Slide: 1 / of 1. Caption: Confide

In the four tumultuous weeks since President Donald Trumps inauguration, the White House has provided a steady stream of leaks. Some are mostly innocuous, like how Trump spends his solitary hours. Others, including reports of national security adviser Michael Flynns unauthorized talks with Russia, have proven devastating. In response, Trump has launched an investigation, and expressed his displeasure in a tweet: Why are there so many illegal leaks coming out of Washington?

The answer may have to do with uncertainty and unrest inside the administration, as well as the presidents ongoing attacks against the intelligence community. But it doesnt hurt that every White House and Congressional staffer has tools to facilitate secure communication in their pocket or bag. Specifically, multiple reports indicate that Republican operatives and White House staffers are using the end-to-end encrypted messaging app Confide, which touts disappearing messages and anti-screenshot features, to chat privately without a trace.

The ability to communicate without fear of reprisal may have helped illuminate the Trump administrations darkest corners. But that same time, anonymity rings alarms for transparency advocates. The same technology that exposes secrets also enables them, a tension thats not easy to resolve.

Confide launched in 2013 as a secure app for executives looking to trade gossip and talk shop without creating a digital trail. The service uses a proprietary encryption protocol, what the company describes as military-grade end-to-end encryption. Its marquee feature, self-destructing messages, appears on similar services like Snapchat, but Confides appeal lies in its promise of more robust protections.

Its worth noting, though, that unlike other secure messaging apps, like standard-bearer Signal, Confides encryption is closed source and proprietary, meaning no one outside the company knows whats going on under the hood of the app. Company president Jon Brod says that Confide bases its encryption protocol on the widely used PGP standard, and that the apps network connection security relies on recommended best practices like Transport Socket Layer (TLS). Brod did not respond to questions, though, about whether Confide has ever opened its code base to be independently audited by a third party.

One key is always, do you make code publicly available thats been audited where features have been inspected by the security community so that it can arrive at some consensus, says Electronic Frontier Foundation legal fellow Aaron Mackey. My understanding with Confide, at least right now, is that its not clear whether thats occurred.

Confides also not the only option in play; EPA workers have reportedly turned to Signal to discuss how to cope with an antagonistic Trump administration, to the agitation of Republican representatives.

No matter what the method, though, encrypted chat appears to have become a staple among political operativeswhich happens to raise a whole host of legal questions.

Using an app like Confide for personal communications, like keeping in touch with family members or coordinating gym trips with coworkers, is within bounds. It also, according to a recent Washington Post report, has enabled vital leaks to the media.

At this point its still possible that politicos are legitimately using Confide for personal purposes. I know people who use [Confide], but I dont know anyone whos using it who shouldnt be using it, says Scott Tranter, a founder of the political data consultancy Optimus. The people who I know use it because its secure messaging.

Its sometimes not easy, though, to separate personal conversations from those that are work-related. Where those lines blur, legal concerns arise.

If these apps are being used by White House staff, it raises very disturbing questions about compliance with the Presidential Records Act specifically, and more broadly the Federal Records Act, says David Vladeck, a communications and technology law researcher at Georgetown Law School. The whole point of these statutes is to assure that our nations history is neither lost nor manufactured, and the kinds of apps that obliterate the messages are completely incompatible with that and at odds with the law.

Confide puts the onus on its users to walk a legal line. We expect people to use Confide in a way that complies with any regulation that may be relevant to their particular situation, says Brod.

Encryption itself isnt the issue. End-to-end encrypted communication can coexist with the goals of public disclosure laws, so long as someone retains the decryption key. Using strong security for sensitive government communications makes sense and is appropriate if the parties sending and receiving the communications can still archive them.

But disappearing messages are definitionally communications that are difficult, if not impossible, to record. Plus, its hard to assess how people are using a communication service like Confide if theres no record of anything they ever sent. Since Confide is explicitly designed to eliminate a paper trail, its use creates at least the appearance of misconduct, if not the reality, says Allison Stanger, a cybersecurity fellow at the New America Foundation. Those who wanted to lock up Hillary Clinton for the use of a private email server should be very concerned about this practice.

Its a tough act to balance. Encryption-enabled leaks help hold administrations accountable, a clear public good. The challenge is preserving that level of secrecy without creating black holes where public records should be.

The rest is here:
Encryption Apps Help White House Staffers Leakand Maybe Break the Law - WIRED

Quartz

Silicon Valley found a use for encryption apps: a prenup for sex tapes Quartz If you're still be on the fence about encrypting your text messages, here's an easier sell: Definitely encrypt your sex tapes. Sex tapes are never totally secure. That's why New Zealand startup Rumuki (a Japanese take on room key) is pitching itself ... and more »

Continued here:
Silicon Valley found a use for encryption apps: a prenup for sex tapes - Quartz

The Signal app uses data encryption to send messages only readable by the designated receiver.

Some members of Congress are demanding an investigation into the Environmental Protection Agency's use of texting and encrypted chat apps like Signal.

Encryption scrambles data and only lets a person with the correct passcode have access. Tech firms and privacy advocates argue that encryption is essential to secure personal information and communications. The government and law enforcement officials counter that encryption hurts their ability to investigate criminal and terrorist activity.

Federal employees with concerns about the impact of President Donald Trump's administration have turned to encrypted messaging apps, new email addresses and other ways to coordinate their defense strategies, according to a report earlier this month from Politico.

That article and others prompted Rep. Darin LaHood, a Republican from Illinois, and Rep. Lamar Smith, a Republican from Texas, to send a letter to EPA Inspector General Arthur A. Elkins, Jr. asking him to "determine whether it's appropriate to launch a full-scale review" of EPA workers' use of encrypted apps. Smith serves as chairman of the Committee on Science, Space and Technology, while LaHood is vice chairman of the subcommittee on oversight on the Science, Space and Tech committee.

"Over the past few years, we have seen several examples of federal officials' circumventing Federal Records Act requirements and transparency generally," they wrote. "In this instance, the Committee is concerned that these encrypted and off-the-record communication practices, if true, run afoul of federal record-keeping requirements, leaving information that could be responsive to future Freedom of Information Act (FOIA) and congressional requests unattainable."

The letter requested a response from the Inspector General by February 28. The letter doesn't mean he is required to conduct a full investigation.

"The EPA OIG leadership is carefully reviewing yesterday's request from House Science Chairman Lamar Smith and Subcommittee Chairman Darin LaHood that the OIG review EPA employees' use of encrypted messaging applications to conduct official business," said the press office for the EPA Office of the Inspector General.

The EPA didn't immediately respond to CNET's request for comment.

Encryption gained a lot of scrutiny a year ago during Apple's public battle with the FBI over a request to help unlock an encrypted iPhone used in a terrorist attack. And after Democratic Party emails were hacked, Hillary Clinton and others working on her presidential campaign adopted Signal.

The letter on Wednesday cited a recent review from the EPA inspector general that found between July 1, 2014 and June 30, 2015, only 86 of the 3.1 million text messages sent or received on government-issued devices were preserved and archived as a federal record.

"Not only does this demonstrate the vast issues presented with using text messages to conduct official business, but raises additional concerns about using encrypted messaging applications to conduct official business, which make it virtually impossible for the EPA to preserve and retain the records created in this manner to abide by federal record-keeping requirements," the letter said.

Update at 3:20 p.m. PT: Adds comment from EPA Office of the Inspector General.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Life, disrupted: In Europe, millions of refugees are still searching for a safe place to settle. Tech should be part of the solution. But is it?

Read the original here:
GOP demands inquiry into EPA use of encrypted messaging apps - CNET

CSIS (Center for Strategic and International Studies) has just released its report on encryption and it comes to the same conclusions many other reports have: encryption is good for everyone and law enforcement fears are overstated and mostly-unrealized. (h/t Kevin Bankston)

The report [PDF] opens up with this statement:

It is in the national interest to encourage the use of strong encryption. No one we interviewed in law enforcement or the intelligence community disagreed with this.

The disagreement comes when law enforcement is prevented from pursuing investigative leads because of encryption. According to FBI Director James Comey and Manhattan DA Cyrus Vance, encryption is already a huge problem for law enforcement and will only get exponentially worse in the next few years. The CSIS report rebuts both of these statements.

While encryption use is growing rapidly, the share of traffic that is both of interest to law enforcement and unrecoverable is still relatively small. Most companies use encryption that allows law enforcement agencies to recover plaintext data. Most e-mail, if it uses encryption, also allows for recovery. Currently, an estimated 18 percent of global communications traffic is end-to-end encrypted. It is estimated that 22 percent of communications traffic will be end-to-end encrypted by 2019.

This is far from the encryption apocalypse promised by Comey and Vance. There's an incremental increase taking place, not an exponential one. What could pose serious problems, though, is encryption-by-default on smartphones. As the report points out, if Android devices go the way of iPhones, 99% of the world's phones would keep law enforcement locked out.

But that's only if law enforcement isn't able to access data and communications through device manufacturer/service provider cooperation, third-party app developers, email providers, and other, more old-fashioned techniques. One sure way to beat device encryption is to obtain the passcode from the user. This won't help much when the phone's owner is dead or can't be located, but compelling the production of a password is still far from settled, constitutionally-speaking. For phones secured with a fingerprint, owners are likely out of luck. A couple of courts have already reached the conclusion that providing a fingerprint isn't testimonial and has no Fifth Amendment implications.

CSIS could have put together a better estimate on how many investigations are thwarted by encryption, but law enforcement agencies -- even those fronted by encryption opponents -- aren't interested in sharing this data with the public. The report points out that the problem remains mostly theoretical. Without data, all we have are assertions from law enforcement officials that something must be done. Failure to legislate backdoors or bans will apparently lead to a sharp uptick in criminal activity except that's not happening either. The report points out that there's no data linking increased default encryption to increases in criminal activity.

As for the world's terrorism, encryption is seldom a barrier to investigations or surveillance. There's no shortage of access points to intercept communications while they're still decrypted (or post-encryption stripping). According to the CSIS report, 90% of the world's instant messages are still accessible by law enforcement, even without interception. With surveillance data-sharing being the new normal in the US, law enforcement agencies will be able to dip into NSA collections to obtain communications that might otherwise be inaccessible through a suspect's device.

The report notes that there's likely no consensus to be reached on the encryption issue. Because it protects both criminals and the innocent, it's difficult to see a nation's government -- at least those in the Western half of the world -- deciding to eliminate innocents' protections in hopes of nabbing a few more criminals. In the United States -- where certain rights have been long enshrined (if far too frequently ignored) -- the chance of anti-encryption legislation remains lowest. And, as the report's authors note, if the US doesn't make a move to curb encryption, it's unlikely the rest of the free world will do so on their own.

The law enforcement agencies making the most noise about encryption are doing the least to help their own cause. Most of what's offered is anecdotal, rather than data-based. According to the FBI's own testimony, it only has about 120 inaccessible phones in its possession. As for other law enforcement agencies, the numbers are mostly unknown. Those that have chosen to make their numbers public have failed to show anything more than the expected rise in inaccessible phones due to default encryption. While the locked devices may number in the hundreds (Cy Vance's office says 423 locked phones were seized in a two-year span, which -- according to the office's numbers -- is still only a third of the devices in law enforcement custody), they're still in the minority of those obtained.

These numbers will increase as the use of encryption increases, but if law enforcement and intelligence agencies don't like the way the future looks, they really only have themselves to blame. The report notes that the Snowden leaks -- which detailed massive surveillance programs operating under almost-nonexistent oversight -- prompted an encryption revival, both in terms of individuals doing more to ensure their privacy as well as well as device manufacturer encryption implementation.

Read the rest here:
New Report On Encryption Confirms There's More Of It, But Still Not Much Of A Problem For Law Enforcement - Techdirt

A new app is offering risqu lovers the chance to film their bedroom escapades without fear of future revenge porn reprisals, thanks to its video encryption and digital lock and key policy.

Rumukiis an application which hopes to banish the mortifying consequences of having a sex tape released either through a hack or by a scorned ex-lover.

It offers couples the extra protection of essentially a prenup for their most intimate moments, requiring both partners to give permission before the encrypted video is viewed.

Both parties devices are paired up to record the raunchy video, the video is then locked with two keys - one for each phone. If one person wants to watch it the app requires the other party to grant a playback by entering the secret key. Each permission is valid for only one playback.

The company website states that once the video is deleted from one device the steamy footage is as good as gone, reassuring users that the content is never stored on or sent to our servers.

Rumuki can be used anonymously, without providing an email account but an internet connection is needed when setting up the app and accessing playbacks. It is not necessary to be connected to the internet during the recording or syncing process, however.

The New Zealand basedcompany also claims that your kinky data is safe from hackers as videos are never sent across the internet.

It is impossible for third party attackers to gain access to your videos without local access to the network your devices are on (that includes us!).

From another perspective, however, if you accidentally delete your personal re-enactment of Fifty Shades of Grey then its impossible to retrieve, the company warns.

A whitepaperhas also been released to the public, giving a detailed security review of the tech.

However, Rumuki advises erotic users that technology can only go so far in protecting your privacy and reminds those wanting to spice up their sex lives that ultimately responsibility for the security of your data lies with the user.

READ MORE: Penis ring removals a growing problem for London fire service

Read more:
X-rated encryption: New app provides digital lock and key for homemade sex tapes - RT

NEW DELHI: As data encryption is more widely adopted to protect sensitive applications and information, Gemalto has launched two new solutions that give enterprises speed, performance and security when encrypting data across the cloud, enterprise applications and high-speed corporate networks.

Gemalto says its new SafeNet Luna HSM 7 (Hardware Security Module) offers the industrys most scalable platform to perform the highest number of simultaneous cryptographic operations including encryption, decryption, authentication and digital signing while providing total, tamper-resistant protection for cryptographic keys. The new capabilities enable enterprises to support encryption at massive scale and secure even larger volumes of encryption keys that protect sensitive information and applications in the cloud and on premise.

In addition, Gemalto has also launchedits new 100 Gbps SafeNet High Speed Encryptor that provides unmatched performance and security to protect data and sensitive communications across large-scale, high-capacity networks. The new SafeNet CN9100 High Speed Encryptor, developed by Gemalto and encryption partner Senetas, encrypts network traffic at Layer 2 to protect information sent across networks, between corporate offices and into the cloud at native speeds of 100 Gbps.

As organizations increasingly embrace the Internet of Things (IoT) and cloud-based applications, their requirements to cope with big data intensify. Streamlined management of data security controls have become vital in securing data as it moves between enterprises, multi-cloud environments, networks and devices, said Todd Moore, Senior Vice President of Encryption Products at Gemalto. This necessitates organizations to conduct more cryptographic operations in the same, or a shorter amount of time, which means they need an easy, scalable way to attach security directly to the data in order to protect it while in motion and at rest.

Read more:
Gemalto unveils enhanced cloud, IoT data encryption solutions - Voice & Data Online

"[T]he Committee is concerned that these encrypted and off-the-record communication practices, if true, run afoul of federal record-keeping requirements," Science Chairman Lamar Smith said. | Getty

Republicans in Congress and their conservative allies are demanding details about federal workers' use of encrypted messaging apps, part of a broader counterattack on employees suspected of opposing President Donald Trump's agenda.

Congressional Republicans are also pondering changes to longstanding laws that protect government workers, further stoking fears among some federal employees that the new administration's supporters are out to squash dissent.

Story Continued Below

Republicans on the House Science Committee took up the cause on Tuesday by asking EPA's inspector general to review reports that agency employees are using an app called Signal, which allows people to exchange encrypted text messages and phone calls. POLITICO reported this month that a group of fewer than a dozen EPA employees were using the app to discuss what they would do if Trump's political appointees flout the law or delete valuable scientific data.

The anti-Trump resistance has infuriated Republicans, who fear that dissenters in the government could undercut the president's policy proposals by unleashing even more embarrassing leaks. They also contend that the use of encrypted messaging circumvents federal record-keeping laws an argument Science Chairman Lamar Smith (R-Texas) echoed in Tuesday's letter.

"[T]he Committee is concerned that these encrypted and off-the-record communication practices, if true, run afoul of federal record-keeping requirements, leaving information that could be responsive to future Freedom of Information Act (FOIA) and congressional requests unattainable," wrote Smith, who organized the letter to the IG. The panel has jurisdiction over many cybersecurity issues.

Outside conservative groups have launched similar efforts.

Citing POLITICO's story, the Cause of Action Institute, a right-leaning watchdog group, filed a request under the Freedom of Information Act this month seeking EPA employees' communications using Signal. "The bottom line is: An encrypted app is basically a way to avoid transparency," Institute Assistant Vice President Henry Kerner said in an interview.

It's not just encryption that is raising eyebrows. Republican research firm America Rising filed a FOIA request this month seeking all emails sent by John O'Grady, a top union official at the EPA, that "mentions or refers to President Trump."

The FOIA request came in response to O'Grady's comments to The Washington Post that Trump's decision to firing then-acting Attorney General Sally Yates "sends kind of a chilling effect" through agencies. O'Grady did not respond to a request for comment.

"The public is entitled to know whether career federal government employees are engaged in partisan politics on the taxpayers dime," said Allan Blutstein, vice president of FOIA operations at America Rising.

EPA employees said they are not using Signal for official government business, and they raised concerns that they're being targeted because they are critical of Trump.

"I don't think anybody can dictate which apps we use on our personal time, for personal conversations," one EPA employee told POLITICO.

The debate comes as employees across the government political appointees and career officials alike are increasingly relying on encrypted messaging apps, fearing repercussions if their private conversations are made public.

National security officials have long used encrypted mobile phone software like Signal and WhatsApp to communicate with reporters and other staffers. Signal frequently comes up in articles advising people how they can communicate free of snooping from government officials or hackers, especially following the massive leaks of stolen Democratic Party emails that roiled last year's presidential election.

Trump's appointees have gotten into the act, too: The Washington Post reported this week that administration staff are using an app called Confide, which deletes messages once they are read, because they're afraid of being accused of leaking to the press.

Asked if the House Science Committee will pursue a similar probe of White House staffers use' of encrypted messaging apps, spokeswoman Kristina Baum declined to make any commitments. But she said the panel "intends to continue to monitor" cyber issues.

The growing tension across the government has some career employees worried that Republicans will try to make radical changes to laws protecting federal workers a move that could make people more fearful to speak out against Trump. Trump has already imposed a freeze on most federal hires and has promised to reduce the size of the workforce.

"Frankly, the climate has shifted rather dramatically and weve gone from a chief executive who respects civil servants to a rather bombastic, disdainful chief executive who unfortunately empowers their disparagement," Rep. Gerry Connolly (D-Va.) said in an interview.

Rep. Jason Chaffetz (R-Utah), chairman of the House Oversight Committee, is eyeing a major overhaul of the civil service system. He has discussed phasing out pensions for new government employees, instead relying on a defined-contribution plan like a 401(k), and has advocated making it easier to fire problem workers. Chaffetz reportedly talked about some of these issues during a recent meeting with Trump.

Connolly said he's concerned that the Republican Congress could win enough support to move a bill gutting civil service protections. "It is very alarming and I think frankly very destructive in terms of the fabric of a free government and a free society," he said.

In the Senate, lawmakers are also considering changes to civil service laws, but Sen. James Lankford (R-Okla.) said he is eyeing targeted tweaks that can win bipartisan support, such as efforts to improve the hiring process.

"If we can keep it small and we can keep it targeted, I think we can move it through unanimous consent," said Lankford, who chairs the Homeland Security and Governmental Affairs Committee's panel on regulatory affairs and federal management. "We need to be better at hiring. If were better at hiring we dont have to worry about firing."

Alex Guilln contributed to this story.

Excerpt from:
Conservatives demanding details on federal workers' encryption use - Politico

Slide: 1 / of 2. Caption: Open Whisper Systems

Slide: 2 / of 2. Caption: Open Whisper Systems

Even as the encryption app Signal became the go-to private communications channel for activists, journalists, politicians, and more, its encrypted calling feature remained less than perfect. It lacks video, often drops calls, and doesnt always integrate with your phones existing features. A Signal update gradually rolling out now upgrades the calling features and adds video, toobut might require its most privacy-sensitive users to take an extra step to protect themselves.

On Tuesday, Signals creators at the non-profit Open Whisper Systems announced a beta version of the update that, in addition to video calling, adds the ability to answer calls from a locked screen, and what they promise will be better call quality. For now, anyone who receives the update can choose activate those new features in the advanced menu under Signals settings. We want Signal to be a joy to use, says Moxie Marlinspike, Open Whisper Systems founder. Were constantly focused on continuing to refine it and add features and functionality that we think people will love.

But anyone testing the beta who links their iPhone to iCloud and wants the same level of privacy Signal has always offered should consider an extra step, too: Disabling a setting that uploads a calls metadata to Apple. The beta upgrade to Signal will use CallKit, Apples framework for allowing VoIP calls like Signals, to be integrated more completely into the calling functionality of the phone. But that also means calls will be recorded in the iPhones call log and, for iCloud users, shared with Apples server. iOS treats CallKit calls like any other call, however that also means some information will be synced to iCloud if enabled, Open Whisper Systems warns. This information includes who you called and how long you talked.

For anyone who cringes at the thought of leaking that metadata, however, the new Signal beta will let you turn CallKit integration off on the same Advanced menu in the apps settings. CallKit integration will only be used if its enabled on both ends of the callif you disable it, your metadata wont be leaked by your contacts phone, either. And Open Whisper Systems is still considering whether the version of Signal it pushes out after this beta will integrate CallKit by default, or as an opt-in feature.

How we handle CallKit once this is the default experience isnt entirely resolved, Marlinspike says. He suggests that the app could mere display Signal users in the iPhones call log to protect users identities, or Signal may walk users through its settings when once installed, to help people choose their privacy preferences. There are a bunch of things we can do other than just having it on by default.

Signals popularity grew in part because it has long made certain privacy tradeoffs to make the app more usable. It integrates a phones existing contacts for convenience, for instance, but requires that a number be added to a phones contact list before it can be called. That means if the phone backs its contacts up to the cloud, some sensitive details could be leaked. And Signal has avoided a federation feature that would allow Signal users to set up their own server to communicate over, rather than use Signals more centralized system.

Aside from the CallKit change, Signal has also fully redesigned its VoIP protocol and reworked how it authenticates that bad actors arent surreptitiously impersonating users during calls. In the past, Signal has offered two unique words generated on the callers screens from their encryption keys. The callers each read out a word, and if they match, they can be sure no man-in-the-middle is eavesdropping on their call. In the new version, Signals voice and video calling will drop those word pairs and instead use the same authentication system as its text messaging feature, which depends instead on simply warning users if their contacts encryption key has suspiciously changed.

All of that means Signal is making the process of an encrypted call feel far more like making a normal one. The next time youre foiling the eavesdroppers trying to listen in on your secret conversations, in other words, you may not even notice.

Continue reading here:
The Best Encrypted Chat App Now Does Video Calls Too - WIRED

Security

Common Sense Education has made its encryption-checking tools available as open source so that anybody can check out the security settings of education technology products.

The release of its security scanning scripts follows on a project to check over the encryption practices of technology commonly used within schools. That effort, undertaken in October 2016, found that a "significant number" of companies don't provide even the most basic support for encryption.

Encryption is the process of converting data into a form that's unreadable by anybody but the user who holds the code needed to reverse the encryption. Transport Layer Security (TLS), sometimes referred to as Secure Socket Layer (SSL), is a set of technologies that protect the security and privacy of internet communications; and it uses encryption to prevent information from being read on the network by unauthorized viewers. For example, if a student is working on homework at a WiFi hotspot, anything sent without encryption such as a user name or password could be captured through snooping and freely read by others on the same network.

For the testing process, the non-profit ran automated tests on 1,221 logins used by 1,128 vendors that have products in schools all over the country. The testing excluded sites that don't require a login, that are no longer in business or that for "whatever technical reason" didn't load properly. Slightly more than half of the resulting companies (52 percent) require encryption; 25 percent don't support it at all; and another 20 percent don't require an encrypted connection.

Interestingly, Common Sense Education found that one well known vendor enables encryption in districts in states where laws require "reasonable security" and avoids it in some districts in other states where the laws aren't as rigorous. Another product intended to be used by students of all ages supports encryption in some product offerings and not in others. And "multiple" companies take a request for an encryption connection and redirect it to an unencrypted connection.

Currently, the company hasn't released a list of the vendors tested or their individual results, preferring to keep the findings in aggregate to give companies a chance to improve their encryption practices. However, the organization has stated that it will rerun the survey with the hope of seeing an increased use of encryption.

Even then, though, Common Sense would also like people to be able to run the tests themselves. That's why the testing code has been made available as an open source project. As Bill Fitzgerald, director of its privacy initiatives, wrote in a blog article, "It's not complicated." The GitHub repository where the code is available includes documentation that describes how to check individual URLs and even "batch-process hundreds or thousands of URLs."

As Fitzgerald recommended, "If you're a vendor, we strongly recommend that you use this script to check the login URLs of your products. If you're in a school or district, use this script as part of a quick triage when you're evaluating technology."

About the Author

Dian Schaffhauser is a senior contributing editor for 1105 Media's education publications THE Journal and Campus Technology. She can be reached at dian@dischaffhauser.com or on Twitter @schaffhauser.

More here:
Free Tool Lets Schools Test Encryption of Ed Tech Software - T.H.E. Journal

Seagate announced today that its lineup of HDDs and SSDs meant for use in federal agencies would be enhanced with support for Fornetix Key Orchestration services and products.

The products in question are part of Seagates Government Solutions portfolio, which are compliant with the Federal Information Processing Standard Publication 140-2 (FIPS PUB 140-2). This is a US government standard for computer security which is in place for the approval of cryptographic modules.

By partnering with Fornetix, Seagate aims to strengthen cybersecurity and simplify management of digital keys that help secure data from HDDs and SSDs.

This move provides yet another layer of security, meeting the strict needs of federal agencies and helping them more efficiently deal with external and internal cybersecurity threats. Beyond that, the partnership will offer an easier way to ensure and manage data encryption.

At the RSA Cybersecurity Conference this week, Jack Wright, chief operating officer and acting chief executive officer of Fornetix LLC stated that:

Our secure key management, coupled with Seagates experience securely managing data from the drive to the systems level, provides users with a set of technology tools that make data encryption more affordable, secure and easier to manage

The products provided by the two companies are part of the Multilevel Security (MLS) Ecosystem, "a joint effort in collaboration with multiple organizations to address data-security requirements for the federal government. "

This system is also meant to accommodate various levels of security clearance from one storage platform.

Source: Seagate

Excerpt from:
Seagate aims to strengthen cybersecurity with new data encryption capabilities - Neowin