Australia's favourite Attorney-General, Senator George Brandis QC, has been in Ottawa discussing how we and our Five Eyes intelligence partners can 'thwart' terrorists' encrypted communications. What has he achieved?

Brandis told ABC Radio on Wednesday morning that defeating encryption was a "very important part of the proceedings" at the meetings between the US, UK, Canada, New Zealand, and Australia, because encryption is "impeding lawful access to the content of communications".

"So what we decided to do in particular was to engage with ISPs and device makers to secure from them the greatest possible level of cooperation. I also discussed with my American counterpart, Attorney-General Sessions, the development of cross-border access without having to go through the rather prolonged procedure of mutual legal assistance," Brandis said.

Leaving aside the question of whether lawful access rules should be re-examined, improving the pace at which law enforcement agencies can respond is a sensible goal. But what of the technical aspects?

As ABC Radio asked: "What are you actually asking them to do? Because tech companies say you can only break into these messages if you've planted a flaw or a bug into the software before it's sold. Is that what you want the device makers to do?"

Not specifically, said Brandis, and it's not as simple as that. And indeed, he's previously said he's not interested in backdoors.

"What we need is to develop, and what we'll be asking the device makers and the ISPs to agree to, is a series of protocols as to the circumstances in which they will be able to provide voluntary assistance to law enforcement," Brandis said.

"There is also of course the capacity which exists now in the UK and in New Zealand, under their legislation, for coercive powers, but we don't want to resort to that," he added. Brandis wants a set of "voluntary solutions".

When pressured about what that might mean, Brandis said that is a discussion that is yet to happen, and he didn't want to get ahead of himself, or narrow or confine its scope.

"First of all, I've made it clear that we're not going to ask the tech companies to backdoor their systems. Secondly [for example] section 253 of the British Investigative Powers Act does impose an obligation, subject to reasonableness and proportionality, upon providers to do whatever they reasonably can be expected to do to enable law enforcement to inspect messages that are the subject of encryption, or inspect devices," Brandis said.

And as for the idea of banning end-to-end encrypted messaging apps like Signal and WhatsApp entirely, Brandis said "it was not discussed, and wasn't thought of, and it would be infeasible."

So here's where we're up to.

Brandis says end-to-end encryption is a problem for law enforcement, which it is. He's not going for a backdoor, and says that's not feasible, which it isn't. So has he started a war on mathematics? Has he foolishly tried to tackle maths with the law?

After all, Brandis isn't known for his technical acumen, particularly after that Walkley Award-winning interview where he struggled to explain metadata.

No. Forget the maths. Join some different dots.

First, Brandis plans to talk to device manufacturers. Even now, telco switches must have a lawful interception (LI) capability, so that conversations can be intercepted -- or wiretapped, as Americans say. I'm guessing he simply means extending that requirement to endpoint devices, where messages could be intercepted before they're encrypted.

Second, Brandis wants to talk to ISPs. That's probably not to decrypt messages as they pass through, because that's kinda hard. It's probably to help the telcos identify the device in use, so that its lawful interception capability can be turned on.

That's all technically possible, achievable with legal pressure, and fits nicely within the national and international legal frameworks already in place.

But it's not a win, at least not for us citizens.

Current LI capabilities work through telco switches, so in theory they can only be turned on from within the telcos themselves. Yeah, shoosh you.

But mobile devices can be anywhere on the planet. The Brandis Plan, if it's what I think it is, would mean devices could potentially have their LI capability turned on from any telco on the planet and routed ... somewhere.

Why?

Because research as recently as late 2016 has shown that international mobile data networks are a security nightmare.

The only protections from LI capabilities going rogue would be mobile network switching security, and the processes within device makers' supply chains, and telcos, to prevent information leaking to bad people. There's no attack surface in there at all, right?

Sigh.

The Brandis Plan may well be able to achieve his goals, but at what cost?

Read more from the original source:
Australia's encryption thwart thought is fraught | ZDNet - ZDNet

It is a rare law enforcement officer or intelligence agent who doesnt want access to more information. Yet total information awareness, to use a term from the George W. Bush administration era, has never been possible. Some people whisper to avoid prying ears. Others draw the blinds to prevent looking in.

More fundamentally, the right to privacy the personal preserve where governments should not be allowed to snoop is an impediment to official surveillance. That privacy is necessary to safeguard such sensitive matters as our banking information, our medical history, our personal relationships, or our ability to explore unpopular or potentially embarrassing points of view.

Today the battle between law enforcement and privacy is being fought over encryption. One response to Edward Snowdens revelations about the extent of U.S. government surveillance has been growing popular insistence on encryption such as the end-to-end encrypted communications used in iPhones or WhatsApp to which no phone or Internet company holds an access key. Meeting this week in Ottawa, the Five Eyes intelligence sharing partnership Australia, Canada, New Zealand, the United Kingdom and the United States is considering an Australian proposal to mandate such a key, or back door, to encryption. Officials in the U.S. and U.K. have made similar proposals.

The rationale is that many terrorists and other criminals are using end-to-end encryption to hide their activities. Even if law enforcement officers or intelligence agents obtain a judicial warrant to monitor their communications, the lack of a back door key means there is no way that phone or Internet companies can let these officers in.

Yet a mandated back door essentially a built-in vulnerability is dangerous because there is no way to ensure that only the good guys will exploit it. Todays hackers, both criminal and governmental, are increasingly sophisticated. They have hacked Internet companies, sensitive infrastructure, even the National Security Agency itself. Technology companies are in a feverish race to enhance privacy and security protections. The last thing they need is to introduce a deliberate vulnerability. Few would want to return to an era when encryption was not the norm.

And to what end? A mandated back door to encryption might enable governments to catch some criminals. But criminals with any degree of sophistication would simply download encryption services that are widely available on the Internet without going through one of the brand-name companies that might be mandated to introduce a back door. Meanwhile, ordinary members of the public would be stuck with vulnerable communications.

Moreover, Western Internet and phone companies would be competitively crippled. Even if Five Eyes and other Western governments mandated a back door for devices made in their country, other countries might not follow suit. Anyone concerned with their privacy and security would flock to and try to sneak in devices produced in non-back-door countries.

The crimes that might be stopped through a back-door mandate must be weighed against the crimes that would be created. The vulnerability in our software and digital devices would mean more theft, blackmail and extortion as hackers enjoy a field day. Street crime would also be affected. The rise of strong default smartphone encryption has contributed to a plummeting in once-rampant cellphone theft. Theres no point in stealing a phone (often violently) if you cant penetrate its encryption. A mandated back door, once its vulnerability has been hacked, would once again expand the market for stolen phones.

Proponents of a back door also tend to assume that law-enforcement or intelligence access to it would require a judicial warrant or some lawful process, but it is easy to imagine circumstances in which these processes would be circumvented or subverted. In many countries where these devices are used, unscrupulous governments or officials in possession of this information would be more likely to persecute dissidents for their private criticisms.

For these reasons, a pantheon of senior security officials think a mandated back door is a bad and dangerous idea. In the United States, these include the past heads of the CIA, the NSA, and the Department of Homeland Security, as well as former president Barack Obamas Presidential Review Group on Intelligence and Communications Technologies. Europol has also warned that solutions that intentionally weaken technical-protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well. Security officials would be better off adapting to a world of encryption than to weaken the security of our communications.

Even where end-to-end encryption is used, many types of communication already are subject to judicially-ordered surveillance. Metadata such as the data that guides a communication to the proper destination cannot do its job if it is encrypted. It remains available to government monitoring by appropriate judicial order, although care should be taken to ensure that this data, which can reveal a great deal about our personal life, is not collected excessively. Other metadata can pinpoint where a phone (and presumptively its user) has gone. Much information stored in the cloud is unencrypted.

The plethora of such unencrypted information has led some to say that today is the golden age of surveillance. Rather than press for encryption back doors, governments would be better off teaching investigators how to access important unencrypted sources of information.

Its time to abandon the quest for total information awareness. Yes, some criminals will benefit from encryption. But just as we dont outlaw whispering or drawing the shades, so we should accept that encryption is the only way to safeguard our communications in an era of increasingly sophisticated cybercrime and unauthorized surveillance.

Read more:
The battle over encryption and what it means for our privacy - Human Rights Watch

Tresorit, the cloud encryption company, andRealm, the mobile platform powering the worlds most responsive applications, announced a partnership to deliver end-to-end encryption capabilities to developers using the Realm Mobile Platform. The combination of the two companies solutions provides developers with a comprehensive solution for building realtime, collaborative and secure mobile applications across the most regulated and data-sensitive industries including healthcare and financial services.

Bringing end-to-end encryption to realtime collaborative appsDelivering end-to-end encryption across mobile devices and backend systems of record has traditionally required significant amounts of engineering and cryptography expertise to implement, making it possible for only the largest companies with considerable resources. The combination of TresoritsZeroKitSDK and the Realm Mobile Platform make it realistic for any developer to securely authenticate users and provide an end-to-end encrypted platform for realtime reactive mobile apps.

The combined Tresorit and Realmsolutiongoes beyond protecting end-users from being hacked or spied on. Tresorits end-to-end encryption for Realm Mobile Platform can also help companies easily comply with HIPAA or the EUs General Data Protection Regulation (GDPR).

Realtime collaboration is increasingly a requirement for critical applications in digital health or financial services, where data security and privacy are essential. Our joint solution makes it extremely easy for developers to build modern and secure applications in these markets, said Alexander Stigsen, co-founder and CEO, Realm.

The Realm Mobile Platform and ZeroKit solve many of the hardest problems of developing mobile applications with an intuitive and secure end-user experience. For the first time, developers can build end-to-end encrypted, realtime collaborative apps without being experts in cryptography, networking or backend development, said David Szabo, Senior Vice President of the ZeroKit platform at Tresorit.

Solving security challenges in data-sensitive industriesEarly customers adopting the Tresorit and Realm solution are building collaborative digital healthcare apps that require the highest level of security for sensitive patient data and realtime sync capabilities.

AmbulApps, a German healthcare startup is building a next-gen cloud and mobile doctor-patient engagement app using Realm Mobile Platform and ZeroKit. The app extends traditional health record management systems, empowering doctors and patients to share health data and maintain consistent communications.

Healthcare startup, Riverbay Softworks uses Realm Mobile Platform and ZeroKit in their cloud-based, privacy-first app Allergistic, to help allergists across California, Oregon and Washington treat patients via iPhones and iPads.

ZeroKit and Realm allow us to bring forth a new generation of healthcare applications that will reduce the documentation stress experienced by providers and organizations. These technologies allow us to easily implement end-to-end encryption and data syncing, while enabling us to focus more on creating apps that mirror true clinical workflow, adds Mark Pruitt, CEO at Riverbay Softworks.

Here is the original post:
Tresorit and Realm to deliver end-to-end encryption for reactive, collaborative mobile apps - SDTimes.com

As the Five Eyes intelligence alliance meets in Ottawa this week, Australian officials are heading to Canada with encryption as a top priority.

Australias attorney general, George Brandis, published a memo this weekend detailing a plan to seek greater legal powers against encrypted data in the meeting with representatives of the United Kingdom, Canada, New Zealand and the United States.

As Australias priority issue, I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption, Brandis, who also serves in Australias Senate, said in a statement. These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies.

Some of the biggest tech companies in the world, including Apple and Facebook, have adopted strong encryption for their products. The mainstreaming of encryption helped spark an international debate famously referred to as the problem ofgoing dark by then-FBI Director James Comey in 2014 that continues to this day. The most famous fight took place when Apple and the FBI faced off over iPhone encryption following the San Bernardino terrorist attack in 2015.

Just last month, Facebook quietly upgraded its secret conversations featuretoenable encrypted communications between two people on multiple devices. The same company owns WhatsApp, the popular encrypted messaging app. Apple CEO Tim Cook has taken center stage in promoting encryption, while Facebook CEO Mark Zuckerberg has taken a quieter but supportive public position.

Top officials in the United States and United Kingdom have called for backdoors into encrypted data.U.K. Home Secretary Amber Rudd called WhatsApp completely unacceptable in March followingthe Westminster attack. Donald Trump called for a boycott of Apple following the San Bernardino attack. The presidenthasnt publicly commented on the issue since, but U.S. law enforcement and intelligence officials have repeatedly called for greater access.

Australias plans attracted immediate criticism including from Human Rights Watch, an American human rights nonprofit, whichwarnedagainst a dangerous strategy that will subvert the rights and cybersecurity of all internet users.

Encryption protects billions of ordinary people worldwide from criminals and authoritarian regimes, Cynthia Wong, senior internet researcher at Human Rights Watch, said in a statement. Agencies charged with protecting national security shouldnt be trying to undermine a cornerstone of security in the digital age.

Brandiss Five Eyes statement follows numerous government comments in Australian media warning against the security threats encryption poses and floating the idea of changing laws to force tech and telecommunications firms to decrypt data.

The Australian senator said that over 40 percent of counterterrorism investigations now intercept encrypted communications, a trend that will within a short number of years reach 100 percent.

This problem is going to degrade if not destroy our capacity to gather and act upon intelligence unless its addressed, he said.

Across Europe, the debate is heating upwith talk including encryption backdoors, expanded government authority and greater offensive hacking to achieve access.The Investigatory Powers Act in the U.K. grants the governmentauthority to force tech firms togive access to encrypted data but the exact parameters remain unclear.

One of the things the U.K. bill does is what may be an authorization to command companies to either not include encryption or to modify in some way the encryption they use in their products, Ross Schulman, the co-director of the cybersecurity initiative at New Americas Open Technology Institute, told CyberScoop last month. There is some debate about the actual extent of the powers. Its not entirely clear how far some of the escape hatches extend.

The encryption debate, also known as the crypto wars, has been grabbing headlines for the last three years since Edward Snowden gave thousands of documents on Five Eyes global surveillance to journalists. The larger debate extends back several decades, however, to President Bill Clintons administration, when Vice President Al Gore, heavily promoted a technology dubbed the Clipper Chip, which was intended to allowa backdoor into American products. It rapidly collapsed fortechnical, commercial and security reasons, accordingto many of the worlds top cryptography experts.

Read more:
Encryption debate is a top focus at Five Eyes meeting - CyberScoop

Ever heard of quantum entanglement? If you havent, dont feel bad. As I have written about before, quantum theory is the abstract basis of modern physics. It explains the nature and behavior of how matter acts.

Albert Einstein discovered quantum entanglement in 1935.He said it is "spooky action at a distance."It examines how one quantum particle could affect one another, and that effect is faster than the speed of light. It is one of those advanced/emerging technologies that has been around for a while and is really beginning to show promise.

It should be noted that this is just one of a number of Chinas strategic initiatives to develop new technology that will create an extremely secure, ultrahigh-speed, quantum-based global communications network. Researchers in several countries, such as the U.S., Canada and Singapore (as well as Google), are also working on a broad spectrum of quantum theory applications including quantum encryption.

Originally posted here:
The weird science of quantum computing, communications and encryption - C4ISR & Networks

(Washington, DC) The governments that constitute the intelligence partnership known as The Five Eyes, will meet on June 26-27, 2017, in Ottawa to discuss how to bypass encryption. The governments may pursue a dangerous strategy that will subvert the rights and cybersecurity of all internet users.

People sit at computersinside GCHQ, Britain's intelligence agency,in Cheltenham, UK, November 17, 2015.

Encryption protects billions of ordinary people worldwide from criminals and authoritarian regimes, said Cynthia Wong, senior internet researcher at Human Rights Watch. Agencies charged with protecting national security shouldnt be trying to undermine a cornerstone of security in the digital age.

The Five Eyes is an intelligence sharing partnership between Australia, Canada, New Zealand, the United Kingdom, and the United States. Law enforcement and intelligence agency representatives from each state will gather in Ottawa to discuss shared national security concerns. The meeting is expected to address the increasing use of end-to-end encrypted communications as a challenge to surveillance and seek a coordinated approach.

In recent years, law enforcement officials in some Five Eyes countries have contended that they are losing some of their ability to investigate crime or prevent terrorism because advances in consumer encryption have led some channels of information that were previously accessible to go dark. Companies like Apple and WhatsApp have begun to integrate end-to-end encryption into their products by default, which makes it impossible for even the companies to retrieve unscrambled user data at the request of the government because the firms do not hold the decryption keys. Some officials have gone further and sought legislation to ensure that their governments can access all encrypted data, even if this would force companies to build back doors or other vulnerabilities into phones and applications to bypass encryption.

Australian Attorney General George Brandis plans to raise the need for new restrictions on the encryption built into popular messaging applications with Five Eyes counterparts, stating that existing laws dont go far enough.

In March, in the immediate aftermath of the Westminster attack, UK Home Secretary Amber Rudd called end-to-end encryption on apps such as WhatsApp completely unacceptable and stated that there should be no place for terrorists to hide. On June 13, UK Prime Minister Theresa May and French President Emmanuel Macron announced a counter-terrorism joint action plan that calls for greater access to encrypted communications.

The UKs Investigatory Powers Act allows authorities to compel companies to take undefined reasonable and practicable measures to facilitate interception, including of unencrypted data. Authorities are still determining the exact scope of what companies will be required to do under the law with respect to encryption.

Law enforcement officials in the US have also repeatedly called for companies to build back doors into encryption. In 2016, media reports released draft legislation that would have required technology companies to provide access to encrypted information in an intelligible format upon court order. The bill did not specify how companies would have to unscramble encrypted information, but it would have effectively forced companies to bypass encryption and other security features. The bill faced widespread criticism from security experts and privacy groups as unworkable and harmful to cybersecurity and was never formally introduced.

In February 2016, US authorities also sought a court order to force Apple to build a back door into an iPhone that was used by one of the attackers in the 2015 San Bernardino attack. Apple challenged the order, and authorities eventually withdrew it because they were able to access the phones data without Apples help.

In 2016, Canada held a consultation on its national security framework, which expressed concern over security agencies diminished ability to investigate crimes due to the use of encryption. It also stated that Canada had no legal procedure to require decryption.

Many officials from Five Eyes countries claim they do not seek back doors. But they dont explain how companies that dont hold encryption keys could provide exceptional access for law enforcement to unencrypted data without a back door. To implement such a requirement, companies would be forced to redesign their products without security features like end-to-end encryption.

Back doors create weaknesses that can be exploited by malicious hackers or other abusive government agencies. Billions of people worldwide rely on encryption to protect them from threats to critical infrastructure like the electrical grid and from cybercriminals who steal data for financial gain or espionage. The vast majority of users who rely on encryption have no connection to wrongdoing.

Encryption built into phones and messaging apps can also help safeguard human rights defenders and journalists from abusive surveillance and reprisals, including threats of physical violence. In 2015, the UN special rapporteur on freedom of expression, David Kaye, recognized that encryption enables the exercise of freedom of expression, privacy, and a range of other rights in the digital age.

Governments have an obligation to investigate and prosecute crime and protect the public from threats of violence. But proposals to weaken encryption in popular products will not prevent determined criminals or terrorists from using strong encryption to shield their communications. A recent survey shows that determined, malicious actors would still be able to access such tools made by companies outside the Five Eyes countries, which would not be subject to their laws.

Ordinary users will be more vulnerable to harm, online and offline, if technology firms are forced to weaken the security of their products, Human Rights Watch said. Instead of weakening encryption, governments should better train law enforcement officials to use investigative tools already at their disposal, including access to the vast pool of metadata from digital communications or location data that is not encrypted, consistent with human rights requirements.

If the Five Eyes countries force tech companies to build encryption back doors, it would set a troubling global precedent that will be followed by authoritarian regimes seeking the same, Wong said. These governments should promote strong encryption instead of trying to punch holes in it, which would lead to a race to the bottom for global cybersecurity and privacy.

View original post here:
Perils of Back Door Encryption Mandates - Human Rights Watch

Russia's communications regulator is threatening to lower the boom on popular encrypted messaging application Telegram.

It might look like yet another government attack on user-accessible encryption, but in this letter, the head of regulator Roskomnadzor Alexander Zharov says the messaging app is violating Russian legislation by not providing information about the company that controls it.

Zharov wrote on Friday that Telegram only has to fill in a questionnaire about the company that manages Telegram, so the company can be included in the country's register of service providers.

In the case of an actual refusal to perform the duties of the organiser of the dissemination of information, Telegram in Russia should be blocked, the letter states, adding that Telegram's time is running out.

Telegram founder Pavel Durov told newswire Reuters a ban would mean Russian government officials will be entrusting their communications to messenger apps written in other countries.

In playing the nationalism card, Durov cited WhatsApp, Viber, Apple and Google as companies who might carry messages from Russian officials and their friends.

He is skeptical that the regulator is mostly cranky about corporate structure.

In a VK.com post, he said Telegram was blamed for a terrorist plot three months ago, but that banning such tools is unsafe for everyone: Encryption of these services or equally protects all users Refusal of terminal encryption in a single country will make tens of millions of people vulnerable to attack by hackers and blackmail [by] the corrupt officials.

In an earlier post, he said Roskomnadzor had demanded Telegram give keys to decrypt to special services.

This requirement is not only contrary to Article 23 of the Constitution of the Russian Federation on the right to privacy of correspondence, but also demonstrates the lack of knowledge of how the encrypted communication [works] in 2017.

Moreover, endpoint encryption exists separately to any specific platform, he noted.

More here:
Encrypted chat app Telegram warned by Russian regulator: 'comply or goodbye' - The Register

Researchers in the Netherlands claim to have cracked AES-256 standard encryption using little more than $200 of equipment.

Security firm Fox-IT claims, together with another company called Riscure, to have created a method for eavesdropping on security enabled through proximity, in what is known as a side channel attack.

The researchers put together a piece of kit worth less than $200 and were able to wirelessly extract AES-256 encryption keys from a distance of one metre. They suggested that the attack can be carried out by people on all budgets and with all kinds of means.

"The recording hardware can range from extremely high-end radio equipment, down to 20 USB SDRs. We have found that even the cheap USB dongles can be used to attack software implementations!" they said. "This is not a game exclusively for nation states, but also anyone with pocket money and some free time."

Usually, such an attack would require direct access and manipulation. But Fox-IT found that it was possible just to swan past the target with a bag of SDR, amplifiers, filters, and an antenna and to capture the required information withoutthe target being aware of the attack.

"Using this approach only requires us to spend a few seconds guessing the correct value for each byte in turn (256 options per byte, for 32 bytes so a total of 8,192 guesses)," claimed Fox-IT.

"In contrast, a direct brute-force attack on AES-256 would require 2^256 guesses and would not complete before the end of the universe."

The next challenge is distance. Currently, Fox-IT has only reached a distance of 30cm but claims that afull meter is possiblein the right circumstances.

"Our work here has shown a proof of concept for TEMPEST attacks against symmetric crypto such as AES-256.

"To the best of our knowledge, this is the first public demonstration of such attacks. The low bandwidth requirements have allowed us to perform the attack with surprisingly cheap equipment (20 radio, modest amplifiers and filters) at significant distances," it added.

"In practice, this setup is well suited to attacking network encryption appliances. Many of these targets perform bulk encryption (possibly with attacker controlled data) and the ciphertext is often easily captured from elsewhere in the network."

Read this article:
AES-256 encryption cracked by Dutch researchers with just $200 of equipment - http://www.computing.co.uk

In spite of the rise of HTTPS, there are still spots where content originating on the Web can remain unencrypted, so a Mozilla engineer wants to close one of those gaps.

In an Internet Engineering Task Force RFC published this month, a proposal by Martin Thomson (also a member of the Internet Architecture Board), first mooted in late 2015, has been updated and pushed into the IETF's Standard Track.

In RFC 8188, Thomson explains that there's a good reason to encrypt HTTP message payloads even when HTTPS isn't in play: TLS (the basis of HTTPS) only encrypts a channel between client and server.

If, for example, you want to store content on a server without exposing it to the server, or replicate it between servers, some other encryption is required. Rather than hoping that engineers remember that, Thomson hopes to embed it in applications with a standard specifying content coding for HTTP.

He also notes that it wasn't practical to adapt message-based encryption formats (he cites OpenPGP's RFC 4880, the Cryptographic Message Syntax in RFC 5652 and other examples) because those don't meet HTTP's need for stream processing.

Rather, Thomson's RFC suggests using AES 128 in Galois/Counter Mode.

The scheme only provides content-origin authentication, the RFC notes, but that ensures that an entity with access to the content-encryption key produced the encrypted data.

See the original post:
Idea to encrypt Web traffic at rest hits the IETF's Standard Track - The Register

LOS ANGELES, CA--(Marketwired - Jun 27, 2017) - InvestorsHub NewsWire - WorldFlix (OTC: WRFX) -The British Parliament faced a "sustained" cyber attack last weekend according to Westminster, illustrating just how prevalent sophisticated attacks have become and how easily they can affect even themost secure institutions.There is a reason the cyber security market has grown to over $100 billion worldwide and is projected to grow to over $180 billion by 2021.As the hacking community continues to evolve, so must cyber security.WorldFlix, and its subsidiary Paranotek, are well positioned to take on a significant share of the rapidly growing cyber security market with the introduction of their encrypted security protocol "Parano."

"We are ready to launch our Swantry app and encryption back-end Parano, pending some final IP protection.We have also been testing Parano with third parties in order to prepare to license and utilize our protocol as their encryption layer technology," stated Lauri Tunnela, CTO of Paranotek. "Once launched, we expect to immediately begin monetizing our technology through the Swantry app, and next, finalize our first partnerships with third parties to license the Parano protocol for their use, creating corporate level, long term revenue streams."

WorldFlix's Parano is virtually unhackable, even by next generation supercomputers, and the company is confident that users will flock toward a more secure platform to keep their conversations and data truly private and that third party software providers will seek out a more secure back-end protocol to keep their products secure.

About WorldFlix, Inc.

WorldFlix, Inc. (OTC: WRFX) operates in a variety of niche businesses in the technology and entertainment sphere. WorldFlix divisions include AppFarm, a platform for acquiring, developing, and growing niche apps for mobile and tablet devices; Drobbits, an interactive platform that allows users to create, play and monetize their own video games; Paranotek, a Finnish technology and design company that incorporates its military-grade, proprietary security and privacy features when developing software and apps; Swantry, designed to allow parents to ensure their child is safe on their mobile device; and WorldFlix Entertainment Management, a television and movie development and management business. For more information on WorldFlix, Inc., please visit http://www.worldflix.co.

About Paranotek

Paranotek is a partnership between WorldFlix, Inc., and Finnish-based technology and encryption experts. Lauri Tunnela, CTO, and Johannes Maliranta, CCO, have a combined 20 years of diverse and complimentary information technology experience. Tunnela's thesis on information security vulnerabilities has been featured in major Finnish technology magazines. Paranotek's products range from data storage, sharing and instant messaging services to various software suites, all based on our disruptive security technology. While other popular apps, software and services collect your data, Paranotek's unique security technology never collects user data, thus providing an extra layer of enhanced privacy for our users. For more information on Paranotek, please visit http://www.paranotek.com.

FORWARD-LOOKING STATEMENTS: "Safe Harbor" statement under the Private Securities Litigation Reform Act of 1995: This press release contains forward-looking statements within the meaning of the Securities Litigation Reform Act of 1995. These statements are based on current expectations, and are to a certain degree uncertain. Words such as expects, anticipates, intends, believe, plan, will and similar words are expressions intended to identify these forward-looking statements. These statements involve risk and subsequently are difficult to evaluate. Actual results may vary from descriptions herein due to many factors including but not limited to changes in business conditions, changes in laws and regulations, problems encountered in exploration and obtaining permits, changes in the competitive environment, technological advances, shortages of skilled workers, the need for additional capital and other risks listed in the company's Securities and Exchange Commission filings under "risk factors" and elsewhere. Forward-looking statements speak only as of the date they were made, and the company is under no obligation to update them.

For more information, please visit: http://www.swantry.com, http://www.paranotek.com, http://www.worldflix.co.

Read more:
WorldFlix to Enter $100+ Billion Cyber Security Market with Military Grade Encryption Protocol "Parano" - Marketwired (press release)