proceeded is 1 minute. The data is not subject to auditing."

Maybe the members spend hours of their own time wrestling over whether to approve each warrant. On that matter, your writer has a simple response: Prove it.

Either way, it might well be argued that one minute doesn't allow for a serious challenge to a warrant application's claimed merits.

Australia's health sector continues to be the most affected by data breaches, according to the Office of the Australian Information Commissioner (OAIC).

Some58 notifiable data breaches(NDBs) were received by the OAIC between 1 January 2019 and 31 March 2019.

"The OAIC's 2019-20 corporate plan includes a continued focus on the health sector, particularly centred on uplifting the health sector's security posture," it told the Senate this week.

In September 2019, the OAIC released aGuide to Health Privacy.

"[The OAIC] is currently undertaking an associated outreach and social media campaign. This campaign includes the development of a toolkit to assist health service providers improve their information handling practices," it said.

Also during Estimates in November, the OAIC was asked if it was conducting an investigation into an alleged AU$10 million international identity theft scam that had affected several of Australia's largest super funds, including REST Super, AustralianSuper, and HESTA.

"The Information Commissioner has not opened an investigation into the named organisations in relation to the media report of an alleged identity theft scam," the OAIC said.

It did add, however, that the maximum current penalty that the Federal Court can impose for a serious or repeated interference with privacy is AU$2.1 million for a body corporate.

In recent years, the OAIC has found it difficult to process Freedom of Information (FOI) requests promptly. A substantial increase in all types of requests has since widened the gap, resulting inincreased delays and backlogs.

This week the OAIC revealed that meeting the demand for FOI regulatory work would require nine more staff at a cost A$1.65 million a year, plus A$300,000 in the first year for accommodation.

Your writer is of the view that this is back-of-the-couch money, given that it would deliver a significant increase in government transparency.

Visit link:
How the B-Team watches over Australia's encryption laws and cybersecurity - ZDNet

Well-intentioned charities and academics have urged Facebook to halt encryption plans for its messaging apps, citing concerns about child exploitation.

The call was made in a letter to Facebook CEO Mark Zuckerberg in response to the companys intention to adopt end-to-end encryption to protect user privacy

TheFinancial Times reports.

The chief executive of the social media network last year announced a move to integrate the messaging services of Facebook, WhatsApp and Instagram into one encrypted system, cast as a pivot to privacy in the wake of the Cambridge Analytica data leak.

Encryption would mean that only people sending and receiving messages would be able to view them; third parties such as Facebook itself or law enforcement could not access the content.

But in a letter signed by 129 non-profit organisations, think tanks and academics across 102 countries, child safety experts warned that Facebook had not yet satisfied...deeply held concerns that the move could enable more child sexual abuse on the platform.

The letter said the shift would mean sex offenders who typically groom children on Facebook before moving their conversations on to other less scrupulous apps would be emboldened to initiate and rapidly escalate directly on Facebooks services.

Its not the first time this argument has been made. Indeed, protecting children seems to be the new fighting terrorism when it comes to arguing against strong encryption.

But children of course already use other end-to-end encrypted chat apps, like iMessage and WhatsApp. Even the letter itself acknowledges that the only impact would be that chat initiated on Facebook might remain there rather than simply switching to other platforms.

Facebook said that moving to end-to-end encryption was critically important and repeated that there are ways to detect inappropriate contact without being able to read the content.

David Miles, Facebooks head of safety for Europe, Middle East and Africa, on Wednesday said: Strong encryption is critically important to keep everyone safe from hackers and criminals. The rollout of end-to-end encryption is a long-term project. Protecting children online is critically important to this effort and we are committed to building strong safety measures into our plans. He added that the company was working closely with experts.

The company has previously explained some of the signals that can be used.

Facebook could look at user profiles and flag someone making a series of requests to minors they do not know, or people who are part of suspicious groups []

Other alerts could include large age gaps between people communicating privately on Messenger or Instagram Direct Messages, frequency of messaging, and people that lots of users are blocking or deleting.

Another possibility would be for Facebook to switch to end-to-end encryption for its main apps, while retaining standard encryption for Messenger Kids. The social network this week announced additional parental monitoring tools for this.

Facebook is not the only company coming under fire for the use of strong encryption. The FBI is still pressing Apple on the Pensacola iPhones despite the fact that there are commercially-available tools to crack both of the models in that case. Calls to halt encryption are unlikely to go away anytime soon.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

Excerpt from:
Well-meaning charities urge Facebook to halt encryption plan to protect kids - 9to5Mac

The war against cybercrime is ongoing and should not be halted or terminated because cybercriminals are not on the verge of giving up any time soon. Rather, they seem to be getting tech savvier on a daily basis. (Read How Cybercriminals Use GDPR as Leverage to Extort Companies.)

Taking a look at the IC3 Complaint Statistics 2014-2018, it becomes very glaring that we are really facing a cyberwar across the globe.

Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.

IC3 statistics showing a significant increase in total losses during 2018 (source: FBI IC3)

Different technological and non-technological measures such as weak and strong passwords, single, double, and multi-factor authentication are being fashioned out to arrest the menace caused by hackers but due to the fact that technology itself is advancing rapidly, it will still take some level of work to be able to have full control of the situation. (Read Is Security Research Actually Helping Hackers?)

Some of the measures that have been posited to use in tackling cybercrime include:

While the zero-trust strategy is not technologically based, both VPN and blockchain are based on technology. Despite the fact that they may have their different shortcomings especially as even renowned VPN providers can have privacy issues the good news is that both have encryption as a feature.

Its rather unfortunate that despite all the effort being put in place to ensure that organizations, governments, and individuals are secured, it is the government that may be constituted a stumbling block in checkmating the activities of cybercriminals.

Get insights into data center priorities and IT trends.

Governments and law enforcement agents around the globe, especially in the Five Eyes (FVEY) intelligence alliance, are not relaxing in their efforts to ensure that there are encryption backdoors.

They claim this is necessary for the interests of national safety and security as criminals and terrorists increasingly use encrypted messages to communicate online.

The FVEY governments believe that there is a widening gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data, which they term "a pressing international concern." In their opinions, this clearly demands "urgent, sustained attention and informed discussion."

Encryption is the method by which your data is converted into a secret code that conceals the information's true meaning. (Read Trusting Encryption Just Got a Lot Harder.)

It's based on the science known as cryptography. Any data that is not encrypted in computing, unencrypted data is referred to as plaintext, while the encrypted data is called ciphertext.

You make use of encryption algorithms or ciphers to encode or decode messages. If an unauthorized party manages to intercept your encrypted data, the only way such data can be meaningful to the intruder is by haphazardly guessing which cipher was used to encrypt the message and also what keys were used as variables.

The best way to crack any encryption key is a brute-force attack. For example, AES with 256-bit keys has a key length that is 256-bit.

The possible number of combinations that can be used to crack this type of encryption can keep a hacker working throughout life without success. This makes encryption a very valuable asset and security tool.

Encryption can be said to be the basic block on which information technology (IT) assets are built and without it, cybercriminals will be having a field day as things are currently. Before going through the tunnel, your data gets encrypted with a special pre-configured algorithm.

Then going out of your device, the encrypted traffic goes via the tunnel to a blockchain or VPN server. The server contacts the requested Internet resource, traffic is decrypted and reaches the resource in an unencrypted way.

The process is the same backward: your data from the website is unencrypted, then it becomes encrypted and conveyed through the tunnel to you where it is finally decrypted.

The Federal Bureau of Investigation (FBI), are brimming hell on technology companies that offer end-to-end encryption (E2EE). Their argument is that such encryption restricts law enforcement from accessing data and communications even with a warrant.

The FBI described this issue as "going dark," and the U.S. Department of Justice (DOJ) is not taking it with a pinch of salt either. The DOJ is calling for what they termed "responsible encryption" that can be unbarred by technology companies under a court order.

Taking it to the extreme, Australia enacted a law that made it compulsory for visitors to render passwords for all digital devices when before entering the country. A five-year jail term is a punishment for failure to comply.

Even when you fail to have security behind your mind, the fact that you must meet up with the worlds best standards makes it mandatory for you to encrypt your data since you must meet compliance regulations.

Quite a number of organizations and standard bodies recommend or mandate that sensitive data must be encrypted in order to prevent unauthorized third parties or hackers from accessing the data.

A case in point is that of the Payment Card Industry Data Security Standard (PCI DSS) where it is absolutely necessary that merchants must encrypt customers' payment card data when it is both stored at rest and broadcasted over unrestricted channels.

Making use of link-level encryption, you have your data encrypted data when it leaves your network, decrypted at the next link, which may be a host or a relay point, and then its re-encrypted before it is sent to the next link. You have the advantage of using a different key or even a different algorithm for data encryption by each link.

This process keeps on repeating until your data gets to its destination.

The world is talking Cloud storage and hence the encryption of data in the cloud cannot be overemphasized. Cloud storage providers are able to encrypt data using encryption algorithms and the data is then placed in cloud storage.

The fundamental difference between cloud encryption and in-house encryption is that cloud customers must take time to learn about the provider's policies and procedures for encryption and encryption key management in order to ensure that encryption is in league with the level of sensitivity of the data being stored.

With Network-level encryption you are able to apply crypto services at the network transfer layer above the data link level but below the application level. The implementation of network encryption is facilitated through Internet Protocol Security (IPsec) as a set of protocols and authentication methods developed for data protection just at the dawn of the Internet, which is a set of open Internet Engineering Task Force (IETF) standards that, when used in conjunction, design a structure for private transmission over IP systems.

This is based on the quantum mechanical properties of particles to protect data. Going by the Heisenberg uncertainty principle which posits that the two identifying properties of a particle its location and its momentum cannot be measured without changing the values of those properties, quantum cryptography is strongly positioned to ensure the security of your data.

For this reason, its practically impossible to copy any quantum-encoded data since any attempt to access the encoded data will change the data. This will raise a red flag and the authorized parties to the encryption will be notified of the attempted breach.

E2EE ensures that any data being sent between two parties cannot be viewed by an attacker who may have one way or the other intercepted the communication channel. However, the use of an encrypted communication circuit, as provided by Transport Layer Security (TLS) between web client and web server software, is not always enough to ensure E2EE.

You should ensure that the actual content you are transmitting is encrypted by client software before being passed to a web client and decrypted only by the recipient. Examples of messaging apps that provide E2EE include Facebook's WhatsApp and Open Whisper Systems' Signal.

Its also possible for Facebook Messenger users to get E2EE messaging with the Secret Conversations option.

Looking at this succinctly from all angles, what the government is trying to do maybe for the intended good of the populace with encryption backdoors will clearly and overwhelmingly jeopardize the privacy and security of everyone. They should ponder on the gravity of cybercriminals exploiting these same backdoors they are clamoring for.

Without encryption backdoors, the cybercrime situation is barely containable as it stands. What will the scenario look like if we open up our last line of defense to them?

And this is exactly what we shall obtain. The risks are of mammoth proportions.

Original post:
Encryption Backdoors: The Achilles Heel to Cybersecurity? - Techopedia