Category Archives: Encryption

FBI director slams Apple over iPhones encryption

Posted on by

FBI director James Comey says he doesn't understand why Apple and others are making devices that allow people to place themselves beyond the law. Photo: Reuters

FBI director James Comey sharply criticised Apple and Google on Thursday for developing forms of smartphone encryption so secure that law enforcement officials cannot easily gain access to information stored on the devices - even when they have valid search warrants.

His comments were the most forceful yet from a top government official but echo a chorus of denunciation from law enforcement officials across the United States. Police have said that the ability to search photos, messages and web histories on smartphones is essential to solving a range of serious crimes, from murder to child pornography to attempted terrorist attacks.

"There will come a day when it will matter a great deal to the lives of people that we will be able to gain access" to such devices, Mr Comey told reporters in a briefing. "I want to have that conversation [with companies responsible] before that day comes."

Hard to crack: The new iPhone 6. Photo: Daniel Munoz/Fairfax Media via Getty Images

Mr Comey added that FBI officials already have made initial contact with the two companies, which announced their new smartphone encryption initiatives last week. He said he could not understand why companies would "market something expressly to allow people to place themselves beyond the law".

Advertisement

Mr Comey's remarks followed news last week that Apple's latest mobile operating system, iOS 8, is so thoroughly encrypted that the company is unable to unlock iPhones or iPads for police. Google,meanwhile, is moving to an automatic form of encryption for its newest version of Android operating system that the company also will not be able to unlock, though it will take longer for that new featureto reach most consumers.

Both companies, contacted on Thursday afternoon in the United States, declined to offer immediate reaction to Mr Comey's comments.

The FBI is unhappy with Apple iPhone encryption levels. Photo: Mark Lennihan.

Read the original here:
FBI director slams Apple over iPhones encryption

Apple, Google default cell-phone encryption “concerns” FBI director

Posted on by

"What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law," Comey told reporters. He said the bureau has reached out to Apple and Google "to understand what they're thinking and why they think it makes sense."

The move to encryption is among the latest aftershocks in the wake of NSA leaker Edward Snowden's revelations about massive US government surveillance.

Last week, Apple announced the enhanced encryption for iOS 8, which Apple says makes it impossible for the company to decrypt a locked device, even for law enforcement. While Android's encryption was optional, it works similarly. In its upcoming Android L release, encryption will be enabled by default.

Apple chief Tim Cooktold PBS News last week that "People have a right to privacy. And I think that's going to be a key topic over the next year or so." When announcing the change,Google spokeswoman Niki Christoff last week said "As part of our next Android release, encryption will be enabled by default out of the box, so you don't even haveto think about turning it on."

Ars' all-knowing Android expert, Ron Amadeo, cautions Androidfans. "...if you are looking to keep something safe from prying eyes, Google can reset the pattern unlock on Android devices for law enforcement. Use PIN or Password."

The weak link in the law enforcement scenario for Google and Apple is cloud storage. Companies can and will turn cloud data over to the police, and Google has even done it proactively. Smartphones today have cloud backup systems for just about everything, so while this will probably protect you from individuals trying to snoop in on a stolen or resold phone, there's nothing to stop the police from getting a warrant for data on your phone or for data stored in the cloud connected to your account.

Read more here:
Apple, Google default cell-phone encryption “concerns” FBI director

Encrypting Cloud Email Isnt as Easy You’d Think

Posted on by

Fund managers need to consider who holds the encryption keys for cloud-based email, or face potential legal risks.

One of the major stumbling blocks of moving email into the cloud is the perceived data security problem. While there are many benefits to using cloud-based systems, the downside is that data security and privacy is always a top concern for financial firms.

Sandton Capital, a New York-based private equity firm focused on alternative credit opportunities, decided not to host email on its own premises. Instead, it chose to use Gmail, hosted by Google. As the investment firm grew, and it looked at the kind of data it was emailing, it began to focus on the safety and security of this information. With so much of its confidential data related to investors and lenders via email, Sandton turned to cloud-based encryption to protect its data.

We looked at Gmail for a number of ways to encrypt it, and none of them were very seamless, says Rael Nurick, managing partner at Sandton Capital, which manages a $750 million investment fund. While Google offered email encryption, the process required the recipient to register on a different website to decrypt and open the email. In addition, Sandton used Google Apps and found it wasnt that good at seamlessly syncing with other devices.

While hackers and cyber security data breaches are always a concern, this was not the reason that Sandton was concerned about protecting its email. With $750 million under management, there are several hundred positions in its portfolio. We send emails about those positions, and theres information on investors, too, Nurick tells us.

[Do you aspire to the C-suite, or some other spot in upper IT management? Then bulk up your credentials around today's most pressing IT movement, digital business, at the InformationWeek IT Leadership Summit.]

Nurick says that, although security from hackers is important, the firm was even more concerned about outside parties accessing Sandtons emails through a subpoena or legal proceeding. Often, when an email hosting provider is issued a subpoena, it complies immediately and turns over the required emails immediately. Without any oversight by Sandton, he felt, the actions by an email hosting service could add vulnerabilities.

Since Sandtons specialty is purchasing under-performing bank loans and providing rescue finance to troubled companies, it does get into litigation occasionally. The private equity firm had two different sets of data it needed to protect:

Most importantly, Sandton needs to make sure that no outside party, even if they get hold of the data, can read the information, Nurick says.

Different flavors of cloud encryptionNurick feared that he would lose control of his data to third-party hosting companies if they were to receive a court order to turn over confidential email. Big hosting companies like Microsoft and Google have no incentive to do anything but give away all of your emails.

Read this article:
Encrypting Cloud Email Isnt as Easy You'd Think

Flyme OS Ported to the Google Nexus 5, Android L Will Have Default Data Encryption – Video

Posted on by


Flyme OS Ported to the Google Nexus 5, Android L Will Have Default Data Encryption
Flyme OS has been ported to the Google Nexus 5! That and much more news is covered by Jordan when he reviews all the important stories from this weekend. Included in this weekend #39;s news is...

By: xdadevelopers

More:
Flyme OS Ported to the Google Nexus 5, Android L Will Have Default Data Encryption - Video

Google Fires Back at Tim Cook, Says Android L Will Protect Users With Encryption

Posted on by

Both Apple, Inc. (AAPL) and Google Inc. (GOOG) are stepping up their game when it comes to mobile encryption.

I. Don't Spy on Me

On the eve of the launch of the iPhone 6 and 6+, Apple CEO Timothy Cook countered accusations that Apple assisted in government spying, stating that Apple firmly believed in protecting client privacy and was incorporating state-of-the-art encryption into iOS 8 to protect all of your data.

Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.

But much like Apple's privacy makeover with iOS 8, Google is planning a privacy ramp-up of its own with the upcoming Android L (presumably Android 5.0).

II. Android L to Feature Strong Encryption as Well

In a statement to The Washington Post, company spokeswoman Niki Christoff responded to Tim Cook's criticism, saying it was invalid as Google too was adding encryption in its next major release (Android L).

The report says that this security step-up is not a reactionary move towards Apple. Rather it's been in the works for many months.

III. Android vs. iOS: The Encryption Story

Digging further into Apple and Google's relative security, both firms are relatively comparable from a features standpoint, using the latest and greatest ARM Holdings plc (LON:ARM) 64-bit processing technologies to accelerate strong encryption of local data.

See original here:
Google Fires Back at Tim Cook, Says Android L Will Protect Users With Encryption

Android L to get default encryption – report

Posted on by

After Apple's iPhone 6 and iOS 8, Google will soon enable encryption by default on devices running Android L, the upcoming latest version of its operating system for mobile devices.

It quoted Google spokeswoman Niki Christoff as saying encryption in the next Android release "will be enabled by default out of the box, so you won't even have to think about turning it on.

For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement, she said.

But the report also said it could take months at least before most Android devices are encrypted by default.

Also, while the feature will mean more privacy for users, it will make it harder for law enforcers to gain access to personal data kept on smartphones.

See more here:
Android L to get default encryption – report