Starting today, Mozilla will turn on by default DNS over HTTPS (DoH) for Firefox users in the US, the company has announced. DoH is a new standard that encrypts a part of your internet traffic thats typically sent over an unencrypted plain text connection, and which could allow others to see what websites youre visiting, even when your communication with the website itself is encrypted using HTTPS. Mozilla says it is the first browser to support the new standard by default, and will be rolling it out gradually over the coming weeks in order to address any unforeseen issues.

Whenever you type a website into your address bar, your browser needs to go through a process to convert it into an IP address using a DNS lookup. However, this traffic is normally not encrypted, meaning that its possible for others to see what websites youre visiting. DoH is an attempt to encrypt this information to protect your privacy. Heres a more in-depth explanation from Mozilla that explains it in detail.

Mozilla is motivated in part by ISPs who monitor customers web usage. US carriers like Verizon and AT&T are building massive ad-tracking networks. DoH won't stop the data collection but itll likely make it more difficult.

Although its much harder for others to see your DNS lookups with DoH enabled, the websites will still be visible to the DNS server your browser is connecting to. Thus, Mozilla says Firefox will offer a choice of two trusted DNS providers, Cloudflare and NextDNS, and that Cloudflare will be used as the default. Mozilla has outlined a set of privacy requirements that any DoH provider must abide by in order to be considered a trusted resolver.

Mozilla claims that DoH increases the privacy and security of users online, but the technology has faced fierce criticism from lawmakers and security experts who say that it hampers legitimate attempts by enterprise system administrators and lawmakers to block dangerous web content. Experts also claim the technology doesnt provide the perfect privacy protection that its proponents claim. Only certain parts of the DNS lookup process are encrypted, and internet service providers will still be able to see which IP addresses their users are connecting to, they warn.

When it announced that it would be turning on DoH by default last year, Mozilla said that it would allow for opt-in parental controls and disable DoH if Firefox detects them. It also said that it would disable DoH by default in enterprise configurations.

This controversy means that todays announcement only concerns US-based Firefox users. Mozilla told ZDNet last year that it wouldnt be enabling DoH by default in the UK, where the technology has been criticized by the countrys GCHQ intelligence service, child advocacy groups, and ISPs. In an FAQ on its site Mozilla says its current focus is on enabling the feature in the US only. However, users outside the US will be able to manually turn the feature on by heading into Settings, General, and then scrolling down to Networking Settings.

While Firefox is the first browser to start turning on DoH by default, other browsers such as Chrome, Edge Chromium, and Brave have also started supporting the feature. However, in most cases youll have to dig through their settings in order to enable the feature. Heres a guide from last year on how to do so.

Read the original here:
Firefox turns controversial new encryption on by default in the US - The Verge

from the don't-break-the-internet dept

In Part I of this series on the Department of Justices February 19 workshop, Section 230 Nurturing Innovation or Fostering Unaccountability? (archived video and agenda), we covered why Section 230 is important, how it works, and how panelists proposed to amend it. Part II explored Section 230s intersection with criminal law.

Here, we ask what DOJs real objective with this workshop was. The answer to us seems clear: use Section 230 as a backdoor for banning encryption a backdoor to a backdoor in the name of stamping out child sexual abuse material (CSAM) while, conveniently, distracting attention from DOJs appalling failures to enforce existing laws against CSAM. We conclude by explaining how to get tough on CSAM to protect kids without amending Section 230 or banning encryption.

Banning Encryption

In a blistering speech, Trumps embattled Attorney General, Bill Barr, blamed the 1996 law for a host of ills, especially the spread of child sexual abuse material (CSAM). But he began the speech as follows:

[Our] interest in Section 230 arose in the course of our broader review of market-leading online platforms, which we announced last summer. While our efforts to ensure competitive markets through antitrust enforcement and policy are critical, we recognize that not all the concerns raised about online platforms squarely fall within antitrust. Because the concerns raised about online platforms are often complex and multi-dimensional, we are taking a holistic approach in considering how the department should act in protecting our citizens and society in this sphere.

In other words, the DOJ is under intense political pressure to do something about Big Tech most of all from Republicans, who have increasingly fixated on the idea that Big Tech is the new Liberal Media out to get them. Theyve proposed a flurry of bills to amend Section 230 either to roll back its protections or to hold companies hostage, forcing them to do things that really have nothing to do with Section 230, like be "politically neutral" (the Hawley bill) or ban encryption (the Graham-Blumenthal bill), because websites and Internet services simply cant operate without Section 230s protections.

Multiple news reports have confirmed our hypothesis going into the workshop: that its purpose was to tie Section 230 to encryption. Even more importantly, the closed-door roundtable after the workshop (to which we were, not surprisingly, not invited) reportedly concluded with a heated discussion of encryption, after the DOJ showed participants draft amendments making Section 230 immunity contingent on compromising encryption by offering a backdoor to the U.S. government. Barrs speech said essentially what we predicted he would say right before the workshop:

Technology has changed in ways that no one, including the drafters of Section 230, could have imagined. These changes have been accompanied by an expansive interpretation of Section 230 by the courts, seemingly stretching beyond the statutes text and original purpose. For example, defamation is Section 230s paradigmatic application, but Section 230 immunity has been extended to a host of additional conduct from selling illegal or faulty products to connecting terrorists to facilitating child exploitation. Online services also have invoked immunity even where they solicited or encouraged unlawful conduct, shared in illegal proceeds, or helped perpetrators hide from law enforcement. ...

Finally, and importantly, Section 230 immunity is relevant to our efforts to combat lawless spaces online. We are concerned that internet services, under the guise of Section 230, can not only block access to law enforcement even when officials have secured a court-authorized warrant but also prevent victims from civil recovery. This would leave victims of child exploitation, terrorism, human trafficking, and other predatory conduct without any legal recourse. Giving broad immunity to platforms that purposefully blind themselves and law enforcers to illegal conduct on their services does not create incentives to make the online world safer for children. In fact, it may do just the opposite.

Barr clearly wants to stop online services from going dark through Section 230 even though Section 230 has little (if any) direct connection to encryption. His argument was clear: Section 230 protections shouldn't apply to services that use strong encryption. Thats precisely what the Graham-Blumenthal EARN IT Act would do: greatly lower the bar for enforcement of existing criminal laws governing child sexual abuse material (CSAM), allow state prosecutions, and civil lawsuits (under a lower burden of proof), but then allow Internet services to earn back their Section 230 protection against this increased liability by doing whatever a commission convened and controllled by the Attorney General tells them to do.

Those two Senators are expected to formally introduce their bill in the coming weeks. Undoubtedly, theyll refer back to Barrs speech, claiming that law enforcement needs their bill passed ASAP to protect the children.

Barrs speech on encryption last July didnt mention 230 but went much further in condemning strong encryption. If you read it carefully, you can see where Graham and Blumenthal got their idea of lowering the standard of existing federal law on CSAM from actual knowledge to recklessness, which would allow the DOJ to sue websites that offer stronger encryption than the DOJ thinks is really necessary. Specifically, Barr said:

The Department has made clear what we are seeking. We believe that when technology providers deploy encryption in their products, services, and platforms they need to maintain an appropriate mechanism for lawful access. This means a way for government entities, when they have appropriate legal authority, to access data securely, promptly, and in an intelligible format, whether it is stored on a device or in transmission. We do not seek to prescribe any particular solution. ...

We are confident that there are technical solutions that will allow lawful access to encrypted data and communications by law enforcement without materially weakening the security provided by encryption. Such encryption regimes already exist. For example, providers design their products to allow access for software updates using centrally managed security keys. We know of no instance where encryption has been defeated by compromise of those provider-maintained keys. Providers have been able to protect them. ...

Some object that requiring providers to design their products to allow for lawful access is incompatible with some companies business models. But what is the business objective of the company? Is it A to sell encryption that provides the best protection against unauthorized intrusion by bad actors? Or is it B to sell encryption that assures that law enforcement will not be able to gain lawful access? I hope we can all agree that if the aim is explicitly B that is, if the purpose is to block lawful access by law enforcement, whether or not this is necessary to achieve the best protection against bad actors then such a business model, from societys standpoint, is illegitimate, and so is any demand for that product. The product jeopardizes the publics safety, with no countervailing utility. ...

The real question is whether the residual risk of vulnerability resulting from incorporating a lawful access mechanism is materially greater than those already in the unmodified product. The Department does not believe this can be demonstrated.

In other words, companies choosing to offer encryption should have to justify their decision to do so, given the risks created by denying law enforcement access to user communications. Thats pretty close to a recklessness standard.

Again, for more on this, read Berins previous Techdirt piece. According to the most recently leaked version of the Graham-Blumenthal bill, the Attorney General would no longer be able to rewrite the best practices recommended by the Commission. But he would gain greater ability to steer the commission by continually vetoing its recommendations until it does what he wants. If the commission doesnt make a recommendation, the safe harbor offered by complying with the best practices doesnt go into effect but the rest of the law still would. Specifically, website and Internet service operators would still face vague new criminal and civil liability for reckless product design. The commission and its recommendations are a red herring; the truly coercive aspects of the bill will happen regardless of what the commission does. If the DOJ signals that failing to offer a backdoor (or retain user data) will lead to legal liability, companies will do it even absent any formalized best practices.

The Real Scandal: DOJs Inattention to Child Sexual Abuse

As if trying to compromise the security of all Internet services and the privacy of all users werent bad enough, we suspect Barr had an even more devious motive: covering his own ass, politically.

Blaming tech companies generally and encryption in particular for the continued spread of CSAM kills two birds with one stone. Not only does it offer them a new way to ban encryption, it also deflects attention from the real scandal that should appall us all: the collective failure of Congress, the Trump Administration, and the Department of Justice to prioritize the fight against the sexual exploitation of children.

The Daily, The New York Times podcast, ran part one of a two-part series on this topic on Wednesday. Reporters Michael Keller and Gabriel Dance summarized a lengthy investigative report they published back in September, but which hasnt received the attention it deserves. Heres the key part:

The law Congress passed in 2008 foresaw many of todays problems, but The Times found that the federal government had not fulfilled major aspects of the legislation.

The Justice Department has produced just two of six required reports that are meant to compile data about internet crimes against children and set goals to eliminate them, and there has been a constant churn of short-term appointees leading the departments efforts. The first person to hold the position, Francey Hakes, said it was clear from the outset that no one felt like the position was as important as it was written by Congress to be.

The federal government has also not lived up to the laws funding goals, severely crippling efforts to stamp out the activity.

Congress has regularly allocated about half of the $60 million in yearly funding for state and local law enforcement efforts. Separately, the Department of Homeland Security this year diverted nearly $6 million from its cybercrimes units to immigration enforcement depleting 40 percent of the units discretionary budget until the final month of the fiscal year.

So, to summarize:

Let that sink in. In a better, saner world, Congress would be holding hearings to demand explanations from Barr. But they havent, and the workshop will allow Barr to claim hes getting tough on CSAM without actually doing anything about it while also laying the groundwork for legislation that would essentially allow him to ban encryption.

Even for Bill Barr, thats pretty low.

Filed Under: cda 230, congress, csam, doj, encryption, funding, section 230, william barr

Read the original here:
Barr's Motives, Encryption and Protecting Children; DOJ 230 Workshop Review, Part III - Techdirt

The ability to have private conversations is fundamental to our modern conception of privacy. I have argued time and again in this column that in our current technological and political context, it is critical that we mandate the use of robust end-to-end encryption to ensure that private conversations are secure from eavesdropping by governments and private corporations alike.

However, no discussion on encryption is complete unless we also speak about how these systems get misused. As much as encrypted messaging is necessary for investigative journalists, whistle-blowers, and abuse helplines, it is tremendously attractive to criminals looking to take advantage of the fact that messages sent over these networks cannot be traced back to them. As a result, these platforms find themselves being used for criminal activities. Of particular concern is the way in which these networks are used to distribute imagery related to children.

In a paper presented at the Web Conference 2019 in San Francisco, it was suggested that the exponential increase in the proliferation of Child Sexual Abuse Imagery (CSAI) on the internet over the last few years is probably directly correlated to the growth of online sharing platforms. Using data from the National Center for Missing and Exploited Children (NCMEC) in the US, an organization that tracks all CSAI content detected by public and online sharing platforms, the paper reported a median growth in reported CSAI of as much as 51% year-over-year. In the first 10 years of its operation, the NCMEC only received 565,000 reports, while in 2017 alone it received over 9.6 million.

This in itself is a cause for concern. However, what is particularly worrying is the increasing globalization of the problem. Ten years ago, 70% of all CSAI that was reported related to abuse committed in the US. Today, 68% of reports relate to abuse in Asia, 19% to abuse in the Americas, 6% in Europe, and 7% in Africa. India, Indonesia and Thailand account for 37% of all reported CSAI, with India leading the list.

The paper suggests that this increase is a direct consequence of improvements in technology, including smartphones, high bandwidth internet connectivity, low-cost cloud storage, and the plethora of applications we can choose from today for internet messaging. If you consider video content alone, it would not be an exaggeration to suggest that the extraordinary growth in CSAI videos from under 1,000 reports a month in 2013 to more than 2 million reports per month in 2017 is almost entirely on account of the proliferation of smartphones that can, at the press of a button, record a high-definition video and directly upload it onto the internet. As much as 84% of CSAI images and 91% of videos have only ever been reported once, which suggests that there is a prodigious amount of new content that is constantly being created.

To their credit, technology companies have been working on this issue, but so far their efforts have simply not been able to keep pace with the problem. Most companies have large teams of human reviewers who scan through the hundreds of millions of user generated images to identify CSAI. Flagged content is then uploaded to a PhotoDNA technology tool which generates a fingerprint of the image that lets it be identified even if the original image has been transformed to avoid detection. However, this is not enough. PhotoDNA can only detect images that have already been flagged during a manual review. It cannot itself identify new content. Given the volumes of original CSAI being created, it is impossible to have human reviewers to manually flag all the content going online. What is needed is a technological solution, and the paper suggests a number of new techniques that can be used, including scene clustering and facial clustering, which will automatically flag content without any need of human intervention.

What the paper does not specifically address is the fact that as so much of this content is shared over secure messaging networks, the encryption deployed by these applications will effectively stymie their own ability to review the content flowing through them. This means that no matter how good the technology we build to automatically detect CSAI content might be, it will be useless if the content is shared through these messaging systems.

Of the many trade-offs we have to make in the arena of technology policy, this, to me, is probably the hardest. I have long been a strong votary of the need to build encrypted networks to protect essential civil liberties. However, I struggle to reconcile that position with the knowledge that once built, these networks will invariably get used for the most vile of criminal activities. From the statistics in the paper cited earlier, it now appears that the very existence of these networks and the immunity from traceability that they provide have actively encouraged the proliferation of heinous crimes against innocent children.

I am not sure that we will ever be able to devise a truly effective solution that strikes the appropriate balance between these two concerns. As much as policy issues are never binary, technology unfortunately is, and opening even the tiniest of backdoors to allow distributors of CSAI to be tracked down will destroy the protection that encryption offers us all.

Visit link:
Opinion | The trade-off between privacy and content traceability - Livemint

Global Encryption Software Market Report identifies the assessable estimation of the market including Industry Analysis, Size, Share, Growth, Trends, Outlook and Forecasts for 2020-2025, present in the industry space. The report studies historical data, facts, attentive opinions, current growth factors, and market threats with competitive analysis of major Encryption Software Market Players, value chain analysis, and future roadmap.

The essential objective of the report is to gain a comprehensive understanding of the market in terms of its definition, segmentation, market potential, influential trends, and the challenges that the market is facing. In-depth research and assessment have been covered to offer key statistics on the market status of the market manufacturers. The report also covers the competitive landscape and a corresponding detailed study to justify our statistical forecast of the market.

We Have Recent Updates of Encryption Software Market in Sample Copy:@ https://www.acquiremarketresearch.com/sample-request/324586/

Leading Players of Encryption Software are: Dell, Eset, Gemalto, IBM, Mcafee, Microsoft, Pkware, Sophos, Symantec, Thales E-Security, Trend Micro, Cryptomathic, Stormshield

Market Growth by Types: On-premises, Cloud

Market Growth by Applications: Application A, Application B, Application C

Global Encryption Software Market: Regional SegmentationThe chapter on regional segmentation details the regional aspects of the Global Encryption Software Market. This chapter explains the regulatory framework that is likely to impact the overall market. It highlights the political scenario in the market and anticipates its influence on the Global Encryption Software Market.

1. North America (the United States, Mexico, and Canada)2. South America (Brazil etc.)3. Europe (Turkey, Germany, Russia UK, Italy, France, etc.)4. Asia-Pacific (Vietnam, China, Malaysia, Japan, Philippines, Korea, Thailand, India, Indonesia, and Australia)

Inquire for further detailed information of Encryption Software Market Report @https://www.acquiremarketresearch.com/enquire-before/324586/

For better understanding, the facts and data studied in the report are represented using diagrams, graphs, pie charts and other pictorial representations. Furthermore, the report offers a SWOT analysis that studies the elements influencing various segments associated with the market.

Reasons to Invest in This Global Encryption Software Market Report:

1. Highlights key industry priorities to aid organizations to realign their enterprise strategies.2. Develop small business expansion plans by employing substantial growth offering emerging and developed markets.3. Boost the decision-making process by understanding the plans which exude commercial interest concerning services and products, segmentation and industry verticals.4. conserve reduce some time Undertaking Entry-level study by identifying the expansion, dimensions, top players and sections in the international Encryption Software Market.5. Researched overall worldwide market trends and prognosis along with all the factors driving the current market, in addition to those endangering it.

In conclusion, it is a deep research report on Global Encryption Software industry. This Encryption Software market report covers all the aspects of market vendors, product, its multiple applications, offer clients the scope to classify feasible market possibilities to expand markets. In addition to this, the trends and revenue analysis of the global Encryption Software market has been mentioned in this report.

Browse Full Report with Facts and Figures of Encryption Software Market Report at: https://www.acquiremarketresearch.com/industry-reports/encryption-software-market/324586/

About us:

Acquire Market Research is a market research-based company empowering companies with data-driven insights. We provide Market Research Reports with accurate and well-informed data, Real-Time with Real Application. A good research methodology proves to be powerful and simplified information that applied right from day-to-day lives to complex decisions helps us navigate through with vision, purpose and well-armed strategies. At Acquire Market Research, we constantly strive for innovation in the techniques and the quality of analysis that goes into our reports.

Contact Us:

Sally Mach555 Madison Avenue,5th Floor, Manhattan,New York, 10022 USAPhone No.: +1 (800) 663-5579Email ID: [emailprotected]

See the article here:
Encryption Software Market Segmented by Product, Top Manufacturers, Geography Trends & Forecasts to 2025 - Keep Reading

IoT Security Solution for Encryption Market 2025: IoT Security Solution for Encryption

The report covers the IoT Security Solution for Encryption market leaders and adherents in the business with the market elements by region. It will likewise assist with understanding the situation of every player in the market by locale, by fragment with their extension plans, R&D consumption and development techniques.

This report studies the IoT Security Solution for Encryption industry based on the type, application, and region. The report also analyzes factors such as drivers, restraints, opportunities, and trends affecting the market growth. It evaluates the opportunities and challenges in the market for stakeholders and provides particulars of the competitive landscape for market leaders.

This study considers the IoT Security Solution for Encryption value generated from the sales of the following segments:

The key manufacturers covered in this report: Breakdown data in in Chapter:- Cisco Systems,Intel Corporation,IBM Corporation,Symantec Corporation,Trend Micro,Digicert,Infineon Technologies,ARM Holdings,Gemalto NV,Kaspersky Lab,CheckPoint Software Technologies,Sophos Plc,Advantech,Verizon Enterprise Solutions,Trustwave,INSIDE Secure SA,PTC Inc.,AT&T Inc.,

Market Segmentation: Global IoT Security Solution for Encryption Market The market is based on product, end-user, and geographical segments. Based on type, the market is segmented into ,Software Platforms,Service, Based on end-user, the market is segmented into Healthcare,Information Technology (IT),Telecom,Banking,Financial Services, And Insurance (BFSI)/Automotive,

Get a Sample PDF Report: @ https://www.alexareports.com/report-sample/370479

The report studies micro-markets concerning their growth trends, prospects, and contributions to the total IoT Security Solution for Encryption market. The report forecasts the revenue of the market segments concerning four major regions, namely, Americas, Europe, Asia-Pacific, and Middle East & Africa.

The report studies IoT Security Solution for Encryption Industry sections and the current market portions will help the readers in arranging their business systems to design better products, enhance the user experience, and craft a marketing plan that attracts quality leads, and enhances conversion rates. It likewise demonstrates future opportunities for the forecast years 2020-2025.

The report is designed to comprise both qualitative and quantitative aspects of the global industry concerning every region and country basis.

To enquire More about This Report, Click Here: https://www.alexareports.com/send-an-enquiry/370479

The report has been prepared based on the synthesis, analysis, and interpretation of information about the IoT Security Solution for Encryption market 2020 collected from specialized sources. The competitive landscape chapter of the report provides a comprehensible insight into the market share analysis of key market players. Company overview, SWOT analysis, financial overview, product portfolio, new project launched, recent market development analysis are the parameters included in the profile.

The last part investigates the ecosystem of the consumer market which consists of established manufacturers, their market share, strategies, and break-even analysis. Also, the demand and supply side is portrayed with the help of new product launches and diverse application industries. Various primary sources from both, the supply and demand sides of the market were examined to obtain qualitative and quantitative information.

Get discount on this report: @ https://www.alexareports.com/check-discount/370479

Thus, IoT Security Solution for Encryption Market serves as a valuable material for all industry competitors and individuals having a keen interest in the study.

Contact Us:Alexa ReportsPh. no: +1-408-844-4624 / +91- 7030626939Email: [emailprotected]Site: https://www.alexareports.com

Link:
IoT Security Solution for Encryption Market Estimated to be driven by Innovation and Industrialization - Keep Reading