She is expected to say that the governments bid to enforce new powers to compel tech giants to hand over data is pointless

FACEBOOKS boss will today refuse MI5 any access to terror plotters encrypted messages leaving the tech giants new extremism PR push branded a sham.

Sheryl Sandberg will deliver the security snub during a face to face meeting with the Home Secretary behind closed doors, The Sun has learned.

Getty Images

Amber Rudd has demanded police and spooks are given access to secret messages exchanged between suspects on WhatsApp owned by Facebook after the Westminster terror attack on March 22.

Ms Sandberg is also expected to tell Ms Rudd that the governments bid to enforce new powers to compel tech giants to hand over encrypted data is pointless.

As The Sun revealed last month, the Home Office is drawing up new Technical Capability Notices that will allow cops to order firms to make all messages readable and hand them over.

Reuters

But the Facebook chief is expected to argue that there is no way for WhatsApp to break in to its end to end encryption.

Instead, in what critics claim is a bid to mask the tech giants refusal to help, Facebooks chief operating officer Ms Sandberg will also publicly trumpet a new drive against hate speech.

She will share a stage today with murdered MP Jo Coxs widower Brendan to launch Facebooks Online Civil Courage Initiative.

Angry MPs last night branded Facebooks actions as toothless and just words.

The California-based giant risks further public fury by continuing to refuse the encryption demands, repeatedly also issued by PM Theresa May.

At the moment, WhatsApp uses unbreakable end to end encryption where messages can only be viewed if the device itself is seized.

But Facebook could instruct its subsidiary to modify its encryption to one where messages can be accessed in an emergency from its servers, such as the encryption system that Facebook Messenger uses.

Campaigners insist the only reason the firm is refusing is to protect its highly lucrative business model boast that WhatsApp is unhackable by anyone.

Getty Images

Tory MP and Commons Culture Select Committee member Nigel Huddleston said: The big tech giant believe they should be able to live in their own bubble and the rest of the worlds laws need not apply to them.

They must take their responsibilities more seriously, and particular when it comes to end to end encryption.

Facebook know WhatsApp is the platform of choice for some of the darkest elements in our society.

The publics mood on this has changed, and Facebook are on the wrong side of it.

Mr Huddleston, who used to work for Google, added: Sheryl Sandberg must promise something meaningful when she comes here, rather than just making the right noises.

Just using the right words are toothless.

KEYSTONE

A Whitehall source added: Theres no way internet companies can stick their heads in the sand when its clear people are being radicalised online and terrorists are using their platforms.

We need more urgent action and we need it now.

Updating MPs on the three terror attacks on Britain in as many months yesterday, Ms Rudd said social media firms were beginning to help tackle extremism on their sites, but still too slowly.

The Home Secretary told the Commons: There are signs they are taking action and we are making progress. But I do not underestimate the challenge of getting an international agreement.

Visit link:
Facebook boss Sheryl Sandberg set to REFUSE MI5 access to terror plotters' encrypted messages during meeting with ... - The Sun

The UK and the EU are at loggerheads once again, but it's not what you might think. This isn't another Brexit debate, but a tussle over encryption.

The British government is keen to exploit flaws in tech services for intelligence-gathering and surveillance operations. Home Secretary Amber Rudd, backed by Downing Street, has persistently called for access to WhatsApp, a service used by terrorists in the March attack at Westminster.

But on Monday, a European Parliament committee proposed an amendment to incoming legislation that would prevent member states from trying to decrypt encrypted communications, as well as compelling tech companies that don't already use end-to-end encryption to do so.

The proposal would protect internet companies from national governments pressuring them to create security flaws, or backdoors, that they could use to hack into people's emails or other messages.

The different approaches are emblematic of a debate raging around the world, boiling down to whether tech companies poke security holes in their products so that governments can spy on potential terrorists, or whether they should keep communications locked up tight so as to protect the privacy and safety of internet users. You saw it in the fight that Apple put up against the FBI's efforts to compel the company to create a backdoor into a terrorist's iPhone.

While the UK wants to ensure that terrorists have no place to hide, the EU is determined to protect the privacy of law-abiding internet users.

Theresa May makes a statement outside Downing Street following the London Bridge terror attack.

With four terrorist incidents in the country over the last four months, the British government and intelligence agencies are under pressure to explain why they were unable to thwart the attacks. They blame technology.

Following the June 4 attack on London Bridge, Prime Minister Theresa May stood outside Downing Street and in her speech, pointed her finger at "the internet -- and the big companies that provide internet-based services" for providing a safe space for extremist ideologies to flourish.

"As the nature of the threat we face becomes more complex, more fragmented, more hidden, especially online, the strategy needs to keep up," she said, calling for more online regulations.

May has long been in favor of increasing the UK's surveillance powers, introducing two bills nicknamed the "Snooper's Charter." The second of these bills, the Investigatory Powers Act, passed into law under her own leadership of the country.

The Prime Minister wants the internet to be weak and penetrable, say her critics. They also claim she is using this issue right now to reinforce her own image as "strong and stable" -- her slogan during the recent election campaign.

"To push on with these extreme proposals for internet clampdowns would appear to be a distraction from the current political situation and from effective measures against terror," said Jim Killock, director of human rights nonprofit Open Rights Group.

The biggest objection to her proposals is that they will make the internet less safe for users. If governments can exploit backdoors to get to your private communications, so too could criminals or rogue states.

"Government's intrusion into private communications might look useful on paper in order to fight crime, but such legislation is usually the product of people who don't know how technology works," said Marty P. Kamden, CMO of NordVPN. "Backdoors would bring along new security holes, and could result in even more crime."

Another risk of this style of surveillance is that it could force terrorists to use alternative, less pleasant communication services, added Killock. Pushing them underground completely would only make them even harder to monitor than they are right now, he argued.

Unsurprisingly, tech companies don't like the idea of creating security holes in their products either. In 2015, Facebook, Google, Microsoft, Twitter and Yahoo teamed up to submit written evidence to Parliament arguing that encryption is necessary for keeping users safe. Apple Chief Executive Tim Cook has also been outspoken on the subject.

But when it comes to legislation, Silicon Valley companies don't have the last word.

Fortunately for them, the EU does. In this case, the EU is on their side.

The proposals tabled by members of the European Parliament this week are amendments to draft privacy legislation, and forbid member states from "decryption, reverse engineering or monitoring" of encrypted communications, or compelling tech companies to do so.

"Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services," one proposal reads.

Not only could these proposals scupper the UK's plans, but they could conflict with surveillance activities allowed by the Investigatory Powers Act.

"This latest move to ban backdoors in encryption appears to be a calculated slap in the face for Theresa May and her plans for an Orwellian future," said BestVPN.com cybersecurity expert Douglas Crawford.

Because of Brexit, it's hard to know how EU rules on privacy and data will apply once the UK leaves the European Union. But without support from other countries, it's highly unlikely that the British government alone would be able to compel tech companies to create backdoors to allow them to bypass encryption.

The UK's own new surveillance plans are also not yet a done deal. The small and fragile majority the Conservative party currently holds in Parliament means greater consensus and more debate will be needed in order to pass new laws, said Killock.

"We hope that this will mean our parliamentarians will reject reactionary policymaking and look for long-term, effective solutions that directly address the complex causes of terrorism," he said.

Tech companies and government representatives didn't respond to requests for comment.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Logging Out: Welcome to the crossroads of online life and the afterlife.

See more here:
Encryption and fighting terror have the UK's Theresa May and the ... - CNET

Most people in the mainstream may not be as fixated on personal privacy as some tech journalists (like, you know this one), but can we all agree one point? Private diaries should be very difficult for prying eyes to read.

Paper diaries even get sold with padlocks, after all. So software designed to serve as your personal diary on a laptop or cell phone ought to make it very difficult for someone to see your secret thoughts.

Day One is a journaling app for users of Apple products that first launched in 2011. Its so nice to use, people actually pay money for it. App Annie ranks it in the top ten for lifestyle and productivity apps in the iOS store, and it has thousands of positive customer ratings and reviews.

Today in a Medium post, it announced end-to-end, private key encryption for Day One Sync. Sync allows users to write entries on multiple devices.

In April, we reached out to the company after a Reddit user posted he found his diary entries stored in plain text in files on his computer, even though he had password protected the app. That user, Day Ones Dallas Peterson told the Observer in an email, must have been using Day One Classic, their original product. The current software locks those entries up, locally.

It still had a challenge in the cloud, however. When it began syncing users entries, Day One found itself in the position as key keeper. Entries got transmitted to Amazons AWS servers with TLS-encryption, but users didnt like the fact that they had to trust Day One not to read their secrets. Peterson wrote that at the time of our emails, the company was beta-testing user encryption.

Developing a solid sync and encryption system is hard. It took two years for us to complete this project, Paul Mayne, Day Ones founder, wrote in todays announcement post. During this time, we continued to move forward reading every one-star review requesting encryption come sooner.

Now, Day One users have the option to set up their own private key, so that the encryption happens locally before it goes to the cloud, and only the user has that key (users that want to let Day One hold onto their key still can).

Instructions for enabling end-to-end encryption are here. Day One also secured an auditby nVisium of their protocol before rolling it out. Users that want to skip to the nitty gritty should jump to the FAQ.

Most apps are free, which effectively requires their makers to spy on users in order to monetize them. Those ads in your Gmail account arent random. Users pay Day One money, so it has an incentive to align its interests with those of its users. In that light, it probably wasnt monetizing its users diary entries, but now those with the most reason to worry have a way to be sure.

Continue reading here:
Mac and iOS Diary App Finally Implements End-to-End Encryption - Observer

Cops are getting comfortable with hacking. Already, agencies across the world are using malware or other techniques to identify child pornographers, bomb hoaxers, and stalkers.

But, in the continuing battle over the proliferation of easy-to-use encryption, German lawmakers want to go further. On Thursday, the Bundestaagthe German parliamentpassed legislation authorizing the country's law enforcement to use malware in a wider range of investigations, including drug trafficking.

"Police must be able to do what terrorists and criminals can already do today," Johannes Fechner from the SPD, a centre-left party which forms part of the current government, said during a debate before the vote.

The news revolves around Germany's so-called "state trojan," an overarching term given to the authority's hacking capabilities. Back in 2011, German hacking organization the Chaos Computer Club dissected one version of it, which could siphon off data but had a host of vulnerabilities.

The new change expands the use of malware to 38 different criminal offenses, including drug trafficking, money laundering, currency counterfeiting, bribery, sex crimes, and the distribution of child sexual abuse imagery.

Hans-Christian Strbele from the Green Party criticized the law, and said that it will not withstand a complaint at the German Supreme Court.

"What's completely missing from this law is an obligatory and independent test of what the tool can actually do and does when it's used; but this is what the Bundesverfassungsgericht [Supreme Court] has explicitly demanded," he said during the debate.

This legislative expansion comes as European politicians call for more to be done about the increased use of encryption; something that end-point hacking circumvents. In general terms, malware could obtain the contents of a communication before the device or messaging application, such as WhatsApp, encrypts it.

Got a tip? You can contact this reporter securely on Signal at +44 20 8133 5190, OTR chat at jfcox@jabber.ccc.de , or email joseph.cox@vice.com

Both the UK's Prime Minister and Home Secretary have said companies providing encryption should do more to help the authorities. The UK recently passed the Investigatory Powers Act, which explicitly gave law enforcement agencies authority to use malware for the first time. "Equipment interference" can be used in cases of serious crime.

However, European politicians have proposed legislation that would ban backdoors in encryption products.

Max Hoppenstedt contributed reporting.

Get six of our favorite Motherboard stories every day by signing up for our newsletter .

Read more:
Germany Just Gave Cops More Hacking Powers to Get Around Encryption - Motherboard

BBC News

Euro MPs back end-to-end encryption for all citizens BBC News A European Parliament committee wants end-to-end encryption to be enforced on all forms of digital communication to protect European Union (EU) citizens. The draft legislation seeks to protect sensitive personal data from hacking and government ... EU Proposes Enforcing Data Encryption and Banning BackdoorsMac Rumors EU proposes banning encryption backdoorsEngadget End-to-end encryption plan puts Europe on collision course with UKZDNet The INQUIRER -ComputerWeekly.com -iDrop News -European Parliament all 26 news articles »

Read the original post:
Euro MPs back end-to-end encryption for all citizens - BBC News

Apple CEO Tim Cook will likely address issues such as immigration and encryption Monday during his White House meeting for Technology Week, Axios reported.

About 18 CEOs also including Amazon CEO Jeff Bezos and two dozen more business experts are expected to attend the event and help offer insight about how thegovernments information technology systems could be updated and modernized.

Cook is reportedly slated to attend a session called H-1B/immigration.

Cook has been a longtime advocate of the merits and economic value immigrants provide for the American economy, contrasting largely with President Trump and some of his top advisers views that immigrants are taking jobs from American workers and hurting the economy.

Following the San Bernardino, Calif., shootings in December 2015, Cook refused to provide the FBI with a backdoor encryption to open the terrorists iPhones. Cook argued that if he provided this opening, it would compromise customer's privacy and security and create a precedent.

Trump had urged people to boycott Apple at the time, pointing to Cooks lack of cooperation with the investigation.

Cook also is expected to bring up ways to improve how veterans receive medical care as well as human rights both in the U.S. and abroad.

Jared Kushner's Office of American Innovation organized these tech meetings.

Trump and Vice President Pence are expected to pop by the working sessions.

Kushner, his wife, Ivanka Trump, and many of President Trump's top aides like Treasury Secretary Steven Mnuchin, Commerce Secretary Wilbur Ross, Homeland Security Secretary John Kelly and Office of Management and Budget Director Mick Mulvaney are expected to attend.

See the original post:
Apple CEO likely to talk immigration, encryption at White House: report - The Hill

In Germany, lawmakers are pushing ahead with fines of up to 50 million euros, or $56 million, if Silicon Valley companies do not limit how online hate speech circulates on their social networks.

Recent legislation already gives Britains law enforcement officials some of the worlds strongest powers to read and monitor online chatter from potential extremists.

Now the countrys politicians want to go further.

In its electoral manifesto and in speeches by senior politicians, the governing Conservative Party outlined proposals to offer security officials more ways to keep tabs on potential extremists. Theresa May, the prime minister, raised the issue at a recent Group of 7 meeting and in talks with President Emmanuel Macron of France.

But if the proposals are pushed through, there will be costs.

The Conservatives now rule with a minority in Parliament, and will most likely have to rely on other parties for support. That may necessitate compromise or horse trading.

And the additional measures could hurt Britains effort to court new investment from the global tech sector as it prepares to leave the European Union.

Mrs. May had a simple message after the recent deadly terrorist attack in London.

We need to do everything we can at home to reduce the risks of extremism online, she told the British public, echoing a similar message by her government after a previous attack in Manchester.

Part of that plan is to demand that companies such as Apple and Facebook allow Britains national security agencies access to peoples encrypted messages on services like FaceTime and WhatsApp.

These services use so-called end-to-end encryption, meaning that a persons message is scrambled when it is sent from a device, so that it becomes indecipherable to anyone but its intended recipient.

British officials, like their American counterparts, would like to create a digital backdoor to this technology.

Yet an opening for intelligence agencies, experts warn, would also allow others, including foreign governments and hacking groups, to potentially gain access to peoples digital messages.

It would also most likely induce terrorist groups to move to other forms of encrypted communication, while leaving everyday Britons and others traveling in the country susceptible to online hacks.

If the British government asks for a special key like this, what stops other governments from asking for the same access? said Nigel Smart, a cryptology professor at the University of Bristol. You need end-to-end encryption because it stops anyone from listening in.

British lawmakers say law enforcement and intelligence agencies need such access to foil potential terrorist plots.

But Facebook and others respond that they already provide information on peoples online activities, when required, including the I.P. address a pseudo fingerprint for digital devices of machines from where messages are sent.

And in a letter sent to British politicians in late 2015 just as an earlier debate about tech regulation was bubbling to the surface Apple made its views clear.

We believe it would be wrong to weaken security for hundreds of millions of law-abiding customers so that it will also be weaker for the very few who pose a threat, the company said.

British politicians have another target in policing the internet: extremist messages that are circulated on Facebook, YouTube and other social media.

While other countries have taken steps to control how such material is shared across the web, tech executives and campaigners say that Britain has gone further than almost any western country, often putting the onus on companies to determine when to take down content that while offensive, does not represent illegal or violent messaging.

Id like to see the industry go further and faster in not only removing online terrorist content, but stopping it going up in the first place, Amber Rudd, the countrys home secretary, said before meeting with tech executives this year. At the time, she called on them to take further steps to counter such extremist material.

Mrs. May also had discussions with Mr. Macron, the French president, last week about holding tech companies legally liable if they fail to remove content.

The British governments stance has put tech companies in the difficult position of having to determine what should, and should not, be allowed online.

Britains freedom of expression laws are not as far-reaching as those in the United States, allowing British lawmakers to push for greater control over what is circulated across the web.

In recent months, companies like Facebook and Twitter say that they have taken additional steps to remove illegal extremist material from their social networks, and are giving users ways to flag potentially offensive content.

That includes Facebook announcing on Thursday that it would use artificial intelligence technology to flag, and remove, inappropriate content. Google has also provided financing to nonprofit organizations aimed at countering such hate speech online.

Some other European lawmakers have warned that too-strict limits on what can be shared across the web may hamper freedom of speech, a touchy subject for many people who grew up behind the Soviet-era iron curtain.

For me, freedom of expression is a basic fundamental right, Andrus Ansip, the digital chief at the European Commission, the executive arm of the European Union, said in an interview this year. Nobody wants to see a Ministry of Truth.

Follow Mark Scott on Twitter @markscott82.

A version of this article appears in print on June 20, 2017, on Page B1 of the New York edition with the headline: After Attacks in Britain, A Move to Police the Web.

See original here:
After Terror Attacks, Britain Moves to Police the Web - New York Times

The proposal has to be approved by Parliament and then reviewed by the EU Council, so there's still a chance that the rules will be softened if and when the amendments pass.

If they do clear, though, they could set up a conflict between the EU and countries that aren't so fond of encryption. The UK is undoubtedly the main concern, even after it leaves the EU. A ban on backdoors would make it difficult for the country to enforce the Investigatory Powers Act's requirement that companies remove "electronic protection" when possible. How would that be meaningful when virtually every tech company in Europe is encrypting data traffic? You're not likely to see UK-specific versions of apps that introduce security holes.

This would also thwart the efforts of some American politicians (such as Senators Richard Burr and Dianne Feinstein) to effectively ban airtight encryption. While those proposals have largely stalled, they'd face an even tougher battle in Congress if it meant pitting American and European security policies against each other. Simply put, the EU could wind up dictating encryption strength well beyond its member states' borders.

More:
EU proposes banning encryption backdoors - Engadget

The Hindu

A quantum step to a great wall for encryption The Hindu Modern, electronic secrecy works by two parties encrypting the messages they want to exchange and sending each other 'keys' (which are chains of numbers) that can be used to decrypt the information. The trouble is that a third eavesdropper can ... Global Quantum Communication Might Be Closer Than We ThinkWall Street Pit China set to build a 'completely new internet'Northern Star Satellite sends First Quantum Signal to Earthhttp://www.newsgram.com/ The Monitor Daily -Yahoo News all 20 news articles »

Read the original here:
A quantum step to a great wall for encryption - The Hindu

DEFINITION of 'Encryption'

Encryption is a means of securing data using a password (key). The encryption process is simple data is secured by translating information using an algorithm and a binary key. When the data needs to be read back, the code is decrypted using either the same key or a different key depending on the type of encryption used.

Encryption strength is based on the length of the security key. In the latter quarter of the 20th century, 40 bit encryption, which is a key with 240 possible permutations, and 56 bit encryption was standard. Those keys were breakable through brute force attacks by the end of the century, and the 128 bit system became standard in web browsers. The Advanced Encryption Standard (AES) is a protocol for data encryption created in 2001 by the U.S. National Institute of Standards and Technology. AES uses a 128 bit block size, but key lengths of 128, 192 and 256 bits. AES uses a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. 128-bit encryption is standard but most banks; militaries and governments use 256-bit encryption.

Link:
Encryption Definition | Investopedia