Days before the federal election, Shadow Minister for the Digital Economy Ed Husic has taken the opportunity to reaffirm that "win, lose, or draw" the Australia Labor Party will be reforming the Telecommunications and Other Legislation Amendment (Assistance and Access) Act.

Saying the Bill was having a "devastating" impact locally while speaking with media in Sydney on Tuesday, Husic said it was the federal opposition's commitment to push through changes, rather than repealing it.

"Firstly, this has been an awful Bill in the way it was rammed -- put through Parliament. I know a lot of people feel very strongly about Labor's role in that," he said, pointing to Labor's capitulation.

The shadow minister said he was focused on two elements regarding the Bill, with the first being its impact locally and abroad.

"A recognition certainly that this is having a devastating impact locally. The number of firms that have told me, and even some overseas firms have said, 'This is not worth the risk, storing data on Australian soil with the laws the way that they are constructed and operating at the moment'. It's a serious issue," he said.

Read also: Amendments to Australia's encryption laws stranded before election

The second part of Husic's focus is to go back to the 17 recommendations, made by a parliamentary committee, to reform the Bill.

"It triggered around 170 amendments that we thought needed to be done, some of these amendments should have been put through in the current Parliament ... our commitment is to make sure that those happen -- whoever wins -- we'll push this, win or lose or draw, whatever, our commitment is to reform the Bill," he continued.

"We're still committed to making the changes necessary to ensure that the Bill is reformed, improved, and the worst aspects are taken out."

Husic said making changes was better than repealing the encryption legislation, as governments are trying to grapple with how to stop people using digital platforms to cause harm.

"Governments are trying to find the balance, we want to make sure we've got that balance right and we want to make sure that the impact we're seeing on the sector currently -- that we side step all that through the reforms we believe need to happen," he said.

Touching on another reform he wants to pursue if Labor is successful on the weekend, Husic said that in order to fully embrace a data economy, the public's concerns around the way their data is being accessed, used, and on-sold need to be addressed.

"Another reform piece is just the number of government bodies that are responsible for data management or data policy in government -- there's a half a dozen of them," he added.

With Labor on Monday announcing it wouldcreate 5,000 placements at TAFE, free of charge, for tech-related courses, while also saying it would push major government IT suppliers to ensure one in 10 employees working on major government digital projects are digital apprentices or trainees, Husic again expanded upon his party's plans on Tuesday on how it will deal with Australia's skill shortage.

Husic pointed to the SMART Visawhich, originally announced in May 2017, would see the introduction of a new visa reserved for "world-leaders" in Science, Medicine, Academia, Research, and Technology (SMART) in direct response to the Coalition's 457 visa reform.

"We're trying to get some momentum and focus on the skills shortage locally," he said. "We could fill every single vacancy here in Australia with a local and I'd still think there was a world for skilled migration.

"If people are doing something smart, somewhere else in the world, and they want to be here -- we should bring them here because we need to ensure the knowledge base is continually replenished."

Additionally, Husic said Labor wants an Australian Skills Authority to determine what skill requirements are needed within certain sectors. He also wants government to probe what is being done to train locals, saying the goal is to "help meet local business needs".

He also wants to help older Australians transition into other roles by upping their digital literacy.

On cutting the federal government's Entrepreneurs Fund and the Industry Growth Centres that were established under former Prime Minister Malcolm Turnbull and his AU$1.1 billion National Innovation and Science Agenda, Husic said he would prefer the funding for startups to come from the private sector rather than from taxpayers' pockets.

"We haven't announced any co-investment funds this campaign, there's a specific reason for that. I've resisted them because from my point of view I'd rather private capital support investment in a lot of early stage firms, and what I want us to invest government dollars in is human capital," he said.

"We won't be putting a lot of money forward in an investment vehicle because we're constantly being told venture capital is having its golden years at the moment and the money is coming in, so we'd rather it happen that way than government putting forward taxpayers money."

The shadow minister responded with "watch this space" on Tuesday when asked if any further election promises would be made before Saturday.

Go here to read the rest:
Husic says Labor is committed to reforming Australia's ...

Theres bad takes, and then theres bad takes. An example of the latter comes from Bloomberg Opinion columnist Leonid Bershidsky, who thinks that todays WhatsApp security woes proves that end-to-end encryption is a gimmick and largely pointless.

WhatsApp is one of the largest messaging apps around. To put Bershidskys comments in context, earlier today, it transpired that it was possible to use specially-weaponized phone calls in order to install malware on a targets phone. The Facebook-owned company has since released a patch, which users are encouraged to install at the earliest possible opportunity.

WhatsApp, like many messaging apps, uses end-to-end encryption, which ensures that an intermediary cannot snoop on whats being said. Bershidskys argument, summed up roughly, is that while WhatsApp remains vulnerable to other attacks, end-to-end encryption is nothing short of a marketing device designed to lull consumers wary about cyber-surveillance into a false sense of security.

As far as I can tell, Bershidsky has no formal training in cyber security or computer science. If he did, he probably wouldnt be embarrassing himself in such a public fashion. And indeed, the computer security community is delighting on dunking on him via their preferred medium, Twitter. Its important that his arguments, which are misleading and technically inaccurate, do not go unaddressed.

Firstly, lets address his criticism that the term end-to-end encryption is a marketing device.

It isnt. It just fucking isnt. I dont know what else to say here. Its a technical term with a very precise, universally-accepted definition. That just isnt up for debate.

Bershidskys argument hinges primarily on the fact that applications that use end-to-end encryption are susceptible to other threats, like zero-day flaws and sophisticated Israeli spyware. But the thing is, no credible person has ever argued that end-to-end encryption is a security cure-all. Rather, it addresses two serious security problems.

Firstly, end-to-end encryption prevents an adversary sitting in the middle of a connection from intercepting and analyzing the contents of data packets. If youre sending privileged information across a public Internet, like credit card numbers or customer, youll going to want to ensure they safe from prying eyes. And crucially, it makes it almost impossible to intercept and analyze protected traffic at scale.

The second problem end-to-end encryption solves is that it makes it significantly harder for an adversary to launch session hijacking attacks. If data is being sent in the clear, an attacker sitting on the same network could easily capture cookies and session cookies, allowing them to take over a users account on a website or app, all without the need to log-in.

This isnt hypothetical. Before Facebook introduced SSL-by-default in 2012, ensuring the connection between users and its servers were protected, wresting control of someones account was embarrassingly easy. There was even a Firefox plugin called FireSheep, released in 2010, that made it a one-click process.

Do you need other things than end-to-end encryption to ensure a secure user experience? Absolutely. But is end-to-end encryption a crucial cornerstone of that secure user experience? Hell yes.

Security isnt a single product or app. You cant buy security. It comes from the culmination of lots of efforts, big and small. At the risk of sounding like the narrator in a commercial for Lincoln cars, its a journey, and you never quite get all the way there.

In conclusion, End-to-end encryption is important, and Bershidskys take is moronic. Even though the piece was clearly listed as opinion, Bloomberg should have known better than to publish an argument that was fundamentally misleading, and based on shaky technical grounds.

Read next: Netflix to invade E3 (and it might be bringing new games with it)

Continue reading here:
No, end-to-end encryption isn't a marketing gimmick

(Bloomberg Opinion) -- The discovery that hackers could snoop on WhatsApp should alert users of supposedly secure messaging apps to an uncomfortable truth: End-to-end encryption sounds nice but if anyone can get into your phones operating system, they will be able to read your messages without having to decrypt them.

According to a report in the Financial Times on Tuesday, the spyware that exploited the vulnerability was Pegasus, made by the Israeli company NSO. The malware could access a phones camera and microphone, open messages, capture what appears on a users screen, and log keystrokes rendering encryption pointless. It works on all operating systems, including Apples iOS, Googles Android, and Microsofts rarely used mobile version of Windows.

The cybersecurity community has known about it for years, and activists have been raising hell about its use against dissidents and journalists in dozens of countries although NSO itself says it doesnt sell Pegasus to unsavory regimes and that it is disabled in the U.S.

It was previously assumed that for Pegasus to work, the intended victim had to click on a phishing link to install the malware. But according to a brief technical description of the hack posted by WhatsApps owner, Facebook Inc., it now appears hackers can install the malware simply by calling the target.

This isnt the first vulnerability of this kind to be discovered in a supposedly secure messaging app. Last year, Argentinian security researcher Ivan Ariel Barrera Oro wrote about a flaw in Signal, an app favored by Edward Snowden. In that case, a hacker could send a specially crafted internet address in a Signal message and it would download the malware.

Its important to realize, however, that spyware that can install itself without any action on the users part can arrive through any channel, be it an encrypted messenger, a browser, an email or SMS client with an undiscovered vulnerability allowing such an attack.

These are merely applications running on top of an operating system, and once a piece of malware gets into the latter it can control the device in a multitude of ways. With a keylogger, a hacker can see only one side of a conversation. Add the ability to capture a users screen, and they can see the full discussion regardless of what security precautions are built into the app you are using.

End-to-end encryption is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security.Encryption is, of course, necessary, but it's not a fail-safeway to secure communication.

The tug of war between tech firms touting end-to-end encryption as a way to avoid government snooping and state agencies protesting its use is a smokescreen. Government and private hackers are working feverishly on new methods to deploy malware with operating system-wide privileges. Companies such as NSO are at the forefront of this important work, which can help catch terrorists and prevent attacks or imprison dissidents and disrupt revolutions against dictatorial regimes.

The WhatsApp episode is likely to increase the backlash against NSO and the export license it has from the Israeli government to sell Pegasus. But if this particular firm stops developing the malware, others will take its place.

The hard truth for activists and journalists in need of secure messaging is that the more tech-savvy they are, the safer they can make their digital communications. One can, for example, encrypt messages on a non-networked device before sending them out through ones phone. But even that wouldnt guarantee complete security since responses could be screen-captured.

Truly secure communication is really only possible in the analog world and then all the old-school spycraft applies.

(Updated to clarify uses of end-to-end encryption in eighth paragraph.)

To contact the author of this story: Leonid Bershidsky at lbershidsky@bloomberg.net

To contact the editor responsible for this story: Edward Evans at eevans3@bloomberg.net

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

Leonid Bershidsky is Bloomberg Opinion's Europe columnist. He was the founding editor of the Russian business daily Vedomosti and founded the opinion website Slon.ru.

For more articles like this, please visit us at bloomberg.com/opinion

2019 Bloomberg L.P.

View original post here:
WhatsApps End-to-End Encryption Is a Gimmick

Email Encryption Market: Market Overview

The rise in sophisticated information threats is the major factor fuelling the growth of email encryption market. The exponential growth in the enterprise data sharing is also driving the demand for email encryption market. Moreover, rapid modernizing of small and medium scale industries has resulted in surging use of e-mails to carry crucial data is boosting the growth of email encryption market. In parallel, the increasing usage of cloud-based solutions and services for multiple workloads expected to drive the need for Email Encryption market. To address this issue, many organizations are shifting towards the adoption of email encryption to secure their professional information. The rapid technological advancement and growing trend of security concern are fuelling the growth of email encryption market.

Email encryption is a method of securing the content of emails from anyone outside of the email conversation looking to obtain a participants information. In recent years, the technological development has led to the development of email encryption, which helps the organizations from malicious programmers. Furthermore, the increasing usage of mobile devices for work is also creating potential opportunities for email encryption market. Moreover, the increasing adoption of email encryption techniques among various organizations and companies is fuelling the growth of email encryption market. Apart from this, growth in the social, mobile, and cloud computing are accelerating the demand for email encryption market.

Email Encryption Market: Drivers & Challenges

Increasing number of data breaches is the primary factor which is driving the growth of email encryption market.The growing need for security against increasing bot traffic is also one of the major factors which fuelling the growth of email encryption market. Moreover, with the rise in the number of smartphone users at workplace, enterprise are adopting email encryption tools for the protection of their sensitive information. Furthermore, strict regulatory requirements for data protection is also creating potential growth opportunities for email encryption market.

Apart from this, the factor such as concern about internal theft is towering the growth of email encryption market globally. The global email encryption market is growing high due to the increasing bring your own devices policies in organizations. Furthermore, with the rapid technological shift and continuous deployment & migration of mobile devices, the demand for email encryption is increasing rapidly.

Device compatibility issues and lack of common standards are the major factors which hinders the growth of email encryption market. Lack of skilled professionals is also one of the major challenge for the growth of email encryption market. Moreover, reluctance of small and medium sized companies towards the adoption of email encryption due to low budged is a major factor which hampers the growth of email encryption market.

Email Encryption Market: Segmentation

The global email encryption market can be segmented as:

Email encryption marketsegmentation by Deployment:

Email encryption marketsegmentation by Enterprise Size:

Email encryption marketsegmentation by Vertical:

Email Encryption Market: Competition Landscape

Key Players

Some of the major players in the global email encryption market are Proofpoint, HP, Microsoft, McAfee, Symantec, Sophos, Entrust, TrendMicro, Hewlett-Packard, Zix Corporation, and Cisco. The other players in the global market include Galaxkey, DESLock+, Open-Xchange, Tutanota, SafeNet, ProtonMail, Vormetric, and other email encryption solution providers.

Regional Overview

On a geographic basis, North America is expected to be a large market for email encryption, due to the early adoption of digital technologies and the presence of various key players in the region. The demand for email encryption in APAC and Europe is expected to grow rapidly in the coming years, due to the increasing adoption of cloud and mobile technologies by various small- and medium-sized companies. Moreover, the rising trend of BYOD in countries such as Japan, Germany, China, the U.K., and India is also driving the demand for email encryption in Asia Pacific.

The research report presents a comprehensive assessment of the market and contains thoughtful insights, facts, historical data, and statistically supported and industry-validated market data. It also contains projections using a suitable set of assumptions and methodologies. The research report provides analysis and information according to market segments such as geographies, application, and industry.

The report covers exhaust analysis on:

Regional analysis includes:

The report is a compilation of first-hand information, qualitative and quantitative assessment by industry analysts, inputs from industry experts and industry participants across the value chain. The report provides in-depth analysis of parent market trends, macro-economic indicators and governing factors along with market attractiveness as per segments. The report also maps the qualitative impact of various market factors on market segments and geographies.

Report Highlights:

NOTE - All statements of fact, opinion, or analysis expressed in reports are those of the respective analysts. They do not necessarily reflect formal positions or views of Future Market Insights.

See the original post:
Email Encryption Market - Global Industry Analysis, Size ...

Update, Feb. 5, 2015, 8:10 p.m.: After this article appeared,Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Kochs project.

The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive.

Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded.

"I'm too idealistic," he told me in an interview at a hacker convention in Germany in December. "In early 2013 I was really about to give it all up and take a straight job." But then the Snowden news broke, and "I realized this was not the time to cancel."

Like many people who build security software, Koch believes that offering the underlying software code for free is the best way to demonstrate that there are no hidden backdoors in it giving access to spy agencies or others. However, this means that many important computer security tools are built and maintained by volunteers.

Now, more than a year after Snowden's revelations, Koch is still struggling to raise enough money to pay himself and to fulfill his dream of hiring a full-time programmer. He says he's made about $25,000 per year since 2001 a fraction of what he could earn in private industry. In December, he launched a fundraising campaign that has garnered about $43,000 to date far short of his goal of $137,000 which would allow him to pay himself a decent salary and hire a full-time developer.

The fact that so much of the Internet's security software is underfunded is becoming increasingly problematic. Last year, in the wake of the Heartbleed bug, I wrote that while the U.S. spends more than $50 billion per year on spying and intelligence, pennies go to Internet security. The bug revealed that an encryption program used by everybody from Amazon to Twitter was maintained by just four programmers, only one of whom called it his full-time job. A group of tech companies stepped in to fund it.

Koch's code powers most of the popular email encryption programs GPGTools, Enigmail, and GPG4Win. "If there is one nightmare that we fear, then it's the fact that Werner Koch is no longer available," said Enigmail developer Nicolai Josuttis. "It's a shame that he is alone and that he has such a bad financial situation."

The programs are also underfunded. Enigmail is maintained by two developers in their spare time. Both have other full-time jobs. Enigmail's lead developer, Patrick Brunschwig, told me that Enigmail receives about $1,000 a year in donations just enough to keep the website online.

GPGTools, which allows users to encrypt email from Apple Mail, announced in October that it would start charging users a small fee. The other popular program, GPG4Win, is run by Koch himself.

Email encryption first became available to the public in 1991, when Phil Zimmermann released a free program called Pretty Good Privacy, or PGP, on the Internet. Prior to that, powerful computer-enabled encryption was only available to the government and large companies that could pay licensing fees. The U.S. government subsequently investigated Zimmermann for violating arms trafficking laws because high-powered encryption was subject to export restrictions.

In 1997, Koch attended a talk by free software evangelist Richard Stallman, who was visiting Germany. Stallman urged the crowd to write their own version of PGP. "We can't export it, but if you write it, we can import it," he said.

Inspired, Koch decided to try. "I figured I can do it," he recalled. He had some time between consulting projects. Within a few months, he released an initial version of the software he called Gnu Privacy Guard, a play on PGP and an homage to Stallman's free Gnu operating system.

Koch's software was a hit even though it only ran on the Unix operating system. It was free, the underlying software code was open for developers to inspect and improve, and it wasn't subject to U.S. export restrictions.

Koch continued to work on GPG in between consulting projects until 1999, when the German government gave him a grant to make GPG compatible with the Microsoft Windows operating system. The money allowed him to hire a programmer to maintain the software while also building the Windows version, which became GPG4Win. This remains the primary free encryption program for Windows machines.

In 2005, Koch won another contract from the German government to support the development of another email encryption method. But in 2010, the funding ran out.

For almost two years, Koch continued to pay his programmer in the hope that he could find more funding. "But nothing came," Koch recalled. So, in August 2012, he had to let the programmer go. By summer 2013, Koch was himself ready to quit.

But after the Snowden news broke, Koch decided to launch a fundraising campaign. He set up an appeal at a crowdsourcing website, made t-shirts and stickers to give to donors, and advertised it on his website. In the end, he earned just $21,000.

The campaign gave Koch, who has an 8-year-old daughter and a wife who isn't working, some breathing room. But when I asked him what he will do when the current batch of money runs out, he shrugged and said he prefers not to think about it. "I'm very glad that there is money for the next three months," Koch said. "Really I am better at programming than this business stuff."

Here is the original post:
The World's Email Encryption Software Relies on One Guy ...

Researchers have found a way to put handshake-style encryption in email and other communication tools, which is good news for spies.

Secret handshakes have long been a method of verification for spies in the field, but digitally things are about to change in a big way. Similar to the physical handshake, digital handshakes are used to verify communication participants identities in real time.

While fine for instant messaging, it has proven impossible to replicate in communication methods such as email whereby messages may need to be decoded long after they were originally sent.

However, a research team from the Stevens Institute of Technology has revealed a new cryptography breakthrough that could solve this 15-year-old problem. This could be hugely beneficial not only to intelligence agencies, but anyone with an interest in secure communications, such as journalists and doctors.

The demand for tools like this is incredible, said Giuseppe Ateniese, who led the research. Privacy is growing more and more important, and encryption is essential for almost everyone.

To achieve the breakthrough, Ateniese and his team combined existing key-based cryptographic algorithms in a novel arrangement to create a system called matchmaking encryption. This simultaneously checks the identities of both the sender and receiver before decrypting the message.

Crucially, matchmaking encryption does away with the need for real-time interactions, allowing messages to be sent on a dead drop basis and read at a later date.

A dead drop is like when a spy leaves a message behind a rock, Ateniese said. It can be used when you need to send a message to someone whos not there at the moment, but will find it if he or she is the intended recipient.

To use this form of encryption, both parties create policies or a list of traits that describe the people with whom they are willing to communicate. When both digital policies are happy that each party is who they say they are, the message will be sent.

Aside from person-to-person communication, it could also be used to group classes of people together. So, for example, CIA agents in New York could refuse to accept messages from anyone other than Philadelphia-based FBI agents.

Messages that dont fit the bill will not be decrypted, with no information being sent. Team member Danilo Francati said: This is important for intelligence I dont want to reveal to you that Im an FBI agent, so I want assurances that you are who you say you are. Matchmaking encryption provides that assurance as well as a level of privacy thats stronger than anything else thats available.

The team believes that the breakthrough opens new frontiers in secure communication and that additional applications will quickly emerge as researchers explore the new technology and make matchmaking encryption more powerful.

Ateniese will present the teams findings at the upcoming Crypto 2019 conference.

See the original post here:
Encryption breakthrough could keep prying eyes away from ...

Silicon Valleys leading companies including Facebook, Google and Snapchat are working on their own increased privacy technology as Apple fights the US government over encryption, the Guardian has learned.

The projects could antagonize authorities just as much as Apples more secure iPhones, which are currently at the center of the San Bernardino shooting investigation. They also indicate the industry may be willing to back up their public support for Apple with concrete action.

Within weeks, Facebooks messaging service WhatsApp plans to expand its secure messaging service so that voice calls are also encrypted, in addition to its existing privacy features. The service has some one billion monthly users. Facebook is also considering beefing up security of its own Messenger tool.

Snapchat, the popular ephemeral messaging service, is also working on a secure messaging system and Google is exploring extra uses for the technology behind a long-in-the-works encrypted email project.

Engineers at major technology firms, including Twitter, have explored encrypted messaging products before only to see them never be released because the products can be hard to use or the companies prioritized more consumer-friendly projects. But they now hope the increased emphasis on encryption means that technology executives view strong privacy tools as a business advantage not just a marketing pitch.

These new projects began before Apple entered a court battle with the Department of Justice over whether it should help authorities hack into a suspected terrorists iPhone. Apple is due to appear in a federal court in California later this month to fight the order.

Polling has shown public opinion is divided over the case. And any new encyrption efforts by tech firms put them on a collision course with Washington. Two US senators, the Democrat Dianne Feinstein of California and the Republican Richard Burr of North Carolina, say they have written draft legislation that would create penalties for companies that arent able to provide readable user data to authorities. Barack Obama has also made it clear he thinks some technology companies are going too far. If government cant get in, then everyones walking around with a Swiss bank account in their pocket, right? he said 11 March at the SXSW technology conference in Austin, Texas.

WhatsApp has been rolling out strong encryption to portions of its users since 2014, making it increasingly difficult for authorities to tap the services messages. The issue is personal for founder Jan Koum, who was born in Soviet-era Ukraine. When Apple CEO Tim Cook announced in February that his company would fight the government in court, Koum posted on his Facebook account: Our freedom and our liberty are at stake.

His efforts to go further still are striking as the app is in open confrontation with governments. Brazil authorities arrested a Facebook executive on 1 March after WhatsApp told investigators it lacked the technical ability to provide the messages of drug traffickers. Facebook called the arrest extreme and disproportionate.

WhatsApp already offers Android and iPhone users encrypted messaging. In the coming weeks, it plans to offer users encrypted voice calls and encrypted group messages, two people familiar with the matter said. That would make WhatsApp, which is free to download, very difficult for authorities to tap.

Unlike many encrypted messaging apps, WhatsApp hasnt pushed the security functions of the service as a selling point to users. Koum, its founder, has said users should be able to expect that security is a given, not a bonus feature.

Its unclear if that will change. In the coming weeks, WhatsApp plans to make a formal announcement about its expanded encryption offerings, sources said.

The efforts come at a crossroads for Silicon Valley. Google, Facebook, Snapchat, Amazon, Microsoft and Twitter have all signed on to legal briefs supporting Apple in its court case. At the same time, some of the companies have shown an increased willingness to help the government in its efforts to fight the spread of Islamic extremist propaganda online often using their services.

Facebooks chief operating officer, Sheryl Sandberg, has talked publicly about how tech companies can help the west combat Isis online and Eric Schmidt, executive chairman of Googles parent company, Alphabet, recently joined a Defense Department advisory group on how tech can aid in future battles.

Those matters may seem separate, but US national security officials view the increasing availability of encryption technology as a major aid to Islamic States online recruitment efforts. At some point, tech firms may have to choose whether they care more about being seen as helping the west to fight terrorism or standing as privacy advocates.

Some technology executives think one middle path would be to encourage the use of encryption for the content of messages while maintaining the ability to hand over metadata, which reveals who is speaking to whom, how often and when. That is why the specifics of the new products will be key to determining both their security and Washingtons reaction to them.

The Guardian couldnt immediately determine the specific details of Snapchats and Facebooks projects. All the companies declined to comment.

In 2014, Google announced a project called End to End, which would make it easier to send encrypted emails in such a way that only the sender and recipient could decode them. The project, once a collaboration with Yahoo, has been slow-going.

That appears to have changed in recent months, though, sources familiar with the project said, and other Google employees have shown in renewed interest in the idea. At a February internal town hall at Google, one engineer stood up and asked vice-president of security and privacy engineering Gerhard Eschelbeck why Google wasnt doing more to support encrypted communications, according to two people familiar with the exchange.

Gerhard countered the company increasingly was putting effort behind such projects. Some Google employees are discussing whether the technology behind End to End can be applied to other products, though no final determinations have been made.

This has been an ongoing effort for a long time at Google, one person briefed on the project said. One of the challenges for the search giant is that there are some types of data for which it remains challenging to offer end-to-end security, both for usability and business model reasons.

Google sells targeted ads by scanning users email, a process that gets tricky if the contents remain encrypted. Many consumers also use Gmail accounts, which include large amounts of free storage, as a sort of online file system, sometimes dating back more than a decade.

There are lots of difficulties at Google that arent same at Apple, the person briefed on the project said. The business models are just different.

In the meantime, WhatsApps encryption is based on code developed by a well-known privacy evangelist, Moxie Marlinspike, whose secure messaging app Signal is used by security hawks. One advantage of Marlinspikes encryption tools is that they have been tested repeatedly by outside security experts.

Apple, the company behind the two-year debate over encryption, is also taking steps to beef up privacy. The company has been in discussions with outside security experts about ways to make it technically harder still for investigators to force the company to hand over data from customers iPhones, according to sources. The New York Times earlier reported on those conversations.

Last month, Frederic Jacobs, an accomplished cryptographer and one of the coders behind Signal, announced he had accepted a job at Apple. Its a summer internship with the security team for the iPhones core software.

Read the original:
Facebook, Google and WhatsApp plan to increase encryption ...

Encryption is the process of helping protect personal data by using a secret code to scramble it so that it cannot be read by anyone who doesnt have the code key. Today, vast amounts of personal information are managed online and stored in the cloud or on servers with an ongoing connection to the web. Its nearly impossible to do business of any kind without personal data ending up in a networked computer system, which is why its important to know how to help keep that data private.

Most legitimate websites use what is called Secure Sockets Layer (SSL), which is a form of encrypting data when it is being sent to and from a website. This keeps attackers from accessing that data while it is in transit. Look for the green padlock icon in the URL bar, and the S in the https:// to make sure you are conducting secure, encrypted transactions online.

Its a good idea to access sites utilizing SSL when:

3 reasons why encryption mattersWhy is encryption important? Here are three reasons:

1. Internet privacy concerns are real Encryption helps protect privacy by turning personal information into for your eyes only messages intended only for the parties that need them and no one else. You should make sure that your emails are being sent over an encrypted connection, or that you are encrypting each message. Most email clients come with the option for encryption in the settings menu, and if you check your email with a web browser, take a moment to ensure that SSL encryption is available.

2. Hacking is big businessHackers arent just bored kids in a basement anymore. Theyre big business, and in some cases, theyre multinational outfits. Large-scale data breaches that you may have heard about in the news demonstrate that people are out to steal personal information to fill their pockets.

3. Regulations demand it Healthcare providers are required by the Health Insurance Portability and Accountability Act (HIPAA) to implement security features that protect patients sensitive health information. Institutions of higher learning must take similar steps under the Family Education Rights and Privacy Act (FERPA), while retailers must contend with the Fair Credit Practices Act (FCPA) and similar laws. Encryption helps businesses stay compliant as well as helps protect the valuable data of their customers.

See more here:
Encryption: What it is and why its important

This is How Encryption with Boxcryptor Works

We encrypt files and thus provide increased protection against espionage and data theft. For encryption, we use a combination of AES-256 encryption and RSA encryption. Here we explain the two algorithms.

Advanced Encryption Standard (AES) is one of the most frequently used and most secure encryption algorithms available today. It is publicly accessible, and it is the cipher which the NSA uses for securing documents with the classification "top secret". Its story of success started in 1997, when NIST (National Institute of Standards and Technology) started officially looking for a successor to the aging encryption standard DES. An algorithm named "Rijndael", developed by the Belgian cryptographists Daemen and Rijmen, excelled in security as well as in performance and flexibility.

It came out on top of several competitors and was officially announced the new encryption standard AES in 2001. The algorithm is based on several substitutions, permutations and linear transformations, each executed on data blocks of 16 byte therefore the term blockcipher. Those operations are repeated several times, called rounds. During each round, a unique roundkey is calculated out of the encryption key, and incorporated in the calculations. Based on the block structure of AES, the change of a single bit, either in the key, or in the plaintext block, results in a completely different ciphertext block a clear advantage over traditional stream ciphers. The difference between AES-128, AES-192 and AES-256 finally is the length of the key: 128, 192 or 256 bit all drastic improvements compared to the 56 bit key of DES. By way of illustration: Cracking a 128 bit AES key with a state-of-the-art supercomputer would take longer than the presumed age of the universe. And Boxcryptor even uses 256 bit keys. As of today, no practicable attack against AES exists. Therefore, AES remains the preferred encryption standard for governments, banks and high security systems around the world.

RSA is one of the most successful, asymmetric encryption systems today. Originally discovered in 1973 by the British intelligence agency GCHQ, it received the classification top secret. We have to thank the cryptologists Rivest, Shamir and Adleman for its civil rediscovery in 1977. They stumbled across it during an attempt to solve another cryptographic problem.

As opposed to traditional, symmetric encryption systems, RSA works with two different keys: A public and a private one. Both work complementary to each other, which means that a message encrypted with one of them can only be decrypted by its counterpart. Since the private key cannot be calculated from the public key, the latter is generally available to the public.

Those properties enable asymmetric cryptosystems to be used in a wide array of functions, such as digital signatures. In the process of signing a document, a fingerprint encrypted with RSA, is attached to the file, and enables the receiver to verify both the sender and the integrity of the document. The security of RSA itself is mainly based on the mathematical problem of integer factorization. A message that is about to be encrypted is treated as one large number. When encrypting the message, it is raised to the power of the key, and divided with remainder by a fixed product of two primes. By repeating the process with the other key, the plaintext can be retrieved again. The best currently known method to break the encryption requires factorizing the product used in the division. Currently, it is not possible to calculate these factors for numbers greater than 768 bits. That is why modern cryptosystems use a minimum key length of 3072 bits.

Boxcryptor implements a combined encryption process based on asymmetric RSA and symmetric AES encryption. Every file has its own unique random file key which is generated when the file is being created.

Excerpt from:
AES and RSA Encryption Explained

The following table provides information and tips for settings for digital signing, encryption, and certificate authentication. To access these settings, click on Tools menu, then click Accounts. Select the account, click Advanced, and then click the Security tab.

Term

Definition

Certificate

Select the certificate that you want for digital signing.

Before you click Choose a Certificate on the Certificate pop-up menu, you must first have a certificate added to the keychain on your computer. For information about how to request a digital certificate from a certification authority, see Mac Help.

Signing algorithm

A method for helping protect the integrity of a digital signature. Outlook can create a digital signature with any of the following algorithms: SHA-512, SHA-384, SHA-256, and SHA-1. Of these four algorithms, SHA-1 is the most compatible with other S/MIME applications, and SHA-512 is the most secure.

Sign outgoing messages

Select this option if you want to digitally sign all outgoing messages by default.

Send digitally signed messages as clear text

Select this option if you want the contents of the message to be readable for all recipients. This includes recipients without an S/MIME mail application. A recipient without an S/MIME mail application can read a clear text message but can't verify the digital signature.

Include my certificates in signed messages

Select this option if you want your recipients to be able to send encrypted messages to you.

Term

Definition

Certificate

Choose the certificate that you want other people to use to send encrypted messages to you. Outlook also uses your encryption certificate for encrypted messages that are stored in your Sent Items and Drafts folders.

Before you click Choose a Certificate on the Certificate pop-up menu, you must first have a certificate added to the keychain on your computer. For information about how to request a digital certificate from a certification authority, see Mac Help.

Encryption algorithm

A method for encrypting a message and its attachments. Outlook can encrypt messages with any of the following algorithms: AES-256, AES-192, AES-128, and 3DES. Of these four algorithms, 3DES is the most compatible with other S/MIME applications, and AES-256 is the most secure.

Encrypt outgoing messages

Select this option if you want to encrypt all outgoing messages by default.

Term

Definition

Client certificate

Choose the certificate that you want for certificate authentication.

Before you click Choose a Certificate on the Certificate menu, you must first have a certificate added to the keychain on your computer. For information about how to request a digital certificate from a certification authority, see Mac Help.

Find digital ID or digital certificate services

Digital signatures and certificates

Send a digitally signed or encrypted message

Outlook for Mac 2011 Help

See the original post:
Digital signing and encryption settings - Outlook for Mac