Amin Yusifov/Getty Images

When law enforcement argues it needs a backdoor into encryption services, the counterargument has typically been that it would be impossible to limit such access to one person or organization. If you leave a key under the doormat, a seminal 2015 paper argues , a burglar eventually finds it. And now recent events suggest an even simpler rebuttal: Why entrust a key to someone who gets robbed frequently?

This aptly describe US intelligence services of late. In March, WikiLeaks released nearly 9,000 documents exposing the CIAs hacking arsenal. More so-called Vault 7 secrets trickled out as recently as this week. And then theres the mysterious group or individual known as the Shadow Brokers, which began sharing purported NSA secrets last fall. April 14 marked its biggest drop yet, a suite of hacking tools that target Windows PCs and servers to devastating effect.

The fallout from the Shadow Brokers has proven more concrete than that of Vault 7; one of its leaked exploits, EternalBlue, facilitated last months WannaCry ransomware meltdown. A few weeks later, EternalBlue and two other pilfered NSA tools helped advance the spread of Petya , a ransomware outbreak that looks more and more like an act of cyberwar against Ukraine .

Petya would have caused damage absent EternalBlue, and the Vault 7 dump hasnt yet resulted in a high-profile hack. But that all of this has fallen into public hands shifts the nature of the encryption debate from hypothetical concern that someone could reverse-engineer a backdoor to acute awareness that someone could just steal it. In fact, it should end any debate all together.

The government asking for backdoor access to our assets is ridiculous, says Jake Williams, founder of Rendition Infosec, if they can't first secure their own classified hacking tools.

If you think about the encryption debate at all, its likely in the context of the 2016 showdown between the FBI and Apple. The former wanted access to San Bernardino shooter Syed Rizwan Farooks locked iPhone; the latter argued that writing special code to break its own security measures would set a dangerous precedent.

That case ended in something like a draw. The FBI paid an outside company to break into the iPhone, quitting the court case before either side got a definitive ruling.

'The government asking for backdoor access to our assets is ridiculous.' Jake Williams, Rendition Infosec

Apple facing off against the FBI was certainly high profile, but it only amounted to one skirmish in a long-fought encryption war. In the wake of the March terrorist attack by Khalid Masood outside the British parliament, UK home secretary Amber Rudd called for police and intelligence agencies to have access to encrypted messaging services like WhatsApp. British prime minister Theresa May struck a similar chord following a terror attack in London earlier this month.

In fact, you neednt look even that far back to see encryption under duress. Five Eyes, the intelligence-sharing alliance of the US, UK, Canada, Australia, and New Zealand, met just this week to discuss their national security priorities. We committed to develop our engagement with communications and technology companies to explore shared solutions while upholding cybersecurity and individual rights and freedoms, the group wrote Tuesday morning, pushing for an encryption compromise that does not technologically exist.

A few hours later, reports began to emerge that Petya was wending its way through networks around the world, thanks in part to exploits that the NSA failed to secure.

I think Vault 7 and Shadow Brokers illustrate the challenges that even intelligence agencies have in securing extremely sensitive information, says Andrew Crocker, staff attorney with the Electronic Frontier Foundation. And its hard to think of information that would be more sensitive than special access to the worlds encryption protocols.

The intelligence communitys apparent inability to keep its secrets appears bad enough on its face. But remember that Vault 7 and Shadow Brokers are simply the thefts that have gone public.

It hints at a much larger problem of nation-states probably taking these exploits from each other and sitting on them, to analyze them and use them defensively, says Drew Mitnick, policy counsel at digital rights group Access Now. If there were an encryption backdoor tool that was compromised by nation-states, we might not know. It might not become public in the way these recent attacks did.

It would certainly provide a high-profile target. Any sort of publicized encryption backdoormandated, say, through legislationwould draw the immediate attention of foreign powers, bad actors, and basically any hacker looking for the keys to kingdoms that are, in some cases, billions of users strong. If they acquired them, well, game over.

Emily Dreyfuss

Blaming the Internet For Terrorism Misses The Point

Kate Krauss

Time for Journalists to Encrypt Everything

Brian Barrett

The Apple-FBI Fight Isn't About Privacy vs. Security. Don't Be Misled

The dangers posed by leak or theft of keys used in a key escrow system, for example, are potentially catastrophic, says Crocker, referring to a potential method by which the government could access an encryption backdoor.

If a hacker were to compromise a significant encryption platform, we could see something much worse than the WannaCry ransomware attack, says Mitnick. WannaCry froze up hundreds of thousands of computers; WhatsApp, which uses Open Whisper Systems Signal Protocol, has well over a billion users with default, end-to-end encrypted chat. The implications come into even sharper relief when you consider countries where access to encrypted chat provides the best defense against oppressive regimes.

The NSA and the CIAs recent misadventures in securing their wares is just one among many points in favor of encryption. After months of spy agency tools gone rogue, though, the only argument needed should be a lesson you probably learned in junior high: Dont share secrets with people who cant keep them.

See the article here:
The Encryption Debate Should End Right Now - WIRED

To: Senator the Hon. George Brandis Attorney General of Australi

Hon. Christopher Finlayson Attorney General of New Zealand

Hon. Ralph Goodale Minister of Public Safety and Emergency Preparedness of Canada

Hon. John Kelly United States Secretary of Homeland Security

Rt. Hon. Amber Rudd Secretary of State for the Home Department, United Kingdom

CC: Hon. Peter Dutton, Minister for Immigration and Border Protection, Australia;

Hon. Ahmed Hussen, Minister of Immigration, Refugees, and Citizenship, Canada;

Hon. Jeff Sessions, Attorney General for the United States;

Hon. Jody Wilson-Raybould, Minister of Justice and Attorney General, Canada;

Hon. Michael Woodhouse, Minister of Immigration, New Zealand

To Ministers Responsible for the Five Eyes Security Community

In light of public reports about this weeks meeting between officials from your agencies, the undersigned individuals and organizations write to emphasize the importance of national policies that encourage and facilitate the development and use of strong encryption. We call on you to respect the right to use and develop strong encryption and commit to pursuing any additional dialogue in a transparent forum with meaningful public participation.

This weeks Five Eyes meeting (comprised of Ministers from the United States, United Kingdom, New Zealand, Canada, and Australia) discussed plans to press technology firms to share encrypted data with security agencies and hopes to achieve a common position on the extent of ... legally imposed obligations on device-makers and social media companies to co-operate.[1] In a Joint Communiqu following the meeting, participants committed to exploring shared solutions to the perceived impediment posed by encryption to investigative objectives.[2]

While the challenges of modern day security are real, such proposals threaten the integrity and security of general purpose communications tools relied upon by international commerce, the free press, governments, human rights advocates, and individuals around the world.

Last year, many of us joined several hundred leading civil society organizations, companies, and prominent individuals calling on world leaders to protect the development of strong cryptography. This protection demands an unequivocal rejection of laws, policies, or other mandates or practicesincluding secret agreements with companiesthat limit access to or undermine encryption and other secure communications tools and technologies.[3]

Today, we reiterate that call with renewed urgency. We ask you to protect the security of your citizens, your economies, and your governments by supporting the development and use of secure communications tools and technologies, by rejecting policies that would prevent or undermine the use of strong encryption, and by urging other world leaders to do the same.

Attempts to engineer backdoors or other deliberate weaknesses into commercially available encryption software, to require that companies preserve the ability to decrypt user data, or to force service providers to design communications tools in ways that allow government interception are both shortsighted and counterproductive. The reality is that there will always be some data sets that are relatively secure from state access. On the other hand, leaders must not lose sight of the fact that even if measures to restrict access to strong encryption are adopted within Five Eyes countries, criminals, terrorists, and malicious government adversaries will simply switch to tools crafted in foreign jurisdictions or accessed through black markets.[4] Meanwhile, innocent individuals will be exposed to needless risk.[5] Law-abiding companies and government agencies will also suffer serious consequences.[6] Ultimately, while legally discouraging encryption might make some useful data available in some instances, it has by no means been established that such steps are necessary or appropriate to achieve modern intelligence objectives.

Notably, government entities around the world, including Europol and representatives in the U.S. Congress, have started to recognize the benefits of encryption and the futility of mandates that would undermine it.[7]

We urge you, as leaders in the global community, to remember that encryption is a critical tool of general use. It is neither the cause nor the enabler of crime or terrorism. As a technology, encryption does far more good than harm. We therefore ask you to prioritize the safety and security of individuals by working to strengthen the integrity of communications and systems. As an initial step we ask that you continue any engagement on this topic in a multi-stakeholder forum that promotes public participation and affirms the protection of human rights.

We look forward to working together toward a more secure future.

Sincerely, 83 civil society organizations and eminent individuals (Listed Below)

Access Now

Advocacy for Principled Action in Government

Amnesty International

Amnesty UK

ARTICLE 19

Australian Privacy Foundation

Big Brother Watch

Blueprint for Free Speech

British Columbia Civil Liberties Association (BCCLA)

Canadian Civil Liberties Association (CCLA)

Canadian Journalists for Free Expression (CJFE)

Center for Democracy and Techology

Centre for Free Expression, Ryerson University

Chaos Computer Club (CCC)

Constitutional Alliance

Consumer Action

CryptoAustralia

Crypto.Quebec

Defending Rights and Dissent

Demand Progress

Digital Rights Watch

Electronic Frontier Foundation

Electronic Frontiers Australia

Electronic Privacy Information Center

Engine

Equalit.ie

Freedom of the Press Foundation

Friends of Privacy USA

Future Wise

Government Accountability Project

Human Rights Watch

i2Coalition

Index on Censorship

International Civil Liberties Monitoring Group (ICLMG)

Internet NZ

Liberty

Liberty Coalition

Liberty Victoria

Library Freedom Project

My Private Network

New Americas Open Technology Institute

NZ Council for Civil Liberties

OpenMedia

Open Rights Group (ORG)

NEXTLEAP

Niskanen Center

Patient Privacy Rights

PEN International

Privacy International

Privacy Times

Private Internet Access

Restore the Fourth

Reporters Without Borders

Rights Watch (UK)

Riseup Networks

R Street Institute

Samuelson-Glushko Canadian Internet Policy & Public Interest

Clinic (CIPPIC)

Scottish PEN

Subgraph

Sunlight Foundation

TechFreedom

Tech Liberty

The Tor Project

Voices-Voix

World Privacy Forum

Brian Behlendorf | Executive Director, Hyperledger, at the Linux Foundation

Dr. Paul Bernal | Lecturer in IT, IP and Media Law, UEA Law School

Owen Blacker | Founder and director, Open Rights Group; founder, NO2ID

Thorsten Busch | Lecturer & Senior Research Fellow, University of St. Gallen

Gabriella Coleman | Wolfe Chair in Scientific and Technological Literacy at McGill University

Sasha Costanza-Chock | Associate Professor of Civic Media, MIT

Dave Cox | CEO, Liquid VPN

Ron Deibert | The Citizen Lab, Munk School of Global Affairs

Nathan Freitas | Guardian Project

Dan Gillmor | Professor of Practice, Walter Cronkite School of

Follow this link:
Joint Letter to Five Eyes Intelligence Agencies Regarding Encryption - Human Rights Watch (press release)

This week, the political heads of the intelligence services of Canada, New Zealand, Australia, the United Kingdom, and the United States (the "Five Eyes" alliance) met in Ottawa. The Australian delegation entered the meeting saying publicly that they intended to "thwart the encryption of terrorist messaging." The final communiqu states more diplomatically that "Ministers and Attorneys General [...] noted that encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism. To address these issues, we committed to develop our engagement with communications and technology companies to explore shared solutions."

What might their plan be? Is this yet another attempt to ban encryption? A combined effort to compel ISPs and Internet companies to weaken their secure products? At least one leader of a Five Eyes nation has been talking recently about increasing international engagement with technology companies with a list of laws in her back pocket that are already capable of subverting encryption, and the entire basis of user trust in the Internet.

Exporting Britain's Surveillance Regime

Before she was elevated to the role of Prime Minister by the fallout from Brexit, Theresa May was the author of the UK's Investigatory Powers bill, which spelled out the UK's plans for mass surveillance in a post-Snowden world.

At the unveiling of the bill in 2015, May's officials performed the traditional dance: they stated that they would be looking at controls on encryption, and then stating definitively that their new proposals included "no backdoors".

Sure enough, the word "encryption" does not appear in the Investigatory Powers Act (IPA). That's because it is written so broadly it doesn't need to.

We've covered the IPA before at EFF, but it's worth re-emphasizing some of the powers it grants the British government.

These capabilities alone already go far beyond the Nineties' dreams of a blanket ban on crypto. Under the IPA, the UK claims the theoretical ability to order a company like Apple or Facebook to remove secure communication features from their productswhile being simultaneously prohibited from telling the public about it.

Companies could be prohibited from fixing existing vulnerabilities, or required to introduce new ones in forthcoming products. Even incidental users of communication tech could be commandeered to become spies in her Majesty's Secret Service: those same powers also allow the UK to, say, instruct a chain of coffee shops to use its free WiFi service to deploy British malware on its customers. (And, yes, coffee shops are given by officials as a valid example of a "communications service provider.")

Wouldn't companies push back against such demands? Possibly: but it's a much harder fight to win if it's not just the UK making the demand, but an international coalition of governments putting pressure on them to obey the same powers. This, it seems is what May's government wants next.

The Lowest Common Privacy Denominator

Since the IPA passed, May has repeatedly declared her intent to create a an international agreement on "regulating cyberspace". The difficulty of enforcing many of the theoretical powers of the IPA makes this particularly pressing.

The IPA includes language that makes it clear that the UK expects foreign companies to comply with its secret warrants. Realistically, it's far harder for UK law enforcement to get non-UK technology companies to act as their personal hacking teams. That's one reason why May's government has talked up the IPA as a "global gold standard" for surveillance, and one that they hope other countries will adopt.

In venues like the Five Eyes meeting, we can expect Britain to advocate for others to adopt IPA-like powers. In that, they will be certainly be joined by Australia, whose Prime Minister Malcolm Turnbull recently complained in the Australian Parliament that so many tech companies "are based in the United States where a strong libertarian tradition resists Government access to private communications, as the FBI found when Apple would not help unlock the iPhone of the dead San Bernardino terrorist." Turnbull, it seems, would be happy to adopt the compulsory compliance model of the United Kingdom (as would, he implied at the time of the Apple case, would President Trump).

In the meantime, the British authorities can encourage an intermediary step: other governments may be more likely to offer support for a IPA regime if Britain offers to share the results of its new powers with them.

Such information-sharing agreements are the raison d'tre of the Five Eyes alliance, which began as a program to co-ordinate intelligence operations between the Anglo-American countries. That the debate over encryption is now taking place in a forum originally dedicated to intelligence matters is an indicator that the states still see extracting private communications as an intelligence matter.

But hacking and the subversion of tech companies isn't just for spies anymore. The British Act explicitly granted these abilities to conduct "equipment interference" to more than just GCHQ and Britain's other intelligence agencies. Hacking and secret warrants can now be used by, among others, the civilian police force, inland revenue and border controls. The secrecy and dirty tricks that used to be reserved for fighting agents of foreign powers is now available for use against a wide range of potential suspects.

With the Investigatory Powers Bill, the United Kingdom is now a country empowered with a blunt tools of surveillance that have no comparison in U.S. or any other countries' law. But, along with its Five Eyes partners, it is also seen as a moderate, liberal democracy, able to be trusted with access and sharing of confidential data. Similarly, Australia is one of the few countries in the world (and the only one of the Five) to legally compel ISPs to log data on their users. Canada conducts the same meta-data surveillance projects as the United States; New Zealand contributes its mass surveillance data to the shared XKEYSCORE project.

While such data-sharing may be business as usual for the Cold War spies, the risk of such unchecked co-operation have been barely considered by the judicial and legislative branches.

In the world of law enforcement, the UK has for the last year conducted a sustained lobbying campaign in the United States Congress to grant its police forces fast-track access to American tech companies' communications data. The UK would be permitted to seize the contents of Google, Facebook and other companies' customers' inboxes without a U.S. court warrant. In return, the U.S. would gain a reciprocal capability over data held in the U.K.

The danger is that, by forging broad agreements between these five countries, all will end up taking advantage of the lowest privacy standards of each. The United Kingdom will become the source of data obtained through the Investigatory Powers Bill; the United States will launder data taken from UPSTREAM and other programs through the United Kingdom's legal system, and so on.

Secret "Five Eyes" is not the venue for deciding on the future of global surveillance. Intelligence agencies and their secret alliances are no model for oversight and control of the much broader surveillance now being conducted on billions of innocent users of the public Internet. The Investigatory Powers Bill is no "gold standard. Britain's radical new powers shouldn't be exported via the Five Eyes, either through law, or through data-sharing agreements conducted without judicial or legislative oversight.

Link:
Five Eyes Unlimited: What A Global Anti-Encryption Regime Could ... - EFF

As I have been writing in my articles since I started at TechGenix, I have tried to hammer home the dangers of government threats to encryption. Countless times in the post-9/11 era we have seen privacy overreach from nation-states against international citizens and governments, as well as reprehensible invasive actions against their own citizens. Especially here in the United States, security professionals have had to deal with federal agencies like the FBI assaulting encryption standards. Such examples include the FBI attempting to force Apple into giving a master key to the iPhone of San Bernardino shooter Syed Farook, as well as the NSA attacking Ciscoservers with a zero-day that allowed mass spying and data collection.

There have been government representatives of various types that have occasionally spoken out against these practices, but nothing quite like what the European Parliament has just done. As reported in The Hacker News, The Civil Liberties, Justice and Home Affairs Committee of the European Parliament has released a proposal to strengthen global encryption, at least in the EU, by banning government backdoors and enforcing a standard of end-to-end encryption. All of this is to protect the privacy rights of EU citizens, and, perhaps, set a precedent for other world governments to follow suit.

As the proposal reads:

Pursuant to Article 8(1) of the Charter and Article 16(1) of the Treaty on the Functioning of the European Union,everyone has the right to the protection of personal data concerning him or her. Regulation (EU) 2016/679 lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. Electronic communications data may include personal data as defined in Regulation (EU)

From this legal basis, the Committee strongly states that:

When encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.

This is an amazing step forward, but it is not without its issues. As Mohit Kumar states in the previously cited Hacker News article, most major tech companies that have clout in the encryption game are under U.S. law. U.S. officials have made no major effort, either from Democrats or Republicans, to truly fight against the assault that encryption has faced from the government in the public and private sector. Silicon Valley has often been complicit in helping the Feds weaken encryption standards, and as InfoSec experts we have tried and failed so far to fight this effectively.

Perhaps this is the start of something better.

Photo credit: Wikimedia

Post Views: 59

TechGenix Security Privacy European Parliament seeks to stop government encryption backdoors

Original post:
European Parliament seeks to stop government encryption backdoors - TechGenix (blog)

Australias latest call for creating the means to combat terrorism comes hot on the heels of UK Prime Minister Theresa Mays plea for internet companies to weaken encryption and allow backdoor access. Australian officials have now seemingly joined hands with the UK, one of its Five Eyes cohorts, in this effort.

The Five Eyes nations are comprised of Australia, New Zealand, Canada, the US, and the UK. They cooperate closely on intelligence matters and information sharing. With the convening of the Five Eyes conference in Ottawa on the horizon, Australia joins the UK in calling for thwarting the encryption of terrorist messaging.

Internet companies and privacy advocates alike fear that with these two influential members so firmly in the weakening column, others in the group will soon fall into line in the push against strong encryption. This is despite the EU going in the opposite direction. It is as if the EU and the Five Eyes nations are on a collision course, which will only spell trouble for individuals and the internet industry.

These two countries are not alone, however, as the United States FBI has warned repeatedly in the past that impregnable encryption raises the specter of going dark. That posture, along with a national, security-conscious, Republican-controlled Congress, and a President who has signaled willingness to go along with the notion, suggests that the US will cooperate (if indeed not spearhead) the effort to bring internet companies to heel on the issue of encryption.

In doing so, they are tone-deaf to the argument that a weakening of encryption for governments also invites terrorists in the backdoors.

In the point-positions for Australia are its Attorney General, George Brandis, and the countrys top immigration official, Peter Dutton. Brandis remarked,

As Australias priority issue, I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption. These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies.

So, increased cooperation among the Five Eyes folks looks to be in the offing.Urging immediate action on the subject of encryption, Brandis noted his reason for urgency:

Within a short number of years, effectively, 100 per cent of communications are going to use encryption. This problem is going to degrade if not destroy our capacity to gather and act upon intelligence unless its addressed.

In the US, James Clapper, the former Director of National Intelligence, appealed to Silicon Valley in what amounts to a plea to address the encryption versus national security issue. He expressed hope that the tech industry could, with its tremendous resources, creativity, and ingenuity, figure out a way to allow government access to communications, while at the same time allowing privacy to prevail.

In March 2016, citingvarious security experts, comedian John Oliverlikened this figure it out approach to being analogous to walking on the sun in other words, impossible.

Thus the situation is presently akin to a Mexican Standoff. Each side is waiting for the other to make the next move or at least blink. The more optimistic folks out there hope that a compromise can somehow be achieved. Some in law enforcement suggest access be allowed in limited, narrow circumstances.

However, even that is perilous, given the leaking sieve that is Washington today, where law enforcement is ensconced. Somehow, criminals and terrorists not to mention corporate advertising interests would find a way in, too.

The EU collectively among the worlds biggest economies is poised to legislate in favor of strong encryption and no backdoors. This is likely to make it more difficult for countries to adopt a cogent strategy that the tech industry would find appealing or compelling. They have consumers worldwide to placate, and an untold market share to protect.

Read more:
Australia Is Latest Country to Come Out for Weaker Encryption ... - BestVPN.com (blog)

I must say I totally agree with Chief Mark Puglieses decision to ask the county commissioners to allow the county police forces to be able to encrypt their radio transmissions (Police to encrypt dispatches from incident scenes, June 28). When I was on the job, we had what was called a scramble capability, which allowed us to communicate with each other without the general public being able to hear our transmissions. Oftentimes, this didnt work, and we couldnt even talk with each other.

However, back then you didnt really have a lot of people the media included with access to our transmissions. With todays technology, criminals are able to keep abreast with the locations and transmissions of the police. Some might argue that can be avoided by police using cellphones and computers to communicate, but the majority of the time, that is just not feasible.

Imagine a police officer responding to an emergency call and using the cellphone or looking at the computer to receive updated information. Then that officer being involved in an accident because they were on the cellphone or looking at their computer. This has the potential for a lawsuit that could end up costing the taxpayers millions of dollars.

Also, transmitting a persons name, date of birth and Social Security number over the radio has the potential for identity theft. Im sure members of the media wouldnt want their personal information broadcast for everyone to hear. Encrypting radio transmissions would increase the safety of the police, victims and potential witnesses. To me, this greatly outweighs the need for the media to know what the police are doing at every moment.

Follow this link:
Police encryption should be allowed - LancasterOnline

In this case, AMD's Rzyen PRO desktop chips are tweaked versions of the company's consumer-based Ryzen processors, with the PRO parts taking aim at Intel's vPro lineup. What really makes the PRO processors stand out from regular Ryzen chips is the focus on integrated security and encryption features. We will get to those features in a moment, but first let's take a look at the full lineup.

What enterprise customers should take away from this is that AMD is providing a full range of solutions based on use case and budget. And not to dwell on the Ryzen 3 PRO, but its worth noting that Intel does not make any vPro-enabled Core i3 processors. With that in mind, AMD is poised to capitalize in a market segment that Intel essentially oversteps.

AMD also backs its Ryzen PRO processors with a 36-month warranty. That is three times as long as the consumer variants, which come with a 12-month backing. So not only are business clients buying processors cut from the highest yields, they're also getting an extended warranty from AMD.

For management duties, Ryzen PRO platforms support DASH (Desktop and Mobile Architecture for System Hardware). This is essentially a remote management protocol, one that has been supported by AMD for several years.

AMD has a white paper (PDF) that explains its memory encryption, but what it boils down to is a powerful architectural feature that allows for main memory encryption for an operating system or hypervisor. In this way, customers are protected against physical hardware attacks, and in some cases they're even protected from rogue administrators. And the importance of memory encryption can't be overstated for NVDIMMs, which store data even when powered down.

Ryzen PRO also incorporates Secure Encrypted Virtualization (SEV) support. This integrates main memory encryption capabilities with the existing AMD-V virtualization architecture to support encrypted virtual machines. How this benefits clients is that it keeps them protected both from physical threats and other virtual machines, or even the hypervisor itself. With malware strains such as WannaCry demonstrating the ability to worm their way through networks, this is a big deal for customers.

"Today marks another important step in our journey to bring innovation and excitement back to the PC industry: the launch of our Ryzen PRO desktop CPUs that will bring disruptive levels of performance to the premium commercial market," said Jim Anderson, senior vice president and general manager, Computing and Graphics Group, AMD. "Offering a significant leap in generational performance, leadership multi-threaded performance, and the first-ever 8-core,16-thread CPU for commercial-grade PCs, Ryzen PRO provides a portfolio of technology choices that meet the evolving needs of businesses today and tomorrow."

AMD says that commercial client desktops with Ryzen PRO inside will start shipping to businesses in the second half of this year, followed by a Ryzen PRO mobile launch in the first half of 2018.

Link:
AMD Ryzen PRO Family Announced With On-Chip Memory And Virtualization Encryption Engine - Hot Hardware

Five Eyes nations' ministers and attorney-generals have committed to develop our engagement with communications and technology companies to explore shared solutions around the encrypted content of communications sent by criminals.

This will be done while upholding cybersecurity and individual rights and freedoms a joint communique issued following two days of talksin Ottawa, Canadanoted.

Despite being a key topic for the Australian government in recent weeks spoken about by Prime Minister Malcolm Turnbull in his security statement to the House of Representative earlier this month, and in numerous TV and radio interviews by Brandis it appears cracking encryption may be less of a priority for the other Five Eyes member nations (the US, UK, New Zealand and Canada).

It was mentioned in just two sentences in the official communique, coming at the very end of the description of topics discussed.

In a press release following the meeting, New Zealand Attorney-General Christopher Finlayson made no mention of the discussion around encryption. The UK governments press release about the meeting focused on urging internet providers to remove terrorist contentonline and made no mention of encryption.

A release from US Attorney Jeff Sessions following the meeting noted that encryption had been a topic of discussion, but was concentrated on preventing radicalisation and human trafficking.

The Canadian government had made no official statement beyond the communique at the time of publication.

Not about creating backdoors

Speaking on ABCs RN Breakfast on Wednesday, Brandis said the nations had agreed to engage with ISPs and device makers to ensure that we secure from them the greatest possible level of cooperation but denied this amounted to forcing them to build backdoors into their products.

What we need is to develop, and what we'll be asking the device makers and the ISPs to agree to, is a series of protocols as to the circumstances to which they will be able to provide voluntary assistance to law enforcement, he said.

We're not specifically asking them to do that [build in backdoors] and its not as simple as that, he added.

Brandis reassurances around backdoors echoes those made by Prime Minister Malcolm Turnbull earlier this month.

This is not about creating or exploiting back doors, as some privacy advocates continue to say, despite constant reassurance from us, Turnbullsaid. It is about collaboration with and assistance from industry in the pursuit of public safety.

Voluntary solutions

Encrypted communications represent a challenge for governments hoping to thwart terrorist plots and criminals, the communique noted.

Ministers and Attorneys General also noted that encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism, it read.

It is unclear how the Australian government expects ISPs and device-makers to assist in investigations and provide access to encrypted communications without building backdoors into their products.

Brandis said the government will be meeting with the private sector in the coming months to discuss options.

We want to engage with the private sector, to achieve a set of voluntary solutions, he told the ABC.

Brandis said he did not want to resort to the coercive powers which had been legislated by the UK and New Zealand.

Late last year the UK introduced its Investigatory Powers Act,which allows the government to compel communications providers to remove electronic protection appliedto any communications or data.

The governments power to force the removal of encryption, the legislation notes, must be reasonable and practicable; caveats that are yet to be tested.

The so-called Snoopers Charter passed into law in December, but isbeing hamperedby the European Court of Justice which deemed it unlawful.

Error: Please check your email address.

Tags backdoorPrime Minister Malcolm TurnbulldecrytionFive eyessecurityForeign policyencryptioncyberAttorney-General George Brandisexploits and vulnerabilities

More about Attorney-General

See the rest here:
Encryption cracking campaign receives lacklustre support from Five Eyes - Computerworld Australia

DOUG DAVIS

In yet another attempted power grab from the globalist deep state, top Australian officials are beating on the terrorism drum again, claiming that the weakening of standard consumer encryption is necessary for the safety of western society. U.S. law enforcement has been beating this dead horse for decades, and it is still as bad an idea today as ever.

Encryption is a system whereby two people communicating via electronic media can encode messages mathematically so that only the intended parties can read it. Because hacking various internet traffic has become commonplace, encryption is one of the few means available to individuals to protect the content of their communications from prying eyes. As such, it is becoming more popular, and various products such as Signal, Wickr, and WhatsApp allow regular people to take advantage of encryption for their communications. Virtual Private Networks (VPNs) also use encryption as the basis of their privacy enhancing function, and allow users to surf the internet while hiding what theyre doing.

The Australian Attorney General and Minister for Immigration and Border Protection announced that they intend to thwart the encryption of terrorist messaging at the upcoming FIVEEYES conference in Ottawa next week. (FIVEEYES is an intelligence alliance between Australia, Canada, New Zealand, the United Kingdom, and the United States.) Senator Brandis, the Australian Attorney General, was quoted in an Australian Government press release as saying:

As Australias priority issue, I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption. These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies.

In short, Australia intends to push for an international agreement among FIVEEYES countries that will force software companies, social media providers, and communications hardware companies to install backdoors into their products. Another proposal they are considering pushing is a key-escrow system, whereby the government maintains a set of keys for all consumer encryption so that they can break any encrypted message sent over the internet.

The news matters to American citizens because as many leaks have shown in the last few years, the U.S. cooperates with other countries in the FIVEEYES alliance so that all of them can spy on each others citizens, then provide the host country with the information. That means that the UK, for example, can spy on Americans, then provide the U.S. intelligence community with the information they have collected on U.S. citizens allowing the U.S. government to collect information on its people that it should not possess. When Australia demands that governments be able to bypass encryption, Americans should pay attention, because it means that the U.S. government will benefit from it and the American people will lose.

Australias horrible idea has been brought up again and again, mostly by law enforcement in the United States, and goes back as far as the clipper chip, an early 1990s proposal which would have companies use a standardized encryption chip, for which the government would maintain keys. Disgraced former FBI Director James Comey also complained to Congress about the need for maintaining state accessible keys for consumer encryption as recently as 2015.

There are a few obvious issues with all this. First, terrorism is only a serious problem because of globalism. Sure, there are domestic terrorists, but the West didnt have a problem catching these criminals historically using standard law enforcement investigative techniques because domestic terrorism is infrequent, and when it happens, the FBI can focus large amounts of manpower on the group involved. International terrorism is a much bigger threat because regularly bombing people across the world makes a lot of enemies, so the risks grow exponentially. You can neutralize these threats in one of two ways. If you stop messing around in the internal affairs of other nations, you are less likely to make enemies. If you stop allowing terrorists to travel or immigrate to your country, they cant set off bombs on your streets or fly your planes into buildings. We could cut the international terrorism threat tomorrow by suspending all foreign visas and immigration, but we wont do that because it isnt in the interest of the State. They would prefer to spy on everyone.

Second, giving government back doors or master keys to encryption necessarily weakens the systems that people rely on to keep them safe from hackers. Governments are notoriously bad at protecting their data, as evidenced by the recent Wikipedia Vault 7 data dumps and NSA hacking tools which have been stolen and released into the wild. An encryption key repository would constantly be under attack and would some hacker would eventually compromise it. Every backdoor into a commonly used software package is eventually discovered and exploited by criminals.

Finally, the real issue is that Law Enforcement is spoiled. They envision the world where they just sit around and let software tell them what everyone is doing and saying, so they can decide who has broken the law, strap on their toys, and kick in doors. Western society, particularly the United States, wasnt designed to work like that. We have a community which balances the God-given liberties of individuals against the desires of the State. We require that law enforcement have reasonable articulable suspicion of criminality before inserting themselves into the lives of the citizenry, and Probable Cause before warrant or arrest is permissible.

Giving the State the ability to read everyones messages and internet traffic destroys liberty and the legal protections that our forefathers gave their lives to create. The truth is that the NSA has the means by which to crack all commonly used encryption, it is just expensive and time-consuming. By allowing the citizenry to use strong encryption, the balance between individual rights and the demands of the State are re-balanced. If another Unabomber arises, and the FBI needs to crack a suspects messages, they can get their warrant, collect the data, and the NSA can run it through their supercomputer farm in Utah. Or they can hire private consultants to crack the system in question as they did after the San Bernardino terrorist attack after insisting that only Apple could solve the problem.

Law enforcement is a hard job. The maintenance of liberty requires that it stay that way. If we allow statist officials from foreign lands who dont respect the individual to set our privacy policy, it wont be long before we lose what makes us uniquely American.

Doug lives on the West Coast and writes on law and liberty.

See the original post here:
Australia Wants Encryption Weakened, US Citizens Would Lose - Liberty Nation (registration) (blog)

By Thanksgiving, the public will no longer be able to listen in on police dispatches in Lancaster County.

County Commissioners on Tuesday directed Lancaster County-Wide Communications to encrypt police transmissions, blocking the public and media from hearing whats going on in the county.

Commissioners Dennis Stuckey and Joshua Parsons favored the move.

We live in a changed and changing world, Stuckey said. Gone are the days when you can talk to a 15- or 20-year veteran who says hes only had to pull his gun out twice.

We have to be cognizant of that. Whenever I hear that theres concern for the safety of police officers who put their lives on the line every day, I have to take that seriously.

Commissioner Craig Lehman said hes also concerned about police safety, but said officers may become further isolated from their communities if they decrease transparency.

He said police should compromise, encrypting public transmissions but giving news outlets access to those broadcasts.

Encryption wont affect fire and EMS broadcasts.

Communications director Michael Weaver said converting the countys 6,000-some police radios wont cost anything except time.

The switchover probably wont be made until November, he said.

A public vote was not required on the matter, Stuckey said. Its an administrative decision, he said, but officials wanted to handle it in an open forum.

Lehman said someone who wants to ambush police is more likely to make a fake 911 call, not monitor police movements on a radio. He said encrypting transmissions could give officers a false sense of security.

Parsons said he shares Lehmans concerns, but said he trusts the judgment of police chiefs when they say this is a safety issue.

The fake 911 ambush scenario could happen no matter what we do today, Parsons said. However, he said, encryption does provide some percentage of safety.

Pugliese defended the move by saying there have been several incidents in the county where the public or the media interfered with investigations, in some cases by getting to crime scenes more quickly than police.

Later, Pugliese said he doesnt know of an instance when members of the media interfered at a crime scene.

Pugliese said police in Lancaster County are going to have to change the way we do business in order to keep information flowing.

However, he chided the media for being in such a rush to get the news out that it reports inaccurate information based on radio broadcasts. When police later release the facts, he said, it appears that were trying to cover something up.

Many police departments already used the CrimeWatch website to issue press releases, he said. Software also exists for an online mapping program that shows police dispatches without revealing addresses, he added; however, the maps typically run three to four hours behind real-time, he said.

Lehman said blocking police transmissions is going to further isolate police ... and make police less safe if that (public) trust is lost.

Some local police departments do a really good job of providing the media with timely information, he said. Some departments, less so.

Lehman said he would be open to a compromise that gives the media access to those broadcasts. Stuckey and Parsons agreed they would be interested in exploring that option in the future.

Pugliese said similar arrangements exist in other communities, but said before we take a serious look at that, we would have to have a discussion about the ground rules.

For instance, he said, would the media have access to all or some police channels? Who would pay for the radios needed to give the media that access?

It has been done, he said. Its not a common practice, but it is out there.

He didnt say if he would support a compromise solution.

Melissa Melewsky, media law counsel for the Pennsylvania NewsMedia Association, said earlier this month that the proposal will prevent news agencies from staying on top of breaking news.

Media organizations have used emergency radio transmissions for decades without incident to keep the public informed about emergency situations in the community, she said.

Read the original:
Lancaster County Commissioners order police transmissions encrypted, blocking scanners for public, media - LancasterOnline