Category Archives: Encryption

Obama administration’s encryption concerns meant to start a debate

Posted on by

U.S. President Barack Obamas administration still believes in the use of encryption to protect digital information, even after top officials have questioned how law enforcement agencies will get access to data on encrypted devices, a White House advisor said.

There is no scenario in which the U.S. government wants weaker encryption, Michael Daniel, the White Houses cybersecurity coordinator, said Thursday.

But Obama and other officials have raised questions about how to deal with technology that puts information literally beyond the reach of law enforcement under any sort of due process, Daniel said during a discussion about encryption and law enforcement at the Information Technology and Innovation Foundation in Washington, D.C.

In recent months, FBI director James Comey, U.S. National Security Agency director Michael Rogers and Obama himself have all raised concerns about law enforcement access to encrypted communications.

The officials raised those concerns after moves by Apple and Google to include encryption on smartphone operating systems, in part in response to news reports about large-scale surveillance programs at the NSA. But the concerns were meant to kick start a broad public debate about the amount of data law enforcement agencies should have access to, Daniel said.

Daniel didnt offer any suggestions about how to allow police access to encrypted data without building back doors into devices, but he said its important for the U.S. to work out a process that is acceptable to police, to tech vendors and to the public. The U.S. needs to come up with a solution that it can show the rest of the world as an alternative to more invasive options being pushed by China and other countries, he said.

This is a problem thats worth a lot of graduate students time, he said.

The debate about law enforcement access to electronic devices isnt going away, with the growing adoption of the Internet of things, drones and autonomous vehicles, noted Daniel Castro, vice president at ITIF. Law enforcement agencies will have interest in similar levels of access to those technologies as it does to smartphones and other devices, he said.

Other speakers at the ITIF event questioned how a new U.S. policy could create a process for law enforcement agencies to get access to encrypted data without also exposing that data to cyberattackers.

So far, encrypted communications havent created much of a problem, with the U.S. Courts 2013 wiretap report showing only nine cases nationwide where encryption limited police from gaining access to information, said Amie Stepanovich, senior policy counsel at Access, a digital rights group.

Continue reading here:
Obama administration's encryption concerns meant to start a debate

Software Development Kit simplifies database security.

Posted on by

Tools brings easy encryption for database fields and file names

MILWAUKEE, -- PKWARE today introduced new, easy-to-use features in its Smart Encryption Software Development Kit (SDK) to provide architects with strong encryption they can trust. As data breaches multiply, more businesses are looking at data level strategies to protect their customers and assets from threats inside and outside the organization.

"As internal enterprise networks become as vulnerable as the public Internet, databases are routinely accessed by snoops and thieves, requiring security at the field level," said Matt Little, vice president of product development at PKWARE, Inc. "Modern architects need security they can easily embed into their existing systems. The field level encryption provided by our software development kit makes this process efficient and painless."

PKWARE's Smart Encryption SDK, is currently in use by tens of thousands of businesses and developers around the world. New features include:

-- Field-level encryption: Protects sensitive information in databases at the field level allowing organizations in financial services, government and healthcare to maintain compliance. -- Length + Format preserving protection: Preserves database schemas requiring only minimal changes to applications. Solidifies integrity for fields containing fixed length or format specific values like Social Security or credit cards numbers without compromising referential integrity.

These new features were created in response to encryption needs from security architects and database administrators at a major financial services firm needing interoperable protection for structured and unstructured data.

To find out more about how to easily embed encryption into everything from databases and servers to partner sharing portals and the cloud, visit: https://www.pkware.com/software/developer-tools

About PKWARE PKWARE's Smart Encryption armors data at its core, eliminating vulnerabilities everywhere it is used, shared or stored. Smart Encryption is easily embedded and managed without changing the way people work. Integrated across all enterprise systems, platforms and languages, Smart Encryption fortifies information security inside and outside the organization. For nearly three decades, PKWARE has provided security and compression software to more than 30,000 enterprise customers, including 200 government entities. PKWARE invented .ZIP, the world's most widely used, file-based open standard.

Media Contacts: Justin Kern 414-908-2976 justin.kern@pkware.com

Go here to see the original:
Software Development Kit simplifies database security.

Did GCHQ crack encryption? Parliament’s security committee suggests GCHQ can read encrypted communications

Posted on by

Today's report from Parliament's Intelligence and Security Committee has suggested that GCHQ has broken computer encryption systems and is able to read messages that ought to be secure.

The admission is made at the bottom of page 67 of the report.

Under the headline, "Reading Encrypted Communications", it states: "Terrorists, criminals and hostile states increasingly use encryption to protect their communications. The ability to decrypt these communications is core to GCHQ's work, and therefore they have designed a programme of work - [redacted] - to enable them to read encrypted communications."

The report states that there are three main strands to GCHQ's work, two of which are redacted in the report, but the third simply reads "developing decryption capabilities". The wording of the report, though, suggests that GCHQ has already achieved this, although how efficiently and quickly it is able to do so, and what encryption systems it refers to, remains open to question.

The report claims that such encryption-cracking is legal under section three of the Intelligence Services Act, which empowers the security services to, "monitor or interfere with electromagnetic, acoustic and other emissions and any equipment producing such emissions and to obtain and provide information derived from or related to such emissions or equipment and from encrypted material".

No additional ministerial or judicial authorisation is required for these activities, claims the report, although there is an internal procedure that the committee redacted from the report.

"Many people believe, based on the Snowden leaks, that GCHQ systematically undermine and weaken common internet encryption products," claims the committee. But under questioning, representatives of GCHQ claimed that they "have increasingly taken into account the interests of members of the public who will use relevant products".

One of the early claims arising from the disclosures by US National Security Agency (NSA) whistleblower Edward Snowden was that the NSA had "circumvented or cracked" internet encryption.

One of the ways in which it did this was by nobbling an encryption standards-setting committee to incorporate technology it knew to be flawed. It could then exploit those flaws when the technology was commercially deployed.

It also paid RSA Security, one of the best-known security software companies, $10m to incorporate flawed technology in its products and NSA-compromised technology was later found in a second security tool, the Bsafe security suite, sold by RSA.

View original post here:
Did GCHQ crack encryption? Parliament's security committee suggests GCHQ can read encrypted communications

Influencers: Stronger encryption on consumer devices won’t hurt national security (+video)

Posted on by

Three-quarters of Passcode's Influencers disagree with FBI Director James Comey, insisting stronger encryption on consumer devices would not hinder law enforcement and intelligence agencies so much that it would harm national security.

"Its crucial that users demand the highest level of security to both protect our personal privacy and mitigate the potential harm that can result from theft of personal data. Unquestionably, encrypting the content of smartphones makes it more difficult to access that information; thats the point," said Nuala O'Connor, head of the Center for Democracy and Technology. "However, there are still many legal channels police can pursue to access encrypted data."

Mr. Comey and intelligence officials have criticized companies such as Google and Apple for strengthening encryption on consumer devices because they say it will stymie law enforcement as they track criminals and terrorists. While the 73 percent of Influencers largely acknowledged that encryption will occasionally pose some obstacles to law enforcement, they insisted they were not severe enough to justify built-in government access to data.

"Evidence that this is a serious problem demanding a policy response is laughably weak," said Cato Institute senior fellow Julian Sanchez.

"We live in a Golden Age of Surveillance. Never in human history have police had such easy access to such vast quantities of data about people. They'll still be able to use subpoenas or court orders (and the threat of contempt penalties or even obstruction charges) to compel people to decrypt data; they can still surreptitiously attempt to get people's passphrases through physical surveillance," Mr. Sanchez continued. "It is flat out insane to suggest that we should undermine the security of a technology used by hundreds of millions of people for legitimate purposes because of the minuscule fraction of cases where crypto will be the make-or-break factor in a legitimate investigation."

Security pros also had objections, taking issue with intelligence officials' assertions that it would be technologically feasible to provide government access to encrypted data through a secure channel without compromising users' security.

"Much greater harms to national security would result from the government deliberately weakening encryption protocols (again) as the FREAK vulnerability demonstrated this past week," said Chris Finan, chief executive officer of Manifold Security. "DC policymakers shouldn't seek a middle-ground solution on this issue, because it simply doesn't exist when it comes to cryptography.

Get Monitor cybersecurity news and analysis delivered straight to your inbox.

"The only answer is to support the strongest possible encryption protocols, while also enabling law enforcement professionals with the resources needed to conduct classic police work," Mr. Finan continued."The FBI director should realize that the days of relying on backdoor technology shortcuts are over. Encryption is as empowering a technology as gunpowder or firearms, policymakers need to appreciate the irreversibility of this paradigm shift and adapt. Quite simply, governments no longer enjoy a monopoly on technologies like cryptographic protocols or offensive cyberwarfare exploits. There are no tech magic bullets to address these policy challenges."

The Passcode Influencers Poll brings together a diverse group of more than 80 security and privacy experts from across government, the private sector, academia, and the privacy community. To preserve the candor of their responses, Influencers have the choice to keep their comments anonymous, or voice their opinions on the record.

See more here:
Influencers: Stronger encryption on consumer devices won't hurt national security (+video)