The Australian Encryption Act was passed last year in response to the governments concern about misuse of encrypted social media platforms to advance terrorist activities. The Act extended ASIO, Federal, and State law enforcement powers to enable them to issue notices to request access to otherwise encrypted messages from designated communication providers. This was construed broadly to include social media giants such as Whatsapp, device manufacturers, and free WIFI providers. Authorities were also permitted to detain people without a warrant or allowing them to contact a lawyer.

Initial Response

Since then, the Act has been received with significant caution from the industry. The new Technical Capability Notices (TCN) enabled authorities to require communications providers to establish back doors to allow for interceptions and decryptions of otherwise encrypted messages on specific devices without the customers knowledge. Agencies can also circumvent encryption by installing key logging software or by taking repeated screenshots of a customers screen and messages. Concerns have been raised about individuals privacy and systemic vulnerabilities caused by techniques to obtain and compromise encrypted data. Managing these concerns is important in a world increasingly concerned about misuse, control and regulation of civilian data, media and digital platforms.

Proposed Amendments

In response to bipartisan recommendations from the inquiry by the Parliamentary Committee on Intelligence and Security (PJCIS), the Labor opposition has proposed amendments to the Act. The first reading of the Telecommunications Amendment (Repairing Assistance and Access) Bill 2019 noted that the legislation has been holding the [Australian] tech sector back from achieving [its] potential. It expressed concerns that the Act undermines our relationships with key international strategic partners including by slowing discussions with the United States for a bilateral agreement under the US CLOUD Act (Clarifying Lawful Overseas Use of Data).

The Explanatory Memorandum for the Bill describes the following effects of the amendments, if passed:

Regulation plays a vital, but complex role in a society increasingly reliant on technology. The Bills objectives shed light on the governments increasing focus on the role of effective encryption on national security, the important of strong security regulatory frameworks and the impact these have on foreign trust in Australias technology sector.

The rest is here:
Changing the Locks: Proposed Amendments to the Australian Encryption Act - Lexology

Facebook is planning end-to-end encryption on all its messaging services to increase privacy levels.

The tech giant started experimenting with this earlier this year. Soon, end-to-end encryption will be standard for every Facebook message.

But Australian, British and United States governments and law makers arent happy about it. They fear it will make it impossible to recover criminal conversations from Facebooks platforms, thus offering impunity to offenders.

For instance, this was a major concern following the 2017 London terror attacks. Attackers used WhatsApp (Facebooks end-to-end encrypted platform), and this frustrated police investigations.

But does Facebooks initiative place the company between a political rock and an ethical hard place?

End-to-end encryption is a method of communicating more securely, compared to non-encrypted communications.

It involves using encryption (via cryptographic keys) that excludes third parties from accessing content shared between communicating users.

When the sender wants to communicate with the receiver, they share a unique algorithmic key to decrypt the message. No one else can access it, not even the service provider.

Read more: Social media and crime: the good, the bad and the ugly

Facebooks plan to enact this change is paradoxical, considering the company has a history of harvesting user data and selling it to third parties.

Now, it supposedly wants to protect the privacy of the same users.

One possible reason Facebook is pushing for this development is because it will solve many of its legal woes.

With end-to-end encryption, the company will no longer have backdoor access to users messages.

Thus, it wont be forced to comply with requests from law enforcement agencies to access data. And even if police were able to get hold of the data, they would still need the key required to read the messages.

Only users would have the ability to share the key (or messages) with law enforcement.

Implementing end-to-end encryption will positively impact Facebook users privacy, as their messages will be protected from eavesdropping.

This means Facebook, law enforcement agencies and hackers will find it harder to intercept any communication done through the platform.

And although end-to-end encryption is arguably not necessary for most everyday conversations, it does have advantages, including:

1) protecting users personal and financial information, such as transactions on Facebook Marketplace

2) increasing trust and cooperation between users

3) preventing criminals eavesdropping on individuals to harvest their information, which can render them victim to stalking, scamming and romance frauds

4) allowing those with sensitive medical, political or sexual information to be able to share it with others online

5) enabling journalists and intelligence agencies to communicate privately with sources.

However, even though end-to-end encryption will increase users privacy in certain situations, it may still not be enough to make conversations completely safe.

Read more: End-to-end encryption isn't enough security for 'real people'

This is because the biggest threat to eavesdropping is the very act of using a device.

End-to-end encryption doesnt guarantee the people we are talking to online are who they say they are.

Also, while cryptographic algorithms are hard to crack, third parties can still obtain the key to open the message. For example, this can be done by using apps to take screenshots of a conversation, and sending them to third parties.

When Facebook messages become end-to-end encrypted, it will be harder to detect criminals, including people who use the platform to commit scams and launch malware.

Others use Facebook for human or sex trafficking, as well as child grooming and exploitation.

Facebook Messenger can also help criminals organise themselves, as well as plan and carry out crimes, including terror attacks and cyber-enabled fraud extortion hacks.

The unfortunate trade-off in increasing user privacy is reducing the capacity for surveillance and national security efforts.

Read more: Can photos on social media lead to mistaken identity in court cases?

End-to-end encryption on Facebook would also increase criminals feeling of security.

However, although tech companies cant deny the risk of having their technologies exploited for illegal purposes they also dont have a complete duty to keep a particular countrys cyberspace safe.

A potential solution to the dilemma can be found in various critiques of the UKs 2016 Investigatory Powers Act.

It proposes that, on certain occasions, a communications service provider may be asked to remove encryption (where possible).

However, this power must come from an authority that can be held accountable in court for its actions, and this should be used as a last resort.

In doing so, encryption will increase user privacy without allowing total privacy, which carries harmful consequences.

So far, several governments have pushed back against Facebooks encryption plans, fearing it will place the company and its users beyond their reach, and make it more difficult to catch criminals.

End-to-end encryption is perceived as a bulwark for surveillance by third parties and governments, despite other ways of intercepting communications.

Many also agree surveillance is not only invasive, but also prone to abuse by governments and third parties.

Freedom from invasive surveillance also facilitates freedom of expression, opinion and privacy, as observed by the United Nations High Commissioner for Human Rights.

In a world where debate is polarised by social media, Facebook and similar platforms are caught amid the politics of security.

Its hard to say how a perfect balance can be achieved in such a multifactorial dilemma.

Either way, the decision is a political one, and governments - as opposed to tech companies - should ultimately be responsible for such decisions.

Read the original here:
Facebook's push for end-to-end encryption is good news for user privacy, as well as terrorists and paedophiles - The Conversation AU

In this series of blogs Im going to talk about how the continued move towards all web traffic being encrypted has impacted enterprise security. In this blog Im going to focus on the basics what is encrypted web traffic and how can you proactively control this.

TLS encryption is the de-facto encryption technology for delivering secure web browsing, and the benefits it provides are driving the levels of HTTPS traffic to new heights. Every day, more HTTPS web traffic traverses the internet in a form that provides security and trust for users. This traffic is encrypted with TLS, a transport layer encryption protocol that protects data against unauthorized access and eavesdropping. Current estimates indicate that over 90% of all web traffic is now encrypted.

However, not all HTTPS traffic is benign; attackers and malware writers also leverage encryption to hide their activities. In a recent report, it was stated that 60% of malicious traffic is encrypted. Without the proper security controls, encrypted web traffic can be a blind spot in securing your network and users.

TLS Primer

Secure Sockets Layer (SSL) was originally developed by Netscape Communications in 1995 to provide security for internet communications. However, in 1999, Netcscape handed over the protocol to the Internet Engineering Task Force (IETF). Later that year, the IETF released TLS 1.0, which was, in reality, SSL 3.1. Recently, TLS 1.3 was released, but most web sites still use TLS 1.2.

For clarity, in these blogs, I exclusively use TLS, but this has exactly the same meaning as SSL or SSL/TLS.

TLS provides a secure channel between two endpoints, typically a client browser and a web server, to provide protection against eavesdropping, forgery of, or tampering with the traffic. To provide this security, SSL uses X.509 digital certificates for authentication and encryption to ensure privacy and digital signatures to ensure integrity.

Essentially, SSL/TLS creates a secure tunnel between the two endpoints, and the web traffic is transmitted inside the tunnel. The encrypted traffic is called HTTPS and uses TCP port 443 to communicate between the client browser and the Web server; unencrypted HTTP traffic uses TCP port 80.

It is worth noting that, although SSL/TLS is primarily used to secure HTTP traffic, SSL/TLS was designed so that it could provide security for many other application protocols that run over TCP.

HTTPS Web Traffic: An OverviewTo allow proactive inspection and control of HTTPS web traffic, it is necessary to look inside the secure tunnel and examine the encrypted traffic. One effective way to deliver this capability is to deploy a Secure Internet Gateway (SIG) or Secure Web Gateway (SWG) that is able to intercept and decrypt the HTTPS traffic. This technique of intercepting and decrypting traffic is known as Man-in-The-Middle (MITM).

To achieve MITM, a secure connection is created between the client browser and the Secure Internet Gateway (SIG) or Secure Web Gateway (SWG), which decrypt the HTTPS traffic into plain text. Then, after being analyzed, the traffic is re-encrypted, and another secure connection is created between the SIG or SWG and the web server. This means that the SIG or SWG is effectively acting as a SSL/TLS proxy server and can both intercept the SSL/TLS connection and inspect the requested content.

This capability is available in Akamais Enterprise Threat Protector service, and it allows inspection of the requested URL to determine if the requested URL is safe or malicious. Payloads received from the web servers are also decrypted and inspected by the ETP Payload Analysis functions to determine if the content is safe or malicious.

Recent Articles By Author

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Jim Black. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/SmvM3N8ShWc/inspecting-tls-web-traffic---part-1.html

Follow this link:
Inspecting TLS Web Traffic Part 1 - Security Boulevard

Even the Defense Department is now pointing out that the governments quest to weaken encryption lies somewhere between counterproductive and downright harmful.

Attorney General Bill Barr and Senate Judiciary Committee Chair Lindsey Graham have been on a tear lately in a bid to undermine encryption standards. Those efforts culminated in a hearing this week whose primary purpose appears to have been to demonize encryption by falsely proclaiming it poses a risk to public safety.

Many staffers at both the Department of Justice and FBI have joined the festivities, arguing that encryption enables all manner of nefarious behavior, from human trafficking to child exploitation as they push for the inclusion of law enforcement backdoors in everything from routers to smartphones.

Actual security expertsand tech giants like Facebook and Applehave long highlighted the foolishness of such efforts. Encryption aids everybody, theyll note, protecting consumers, activists, and criminals alike. Embed backdoors in encryption and network gear, theyve warned, and youre undermining an essential security tool, putting everybody at risk.

We do not know of a way to deploy encryption that provides access only for the good guys without making it easier for the bad guys to break in, Apples director of user privacy, Erik Neuenschwander told hearing attendees.

While vast segments of government have embraced the recent war on encryption, some government officials seem to understand the benefits of retaining strong encryption. This week, Representative Ro Khanna forwarded a letter to Lindsay Graham from the Defense Department's Chief Information Officer Dana Deasy.

In the letter, first reported by Techdirt, Deasy notes that all DOD issued unclassified mobile devices are required to be password protected using strong passwords, and that any data-in-transit on DOD issued mobile devices be encrypted via VPN.

The importance of strong encryption and VPNs for our mobile workforce is imperative, Deasy wrote.

As the use of mobile devices continues to expand, it is imperative that innovative security techniques, such as advanced encryption algorithms, are constantly maintained and improved to protect DoD information and resources, he said. The Department believes maintaining a domestic climate for state of the art security and encryption is critical to the protection of our national security.

Theres endless examples of governments, organizations, and corporations attempting to undermine encryption standards for both surveillance and profit. Comcast, for example, has worked to undermine recent efforts to encrypt Domain Name Server (DNS) traffic because doing so would threaten the companys efforts to monetize user behavior online.

Facebook sent a letter this week to Bill Barr, in which the company made it clear that it would not backdoor its encrypted messaging apps at the governments request.

Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere, Facebook wrote.

But while cybersecurity experts and tech giants spent the week warning that weakening encryption harms everyone, a bipartisan coalition of lawmakers remain stubbornly impervious to the argument.

Democratic Senator Dick Durbin largely mirrored Grahams rhetoric at this weeks hearings, insisting the latest war on encryption was about ensuring big tech companies werent beyond the reach of the law. Were talking about our government protecting our citizens, he insisted, seemingly oblivious that eroding encryption would likely have the exact opposite impact.

The Justice Department has argued for years that by including strong encryption on their networks and in their products, Silicon Valley giants are undermining the governments quest to rein in criminals. But security experts, and now the DOD, have made it abundantly clear that encryption protects everybody, not just the worst segments of society.

So far, politicians like Graham have made it abundantly clear theyre not listening, insisting that if tech companies dont set about backdooring their products and weakening encryption, there will soon be hell to pay.

My advice to you is to get on with it, because this time next year, if we havent found a way that you can live with, we will impose our will on you, Graham said.

Read the original:
The Defense Department Says It Needs the Encryption the FBI Wants to Break - Free

The ConversationDec 16, 2019 16:16:27 IST

Facebook isplanning end-to-end encryption on all its messaging servicesto increase privacy levels. The tech giant startedexperimentingwith thisearlier this year. Soon, end-to-end encryption will be standard for every Facebook message.

But Australian, British and United States governments andlawmakersarenthappy about it. They fear it will make it impossible to recover criminal conversations from Facebooks platforms, thus offering impunity to offenders.

For instance, this was a major concern followingthe 2017 London terror attacks. Attackers used WhatsApp (Facebooks end-to-end encrypted platform), and this frustrated police investigations.

Image: Reuters

But does Facebooks initiative place the company between a political rock and an ethical hard place?

(Also read:Facebook to encrypt conversations on more of its messaging services: Mark Zuckerberg)

End-to-end encryptionis a method of communicating more securely, compared to non-encrypted communications. It involves using encryption (via cryptographic keys) that excludes third parties from accessing content shared between communicating users.

When the sender wants to communicate with the receiver, they share a uniquealgorithmic key to decryptthe message. No one else can access it, not even the service provider.

Facebooks plan toenact this change is paradoxical, considering the company has a history ofharvesting user dataandselling it to third parties. Now, it supposedly wants to protect the privacy of the same users.

One possible reason Facebook is pushing for this development is because it will solve many ofits legal woes. With end-to-end encryption, the company will no longer havebackdooraccess to users messages.

Thus, it wont be forced to comply with requests from law enforcement agencies to access data. And even if police were able to get hold of the data, they would still need the key required to read the messages.

Only users would have the ability to share the key (or messages) with law enforcement.

(Also read: Facebook is requested not to use encrypted messages as it does not let officials peek)

Implementing end-to-end encryption will positively impact Facebook users privacy, as their messages will be protected from eavesdropping. This means Facebook, law enforcement agencies and hackers will find it harder to intercept any communication done through the platform.

And although end-to-end encryption is arguably not necessary for most everyday conversations, it does haveadvantages, including:

1) protecting users personal and financial information, such as transactions on Facebooku Marketplace

2) increasing trust and cooperation between users

3) preventing criminals eavesdropping on individuals to harvest their information, which can render them victim tostalking, scamming and romance frauds

4) allowing those with sensitive medical, political or sexual information to be able to share it with others online

5) enabling journalists and intelligence agencies to communicate privately with sources.

(Also read:Facebooks end-to-end encryption could come to an end as us, UK fight child abuse and terrorism)

However, even though end-to-end encryption will increase users privacy in certain situations, it may still not be enough to make conversations completely safe.

This is because the biggest threat to eavesdropping is the very act of using a device.

End-to-end encryption doesntguaranteethe people we are talking to online are who they say they are.

Also, while cryptographic algorithms are hard to crack, third parties can stillobtain the key to open the message. For example, this can be done by using apps totake screenshotsof a conversation, and sending them to third parties.

When Facebook messages become end-to-end encrypted, it will beharder to detect criminals, including people who use the platform to commitscamsand launchmalware.

Others use Facebookfor humanor sex trafficking, as well aschild groomingandexploitation. Facebook Messenger can also helpcriminals organise themselves, as well as plan and carry out crimes, including terror attacks and cyber-enabled fraud extortion hacks.

The unfortunatetrade-offinincreasing user privacyis reducing the capacity for surveillance and national security efforts. End-to-end encryption on Facebook would also increase criminals feeling ofsecurity.

However, although tech companies cant deny the risk of having their technologies exploited for illegal purposes they also dont have acomplete duty to keep a particular countrys cyberspace safe.

A potential solution to the dilemma can be found in variouscritiquesof theUKs 2016 Investigatory Powers Act. It proposes that, on certain occasions, a communications service provider may be asked to remove encryption (where possible). However, this power must come from an authority thatcan be held accountablein court for its actions, and this should be used as a last resort.

In doing so, encryption will increase user privacy without allowing total privacy, which carriesharmful consequences. So far, several governments have pushed back against Facebooks encryption plans, fearing it will placethe company and its users beyond their reach, and make it more difficult tocatch criminals.

End-to-end encryption is perceived as a bulwark for surveillance by third parties and governments, despiteother ways of intercepting communications. Many also agree surveillance is not onlyinvasive, but also prone to abuseby governments and third parties.

Freedom from invasive surveillance alsofacilitates freedom of expression, opinion and privacy, as observed by the United Nations High Commissioner for Human Rights. In a world where debate is polarised by social media, Facebook and similar platforms are caught amid the politics of security. Its hard to say how a perfect balance can be achieved in such a multifactorial dilemma. Either way, the decision is a political one, and governments as opposed to tech companies should ultimately be responsible for such decisions.

Roberto Musotto, Cyber Security Cooperative Research Centre Postdoctoral Fellow, Edith Cowan UniversityDavid S. Wall, Professor of Criminology, University of Leeds

This article is republished fromThe Conversationunder a Creative Commons license. Read theoriginal article.

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.

View post:
Facebook's end-to-end encryption will enhance user privacy but its not good news for law enforcement - Firstpost

OPINION: The technology and privacy debate has just taken a turn for the worse, with US Senator Lindsey Graham directing some colourful threats towards Apple and Facebook during a Senate Judiciary Committee hearing this week.

"This time next year, if we haven't found a way that you can live with, we will impose our will on you."

"You're going to find a way to do this or we're going to go do it for you."

Those are just two of the explosive threats Graham made, referring to the two companies' use of end-to-end encryption on their platforms.

READ MORE:* Republicans back US Attorney General William Barr at extraordinary hearing* US Democrats subpoena uncensored Mueller report, some in party calling for Trump impeachment* A redacted version of the Mueller report could be released by mid-April

Graham's comments followed a tone set by US Attorney General William P. Barr, who on Monday said that dealing with how big tech used encryption was one of the Justice Department's "highest priorities."

Barr claimed that cartels and child pornographers used the feature to hide their criminal activities, saying the companies' message to customers was "no matter what you do, you're completely impervious to government surveillance". "Do we want to live in a society like that? I don't think we do."

From a technical point-of-view, he's not wrong. That makes the row over encryption, from a law-maker and law-enforcement point of view, a maddening one. Big tech companies like the two mentioned above are, in some scenarios, actively (but inadvertently) preventing governments from doing their jobs as effectively as they could do.

J SCOTT APPLEWHITE/AP

US Senator Lindsey Graham has warned tech companies that official action will be taken if they can't come up with a solution.

In a rare display of cross-party unity, both Democrats and Republicans argued that Apple and Facebook's use of encryption was getting in the way of justice.

Graham even went as far as to say "We're not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion."

Strong stuff. But the Senator's colourful words don't tell the whole story.

End-to-end encryption isn't there to prevent justice from being served. It's just one of the unfortunate byproducts as we found out when Apple refused to grant the FBI backdoor access to the San Bernardino mass shooter's iPhone back in 2015.

Apple's message at the time was a sensible one: "Up to this point, we have done everything that is both within our power and within the law to help them. But now the US government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone."

In plain English, this means Apple couldn't provide the FBI with a one-time backdoor to the shooter's iPhone. The only way Apple could deliver this, as I understand it, would be to roll out a software update to all iPhone users. That would provide the FBI with a backdoor to all iPhones.

My view on this is similar to Apple and Facebook's. Encryption is there to offer us, the user, one of our basic human rights, privacy. It's a widely-used, and pretty basic, piece of technology that allows personal messages to remain how they were intended. Personal.

Apple's user privacy manager, Erik Neuenschwander, put across an eloquent argument for encryption when he said: "We've been unable to identify any way to create a back door that would work only for the good guys."

Likewise, WhatsApp head Will Cathcart and Messenger head Stan Chudnovsky put the argument against encryption across eloquently with a written testimony that read: "The 'backdoor' access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimesThat is not something we are prepared to do."

But there was a definite lack of unity when the two tech giants offered possible solutions for the problem.

With Facebook's Sullivan suggesting that "on-device scanning" could be a viable option, Apple's Neuenschwander said, "We don't have forums for strangers to contact each other ... and our business doesn't have us scanning material of our users to build profiles of them."

What's going to happen now? Nothing. Not in the immediate future anyway. The next significant step will likely come as William Barr hopes to have his Justice Department investigations of the big tech platforms - Facebook, Google, Amazon and Apple - completed next year.

Whatever is eventually decided in the US will, no doubt, have repercussions throughout the rest of the world.

Read more here:
US Government steps up fight on Apple and Facebook's use of encryption - Stuff.co.nz

from the good-for-him dept

There are very few things in life that former NSA and CIA director Michael Hayden and I agree on. For years, he was a leading government champion for trashing the 4th Amendment and conducting widespread surveillance on Americans. He supported the CIA's torture program and (ridiculously) complained that having the US government publicly reckon with that torture program would help terrorists.

But, there is one thing that he and I agree on: putting backdoors into encryption is a horrible, dreadful, terrible idea. He surprised many people by first saying this five years ago, and he's repeated it a bunch since then -- including in a recent Bloomberg piece, entitled: Encryption Backdoors Won't Stop Crime But Will Hurt U.S. Tech. In it, he makes two great points. First, backdooring encryption will make Americans much less safe:

We must also consider how foreign governments could master and exploit built-in encryption vulnerabilities. What would Chinese, Russian and Saudi authorities do with the encrypted-data access that U.S. authorities would compel technology companies to create? How might this affect activists and journalists in those countries? Would U.S. technology companies suffer the fate of some of their Australian counterparts, which saw foreign customers abandon them after Australia passed its own encryption-busting law?

Separately, he points out that backdooring encryption won't even help law enforcement do what it thinks it wants to do with backdoors:

Proposals that law-enforcement agencies be given backdoor access to encrypted data are unlikely to achieve their goals, because even if Congress compels tech firms to comply, it will have no impact on encryption technologies offered by foreign companies or the open-source community. Users will simply migrate to privacy offerings from providers who are not following U.S. mandates.

Indeed, this is the pattern we have seen in Hong Kong over the last six months, where pro-democracy protesters have moved from domestic services to encrypted messaging platforms such as Telegram and Bridgefy, beyond the reach of Chinese authorities. Unless Washington is willing to embrace authoritarian tactics, it is difficult to see how extraordinary-access policies will prevent motivated criminals (and security-minded citizens) from simply adopting uncompromised services from abroad.

None of this is new, but it's at least good to see the former head of various intelligence agencies highlighting these points. At this point, we've seen intelligence agencies highlight the value of encryption, Homeland Security highlight the importance of encryption, the Defense Department highlight the importance of encryption. The only ones still pushing for breaking encryption are a few law enforcement groups and their fans in Congress.

Filed Under: backdoors, encryption, michael hayden

Go here to see the original:
Michael Hayden Ran The NSA And CIA: Now Warns That Encryption Backdoors Will Harm American Security & Tech Leadership - Techdirt

A study has found laws which allow governments to access companies' encrypted data are putting private information at risk.

Law enforcement can ask companies to give them access to encrypted data under the Search and Surveillance Act, and that could be misused, an expert says. Photo: Unsplash / Markus Spiske

That's one of the findings from the University of Waikato and New Zealand Law Foundation's study, A matter of security, privacy and trust: A study of the principles and values of encryption in New Zealand.

Lead investigator, University of Waikato legal professor Dr Michael Dizon, said law enforcement could ask companies to give them access to encrypted data under the Search and Surveillance Act, and that could be misused.

"There is something in the law that allows governments to ask any service provider, including your bank, including Facebook, to render reasonable assistance for them to access, to let's say, a criminal's account but the problem there is, it's not very clear what reasonable assistance means, and that becomes a really big problem because they can overstep their bounds."

The study also cited a case in the US where the FBI sought a court order to gain access to a shooter's locked iPhone, after Apple refused to comply on the grounds it would endanger the privacy and security of all its users.

Dizon was concerned that governments could ask companies to create weaknesses in their security systems, such as encrypted internet banking, so they could access the information of terrorists or criminals.

"If you create a backdoor or a weakness in one system, it can be exploited, not just by the police but any other person that can access it so it can be abused by criminals, by malicious state actors - say somebody from another country that has nefarious motives - so the point is there, if there is a weakness, anyone can exploit it," Dizon said.

The researchers recommended that people suspected or charged with a crime should not be forced to disclose their passwords.

They also recommended that companies should only provide information to police or law enforcement authorities if it does not undermine the information security of its products, services and the privacy of its clients.

Visit link:
Private information at risk from laws allowing access encrypted data - RNZ

This time last year, the Australian Labor Party waved through the government's encryption Bills, formally known as the Assistance and Access Bill, and threw out the line the laws were needed to keep the nation safe.

"Let's just make Australians safer over Christmas," then Labor leader Bill Shorten said at the time.

"It's all about putting people first."

Fast forward to December 2019, and after losing a May election, the opposition has decided it wants to introduce legislation to "fix" the encryption laws.

As long as the government majority holds, and there are no signs it would not, then the legislation will die on the House of Representatives floor.

"The Morrison government have broken their promise to Australia's tech sector and by failing to amend their encryption laws -- putting a handbrake on the digital economy, and hindering the creation of jobs, productivity and growth of the economy," Shadow Minister for Home Affairs Senator Kristina Keneally, Shadow Attorney-General Mark Dreyfus, Shadow Communications Minister Michelle Rowland, and Shadow Assistant Minister for Cybersecurity Tim Watts said in a statement.

See also: Schneier slams Australia's encryption laws and CyberCon speaker bans

Labor waved the Bills through Parliament after seeking assurances that the government would agree to amendments in the new year.

In a performance reminiscent of Charlie Brown trying to kick a football, the government was successful in stranding Labor's amendments prior to the May election.

"A majority of the Senate voted for those amendments but the government, which still maintains that this rushed legislation is perfect, has shut down debate on those amendments, and so, regrettably, we will not be able to pass them before the election," Dreyfus said at the time.

He added that Labor would pursue its now stranded amendments in government -- which clearly never happened -- as well as require authorisation from a judicial officer in order to issue Technical Assistance Notices or a Technical Capability Notices.

That requirement is part of the legislation announced by Labor on Tuesday.

"The government's encryption legislation are not compliant with the US CLOUD Act -- making it harder for Australian law enforcement to quickly access the information they need to fight crime, making Australia a more dangerous place to live," the quartet said without acknowledging their part in making Australia less safe a year ago. "To address these concerns, Labor's amendments will introduce a judicial authorisation requirement to provide assurances to the United States Congress that Australia's laws are compatible with the US government's CLOUD Act."

The legislation will be introduced into the Senate as a Private Senator's Bill on the second last sitting day of the year.

"The government should put partisan politics aside and support this Bill, in both the House and the Senate, in order to honour the commitment that they made to the Parliament last year, and fix the mess they created for Australian innovation and technology businesses," the quartet added, again without any allusion to Labor waving the encryption Bills through.

Last year, a parade of Labor members stated how unsatisfactory the Bill was, and how they would still vote for it.

"We do this because we understand that in conferring new powers to protect our nation's security, it's vital that we do not compromise the very freedoms and way of life that we're seeking to protect," Dreyfus said at the time, as he pointed out in incompatibility with the CLOUD Act.

Speaking on the same day, Watts said the powers in the soon-to-be laws were not a form of mass surveillance.

If you are not a subject of law enforcement inquiries, you are not going to have to worry about being a target of this Bill. If you are not a security threat, as identified by ASIO, you are not going to have to be worried about being a target of the Bill," Watts said.

Both Dreyfus and Watts would vote for the Bill.

Labor member Ed Husic detailed the problems of oversight, and how examination is required by informed individuals.

"The type of judicial oversight offered in this process is tissue-tough. I don't think it cuts the grade of what people would expect," he said previously.

Leading up to the election in May, Husic stated that "win, lose, or draw" the Australia Labor Party would be reforming the Act.

Read the original here:
Labor says it will fix encryption laws it voted for last year - ZDNet

Encryption Software Market research now available at Brand Essence Research encompasses an exhaustive Study of this business space with regards to pivotal industry drivers, market share analysis, and the latest trends characterizing the Encryption Software industry landscape. This report also covers details of market size, growth spectrum, and the competitive scenario of Encryption Software market in the forecast timeline.

The Encryption Software Market Report provides key strategies followed by leading Encryption Software industry manufactures and Sections of Market like- product specifications, volume, production value, Feasibility Analysis, Classification based on types and end user application areas with geographic growth and upcoming advancement. The Encryption Software market report provides comprehensive outline of Invention, Industry Requirement, technology and production analysis considering major factors such as Revenue, investments and business growth.

Request for Sample of this Report@ https://brandessenceresearch.biz/Request/Sample?ResearchPostId=18248&RequestType=Sample

The well-established players in the market are:

This report for Encryption Software Market discovers diverse topics such as regional market scope, product market various applications, market size according to specific product, sales and revenue by region, manufacturing cost analysis, Industrial Chain, Market Effect Factors Analysis, market size forecast, and more.

Drivers & Hindrances of the Encryption Software market: How does the report explicate on the same

The report unveils the driving parameters affecting the commercialization chart of this industry.

The Encryption Software market research report further illustrates the various challenges that this market is prone to as well as its impact on the market trends.

An important aspect that the report sets focus on is the market concentration ratio for the predicted timeframe.

The geographical spectrum of the business and its consequence on the Encryption Software market:

The report segments the Encryption Software market into USA, Europe, Japan, China, India, South East Asia depending on the regional scope of this business

Extensive data about the product consumption across innumerable sections as well as the valuation developed by these regions is also explained in the report.

The study puts emphasis on data concerning the consumption market share across these regions, as well as the market share attained by every region and product consumption growth rate.

Market segment by Regions/Countries, this report covers

North America (United States, Canada and Mexico)

Europe (Germany, UK, France, Italy, Russia and Turkey etc.)

Asia-Pacific (China, Japan, Korea, India, Australia, Indonesia, Thailand, Philippines, Malaysia and Vietnam)

South America (Brazil etc.)

Middle East and Africa (Egypt and GCC Countries)

Request Customization of this Report: https://brandessenceresearch.biz/Request/Sample?ResearchPostId=18248&RequestType=Methodology

Key highlights and essential features of the report:

1) Which major players are presently listed in the report?Here are the companies that are presently listed in the report:Compnies 1, Compnies 2, Compnies 3

**List of the firms stated above might differ in the final report dependent on a merger, name change, and other factors.

2) Can you list or add new firms as per our requirement?Yes,we can list or add new firm as per the requirement by client in the report. The final confirmation regarding the same must be provided by the research team subject to difficulty of survey.

**Availability of data will be confirmed after research in case of a privately held firm. Maximum 3 companies can be included at no additional charge.

3) Which all regional categorization are covered? Is it possible to add any specific country?Presently, our research report offers special focus and attention on the following areas:Europe, United States, Japan, China, India, Southeast Asia, and Central & South America

**Maximum one country of specific interest can be added at no extra charge. Charges will be applied for the addition of extra countries or regions.

4) Can the addition of extra Market breakdown or segmentation is possible?Yes, the addition of extra Market breakdown or segmentation is possibly dependent on the difficulty of survey and availability of data. On the other hand, detailed sharing of the requirements with our research team is a must before providing final confirmation to the client.

More Details on this Report: https://brandessenceresearch.biz/Request/Sample?ResearchPostId=18248&RequestType=Customization

Table of Content:

Market Overview:The report begins with this section where product overview and highlights of product and application segments of the global Encryption Software Market are provided. Highlights of the segmentation study include price, revenue, sales, sales growth rate, and market share by product.

Competition by Company:Here, the competition in the Worldwide Encryption Software Market is analyzed, By price, revenue, sales, and market share by company, market rate, competitive situations Landscape, and latest trends, merger, expansion, acquisition, and market shares of top companies.

Company Profiles and Sales Data:As the name suggests, this section gives the sales data of key players of the global Encryption Software Market as well as some useful information on their business. It talks about the gross margin, price, revenue, products, and their specifications, type, applications, competitors, manufacturing base, and the main business of key players operating in the global Encryption Software Market.

Market Status and Outlook by Region:In this section, the report discusses about gross margin, sales, revenue, production, market share, CAGR, and market size by region. Here, the global Encryption Software Market is deeply analyzed on the basis of regions and countries such as North America, Europe, China, India, Japan, and the MEA.

Application or End User:This section of the research study shows how different end-user/application segments contribute to the global Encryption Software Market.

Market Forecast:Here, the report offers a complete forecast of the global Encryption Software Market by product, application, and region. It also offers global sales and revenue forecast for all years of the forecast period.

Research Findings and Conclusion:This is one of the last sections of the report where the findings of the analysts and the conclusion of the research study are provided.

Appendix:Here, we have provided a disclaimer, our data sources, data triangulation, research programs, market breakdown and design, and our research approach.

https://www.marketwatch.com/press-release/electronic-trial-master-file-etmf-systems-market-industry-trends-and-analysisgrowth-revenue-and-cost-analysis-with-key-companys-profiles-forecast-to-2025-2019-12-03

About Us:

We publish market research reports & business insights produced by highly qualified and experienced industry analysts. Our research reports are available in a wide range of industry verticals including aviation, food & beverage, healthcare, ICT, Construction, Chemicals and lot more. Brand Essence Market Research report will be best fit for senior executives, business development managers, marketing managers, consultants, CEOs, CIOs, COOs, and Directors, governments, agencies, organizations and Ph.D. Students.

Contact US:

https://brandessenceresearch.biz/

Brandessence Market Research & Consulting Pvt ltd.

Kemp House, 152 160 City Road, London EC1V 2NX

+44-2038074155

sales@brandessenceresearch.com

Visit link:
Encryption Software Market Industry Global Market Size Status with Regional Outlook in New 2019 Research - The Market Stats News