In the wake of the recent terrorist attacks in London, there is a renewed attempt by global governments to increase surveillance of the internet.

Taking aim at encryption, Malcolm Turnbull stated that, despite it being a vital piece of security for every user of the Internet encrypted messaging applications are also used by criminals and terrorists at the moment much of this traffic is difficult for our security agencies to decrypt, and indeed for our Five Eyes partners as well.

In June, attorney-general George Darth Brandis, along with his Five Eyes counterparts from the UK, US, Canada and NZ, met in Ottawa to discuss ways to weaken encryption and pressure the tech industry to build back doors through which they can spy on global communications.

In response, a joint statement by 83 organisations and individuals from these five countries opposed these plans. The executive officer of Electronic Frontiers Australia, Jon Lawrence, said, Calls to undermine encryption in the name of national security are fundamentally misguided and dangerous. Jim Killock, executive director at the UKs Open Rights Group, said, Security experts and cryptographers are as united in their views on encryption as scientists are on climate change.

At the time of writing, we dont know what decisions were made at the Five Eyes ministerial meeting, but new attempts to circumvent encryption reflect the ways that state surveillance has changed since revelations from US whistleblower Edward Snowden.

In 2013, Snowden shocked the world when he revealed that the US and its allies had created the largest and most complex system of state surveillance that has ever existed. One of the US National Security Agencys most invasive programs was XKeyscore, a searchable database with millions of peoples emails, web browsing histories and more. This also allowed for real-time monitoring of almost any individual around the world while they used the internet.

Just four years later, the state of computer security has changed immensely, making this surveillance more difficult. According to a report published in February by the Electronic Frontiers Federation, more than half of all internet traffic is now encrypted. The expansion of Virtual Private Network services and use of the Onion Router (TOR) has made it easier for everyone to remain anonymous online. However, the development that is of most concern to the likes of the NSA is the widespread use of encrypted mobile devices and messaging applications such as Signal and WhatsApp.

These applications use a method called end-to-end encryption in which messages are encrypted, and the tools to decrypt those messages exist only on the device of the sender and receiver. Therefore, a company like WhatsApp cannot read the messages sent through its servers. As a WhatsApp spokesperson said in 2016 as part of an ongoing court case brought by the Brazilian government, We cannot share information we dont have access to.

Years before James Comey began presenting himself as the supposed good guy of the US establishment, the then FBI director railed against the use of domestic encryption tools. In 2015 he stated, If the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place.

He pressured companies such as Apple to build back doors to bypass encryption. While the intelligence agencies recognise that they cannot currently break modern encryption algorithms, they have focused their resources on trying to get around them by hacking directly into mobile devices.

This strategy was demonstrated in March when whistleblower website WikiLeaks released Vault 7, the largest ever publication of confidential documents leaked from the CIA. Additional leaks this year by hacking group Shadow Brokers have further revealed the extent of the intelligence agencies hacking capabilities. These documents show that the US has been developing, purchasing and stockpiling security vulnerabilities in Apple and Android mobile devices. Exploiting these vulnerabilities has allowed them to read WhatsApp or Signal messages as they are being typed or read.

One of the most damning leaks in Vault 7 revealed that the CIA had discovered how to turn Samsung Smart TVs into covert listening devices, even when they are turned off.

The recent WannaCry and Petya ransomware attacks, which caused immense damage across the world, both used security holes codenamed EternalBlue that had been stockpiled by the CIA and deliberately left open. While the CIA did not intend these vulnerabilities to be used in this way, it is the inevitable result of keeping software insecure and creating back doors.

With leaks from the CIA and the NSA exposed, these security flaws are now being fixed, making it more difficult for the agencies to continue their spying activities. This explains the increased push from Five Eyes countries to force tech companies to install back doors so they can bypass encryption.

However, the argument that states should have the right to bypass encryption to stop terrorism simply doesnt hold up. It would be ludicrous to suggest that turning Smart TVs into listening devices is about stopping ISIS. It has always been about developing tools for mass surveillance, and now increasingly for espionage and cyberwar. This has been seen before. For example, the worm Stuxnet was written by the US and Israel and used to target Iranian nuclear facilities.

It is not a question of whether governments will one day use these hacking techniques for domestic surveillance they already do. On 30 June, it was revealed that Centrelink has been paying Israeli hacking company Cellebrite to break into mobile phones. The methods used are the same ones Cellebrite developed in 2015, when it helped the FBI break into an iPhone as part of the San Bernardino terrorism case.

It is now known that government departments such as the Australian Tax Office and the Department of Employment have paid around $500,000 to Cellebrite for equipment and training to hack into phones.

In the debate about metadata storage, George Brandis was adamant that the government wasnt after the content of Australians communications, just who we are talking to. These new revelations and the entire debate about encryption show that the content is exactly what they are after. No matter the justification, we should resist any attempt to weaken encryption and our right to privacy.

See the original post here:
Weakening encryption is an attack on our freedom - Red Flag

Google has partnered up with Virtru Corporation to bring customizable end-to-end email and messaging encryption, on both server side and client side, to all G Suite users. End users and administrators can choose to encrypt any incoming or outgoing message in order to help protect sensitive data. Administrators can set rules to encrypt any message that meets certain criteria, and can take advantage of advanced access controls that can grant or revoke access to a given message at any time, even after its been delivered. The goal of Virtru is not just to add an extra level of security, but to help especially sensitive data circulated in regulated industries like the medical and law fields to stay as secure as possible, making it easier than ever to keep communications compliant with applicable law.

Administrators on Virtru-enabled servers can not only encrypt or decrypt things that come and go at will, but can control the entire process from origination to endpoint, and even after. Starting at the source, administrators can set custom rules to encrypt messages based on a wide variety of criteria, such as sender and recipient, keywords in the contents, and presence or type of attachments, among other things. Virtru allows total end-to-end encryption of all messages across platforms, and for any messages that dont fall under administrator-set rules, users can encrypt them with nothing more than the push of a button in their mobile email client or browser. Decryption keys can be stored onsite, or in Virtrus cloud, or even both, ensuring maximum security for the keys and making recovery a breeze. As icing on the cake, admins will have a personal dashboard, where they can keep track of all communications within their organization, including those with participants on the outside, and can get customizable notifications of anything happening on the network.

Virtru will integrate tightly with G Suite when it rolls out. For now, only communications such as emails will be encrypted, but support for other file and transmission types could come later. Google has not revealed how much Virtru will cost when it hits G Suite, or how users can go about getting it. Instead, Virtru will be hosting a webinar on July 11, at 10 AM Pacific time. The webinar will go over the basics of getting, implementing, and maintaining a Virtru installation over a given instance of G Suite.

See the original post:
Virtru Brings End-To-End Encryption To G Suite - Android Headlines

By Thanksgiving, the public will no longer be able to listen in on police dispatches in Lancaster County, as LNP reported last week. The Lancaster County commissioners on Tuesday directed Lancaster County-Wide Communications to encrypt police transmissions, blocking the public and media from hearing whats going on in the county. West Hempfield Township police Chief Mark Pugliese, who heads the county police chiefs association, says the change will protect police from ambushes and secure personal information about crime victims and witnesses.

Police officers have a dangerous, difficult job more difficult and dangerous than most of us can probably imagine.

And we wouldnt support any measure that would make life more perilous for a police officer.

But some sort of balance between protecting officers and ensuring the publics right to information must be struck.

We understand the other side of the argument.

We live in a changed and changing world, Commissioner Dennis Stuckey told LNP. Gone are the days when you can talk to a 15- or 20-year veteran who says hes only had to pull his gun out twice.

Pugliese also said there have been several incidents in the county where the public or the media interfered with investigations, in some cases by getting to crime scenes more quickly than police.

As Commissioner Josh Parsons, who supports encryption, said, The fake 911 ambush scenario could happen no matter what we do today. However, he said, encryption does provide some percentage of safety.

Pugliese was off-base when he scolded the media for being in such a rush to get the news out. Thats the medias job, especially when it comes to a public safety issue.

The fact of the matter is and this is not a criticism law enforcement relies on the media when its convenient.

When police are hunting a fugitive, they ask the media to post a photo of the suspect. When prosecutors announce a major conviction, they call a news conference.

When a house exploded outside Millersville on Sunday, people who heard and felt the blast were desperate for information about what had happened. Emergency responders were busy doing what they do best, and supervisors at Lancaster County-Wide Communications had no information. The only way LNP could inform the public about the situation in the moments after the explosion was by monitoring the police scanner.

Come November, when the media wants to hear what police are doing in the community silence.

So, the message seems to be that the media and public are to be kept out of the loop until further notice. We will be informed strictly on a need-to-know basis.

Theres no evidence that radio transmissions have made policing more dangerous or more difficult.

Melissa Melewsky, media law counsel for the Pennsylvania NewsMedia Association, told LNP that media organizations have used emergency radio transmissions for decades without incident to keep the public informed about emergency situations in the community.

As Knapp reported, Commissioner Craig Lehman said hes also concerned about police safety but said officers may become further isolated from their communities if they decrease transparency.

Lehman is correct. Encryption will limit transparency and serve as an obstacle to the media. And, as he pointed out, less transparency breeds mistrust and suspicion. Thats the last thing anyone including police needs.

Lehman suggested a compromise: Encrypt public transmissions, but give news outlets access.

The commissioners and the county police chiefs should give this serious consideration, though we dont believe the public should be shut out either.

From the medias standpoint, radio silence will only make a reporters job more difficult and very well could, in turn, limit the publics access to information.

In an emergency situation, and you can imagine any number of them natural disaster, active shooter, fire the media needs to work with law enforcement to keep the public informed. In such situations, media outlets monitor radio transmissions for information and logistics. Encrypting such transmissions would not be in the best interest of the public.

And Lehman said blocking transmissions might actually make police less safe if public trust is lost.

The decision to encrypt was administrative and did not require a vote.

We urge the commissioners to reconsider this order and, at the very least, seek a compromise.

This is not about getting to the crime scene first.

Were big fans of transparency here because when it begins to erode, were all in trouble.

The rest is here:
Encrypting police transmissions is a blow to transparency and openness in government - LancasterOnline

Photonics.com Jul 2017 ERLANGEN, Germany, July 5, 2017 Quantum-limited coherent measurements of optical signals were sent from a satellite in Earths orbit to an optical ground station over a distance of 38,600 kilometers (almost 24,000 miles). Excess noise was bound. The precise Earth-based measurement of optical signals from a satellite demonstrates the potential for a satellite-based quantum encryption network using equipment that is already in space.

Although methods for quantum encryption have been in development for more than a decade, the technology has been unable to work over long distances because residual light losses in the optical fibers used for telecommunications networks on the ground degrade the quantum signals. According to researchers, encryption techniques such as quantum key distribution will be of increasing importance as current encryption codes based on mathematical algorithms become easier to crack.

A team from the Max Planck Institute for the Science of Light worked with satellite telecommunications company Tesat-Spacecom GmbH and the German Space Administration to conduct the experiments.

From our measurements, we could deduce that the light traveling down to Earth is very well suited to be operated as a quantum key distribution network, Max Planck researcher Christoph Marquardt said. We were surprised because the system was not built for this.

A satellite-based quantum encryption network would provide an extremely secure way to encrypt data sent over long distances.

We were quite surprised by how well the quantum states survived traveling through the atmospheric turbulence to a ground station, said Marquardt. The paper demonstrates that technology on satellites, already space-proof against severe environmental tests, can be used to achieve quantum-limited measurements, thus making a satellite quantum communication network possible. This greatly cuts down on development time, meaning it could be possible to have such a system as soon as five years from now.

Developing such a system in just five years is an extremely fast timeline since most satellites require around ten years of development.

The researchers are now working with Tesat-Spacecom and others in the space industry to design an upgraded system based on the hardware already used in space. This will require upgrading the laser communication design, incorporating a quantum-based random number generator to create the random keys, and integrating post processing of the keys.

The results of initial experiments indicate that quantum communication using satellites in space is feasible and could open the possibility of a global quantum key distribution network for secure communication.

There is serious interest from the space industry and other organizations to implement our scientific findings, said Marquardt. We, as fundamental scientists, are now working with engineers to create the best system and ensure no detail is overlooked.

The research was published in Optica, a publication of OSA, The Optical Society of America (doi:10.1364/OPTICA.4.000611).

Read more here:
Ground-Based Signals Measured From Space Could Enable Quantum Encryption Network - Photonics.com

An exclusive report this morning says that Australian Prime Minister Malcolm Turnbull plans to ask US President Donald Trump to demand that US technology companies break into encrypted messages sent by suspected terrorists.

It is an indication that the publishing company, Fairfax Media, and the writer, Peter Hartcher, are prepared to print any kind of bunkum as long as it comes from a sufficiently "official" source.

Whether the statement makes sense or not is never the issue, it would appear. The reader is also given no indication that Turnbull is speaking nonsense.

Without any proof, Turnbull also told Hartcher: "The point is, what are the responsibilities that a WhatsApp or a Telegram or a Signal, what are the responsibilities they owe to public safety You have got a very real global threat where terrorist organisations, Islamist terrorist organisations, are using these digital platforms to do us harm."

To put it rather bluntly, short of rolling back encryption altogether, there is no way of ensuring that all people who are not behind bars do not have access to encryption.

Tom Sulston (right), a software delivery consultant who works for ThoughtWorks, agrees. "Given that the best encryption libraries are open source, that genie is out of the bottle," he said during an informal exchange with iTWire.

"While governments might choose to compel companies to put backdoors in their individual implementations, the library code remains secure," said Sulston, who recently addressed the Canberra press gallery on the tools journalists could use to help protect their sources from unwanted intrusion.

"So attempts to roll back encryption not only wouldnt work, theyd punish ordinary citizens while criminals used other, un-backdoored tools, or simply move their communications to other jurisdictions."

Somehow, the Australian government, which can afford to pay any number of consultants steep fees, cannot find a man with the simple common sense that someone like Sulston has. Or is that because the kind of logic that Sulston dishes out would mean that Turnbull would be unable to bloviate as he has in the exclusive interview mentioned at the start of this piece?

Sulston was asked what was the best option for governments in the existing scenario. Pat came the answer: "Governments need to realise the limitations of technology encryption tools are either broken or not. They cant be compromised just for intelligence agencies and no-one else. There is a huge gap where our society has gone digital and our government has failed to understand what this means."

Unlike our good Prime Minister, Sulston also knows his limitations as a technologist. "Im not a legal or security expert, so I dont have strong (or relevant!) opinions on how governments should tackle terrorism," he confessed.

"But I do believe that their efforts to do so need to remain within the boundaries set by existing laws, including the Universal Declaration of Human Rights."

Turnbull would do well to contemplate the fact that the whole debate about encryption was brought to the fore by the US National Security Agency. Its blanket surveillance of Americans was exposed in 2013 by one Edward Snowden and this led US companies to do everything possible to convince their customers that their data was safe.

Microsoft went so far as to set up a data centre in Germany where it would not be subject to the remit of US laws.

Encryption is built into products like WhatsApp for a reason the owners, in this case Facebook, want to attract more and more people with the selling point being that whatever they say is secure.

Try asking companies which are making billions hand over fist by offering such apps free, to cut back on encryption.

Empty promises can be made some of the time, but even Turnbull, who probably holds the record for the use of the words "innovative" and "agile" in recent times, should realise that you cannot blow hot air on encryption all the time and expect people not to become cynical as to the motives behind such talk.

View original post here:
Encryption: Turnbull continues his Man of La Mancha ways - iTWire

htxt.africa

Why breaking WhatsApp security is such a bad idea Mashable However, in this video British YouTuber Tom Scott passionately explains why forcing services like WhatsApp to break their end-to-end encryption is actually a very dangerous idea. "The devil is in the detail," Scott says. "If we could replicate the way ... How WhatsApp encryption works and why we need ithtxt.africa all 3 news articles »

More here:
Why breaking WhatsApp security is such a bad idea - Mashable

The increasing amount of data were all generating is everywhere: in smartphones, laptops, thumb drives, and dozens of online services. How can we secure all of them against unwarranted access?

We virtually cant.

Smartphones get stolen, thumb drives get lost, email passwords get brute-forced, cloud servers get breached, unwary users get phished, WiFi networks get tapped, and eventually, malicious users obtain access to your data.

So how do you protect your data against unwelcome parties?

You encrypt it. In case you dont know it, encryption is the science of modifying data to prevent intruders from making sense of it. When you encrypt your data, only you and anyone else holding the decryption keys will be able to unlock and read it. This means that even if an attacker gains access to your data by breaking into a server or stealing your hard drive, they wont be able to make sense of it if they dont have the keys.

As Ive argued before, encryption is your last line of defense, the one thing that can protect your data when all else goes wrong.

So without further ado, heres are some of the key ways you can encrypt the data that youre scattering everywhere.

Email has become a de facto medium for exchanges of all sorts. We use email to send business secrets, financial data, personal data and various kinds of sensitive information. There are few things that are as damaging as a hacked email account.

You should obviously do everything you can to protect your email accounts, such as choosing strong passwords or enabling two-factor authentication. But in case your account does get breached, you have a few viable options to encrypt your messages and prevent hackers from actually seeing the contents of your messages.

One is the use of Pretty Good Privacy (PGP), a tool that adds a layer of encryption to your emails. Basically, PGP generates a public and private encryption key and ties it to your email address. You publish the public key for everyone to see and keep the private key to yourself.

Anyone who wants to send you a confidential message will encrypt it with your public key before sending it to you. Only your private key will be able to decrypt the message, and as long as you keep it safe, you can rest assured that only you will be able to read those messages. This means that even the owner of the server where your emails are stored wont be able to read them.

There are a handful of free PGP tools such as Mailvelope, which work with all major webmail clients such as Gmail and Hotmail, and will get you started with encryption in a couple of easy steps.

Of course, if you want your outgoing messages to be encrypted as well, the recipient needs to have a PGP key too, so youll have to convince your friends to set up PGP accounts.

An alternative to PGP is using an end-to-end encrypted mail service such as ProtonMail or LavaBit. End-to-end encryption makes sure that anything that gets stored in your account is only viewable by you, the person who holds the key. No surveillance or massive databreach will give access to the content of your emails.

The same threats that can out your emails apply to the files you store in cloud services such as Google Drive and Dropbox. Even the biggest services you entrust with your files can get hacked, and the sensitive files youve stored in the cloud can fall into the wrong hands.

The most basic choice is to protect your files with a compression tool that supports encryption and password protection features, like zip, before storing them in your cloud server.

In case you find it too cumbersome to manually encrypt and decrypt your files, you can use tools such as Boxcryptor or Whisply, which integrate with most popular cloud services and add an easy-to-use layer of encryption.

Another alternative is to use an encrypted storage service such as SpiderOak One, Tresorit or Cryptobox, which have end-to-end encryption incorporated into their service. This means only you and whomever you share your files with will have access to the contents.

Messaging apps are perhaps the most popular applications we use on our phones. But theyre not all equally secure. Some applications will encrypt your messages in transition, but not in storage, which means your data can become exposed in case of data breaches or compromised accounts.

The most secure messaging apps are those that have end-to-end encryption features, making messages exclusively visible to the parties taking part in a conversation. Weve discussed how to evaluate messaging apps in terms of security here on The Next Web before.

Some of the viable options include Open Whisper Systems Signal, WhatsApp and Wickr, which are end-to-end encrypted by default. Telegram and Facebook Messenger also have end-to-end encryption, though youll have to enable them manually.

You might also want check out this interesting project by two Canadian students, who are working to add strong encryption to a variety of web communication tools.

While you consider the security of your online data, you shouldnt forget about the devices you physically own. Your phone, laptop, memory cards and flash drives hold quite a lot of sensitive information.

Your smartphone in particular is very vulnerable. It has a lot of functionality, it holds your communication apps and sensitive information and pictures, among others. And you carry it everywhere with you, which means theres a greater chance you might lose it or get it stolen from you.

Fortunately, most desktop and mobile operating systems support full-disk encryption, a feature that will encrypt everything on your phone, computer or flash drive. By enabling full-disk encryption, youll protect your on-device data against physical theft. Good encryption cant be circumvented, even by device manufacturers or government agenciesat least not without spending a huge bunch of money.

Credit: Juan Buis / TNW

In iOS version 8 and later, device encryption is turned on by default if your device has a passcode. Newer Android devices also come with device encryption enabled out of the box, but with the variety of devices available out there, you might want to verify to make sure yours is encrypted.

For your laptops and removable media, depending on which operating system you have, there are always good encryption tools available. Windows has BitLocker, which can easily encrypt your hard drives or removable storage in a few easy clicks. The Mac OS has a native encryption tool as well, called FileVault.

Hackers have many ways to steal your information on the fly, especially if youre using a public WiFi network. In fact, your internet service provider too might be interested in having a look at your internet traffic.

Adding a layer of encryption to your internet traffic will make sure you enjoy full privacy while surfing the web. One of your viable options is to use a Virtual Private Network (VPN). VPN services encrypt all your traffic and redirect them through their own servers. All eavesdroppers will be able to see is a bunch on encrypted data being exchanged between you and your VPN service.

VPN services are available for both mobile devices and desktop computers.

To be fair, VPN is not a perfect solution. Your VPN provider will have full visibility over your non-HTTPS traffic. Free VPN services in particular have a tendency to use customer data for commercial purposes. But its much safer than letting hackers scrutinize your traffic.

Encryption is not a complete security solution and it doesnt obviate the need for basic security measures such as keeping your operating system and software up to date with the latest security patches. And dont forget that encryption is only as secure as you make it, which means you have to keep your keys secure.

But encryption is definitely one of your best friends in the hostile world of digital information, connected devices and online services. Encrypt your data, and stay safe out there.

Read next: 8 reasons why Berlin will outpace London as Europes Silicon Valley

Originally posted here:
You need to encrypt all your data. This is how it's done - TNW

The world has seen an exponential growth in internet usage. Today the internet is accessed not just through browsers, but also through mobile applications and internet-enabled smart devices which collect data. The data collected is then stored on servers which may either be in India, or abroad, locally or on the cloud, and may or may not be encrypted. In most cases, users remain unaware if such data is encrypted or not. For the uninitiated, "encryption" refers to the process of using an algorithm to transform information into a secret code, thereby ensuring it remains unreadable to unauthorised users.

The storage of data on servers has not been immune to cyber security breaches. In India, several incidents of servers being compromised have been reported in the past few months alone. For instance, it was reported in May this year that a popular restaurant search and discovery service had its servers compromised resulting in the personal data of 17 million users being stolen. It was also reported that an international fast-food chain's mobile application in India allegedly exposed personal information of its 2.2 million users. India's newspapers have also carried reports in relation to personal details contained in the Aadhaar cards of citizens being stolen.

Although encryption has been widely debated in the Indian context, India currently does not have a dedicated legislation on encryption technology. Section 84A of the Information Technology Act, 2000 (IT Act) provides that the "Central Government may, forsecure use of the electronic medium and for promotion of e-governance and e-commerce, prescribe the modes or methods of encryption." The Information Technology (Certifying Authorities) Rules, 2000 (IT Rules) sets out the standards of encryption for digital signatures. India's central bank, the Reserve Bank of India (RBI), has mandated a minimum standard of SSL (Secure Sockets Layer) of 128 bits encryption. These minimum standards need to be used for conducting all digital financial transactions, securing passwords and connection between computer servers and browsers. In 2015, the central government had published a draft National Policy on Encryption. However, this was withdrawn shortly thereafter due to criticism from users, advocacy groups and the information technology sector.

Though there is a provision for a regulatory framework in India in relation to encryption technologies, there are no minimum standards for encryption across technologies and platforms. While there is no guarantee that a device or a server which uses the highest standard of encryption is impenetrable to a cyber attack, the risk of personal information becoming public is reduced considerably. There is an urgent need for the government of India to provide for a comprehensive policy framework if it wants to promote its "Digital India" initiative. A galloping India cannot afford to remain behind in terms of adopting the globally established best practices in encryption. In the interim, and until such time as regulatory policies are formulated, each company needs to individually ensure that it has strong encryption protocols in place to protect itself, its employees and its users from cyber security breaches.

Rafael Nadal's 10 French Open Titles

View original post here:
Why India Urgently Needs A Strong Encryption Law - Huffington Post India

Major internetadvocacyorganisations such as InternetNZ are asking government officials to defend strong encryption and encryption technologies.

A Five Eyes ministerial meeting was held in Canada last week, in which encryption and major law changes surrounding the topic were in the spotlight.

InternetNZ, the Australian Privacy Foundation, CryptoAustralia, Amnesty International, OpenMedia, NEXTLEAP and alongside 78 other representatives and people from the Five Eyes nations (New Zealand, Australia, Canada, the UK and the US), submitted a joint letter to government officials asking for better transparency.

"We ask you to protect the security of your citizens, your economies, and your governments by supporting the development and use of secure communications tools and technologies, by rejecting policies that would prevent or undermine the use of strong encryption, and by urging other world leaders to do the same," the letter says.

In the joint letter, 83 groups and individuals from the Five Eyes countries wrote "we call on you to respect the right to use and develop strong encryption." Signatories also urged the members of the ministerial meeting to commit to allowing public participation in any future discussions.

According to InternetNZ deputy chief executive Andrew Cushen, the Five Eyes group can affect every single internet user and business worldwide, changing the way we use the internet entirely.

"This encryption debate is playing out all over the world. Some people realise the privacy and security benefits encryption technologies allow and others only see encryption as a tool allowing bad people to do bad things. The fact is that encryption protects everyone's security and privacy and is a vital part of how the Internet works for us all," he says.

He believes that the implications for law enforcement and national security surrounding encryption are legitimate, but there are ways around it.

"That also means it's used by criminals and terrorists. This creates public safety risks and is the reason these debates are happening by officials across the world," he says.

InternetNZ says it firmly believes that encryption is critical to improving online security, but the Five Eyes meetings may be detrimental if they start considering law changes that reduce its effectiveness.

An example of this would be building backdoors into encryption, which would allow authorities to decrypt information 'in certain circumstances'.

The joint letter says that these processes are shortsighted and counterproductive.

"Leaders must not lose sight of the fact that even if measures to restrict access to strong encryption are adopted within Five Eyes countries, criminals, terrorists, and malicious government adversaries will simply switch to tools crafted in foreign jurisdictions or accessed through black markets," it says.

That sentiment is echoed by the chairperson for the New Zealand Council for Civil Liberties, Thomas Beagle.

"We increasingly rely on a secure Internet for work, personal relationships, commerce, and politics. While we support justifiable lawful intercept with appropriate oversight, we don't think we should be seriously weakening the security of the Internet to achieve it. Attempts to weaken encryption will do more damage to our society and our freedom than the possible threats it's meant to be protecting us from."

The letter asks that:

Governments should not ban or otherwise limit user access to encryption in any form or otherwise prohibit the implementation or use of encryption by grade or type;

Governments should not mandate the design or implementation of backdoors or vulnerabilities into tools, technologies, or services;

Governments should not require that tools, technologies, or services are designed or developed to allow for thirdparty access to unencrypted data or encryption keys;

Governments should not seek to weaken or undermine encryption standards or intentionally influence the establishment of encryption standards except to promote a higher level of information security. No government should mandate insecure encryption algorithms, standards, tools, or technologies; and

Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets.

Strong encryption and the secure tools and systems that rely on it are critical to improving cybersecurity, fostering the digital economy, and protecting users. Our continued ability to leverage the internet for global growth and prosperity and as a tool for organizers and activists requires the ability and the right to communicate privately and securely through trustworthy networks.

Here is the original post:
Encryption with backdoors? Internet advocates call out Five Eyes leaders for 'shortsighted' tactics - SecurityBrief NZ

More than 80 different organisations and individuals from 'Five Eyes' countries are calling for strong encryption in order to protect online privacy and security.

Photo: 123rf

One of the groups involved, Internet NZ, said a ministerial meeting was held in Canada earlier this week between the Five Eyes countries, which include New Zealand, about potential law changes to encryption.

Its deputy chief executive Andrew Cushen said the group has signed an open letter asking government officials to defend strong encryption because it was vital for everyday life, such as through bank transactions and online messages.

He said possible law changes might allow back doors to be built in encryption for officials to look into private information to prevent or stop terrorist threats.

Mr Cushen said while that was important, others could also exploit those backdoors for their own purposes.

"If you want to build some way that people can get in and have a look, but only the good guys, then how can you actually prevent the bad guys from getting in and having a look too?"

The 'Five Eyes' refer to an alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States.

Meanwhile, the American government has warned industrial firms about a hacking campaign targeting the nuclear and energy sectors.

It comes during a week of heavy hacking activity and highlights the power industry's vulnerability to cyber attacks.

Acording to a joint report from the Department of Homeland Security and the FBI, hackers have used tainted "phishing" emails to "harvest credentials" to gain access to the networks of their targets snce at least May.

A virus dubbed "NotPetya" this week spread from initial infections in Ukraine to businesses around the globe.

It encrypted data on infected machines, rendering them inoperable and disrupting activity at ports, law firms and factories.

And the energy-industry news site E&E News report that US investigators were looking into cyber intrusions this year at multiple nuclear power generators.

Go here to read the rest:
Calls for strong encryption in 'Five Eyes' countries - Radio New Zealand