This is a living guide to encryption: what it is, what it isnt, why its controversial, and how it might be changed. This guide will be updated as events warrant.

Encryption is the process of scrambling information so only the intended recipients can decipher it. An encrypted message requires a key a series of mathematical values to decrypt it. This protects the message from being read by an unwanted third party. If someone without the key tries to hack in and read the message, theyll see a set of seemingly random characters. Using modern encryption techniques, extracting the original message without the key is nearly impossible.

That basic process is a fundamental building block of network security, ensuring that information can travel over the public internet without being intercepted in transit. Without some form of encryption, it would be impossible to implement basic online services like email, e-commerce, and the SSL system that verifies webpages.

While most uses of encryption are uncontroversial, the wide availability of techniques has opened up new political questions around lawful access. Presented with a warrant for a particular users information, businesses are legally required to turn over all the information they have. But if that information is encrypted and the company doesnt have the key, there may be no way to work back to the original data.

Some products hold copies of user keys and decrypt data when served with a warrant, including Gmail, Facebook pages, and most cloud storage providers. But messaging apps like WhatsApp, Telegram, and Signal do not, and the device encryption used by iOS also makes the phones local data inaccessible. That approach has both privacy and security benefits: since the data is not available outside of the local device, the apps are far more resilient to breaches and centralized attacks.

In 2014, James Comey, the then-director of the FBI, wrote a memo spelling out his concerns about encryption. Those charged with protecting our people arent always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority, he wrote.

Comey went on to warn that encryption would make it more difficult for law enforcement to catch suspected criminals. If communications are encrypted by default, he said, the government cant monitor and collect communications, even if a judge allows them to do so. Encryption, he summarized, will have very serious consequences for law enforcement and national security agencies at all levels. Sophisticated criminals will come to count on these means of evading detection. Its the equivalent of a closet that cant be opened. A safe that cant be cracked. And my question is, at what cost?

The governments position on encryption hasnt evolved a whole lot in the intervening years. Attorney General William Barr and Sen. Lindsey Graham (R-SC) argued last year that hardened encryption makes it difficult to figure out when messaging platforms are used to coordinate crimes. If a large-scale terrorist attack is carried out, the government needs to act quickly to understand the national security risks. Hardened encryption could make this discovery process harder.

In 2016, in the wake of the San Bernardino shooting, the FBI asked Apple to hand over information from the suspects iPhone. At first, the company complied, giving the FBI data from the suspects iCloud backup. Then the FBI demanded access to the phones local storage. This would have involved Apple deploying an entirely new version of iOS to the device, which the company refused to do. In a statement, a company spokesperson said: We believed it was wrong and would set a dangerous precedent.

The FBI responded by trying to force Apple to help, citing the All Writs Act of 1789. Just before a hearing on this case, however, the FBI was able to unlock the iPhone using an anonymous third-party company. The phone did not contain much new information the FBI hadnt already had, but the conflict escalated the fight between tech companies and the government over encryption.

In 2019, after the shooting at the Pensacola Naval Air Station, the government again asked for Apples assistance unlocking the suspects iPhone. Apple did not comply, but it did hand over data from the suspects iCloud backups. In response to Apples refusal to unlock the shooters iPhone, President Donald Trump tweeted: We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements.

A week later, it was revealed that the company had dropped plans to allow users to encrypt their iCloud backups after the FBI argued the move would harm future investigations.

In March 2019, Facebook CEO Mark Zuckerberg published a memo laying out his vision for a new privacy-focused social network. In it, he stated the companys plan to roll out encryption across its various messaging apps. People expect their private communications to be secure and to only be seen by the people theyve sent them to not hackers, criminals, over-reaching governments, or even the people operating the services theyre using, he wrote.

The news set off a firestorm of criticism from certain politicians most notably, AG Barr. In a letter to the company, Barr, along with officials in the United Kingdom and Australia, wrote, Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. They added that encryption put people at risk by severely eroding a companys ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims. They asked Facebook to stop the encryption rollout. Facebook did not comply with this request.

Republicans seem to want US tech companies to comply with law enforcement in the event of a major national security attack. They do not want US tech companies to make accessing user data more complicated through end-to-end encryption. In his letter to Facebook, Barr asked Zuckerberg to allow law enforcement to obtain lawful access to content in a readable and usable format, as reported by The New York Times.

Most Democratic presidential candidates are supportive of end-to-end encryption. When asked whether the government should be able to access Americans encrypted conversations, Sen. Bernie Sanders (I-VT) said: [I] firmly [oppose] the Trump administrations efforts to compel firms to create so-called backdoors to encrypted technologies. Sen. Elizabeth Warren (D-MA) did not answer directly, but she said that the government can enforce the law and protect our security without trampling on Americans privacy. Individuals have a Fourth Amendment right against warrantless searches and seizures, and that should not change in the digital era. During his primary run, former South Bend, Indiana mayor Pete Buttigieg said, End-to-end encryption should be the norm. Former New York City mayor Mike Bloomberg, in an op-ed from 2016, argued against end-to-end encryption and said tech companies shouldnt be above the law in refusing court orders to hand over user data.

Section 230 of the Communications Decency Act protects websites from lawsuits if a user posts something illegal. Theres been a large debate about whether companies should continue to have these protections, with various lawmakers proposing plans to change or amend Section 230.

In January, one proposed change called Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT) sought to strip tech companies of their Section 230 protections if they didnt comply with new rules for finding and removing content related to child exploitation. And while the bill, titled the National Strategy for Child Exploitation Prevention, didnt lay out many specifics, complying with these rules would likely mean not encrypting some user data.

Apple has taken the lead on the issue so far, and it has been careful to valorize law enforcement and lawful access provisions, while firmly opposing a backdoor. As CEO Tim Cook framed it in an open letter at the start of the San Bernardino case, Apple is willing to do everything it can including turning over iCloud logs and other user data but unlocking device encryption is a step too far. Up to this point, we have done everything that is both within our power and within the law to help [the FBI], Cook wrote. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

For the most part, other tech companies have lined up behind Google with the Facebook-owned WhatsApp leading the way. In response to Barrs letter in 2019, Will Cathcart, head of WhatsApp, and Stan Chudnovsky, who works on Messenger, said the company was not prepared to build the government a backdoor in order to access user messages. Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere, they wrote. It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it.

Still, many tech companies that rely on government contracts have had to walk a more politically delicate line. Microsoft supported Apple publicly during the San Bernardino case, but more recent statements from Microsoft CEO Satya Nadella have taken a softer line. In January 2020, Nadella expressed opposition to backdoors but optimism about legislative or other technical solutions, saying, We cant take hard positions on all sides.

As tech companies like Facebook continue to move forward with large-scale encryption projects, more major changes could come in the form of legislation aimed at helping or hurting large-scale encryption initiatives. In 2019, Rep. Ted Lieu (D-CA) reintroduced a 2016 bill called the Ensuring National Constitutional Rights for Your Private Telecommunications Act (ENCRYPT), which would create a national standard for encrypted technology. Rep. Zoe Lofgren (D-CA), along with a bipartisan coalition, also introduced the Secure Data Act, which would stop federal agencies from forcing tech companies to build backdoors into their products, thereby weakening encryption. Finally, theres still the draft of the National Strategy for Child Exploitation Prevention, which would make it much harder for tech companies to encrypt their products.

See original here:
What the 2020 election means for encryption - The Verge

At the start of 2020, there are some technologies originally developed only with the very best of intentions that seem to have a darker side, challenging us to come up with new ways to harness and handle their capabilities.

One of these technologies is encryption, which was developed years ago as a way to enhance the security of digital data and data streams and is now deployed in countless consumer products.

The internet has been an important accelerator behind the use of encryption technology. As a result, more than 80 per cent of todays global internet traffic is encrypted. WhatsApp, for example, uses encryption technology to reassure its users that their messages can only be read by the intended recipient. In a world in which cyber-criminals are active 24/7, trying to get their hands on as much data as possible, this level of security is an essential feature of online data exchange.

300 million attacks per monthHowever, the prevalence and success of encryption technology has not escaped the attention of internet data thieves. For years, cyber-criminals have been adopting all kinds of disguises to continue their pursuit of targets.

One of their most recent tricks is to send malevolent code in encrypted format in an attempt to sidestep traditional security programs, which are incapable of viewing the contents of encrypted data packets or are deliberately designed not to in order to protect users privacy. In some cases, a security solution may simply not have enough capacity to check the content of all encrypted traffic without grinding to a halt. Criminals are already deploying encrypted threats at huge scale. In 2019, the Zscaler ThreatLabZ team recorded almost 300 million of these kinds of attacks per month!

Certificate authoritiesMany organizations believe that they are protected from attacks on SSL encrypted data because they use a public key infrastructure (PKI). A PKI provides the technology that is required to encrypt internet traffic, including a component known as a certificate authority.

Certificate authorities are the parties responsible for managing and securing the unique keys and providing websites with the certificates that act as the key to the browsers lock. There are many certificate authorities that do a great job and do everything they can to ensure that communication is secure. But, in principle, anyone can set up a PKI infrastructure and issue certificates.

There are many certificate authorities that have a good reputation and that execute high-level checks and verification processes, but there are many others that arent as well regarded, who are known for issuing certificates to bad actors without any checks. As a result, it is now very easy for these bad actors to construct their own encrypted websites that, at least at first glance, can look entirely legitimate.

This means that a digital transaction may appear secure when, in fact, it is anything but. SSL/TLS encryption is a guarantee of confidentiality and integrity, giving users the assurance that their data cannot be viewed or manipulated while in transit. That little lock shown in your browser doesnt tell you anything about the intentions of the person, or the system that you are communicating with.

A dilemma for CISOsThese developments have produced a complicated dilemma for many CISOs. They dont need to worry about whether or not to use encryption for data in transit. That question has already been answered, because encryption significantly enhances security and is often mandatory anyway. The challenge lies in the incoming data traffic that is already encrypted.

While most CISOs understand that inspecting encrypted data can further boost security, some remain unsure as to whether or not to actually do it. Sometimes, the company may not have the technology needed to check incoming encrypted data effectively; sometimes, the doubt stems from uncertainty in relation to the employees rights to privacy.

This uncertainty ensures that the status quo is maintained, and that encrypted data traffic is accepted without question even though the organization has no idea what a data packet contains or whether it could cause harm to the company or its employees.

The General Data Protection Regulation (GDPR) introduced in mid-2018 is one of the reasons why many CISOs doubt the legitimacy of measures to scan encrypted data traffic. Although the regulation does not set out exactly which preventive measures organizations should implement to be considered compliant, it is very clear on one thing: organizations are responsible for providing a secure digital work environment for their employees.

If an organization has no idea what data is coming into its systems and what the impact of it could be, it is not doing everything it could to facilitate a secure digital working environment as described in Article 32 of GDPR.

For any CISOs who have concerns about privacy, remember this: during inspection, the reports and logs (or, more accurately, the files generated from them) can be configured to show only metadata to operators. All PI fields are blocked out. This approach provides enough information to perform a technical check on the data.

If this check suggests that an incident has occurred to justify the disclosure of the PI data, you can initiate a process to gain insight into the obfuscated personal data.

This process applies only in exceptional circumstances, for example, if someone is suspected of leaking data or if you need to know whose systems have been compromised by a hacking attempt. Often, representatives from HR or the legal team are involved in these kinds of processes. Organizations can also set out their processes in privacy policies, which employees are expected to be aware of and understand.

The solution: the security cloudOrganizations are increasingly opting to send and receive all their data traffic via a security cloud. These services have sufficient capacity to analyze vast amounts of data, including encrypted data, in very short timeframes before forwarding it on to end users.

One of the main advantages of this way of working is that the process of decryption and inspection takes place in the cloud, which means that organizations do not need to make huge investments in processing power and that they only receive data that has been approved by the cloud security provider.

Thanks to cloud technology, organizations can continue to benefit from the power of encryption, remain compliant with regulations, such as GDPR, and assure their employees that their privacy and data will be protected across all their devices.

Follow this link:
Why SSL Encryption Will not Become a Victim of its Own Success - Infosecurity Magazine

A 2014 Toyota Land Cruiser, one of the models listed as affected by the vulnerability.Photo: Yoshikazu Tsuno (AFP/Getty Images)

Millions of cars with radio-enabled keys made by Toyota, Hyundai, and Kia may be vulnerable to hijacking thanks to a flaw in their encryption implementation, Wired reported this week, citing the results of a KU Leuven in Belgium and University of Birmingham study.

The cars in question use Texas Instruments DST80 encryption, but the way it was built into them means that a hacker could potentially use a relatively inexpensive Proxmark RFID reader/transmitter device near the key fob to trick the car into thinking they have a legitimate key, Wired wrote. While other models of car have proven vulnerable to hacking via relayin which hackers use radio transmitters to extend the range of a cars key fob until the original key is in rangethis method requires that the attacker come within close proximity of the fob and scan it with the RFID device. That would provide enough information to determine the encryption key, clone it using the same RFID device, and use that to disable a part called the immobilizer, which prevents a car from starting without a key in the vicinity.

With the immobilizer disabled, the only obstacle remaining would be the ignition barrel (i.e., key slot) that actually starts the engine. This only requires classic-era car theft techniques like hotwiring or substituting the key for a screwdriver.

The attack is made possible because the encryption keys used by the cars were easily discovered by reverse-engineering the firmware, the researchers wrote. In Toyotas case, the encryption key was based on a serial number also broadcast with the fob signal, while the Kia and Hyundai cars in question used just 24 random bits of protection (DST80, as implied by the name, supports up to 80). University of Birmingham computer science professor Flavio Garcia told Wired that identifying the correct 24 bits is a couple of milliseconds on a laptop. However, the researchers did not publish certain information about how they cracked the encryption.

Hyundai told Wired that none of the affected models are sold in the U.S. and that it continues to monitor the field for recent exploits and [makes] significant efforts to stay ahead of potential attackers. Toyota told the site that the described vulnerability applies to older models, as current models have a different configuration and is low risk.

The full list of affected models is below, including Toyota Camry, Corolla, RAV4, and Highlander models; the Kia Optima, Soul, and Rio; and multiple Hyundai hatchbacks. (The Tesla S used to be vulnerable, but Tesla has updated the firmware, according to Wired.) The researchers noted that this list is non-exhaustive, meaning more models could be affected.

Per Wired, the researchers say the findings are relevant to consumers because although the method is rather technically involved, it can be circumvented by methods like attaching a steering lock when necessary. Some of the cars could also potentially be reprogrammed to remove the vulnerability, though the team told Wired that the Tesla S was the only car on the list they were aware had the capability to do so.

[Wired]

More here:
Encryption Flaws Leave Millions of Toyota, Kia, and Hyundai Cars Vulnerable to Key Cloning - Gizmodo

The Department of Justice is proposing a set of voluntary principles that take aim at tech giants in an effort to combat online sexual abuse.

The principles are part of a fresh effort by the government to hold the tech companies accountable for the harm and abuse that happens on their platforms, amid the past two years of brewing hostilities between the government and Silicon Valley. But critics also see it as a renewed push to compel tech companies to weaken or undo their warrant-proof encryption efforts under the guise of preventing crime and terrorism.

U.S. Attorney General William Barr announced the proposals at the Justice Department on Thursday with international partners from the U.K., Canada, Australia and New Zealand.

The principles, built by the five countries and tech leaders including Facebook, Google, Microsoft and Twitter aim to incentivize internet companies and social media giants to do more to prevent child sexual abuse on their platforms.

Barr said he hopes that the principles set new norms across the tech industry to make sure theres no safe space on the internet for offenders to operate.

The principles come ahead of anticipated bipartisan legislation to Congress the so-called EARN IT Act, which reports say could effectively force the tech companies hands by threatening to pull their legal immunities for what their users post if the companies fail to aggressively clamp down on online child sexual abuse.

Sens. Lindsey Graham (R-SC) and Richard Blumenthal (D-CT) announced the legislation shortly after the Justice Department presser ended.

The bill got quick rebuke from Senate colleague, Ron Wyden (D-OR), calling the bill deeply flawed and counterproductive bill.

This bill is a transparent and deeply cynical effort by a few well-connected corporations and the Trump administration to use child sexual abuse to their political advantage, the impact to free speech and the security and privacy of every single American be damned, said Wyden.

Barr warned that the government is analyzing the impact of Section 230 of the Communications Decency Act, which protects tech platforms from legal liability for content created by their users.

Under Barr, the Justice Department has taken a particular interest in dismantling Section 230. Last month, the Justice Department hosted a workshop on Section 230, arguing that the immunity it provides interferes with law enforcement and needs to be reexamined.

We must also recognize the benefits that Section 230 and technology have brought to our society, and ensure that the proposed cure is not worse than the disease, Barr said last month.

Any change to Section 230, widely regarded as the legal underpinning of all online platforms, could radically alter the landscape of the modern internet and give the government more power to control online speech. Privacy advocates view the governments interest in wielding Section 230 as a cudgel and existential threat to the internet as we know it.

Last month, Wyden, one of Section 230s co-authors, condemned the Trump administrations scrutiny of the law and argued that repealing the law would not be a successful punishment for large tech companies. The biggest tech companies have enough lawyers and lobbyists to survive virtually any regulation Congress can concoct, Wyden wrote. Its the start-ups seeking to displace Big Tech that would be hammered by the constant threat of lawsuits.

U.K. Security Minister James Brokenshire lauded the initiatives existing six tech partners, encouraging the rest of the industry to fall in line. Its critical that others follow them by endorsing and acting on these principles. The minister claimed that plans to encrypt tech platforms are sending predators back into the darkness and away from artificial intelligence advances that can expose them.

Barr also questioned if disappearing messages or certain encryption tools appropriately balance the value of privacy against the risk of safe havens for exploitation?

But privacy groups remain wary of legislative action, fearing that any law could ultimately force the companies to weaken or break encryption, which government officials have for years claimed helps criminals and sexual predators evade prosecution.

End-to-end encryption has become largely the norm in the past few years since the Edward Snowden revelations into the vast surveillance efforts by the U.S. and its Five Eyes partners.

Apple, Google and Facebook have made encryption standard in its products and services, a frequent frustration for investigators and prosecutors.

But last year, the Five Eyes said it would contemplate forcing the matter of encryption if tech giants wouldnt acquiesce to the pacts demands.

The government has called for responsible encryption, a backdoor-like system that allows governments to access encrypted communications and devices with a key that only it possesses. But security experts have universally panned the idea, arguing that there is no way to create a secure backdoor without it somehow being vulnerable to hackers.

The bill has already received heavy opposition. Facebook said that child safety is a top priority, but warned that the EARN IT Act would roll back encryption, which protects everyones safety from hackers and criminals.

Its a similar anti-encryption bill to one that Sens. Dianne Feinstein (D-CA) and Richard Burr (R-NC) introduced in 2016, which would have forced tech companies to build backdoors in its systems. The bill failed.

The Electronic Frontier Foundation said the bill would undermine the law that undergirds free speech on the internet. Firefox browser maker Mozilla said the bill creates problems rather than offering a solution.

The law enforcement community has made it clear this law is another attempt to weaken the encryption that is the bedrock of digital security, said Heather West, Mozillas head of Americas policy. Encryption ensures our information from our sensitive financial and medical details to emails and text messages is protected.

Without it, the world is a far more dangerous place, said West.

See original here:
US threatens to pull big techs immunities if child abuse isnt curbed - TechCrunch

U. S. Hardware Encryption Market by Algorithm & Standard (Rivest, Shamir, and Adelman (RSA), Advanced Encryption Standard (AES), and Others), Architecture (Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate Array (FPGA)), Product (Hard Disk Drive (HDD), Solid State Drives (SSD), Universal Serial Bus (USB), and Inline Network Encryptor), Application (Consumer electronics, IT & Telecom , Automotive & Transportation, Aerospace & Defense, Healthcare, and Others), and End Use (Industrial, Commercial, Residential, and Government): Opportunity Analysis and Industry Forecast, 2019-2026.

New York, March 06, 2020 (GLOBE NEWSWIRE) -- Reportlinker.com announces the release of the report "U.S. Hardware Encryption Market by Algorithm & Standard, Architecture, Product, Application, and End Use : Opportunity Analysis and Industry Forecast, 2019-2026" - https://www.reportlinker.com/p05868990/?utm_source=GNW

Hardware encryption is a hardware-based technique which is used for securing digital data. There are two forms of encryption; hardware-based encryption and software-based encryption. Hardware encryption uses a processor that contains random number of generators to generate encryption key. The key advantage of hardware-based solutions is that they eliminate the typical drawbacks of software-based solutions such as performance degradation for attacks aimed at the encryption key stored in memory. In hardware encryption, the security parameters and safeguard keys enhance the performance of encryption. These security parameters protect the encryption from cold boots and brute force attacks. Hardware encryption is a cost-effective method that holds diverse applications in securing data efficiently. Increase in regulatory compliances regarding protection of private & sensitive data and reduction in prices of hardware encryption devices majorly drive the growth of the market. Moreover, factors such as increase in concerns related to data security and privacy, growth of the consumer electronics such as smartphones and tablets and increase in complexity & volume of data breaches and brute force attacks drive the growth of the market. However, high capital investment and limited use of encrypted devices in the U.S. hinder the market growth. On the contrary, widespread adoption of Internet of Things (IoT) technology and cloud services as well as technological advancement on encryption chip are anticipated to offer lucrative opportunities for the market. The U.S. hardware encryption market is segmented into algorithm & standard, architecture, product, application, and end use. Depending on algorithm and standard, the market is bifurcated into Rivest, Shamir, and Adelman (RSA), Advanced Encryption Standard (AES), and others. On the basis of architecture, it is classified into Application-Specific Integrated Circuit (ASIC) and Field-Programmable Gate Array (FPGA). The product segment includes Hard Disk Drive (HDD), Solid State Drives (SSD), Universal Serial Bus (USB), and incline network encryptor. By application, the market is categorized into consumer electronics, IT & telecom, automotive & transportation, aerospace and defense, healthcare and others. The end use segment is segregated into industrial, commercial, residential, and government. The report analyzes the profiles of key players operating in the market, which include International Business Machines (IBM) Corporation, Kingston Technology Company, Inc., McAfee, LLC, Micron Technology, Inc., NetApp, Samsung Electronics Co., Ltd., Seagate Technology LLC, Symantec Corporation, Toshiba Corporation, and Western Digital Technologies, Inc.

KEY BENEFITS FOR STAKEHOLDERS The study provides an in-depth analysis of the U.S. hardware encryption market trends to elucidate the imminent investment pockets. Information about key drivers, restraints, and opportunities and their impact analyses on the U.S. hardware encryption market size is provided. Porters five forces analysis illustrates the potency of the buyers and suppliers operating in the U.S. hardware encryption industry. The quantitative analysis of the market from 2014 to 2026 is provided to determine the U.S. hardware encryption market potential.

KEY MARKET SEGMENTS

By Algorithm & Standard Rivest, Shamir, and Adelman (RSA) Advanced Encryption Standard (AES) Others

By Architecture Application-Specific Integrated Circuit (ASIC) Field-Programmable Gate Array (FPGA)

By Product Hard Disk Drive (HDD) o External HDD o Internal HDD Solid State Drives (SSD) Universal Serial Bus (USB) o Up to 4GB o 5GB to 16GB o 17GB to 64GB o 65GB and above Inline Network Encryptor

By Application Consumer electronics IT & Telecom Automotive & Transportation Aerospace and Defense Healthcare Others

By End Use Industrial Commercial Residential Government

BY REGION North America o U.S. o Canada Europe o Germany o France o UK o Rest of Europe

Asia-Pacific o Japan o China o India o Rest of Asia-Pacific

LAMEA o Latin America o Middle East o Africa

KEY MARKET PLAYERS International Business Machines (IBM) Corporation Kingston Technology Company, Inc. McAfee, LLC Micron Technology, Inc. NetApp, Inc. Samsung Electronics Co., Ltd. Seagate Technology LLC Symantec Corporation Toshiba Corporation Western Digital Technologies, Inc.

Read the full report: https://www.reportlinker.com/p05868990/?utm_source=GNW

About ReportlinkerReportLinker is an award-winning market research solution. Reportlinker finds and organizes the latest industry data so you get all the market research you need - instantly, in one place.

__________________________

Clare: clare@reportlinker.comUS: (339)-368-6001Intl: +1 339-368-6001

Go here to see the original:
U.S. Hardware Encryption Market by Algorithm & Standard, Architecture, Product, Application, and End Use : Opportunity Analysis and Industry...

Datrium has been awarded patents for data resiliency and encryption, recognising the companys ability to create innovative solutions for customers.

The company, providing a secure multi cloud data platform for the resilient enterprise, received the US patents for data resiliency and durability; enhanced storage performance; advancements in server-powered deduplication, encryption and compression; and data path monitoring for improved network resilience.

The patents were invented by Datriums leaders and engineering team. Many of the same team created the backup deduplication technology at Data Domain.

Datrium now holds 13 US patents and one international. US patents #10,514,982, #10,359,945, #10,180,948, #10,540,504 and #10,554,520 are aimed at enabling IT leaders to improve the resilience of their data and reduce the risk of disasters, Datrium states.

The patents address core methods for providing Live Mount on a cloud blob store, preserving deduplication economics while raising the bar on Blanket Encryption and providing stronger network resilience in clouds that offer limited networking control, according to the company.

Datrium has shared more specifically what the patents are and why they are significant for customers.

Blanket Encryption Datrium US patent #10,540,504 is a method for preserving deduplication while providing Blanket Encryption in use, in flight and at restin distributed storage systems. This advancement enables the economics of cloud backup storage, while using encryption to combat threats.

Split Provisioning suitable for public cloud deployment Datrium US patent #10,180,948 complements US patent #10,140,136 and #10,359,945. It extends Datriums Split Provisioning to include host caching and non-volatile storage as a separated part of a scaleout storage pool.

This Split Provisioning architecture enables Datrium to store data economically in blob storage such as AWS S3 and restart workloads with high performance in on-demand provisioned compute resources to respond to a disaster.

Managing non-volatile storage as a shared resource in a distributed system US patent #10,359,945 is a lightweight method for efficiently managing a shared pool of high-speed, non-volatile (NV) storage in a distributed system, Datrium states.

It also enables low-latency writes in the cloud even when the bulk of the data is stored in high-latency, but cost-effective blob storage.

Resilient writes in a degraded distributed erasure-coded storage system with key-based addressing US patent #10,514,982 is a core element of Datrium Automatrix technology.

It shows how to store data with full redundancy and durability even in the face of transient node or drive failures in distributed erasure-coded systems, Datrium states.

According to the company, most modern systems have mechanisms to eventually recover from a node or drive failure, but there is typically a window after a drive fails and before recovery when new data is stored in degraded mode with reduced durability.

With this technology, individual nodes can fail and Datrium will maintain the same level of durability, eliminating this window of data vulnerability.

When any of the storage devices in the system become inaccessible, the chunks nominally designated to be written to the device are instead written to alternate devices, according to the company.

Data path monitoring in a distributed storage network Datrium US patent #10,554,520 provides an improved method for distributed storage system network resilience that works in the cloud and does not rely on the Link Aggregation Control Protocol (LACP).

With Datriums advancements, host software and persistent storage pool software communicate with each other to assess link status and direct data flow

Datrium chief scientist and cofounder Hugo Patterson says, We are transforming the way enterprises approach disaster recovery with new resilience and data durability enhancements.

Our team is thrilled to be awarded these patents that are the basis of the next generation of data encryption, deduplication and resilience technology. These patents are key enablers for a secure hybrid and multi cloud ecosystem, including DR as a Service in the public cloud.

Datrium CEO Tim Page says, Our latest patents validate Datriums position as leader in data resiliency and data protection, in public clouds and on prem. Datriums world-class engineers continue to push the boundaries of innovation so that we can give our customers the strongest and easiest-to-use infrastructure to meet the growing threats of twenty-first century cybercrimes and natural disasters.

Our team is delivering technical innovations that enable IT leaders to improve the resilience of their data and simultaneously reduce their risk of disaster.

Visit link:
Datrium awarded patents for resiliency and encryption tech - SecurityBrief Australia

FOX Business Briefs: Facebook's messaging system WhatsApp reveals vulnerability to hackers after an Israeli firm was allegedly able to install spyware onto phones by simply placing a call; Supreme Court ruling opens the door for consumers to sue Apple for forcing them to buy apps exclusive to the tech giant.

Encrypted messagingapps anddigital privacy in generalare in high demand in this era of big tech and heightened cybercrime capabilities.

Manydevelopers have created similar but individually uniqueprivate messaging apps to fulfill this consumer demand for a way to communicate privately without fear that neither developers nor other third parties like hackers or law enforcement can access messages through a back door.

In other words, only users messaging each other can read those messages. This is called end-to-end encryption. iMessage comes equipped with end-to-end encryption on iPhones, but Google Messages has yet to offer the same end-to-end capability.

Here are the top-rated, free messaging apps created by independent developers other than Google and Apple with end-to-end encryption on Androids and iPhones:

Facebook-ownedWhatsAppis by far the most popular and top-ratedmessaging app with end-to-end encryption in the world. On the App Store, WhatsApp has 6.8 million reviews and a nearly five-star rating average; on Google Play, it has more than 106 million reviews and an average rating of more than four stars.

FACEBOOK WILL OPPOSE GOVERNMENT REQUEST FOR 'BACKDOOR' ACCESS TO READ ENCRYPTED MESSAGES

More than 25 percent of the world's entire populationusedWhatsAppas of Feb. 12because some countries like India and Brazil -- WhatsApp's most frequent users -- do not have the same network capabilities as the U.S.

The app has come under increasing scrutiny, however, because a number of cybercriminals have taken advantage of the app's convenience and encryption technology, highlighting the dangers of the app's unique vulnerabilities and capabilities on a global scale.

In January, two U.N. expertscalled foraninvestigationby the U.S. into information they received suggestingAmazonfounderJeff Bezosopened a malware-containing video message onWhatsApp that appeared to come from Saudi Crown PrinceMohammad Bin Salman's personal account in 2018. The alleged cyberattackmade national news.

Facebook Messenger does not come up when users search for "encrypted messaging" despite the fact that it is the most popular messaging app withend-to-end encryption. Messenger has 1.1 million reviews on the App Store and an average rating of more than four stars; on Google Play, it has more than 71 million reviews and the same rating.

Messenger has receivedcriticism similar to WhatsApp for helping to fuel criminal activity.

The New York Times published a comprehensive report on the child sex abuse and human trafficking that takes place on encrypted messaging apps such as Messenger. The report notes that Messenger only became encrypted after Facebook came under pressure for not taking privacy seriously.

POPULAR CHAT APP ACCUSED OF BEING SECRET SPY FOR UAE

"Facebook announced in Marchplans to encrypt Messenger, which last year was responsible for nearly 12 million of the 18.4 million worldwide reports of child sexual abuse material, according to people familiar with the reports," the report reads.

Snapchat is a popular app among young smartphone users that allows users to send photos, videos and messages that disappear in seconds, though users can make them last for up to 24 hours if they choose to do so. The app introduced end-to-end encryption in 2018.

Snapchat has 261,000 reviews on the App Store and an average rating of more than four stars; the app has 21 million total reviews on Google Play and the same rating.

(REUTERS/Eric Thayer/File Photo)

Users can also video chat with up to 16 contacts.

The app's average user base is very young; 52 percent are under the age of 25, according to The Wall Street Journal.

Telegram is another great app option for a messaging app with end-to-end encryption, especially since it is not tied to a big tech company, so it offers a unique independent app experience. Telegram has 82,000 reviews on the App Store and an average rating of more than four stars; on Google Play, it has 4.6 million total reviews and a four-and-a-half star average rating.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Pavel Durov, the app's CEO,said in a March 2019blog post that his app gained 3 million followers after WhatsApp and Facebook Messenger experienced temporary outages, according to digital tech magazine The Verge.

Telegram is the only encrypted messaging app that has an age limit; users must be 17 or older to downloadTelegram.

It also has unlimited space to send files and photos without having to delete them to increase storage; it has the ability to create a group chat with 200,000 members, and ittouts itself as the fastest messaging app.

While Signal's userbase is nowhere near that of Messenger or WhatsApp, it also offers a similar alternative to the two apps owned by Facebook with its end-to-end encrypted messaging capabilities. Signal has more than 400,000 reviews on Google Play and an above-four-star rating; on the App Store, it has a five-star rating and nearly 300,000 reviews.

Signal markets itself as a messaging app dedicated to privacy. The app allows users to securely use their real phone numbers and contacts list to communicate with others. It also offers a feature that lets users edit images within the app before sending them to contacts.

Signal, unlike Telegram, does not have an age limit.

A federal grand jury subpoenaed the app in 2016, demanding it hand over information from a conversation that took place on the app. Signal, however, could only produce the dates that the users of the conversation in question created and deleted their accounts.

"The Signal service was designed to minimize the data we retain,"Moxie Marlinspike, the founder of Signal owner Open Whisper Systems, said at the time, according to a New York Times report.

READ MORE ON FOX BUSINESS BY CLICKING HERE

Read more here:
What are the top-rated encrypted texting apps? - Fox Business

The 2020 presidential election is going to kick off a firestorm of change for our country and the networks that connect us all.The internet and information economy is at an inflection point: the disruptors are no longer upstarts, but have become the new giants, in every sense of the word. Those giants often operate in fields where there is little regulation to protect consumers, like data and advertising, or bump up against the authority of the government in uncomfortable ways, like law enforcement and encryption.At The Verge, weve always paid attention to how simple things like the price of broadband are deeply connected to complicated tech policy debates. And weve been closely watching the collision between social networks and democracy Casey Newton has been writing a daily newsletter called The Interface tracking that subject since 2017. So for the 2020 election cycle, we want to give you a central place to learn about the main tech policy issues were following, see the latest news, and feel like you have a guide through it all. Well be focused on a few main areas: speech and moderation on internet platforms; data and privacy; broadband access; antitrust and corporate behavior; and climate change.

See the original post:
2020 election: a guide to Section 230, encryption, big tech and more - The Verge

With hackers becoming increasingly savvy, many Australians have turned to encrypted messaging apps to cloak messages between friends, colleagues and whoever else they're speaking to. But beyond knowing it's one of the safest ways to communicate digitally, end-to-end encryption remains a bit of a mystery. Here's how it works and why Australia's spy agencies are trying to find a way in.

The short message service, or SMS, has been popular since the start of the 2000s and has prevailed for the two decades that followed. While it's a reliable service and many of us still use it daily, it's not an encrypted service. This obviously wasn't as big a deal in its early stages, as the technology was still being understood and people were less concerned with unknown actors peeking in on their communications. 20 years on, encryption is a primary concern for many.

As more people have come to understand that messaging services such as Facebook's Messenger, Twitter and Instagram are not encrypted, it has led to the rise of more secure services such as WhatsApp and Signal.

Gizmodo Australia spoke to Dr Allan Orr, an international security expert, to understand what makes a message encrypted and how these platforms work.

"It's a form of code that ensures that even if a message is intercepted in transit by unintended recipients, it can't be read," Dr Orr said to Gizmodo Australia over email.

In layman's terms, when someone creates an account on a messaging service a unique private and public key are created. A private key stays wholly within the device while a public key helps to send the encrypted messages to other people.

Say someone wants to send an encrypted message to someone else, the contents are then cloaked with the recipient's unique public key. The recipient opens the message using their private key meaning only they can see the message's contents. The only other place the message passes through is the service provider's server but unlike an SMS, for example, it never sees the message because its locked by the recipient's private key it's more or less just a series of unintelligible characters.

A popular explanation is that Bob sends an encrypted message to his friend, Alice. Bob's message is encrypted with Alice's public key and only Alice's private key can decrypt it. So when it passes through the server, the server sees none of the actual contents of the message because it doesn't have Alice's private key.

"The 'key' on the final destination end is random, private and one off and the only way to access it is to have physical access to the device or computer its on or the password to the account," Orr said.

"However, apparently there are still vulnerabilities even in WhatsApp, they hit the news fairly regularly, and regularity of any kind of security vulnerabilities, or one offs for that matter, are extremely worrying if not self-defeating."

Powerful spyware developed by Israeli cyber-intelligence company NSO Group exploited a vulnerability in encrypted messaging app WhatsApp to transfer itself to targeted devices, the Financial Times reported on Monday.

Read more

Not all encryption messaging services are created equal, however. WhatApp, Wickr, Signal and Telegram all offer encrypted messaging services but how they encrypt messages varies.

"Some have more sophisticated algorithms than others," Orr said.

"I understand WhatsApp and Signal protocols are now the same. Wikr differs in that its messages are automatically deleted after a certain amount of time and therefore are ephemeral."

Other services, like Signal, also offer a self-destruct mechanism, which deletes messages sent on both users' ends.

ASIO's head has admitted the agency's pretty pleased about legislation enacted in 2018 compelling encrypted communication providers, like WhatsApp, to hand over messages if users are under investigation for serious crimes. In a speech detailing the agency's threat assessments, he told the audience he was "happy to report that the internet did not break as a result!"

Read more

It's the question everyone's wanting to know but it's one, according to Orr, that's mostly guess work at the moment.

Under the controversial Assistance and Access Act 2018, there are three ways agencies can request assistance from messaging service providers. These are known as The Technical Assistance Request (TAR), Technical Assistance Notice (TAN) and Technical Capability Notice (TCN).

The Australian Home Affairs website offers a vague and complex summary of each one but Orr attempted to give an idea of what they enable law enforcement agencies to do. The TAR, as Orr understands it, is to let them know who downloaded it and uses it. Orr's understanding of the remaining two aspects the TAN and the TCN is limited and this is by design.

"I think [the TAN] is to advise who on the other end is being communicated with or to provide access to unencrypted messages," Orr said. "[The] TCN is vague because they're trying not to expressly tell the... criminals what they are doing here."

Because of the way end-to-end encryption works, a law enforcement or spy agency can't simply read an encrypted message. Orr suspects agencies will gain access to encrypted messages by one of two ways if they haven't already forcing providers to decode messages or receiving a key so they can unlock the contents of a message themselves.

In these cases, WhatsApp says it will notify users unless it's illegal or exceptional.

"WhatsApp reserves the right to notify people who use our service of requests for their information prior to disclosure unless we are prohibited by law from doing so or in exceptional circumstances, such as child exploitation cases, emergencies or when notice would be counterproductive," the service says on its FAQ page.

The legislation is limited, Orr admits, and it's due to the furore it created at the time.

"It won't allow the government to access the messages of users who reside in any other country other than Australia so the government's not going to be able to read the messages of foreign citizens," Orr said.

"It won't be able to decode the messages sent from those people overseas, it will in fact only be able to read the messages that Australians create. So it's extremely limited use for the Five Eyes alliance."

A recent bill introduced to parliament on March 5, however, would change this.

The bill paves the way for Australian agencies to easier share communications data from its citizens as well as request information from foreign citizens too. It, too, would fall under the Home Affairs portfolio headed by Minister Peter Dutton.

It forms another aspect helping to round out the powers provided by the Access and Assistance Act 2018 as well as the proposed changes to the Australian Signals Directorate's reach an intelligence agency focusing on foreign communications interceptions that Minister Dutton would like to be given more power domestically.

A new amendment has been introduced in parliament looking to allow for the easier sharing of communications data between Australia's law enforcement and spy agencies and foreign governments. It comes in response to calls that spy agencies are being left behind without timely access to messaging apps with cloud servers in foreign jurisdictions.

Read more

Continued here:
How Encrypted Messaging Works And Why Australian Spies Are Trying To Break The Code - Gizmodo Australia