Category Archives: Encryption

Oct. 17, 2014 HIPAA Chat, Topic: Encryption and Other Measures to Secure PHI – Video

Posted on by


Oct. 17, 2014 HIPAA Chat, Topic: Encryption and Other Measures to Secure PHI
This month #39;s HIPAA Chat Q A looked at various ways providers and encrypt and secure ePHI. For more information about HIPAA Chat, visit: http://www.hitechanswers.net.

By: HITECH Answers

Read more here:
Oct. 17, 2014 HIPAA Chat, Topic: Encryption and Other Measures to Secure PHI - Video

FBI Director: Encryption Will Lead to a ‘Very Dark Place’

Posted on by

FBI Director James Comey looks on during a news conference at the bureau's Salt Lake City office on Aug. 19, 2014, in Salt Lake City.

Image: AP Photo/Rick Bowmer/Associated Press

By Lorenzo Franceschi-Bicchierai2014-10-16 17:20:27 UTC

FBI Director James Comey says the spread of encryption, aided by Apple and Google's new security measures, will lead to "a very dark place" where police might not be able to stop criminals.

To avoid that, tech companies need to cooperate and build surveillance-friendly systems when police comes knocking at their door, Comey said on Thursday during a speech in Washington, his first major speech since becoming director last year.

"If the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place," Comey said during his speech at the Brookings Institution titled "Going Dark: Are Technology, Privacy and Public Safety on a Collision Course?"

The solution, Comey said, is to expand a 1990s-era law to emcompass Internet companies like Google or Apple. The Communications Assistance for Law Enforcement Act (commonly known as CALEA), currently compels telecommunication companies such as Verizon or AT&T to build systems that can be wiretapped. The law, however, doesn't cover companies like Google, Facebook or Apple.

"Ideally, I'd like to see CALEA written so that a communications provider has an obligation to build a lawful intercept capability into the product that they provide, not that we hold some universal key," Comey said. "We need our private sector partners to take a step back, to change course. We need them to do the right thing."

For civil liberties advocates, as well as technologists, Comey's proposal amounts to asking companies to build "backdoors" into their systems which, they worry, could be exploited by hackers and cybercriminals alike.

Backdoors, as Columbia University computer science professor Steven Bellovin once said, are "a disaster waiting to happen" because it's technically impossible to build a backdoor that can be used solely by law enforcement agencies.

See the article here:
FBI Director: Encryption Will Lead to a 'Very Dark Place'

FBI Director: Mobile encryption could lead us to ‘very dark place’

Posted on by

Summary: Apple's and Google's encryption plans have not gone down well with US law enforcement, and the agency's director says the companies are leading us down a dark path.

FBI Director James Comey believes that in a "post-Snowden" world, the pendulum has swung too far and unchecked encryption could lead us all to a "dark, dark place" where criminals walk free.

Speaking at an event at the Brookings Institute in Washington, D.C., Comey said that public misconceptions over the data collected by the US government and technological capabilities of agencies such as the NSA have encouraged heightened encryption but the consequences could be dire.

The FBI chief, who has been in his post just over a year, said that "the law hasn't kept pace with technology, and this disconnect has created a significant public safety problem." In particular, "Going Dark" worries law enforcement the most the spectre of facing black spots in surveillance, and not being able to gather or access evidence related to suspected criminals.

"We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so," Comey admitted.

Current law governing the interception of telecommunications data and records requires broadband and network providers to build interception capabilities into their networks, under the terms of the Communications Assistance for Law Enforcement Act (CALEA). However, this law was brought in 20 years ago and now technology has outstripped this legislation, as new communication technologies are not necessarily covered by the act.

According to the FBI Director, "if the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place." Comey commented:

Encryption is nothing new. But the challenge to law enforcement and national security officials is markedly worse, with recent default encryption settings and encrypted devices and networks all designed to increase security and privacy.

Encryption isn't just a technical feature; it's a marketing pitch. But it will have very serious consequences for law enforcement and national security agencies at all levels.

The remarks were made in reference to Google and Apple, both of which have pledged to encrypt their mobile devices by default. Apple has recently added two-factor authentication to iCloud following celebrity photo leaks, and in iOS 8, the encryption keys are given to the customer. On the heels of Apple's announcement, Google said this level of encryption will also be enabled in the next version of Android.

Go here to see the original:
FBI Director: Mobile encryption could lead us to 'very dark place'

US government fines Intel’s Wind River over crypto exports

Posted on by

Top 5 reasons to deploy VMware with Tegile

The US Government has imposed a $750,000 fine on an Intel subsidiary for exporting encryption to China, Russia, Israel and other countries

Wind River Systems was fined for exporting products that incorporated encryption to foreign governments and to organisations on the US government restricted list. The controversial move means the US Department of Commerce appears to be coming down heavily against the export of encryption even in cases where no export to sworn enemies of the US (Iran, Cuba and North Korea etc.) is involved.

The Intel subsidiary was fined for falling to get Department of Commerce licenses for a modest piece of business, valued at under $3m. As such the fine represents a slap on the wrist, but it's still a clear signal that priorities are changing.

Previously self-reported cases of crypto export used to be handled by a warning only. Multinational commercial law firm Goodwin Procter warned its clients to treat what happened to Wind River as the new normal.

We believe this to be the first penalty BIS has ever issued for the unlicensed export of encryption software that did not also involve comprehensively sanctioned countries (e.g., Cuba, Iran, North Korea, Sudan or Syria). This suggests a fundamental change in BISs treatment of violations of the encryption regulations.

Historically, BIS has resolved voluntarily disclosed violations of the encryption regulations with a warning letter but no material consequence, and has shown itself unlikely to pursue such violations that were not disclosed. This fine dramatically increases the compliance stakes for software companies a message that BIS seemed intent upon making in its announcement.

Senior FBI and US government law officers have repeatedly complained over recent weeks about plans by Apple and Google to incorporate enhanced security into smartphones. Now, as Techdirt notes, the conflict between government regulation and the tech industry is moving onto the renal original turf of the first crypto wars of the late 90s - the export of strong encryption.

Strong cryptography was classified as a weapon and subject to export controls back in the 90s. This approach fell into disfavour for several good reasons that are even more relevant today than they were 20 years ago.

Firstly cryptography is essentially applied mathematics and the knowledge is already out there. Secondly decent cryptography is a fundamental component of any computing system that aspires to be secure.

Originally posted here:
US government fines Intel's Wind River over crypto exports

FBI director attacks tech companies for embracing new modes of encryption

Posted on by

The FBI director, James Comey, speaks about the impact of technology on law enforcement in Washington on Thursday. Photograph: Jose Luis Magana/AP

The director of the FBI savaged tech companies for their recent embrace of end-to-end encryption and suggested rewriting laws to ensure law enforcement access to customer data in a speech on Thursday.

James Comey said data encryption such as that employed on Apples latest mobile operating system would deprive police and intelligence companies of potentially life-saving information, even when judges grant security agencies access through a warrant.

Criminals and terrorists would like nothing more than for us to miss out, he said. Technologists have found such statements reminiscent of the Crypto Wars of the 1990s, an earlier period in which the US government warned about encryption constraining law enforcement.

Framing his speech at the Brookings Institution as kickstarting a dialogue and insisting he was not a scaremonger, Comey said encryption threatens to lead us all to a very, very dark place.

Comey also posed as a question whether companies not subject currently to Calea should be required to build lawful intercept capabilities for law enforcement, something he contended would not expand FBI authorities. Calea is a 1994 surveillance law mandating that law enforcement and intelligence agencies have access to telecommunications data, which Comey described as archaic in the face of technological innovation.

Im hoping we can now start a dialogue with Congress on updating it, Comey said.

Privacy advocates contend Comey is demagoguing the issue.

It took a June supreme court ruling, they point out, for law enforcement to abandon its contention that it did not require warrants at all to search through smartphones or tablets, and add that technological vulnerabilities can be exploited by hackers and foreign intelligence agencies as well as the US government. Additionally, the FBI and police retain access to data saved remotely in the so-called cloud where much data syncs for storage from devices like Apples for which companies like Apple keep the encryption keys.

Comey, frequently referring to bad guys using encryption, argued access to the cloud is insufficient.

Read the original here:
FBI director attacks tech companies for embracing new modes of encryption

FBI: cellphone encryption would impede criminal investigations

Posted on by

Photo by Getty Images.

Privacy advocates and technology experts called the concerns exaggerated and little more than recycled arguments the government has raised against encryption since the early 1990s.

Likening encrypted data to a safe that cannot be cracked or a closet door that wont open, Comey said the move by tech companies to protect user communications in the name of privacy is certain to impede a wide range of criminal investigations. New legislation to allow law enforcement to intercept communications is needed at a time of advancing technology and new forms of communication, he said.

We have the legal authority to intercept and access communications from information pursuant to court order, but we often lack the technical ability to do so, Comey said in a Brookings Institution speech. Comey cited particular cases in which he said access to cell phone data aided in a criminal investigation. But in a question-and-answer session after the speech, he said he could not cite particular instances in which someone was rescued from danger who wouldnt have been had law enforcement been blocked from that information.

Logic tells me there are going to be cases like that, Comey said.

The speech, which echoes concerns he and others in law enforcement have previously made, comes soon after announcements by Apple and Google that their new operating systems will be encrypted, or protected with coding by default. Law enforcement officials could still intercept conversations but might not be able to access call data, contacts, photos and email stored on the phone.

While the companies actions are understandable, Comey said, the place they are leading us is one we shouldnt go to without careful thought and debate.

Encryption isnt just a technical feature. Its a marketing pitch. But it will have very serious consequences for law enforcement and national security agencies at every level, Comey said.

The governments concerns may also center in part on the use of Apples iMessage platform, which offers end-to-end encrypted text messages that supersede traditional SMS messages. That kind of encryption likely provides access to those messages on users iPhones, of which Apple has sold more than 240 million since 2013.

He acknowledged a rise in public mistrust of government in the year since former National Security Agency systems analyst revealed NSA secret intelligence collection programs. But he said the public was wrong to believe that law enforcement can access any and all communications with the flip of a switch.

Read the original post:
FBI: cellphone encryption would impede criminal investigations

FBI director calls for greater police access to communications

Posted on by

Apple and Google should reconsider their plans to enable encryption by default on their smartphones, and the U.S. Congress should pass a law requiring that all communication tools allow police access to user data, U.S. FBI Director James Comey said.

Comey, repeating his recent concerns about announcements from Apple and Google to offer new encryption tools on their smartphone OSes, went a step further Thursday, when he called on Congress to rewrite the 20-year-old Communications Assistance for Law Enforcement Act.

Following the past 15 months of leaks about surveillance at the U.S. National Security Agency, the pendulum of public opinion has swung too far away from law enforcements needs, Comey said in a speech at the Brookings Institution.

CALEA requires telecom carriers to give police access to telephone conversations, but Comey called on Congress to expand it to cover the wide range of communication apps and devices not anticipated by lawmakers in 1994.

New encryption tools, combined with a huge number of communication tools not covered by CALEA, means law enforcement agencies are often going dark when attempting to track down criminals and terrorists, Comey said.

Ive never been someone who is a scaremonger, he added. But Im in a dangerous business. So I want to ensure that when we discuss limiting the court-authorized law enforcement tools we use to investigate suspected criminals, that we understand what society gains, and what we all stand to lose.

Comey said his goal with the speech was to open a dialog about law enforcement access to communications, and several audience members pushed back against his call for more surveillance capabilities.

Asked about NSA surveillance, Comey said he understands why companies are marketing encryption tools. The push for privacy comes from justifiable surprise on the part of the U.S. as to the extent and nature of the surveillance being conducted, he said. I can understand people being freaked and surprised, but Ive yet to see the rogue conduct, the lawless conduct, that people talk about.

However, the scope of some of the surveillance was breathtaking to people outside the law enforcement and intelligence communities, he added.

Other audience members questioned the international implications of increased law enforcement access to all communication tools. If U.S. law enforcement agencies demand access, so will other governments, said Greg Nojeim, senior counsel at digital rights group the Center for Democracy and Technology.

Go here to read the rest:
FBI director calls for greater police access to communications