The debate over end-to-end encryption focuses on the substantive question: Should encryption be restricted to help law enforcement, or do the privacy and security benefits of this technology outweigh its costs? A draft copy of the EARN IT Act, which could deprive platforms that use end-to-end encryption of their immunity from civil suit under Section 230 of the Communications Decency Act for child exploitation materials posted by users, has a set off a new round of debate.

But the encryption debate frequently ignores the vital procedural question: Who should decide? The EARN IT Act puts that question front and center by giving the attorney general the ultimate say in setting the best practices that will give Section 230 immunity for child exploitation suits. (And given Attorney General William Barrs recent statements criticizing end-to-end encryption, it is reasonable to think that he might include forgoing end-to-end encryption in the best practices.) Passing the buck to the attorney general is a bad idea.

As a threshold matter, the attorney general is not the right person to make this decision. Encryption is an issue that implicates many competing values, but the attorney generals natural focus will be on the subset for which he is responsible: fighting crime. His decision-making will reflect this priority, potentially at the cost of other values. This is not meant to single out the attorney general. It wouldnt make sense to put sole authority to determine best practices in the hands of the secretary of commerce, whose primary responsibility is the economic competitiveness of U.S. industry, not law enforcement effectiveness. Decisions about encryption should not be delegated to one agency alone.

More fundamentally, the question of whether to permit ubiquitous encryption is the sort of high-level policy decision that is best handled not by the executive branch but by Congress, which best represents the public and its different constituencies and interests. Congress doesnt have to do the technical heavy lifting; it could, for example, organize an expert committee to offer proposals or even outsource that job to various executive agencies, which could then return competing recommendations. But the legislature shouldnt shirk its responsibility to make this tough decision. To this extent, critics of the EARN IT Act, such as Stanfords Rianna Pfefferkorn, are right to call it a bait and switch, designed to limit encryption while giving legislators space to deny thats what theyre doing.

In the meantime, theres plenty that Congress can do to help fight child exploitation without prematurely wading into the encryption fight. And the easiest way to accomplish that is to explicitly make any child exploitation bill neutral on the issue of encryption. Congress has included neutrality riders before, in CALEA (47 U.S.C. 1002(b)(3)) and, more recently, in the CLOUD Act (18 U.S.C. 2523(b)(3)). In the case of the EARN IT Act, for example, Congress could exclude anything related to encryption from the list of best practices.

The decision whether or not to restrict end-to-end encryption is too important to be made indirectly. Congress should ultimately decideand if it wants to delay that decision, it shouldn't let anyone else do its job in the meantime.

Visit link:
Congress, Not the Attorney General, Should Decide the Future of Encryption - Lawfare

U.S. officials have been insisting to tech platforms that overly strong encryption is a threat to public safety and that "back doors" must be provided for law enforcement to bypass security, all in the name of fighting crime.

Meanwhile, U.S. officials have also been claiming that China-based tech company Huawei can use secret security bypasses that are intended for law enforcement use only in order to access data that could be used by the Chinese government for surveillance purposes.

In summation: The same U.S. government that wants tech companies and telecoms to create secret software doors that would allow it to snoop on our private communications and data is also worried that other governments will be able to use those same back doors to do the same thing. This is what tech privacy experts have been warning U.S. officials (and U.K. officials and Australian officials) all along: Any back door that allows law enforcement to circumvent user privacy protections will ultimately be used by people with bad intentions.

The context here is a Wall Street Journal report that reveals U.S. officials have been quietly telling allies that Huawei can secretly access data from its phone networks through taps that the company built into the hardware it sells to cellphone carriers. Laws mandate that Huawei (and other telecom companies) install these "interception interfaces" into their equipment, but only authorized law enforcement officials are supposed to have access. Even Huawei itself is not supposed to be able to gain access without the permission of the phone carriers. But U.S. officials are insistent that Huawei has maintained secret access to these taps since at least 2009.

Huawei says these claims are not true and that these hardware taps can only be accessed by "certified personnel of the network operators." The company also insists it is not surveilling data and passing it along to the Chinese government.

The story leans heavily on U.S. claims from secret intelligence that has recently been declassified, but it's not exactly proof of the claims.

On a surface level, this is about the global tech market and the competition between China and the United States. But dig deeper and you can see the relevance to our encryption fight.

The FBI and Department of Justice insist that tech companies need to be adding similar, virtual back doors in our communication tools, phones, and apps in the name of fighting crime and terrorism. People like FBI Director Christopher Wray and Attorney General William Barr are willing to discuss encryption back doors only in terms of how it helps the U.S. government. But this Wall Street Journal report makes it clear that the U.S. government is abundantly aware that any access point (real or virtual) to look at private data is a point of vulnerability.

If this intelligence is true, it means that any government-mandated encryption bypass is potentially abusable and the U.S. should not be demanding tech companies make them, lest the Chinese government (or Saudi government, or Russian government, or United Arab Emirates, or identity thieves with hacking skills) get their hands on whatever mechanism created for law enforcement use only.

If the intelligence is not true, it nevertheless makes it clear that the United States understands that back doors create huge vulnerabilities. Government officials know full well that the Justice Department's demands are unreasonable and should be shut down, and lawmakers like Sen. Lindsey Graham (RS.C.) should not be proposing bills to force companies to implement encryption back doors.

But then, perhaps I should simply stop treating the Justice Department and Congress as though they're making these arguments in good faith. You see, yesterday, the Washington Post published a very different story about encryption and data privacy. It turns out that, for decades, the CIA and German intelligence owned and secretly operated an encryption company named Crypto AG. They sold compromised encryption technology to other countries, then secretly spied on them. The Washington Post reports that

they monitored Iran's mullahs during the 1979 hostage crisis, fed intelligence about Argentina's military to Britain during the Falklands War, tracked the assassination campaigns of South American dictators and caught Libyan officials congratulating themselves on the 1986 bombing of a Berlin disco.

Germany left the partnership in the 1990s, fearing exposure. So the CIA ran the company until 2018 when it liquidated Crypto AG and sold it off to two companies, one of whom apparently had no idea about its secret background.

We should be wary of the U.S. government doubling down on its efforts to compromise encryption, especially now that Crypto AG is not of use to the CIA. We know full well those back doors are going to be used for a lot more than trying to track down alleged pedophiles, and the federal government knows that, too.

Go here to see the original:
CIA Encryption Meddling and Chinese Espionage Allegations Make It Clear: We All Need Strong Data Protection - Reason

The Facebook-owned messaging service WhatsApp said on Wednesday it now has more than two billion users around the world as it reaffirmed its commitment to strong encryption to protect privacy.

WhatsApp, acquired by Facebook in 2014, has grown into one of the most widely used services in the Facebook "family" of apps, offering free messaging along with voice and video calls.

"Private conversations that once were only possible face-to-face can now take place across great distances through instant chats and video calling," a WhatsApp blog post said.

"There are so many significant and special moments that take place over WhatsApp and we are humbled and honored to reach this milestone."

The statement said WhatsApp remained committed to its "strong encryption" that enables users to connect privately even amid calls by law enforcement in the United States and elsewhere to provide more access.

"Strong encryption is a necessity in modern life. We will not compromise on security because that would make people less safe," WhatsApp said.

"For even more protection, we work with top security experts, employ industry leading technology to stop misuse as well as provide controls and ways to report issues - without sacrificing privacy."

Last week, child protection organisations called on Facebook to halt plans for strong encryption of all its platforms, saying that would allow predators to operate freely.

WhatsApp employs "end to end encryption" which can in many cases prevent law enforcement from accessing user data even with a court order.

The social network is working to extend end-to-end encryption across its messaging applications, including Facebook Messenger and Instagram.

Back door dilemma

Child protection groups have expressed fears that stronger encryption of online exchanges would facilitate the sharing of child pornography.

Backers of strong encryption argue that any special access or "backdoors" allowed for law enforcement would weaken security and could be exploited by criminals, hackers and authoritarian governments.

Officials from the US, Britain and Australia late last year called on Facebook to allow authorities to circumvent encryption to better fight extremism, child pornography and other crimes.

The heads of Facebook's WhatsApp and Messenger, Will Cathcart and Stan Chudnovsky, responded in a letter to officials from the three countries that allowing this kind of "backdoor" access "would be a gift to criminals, hackers and repressive regimes" while leaving users vulnerable.

Facebook's stance on encryption has been backed by more than 100 activist organizations, security experts and industry groups who warned against efforts to force tech companies to weaken encryption.

Despite its strong encryption, WhatsApp has seen flaws exploited in cyberspace.

Human rights activists have said that spyware hidden in WhatsApp messages, possible developed by Israel-based NSO Group, was used to track dissidents and others.

Amazon chief Jeff Bezos's phone is also believed to have been infected by spyware hidden in a WhatsApp message from Saudi Crown Prince Mohammad bin Salman.

WhatsApp in October sued NSO Group, accusing it of using the messaging service to conduct cyberespionage on journalists, human rights activists and others.

Breakup?

WhatsApp is one member of the Facebook app "family" that includes its core social network, Instagram and Messenger.

Facebook said recently some 2.89 billion people globally are daily users of at least one of these services.

But the growth has also attracted attention of regulators and activists concerned over the dominance of major tech platforms. Presidential hopeful Elizabeth Warren has been among those calling for the breakup of the big technology firms.

Facebook has argued against the idea of a breakup, saying the company is better able to keep its services safe and secure with a unified infrastructure.

Read more here:
WhatsApp defends encryption as it tops 2 billion users - Fin24

I recently got another letter from a reader that can serve as a great foundation for an article. Our reader asks:

Is not the encryption provided by my browser on the data I exchange with an https: site sufficient to protect the data? My understanding has been that it is. If so, a VPN is not needed for this purpose. Furthermore if so, it's perfectly safe for me to exchange private data (say, account info with my bank or stock broker) over any public, open network.

Of course, VPN's provide several other valuable functions, but as I understand it they do NOT provide any additional security to the actual data exchanged. VPN providers would likely not want to highlight this.

There's a lot to unpack in our reader's letter. Let's dig into each question/statement one-by-one.

Separate from the technical questions, our reader makes an assertion I think deserves an immediate and somewhat forceful correction. Our reader states:

It's perfectly safe for me to exchange private data (say, account info with my bank or stock broker) over any public, open network [using https].

Let's get this out of the way: It is never, ever, in any way, ever "perfectly safe" to exchange data over the internet, whether via a public, open network (shudder) or even from your home or office.

If reading ZDNet regularly tells you anything, it's that there are security breaches and security flaws throughout our networks that occur with constant, never-ending, and pretty much overwhelming regularity.

Also:The best VPN services for 2020CNET

I'm not going to go into either all the breaches or even all the ways message traffic can be intercepted while in motion. Suffice to say, our data is never "perfectly safe," and so we must always take action to protect ourselves, our data, and by extension, our financial and physical security.

Just because you're not paranoid doesn't mean they're not out to get you.

Because of this reality, we often practice a belt-and-suspenders approach to all of our security practices. That means, even though we may have one level of security, it's never enough. That method of security may be cracked or buggy, or there may be some other reason it's leaky. It's always best to have multiple approaches to keeping safe.

Let's start with what https does. It secures (through encryption) an http connection between a website and your browser. That means that the contents of what you're transmitting are unlikely to be read or changed between your browser and the website.

But you are not in control of this connection. It's up to the website operator (and any associated services it calls on) to be sure to properly set up and operate the secure connection.

Not all websites use https, so anything you do on an unencrypted connection is visible. What's actually of far greater concern with unencrypted traffic is that an attacker (usually called a Man in the Middle attack) can modify what is sent, injecting tracking bits -- or worse, malware -- into the stream.

The most visible of these are Great Cannon-style attacks that inject JavaScript and HTML payloads into unprotected web traffic. These payloads then conduct denial of service attacks (hence: cannon) against targets of interest to the hackers.

No one wants their web browser unwittingly turned into a denial of service weapon.

Another thing to consider about https encryption is it only encrypts your web traffic. Any other internet activity is not touched by the https protocol and therefore requires its own encryption. Examples of other activity include web-based video games that might send your account, password, and even credit card information in the clear; an e-mail program; or even a locally run accounting program.

So, yes, https does help. But it's only one security accessory in a belts-and-suspenders-security ensemble.

There's another encryption element that sometimes comes into the chain. That's the Wi-Fi encryption you get when you use a Wi-Fi router with a password.

Of course, here's another point of risk: You have no way of telling if the Wi-Fi router has been spoofed, and you're really sending all your data through a pineapple or some other data spoofing device.

This statement by our reader is a little tough to unpack: "VPN's provide several other valuable functions, but as I understand it they do NOT provide any additional security to the actual data exchanged."

I think what our reader is saying that VPNs provide other services, but they don't provide any other data security services. But VPNs do. They also encrypt data.

VPNs absolutely do provide data security services. Packets are encrypted from the local browser to the VPN service provider. All packets.

Now, it's important to understand where this encryption helps and where it doesn't. If you're on your web browser in a coffee shop and you're talking to your bank's web interface, your traffic is encrypted in your browser, goes from your device to a local router, to the local ISP, across a whole bunch of hops, and then to your bank, where it's decrypted.

Https will encrypt that entire pipe, but only if everything is set up correctly.

Now, if you're using a VPN (with https or not), your data is encrypted on your computer. If you're using https, the https-encrypted data is encrypted again by the VPN. That data then travels over the usual hops to a VPN server, is decrypted once (the VPN's layer is removed), and sent on to your bank.

The benefit of VPN encryption is from your device to the VPN provider on the internet. This protects nearly all coffee shops, airports, and hotel lurkers who might try to snag your data in motion.

When it comes to thinking about mobile security, it's important to keep in mind the endpoints and what's being encrypted. Let's look at the last three we discussed:

Can you see how these different elements encrypt and decrypt at different points? Also, keep in mind that any one (or more) of these security services may be compromised. Plus, of course, there are other levels of encryption, like encrypted SSL and TLS tunnels between websites and payment providers.

By using multiple layers of encryption, each unable to see into the other, you're reducing the chance that any one compromised network will compromise you.

As we've discussed in our various VPN reviews and guides, different commercial VPN services provide different added value. Some mix in anti-virus. Some mix in some identity protection services.

But all VPNs provide another very important security service: IP address obfuscation.

If you use a VPN, you get an IP address from the VPN provider. This is the IP address recorded by various services on the web. This allows you to protect your identity in terms of where you're located, what ISP you're using, or even what country you're in.

For some of us, this is a less critical service. For others, especially those dealing with stalking or other personal protection worries, VPN location protection services are essential.

So, in answering my reader's question, do they need a VPN? It's up to them. But is https the be-all and end-all of internet security? Oh, hell no.

What tools do you use to protect your security? Let me know in the comments below.

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

Link:
Reader question, answered: If I have https, do I need a VPN? - ZDNet

CESSON-SEVIGNE, France Feb. 6, 2020 Broadpeak, a leading provider of content delivery network (CDN) and video streaming solutions for content providers and pay-TV operators worldwide, today announced that it has completed the world's first unified packaging and encryption of DASH and HLS formats. Using the latest version of its BkS350 origin packager, Broadpeak successfully delivered DASH and HLS video fragments using the same chunks (encrypted with CBCS) and container (CMAF) for both protocols, a unique capability that will optimize storage costs for OTT service providers.

Until CMAF was developed, HLS and DASH needed to be delivered in different containers. In addition, Apple FairPlay and Google Widevine used different encryption schemes (i.e., CBCS and CTR), creating the need for a different chunk for each streaming format (i.e., HLS and DASH) even with the new CMAF container. Now that Widevine allows CBCS encryption, it is possible to encrypt one CMAF fragment for both HLS and DASH formats. Broadpeak's BkS350 origin packager is the first solution to offer this capability.

"Today, OTT delivery can be costly in terms of network bandwidth and storage due to the multiplication of streaming formats. Service providers need to deliver video content in two entirely different packaging formats and two different encryption schemes in order to reach all devices," said Jacques Le Mancq, CEO at Broadpeak. "The BkS350 origin packager eliminates these issues and unifies video delivery by introducing a common video streaming scheme for several players. We're excited to share this innovation with our customers and support them in the optimization of their overall video streaming costs."

Broadpeak's BkS350 origin packager creates only one chunk for both HLS and DASH streams. CMAF is used as the packaging container format and CBCS as the encryption scheme. This powerful new solution reduces CDN storage costs while simplifying the headend and requiring fewer packaging resources.

The new version of Broadpeak's BkS350 origin packager that unifies HLS and DASH using CMAF and CBCS encryption provides several important benefits to OTT providers. Using the same amount of CDN storage, service providers can cache twice the amount of content. In addition, the cache hit ratio mechanically improves, allowing service providers to reduce the pressure on the output of the origin packager.

More information about Broadpeak solutions can be found at https://broadpeak.tv.

# # #

About Broadpeak (https://broadpeak.tv)Broadpeak designs and manufactures video delivery components for content providers and network service providers deploying IPTV, cable, OTT, and mobile services. Its portfolio of solutions and technologies powers the delivery of movies, television programming, and other video content over managed networks and the internet for viewing on any type of device. The company's systems and services help operators increase market share and improve subscriber loyalty with superior quality of experience.

Broadpeak supports all of its customers worldwide, from simple installations to large delivery systems reaching capacities of several million of simultaneous streams. The company is headquartered in Cesson-Sevigne, France.

All trademarks appearing herein are the property of their respective owners.

Link to Word Doc: http://www.202comms.com/Broadpeak/200206Broadpeak.docx

http://www.202comms.com/Broadpeak/Broadpeak-HLS_DASH.pngBroadpeak's BkS350 origin packager optimizes storage costs for OTT service providers by harmonizing HLS and DASH encryption and packaging

See more here:
Broadpeak Performs World-First Video Unified Packaging and Encryption of DASH and HLS - Multichannel News

Applying encryption adds a level of security to the data that can help prevent the file contents from being understood by any unauthorized person who gets hold of it. Even if the data is accessed, it requires decryption to extract its meaning.

When more than one key is involved in the process, it's also possible to use to authenticate the sender. (Read Expert Feedback: What Data Encryption Advancements Should Businesses Be Aware Of?)

Encryption is the process of using an algorithm to transform information to make it unreadable for unauthorized users. Once the information is encoded, it requires decryption to be understood. (Read Encryption Just Isn't Enough: 3 Critical Truths About Data Security.)

Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.

Decryption is the process of transforming data that has been rendered unreadable through encryption back to its unencrypted form.

The encoded data reverts back to its original form, whether it contains texts or images, so that it makes sense to the human reader and/or the computer system. This process may be automated or be conducted manually.

Typically, there is a form of key involved. (Read 10 Best Practices for Encryption Key Management and Data Security.)

This eBook makes it easier than ever to get everything out of this powerful data tool. Free offer expires 2/18/2020.

CC BY-SA 3.0

A Scytale was what ancient Greeks used to make a simple transposition cipher. All it took was a strip of leather on which the letters were written and cylinder around which to wrap it. The sensitive data that was protected this way was likely centered around battle strategies. (Read Encryption Backdoors: The Achilles Heel to Cybersecurity?)

The encryption is the result of the letters being taken out of the order necessary to read and make sense of the message when they are unwrapped. In this case, the right cylinder functions as the key because it is what would get the letters properly aligned once the strip was wrapped once again.

The cylinder would be what is called a pre-shared key (PSK) in cryptography, that is a secret key that was shared ahead of the secret message being sent on it. Its letting the other party know what code the hidden message will be in. (Read Cryptography: Understanding Its Not-So-Secret Importance to Your Business.)

The Scytale method of encryption is the first one mentioned in A Brief History of Cryptological Systems, an instructive and entertaining read about strategies to prevent unauthorized people from reading secret message.

What may be the most famous stone in the world is housed in the British Museum. The museumss blog on the historic Rosetta Stone explains that Napoleons army found it in the Nile delta town for which it is named in 1799. At that time, no one had the capability to read hieroglyphs. It was a code with no key.

That is until scholars studied the Rosetta Stone. It opened the way to meaning through two components. One was that the same message was carved into in three languages, including Ancient Greek, which scholars could read.

The other was an identifiable cartouche that indicated which symbols stood for the name of the king Ptolemy.That was the basis of finding which of the 53 lines of Ancient Greek corresponded to the 14 lines of hieroglyphics and figure out the meaning of individual symbols.

It then took a couple of scholars 20 years to work it all out.

While the Rosetta Stone did function effectively as a decryption key, we need something easier to work with than a 1,680 pound rock for our everyday needs. The keys used in computer encryption are based on algorithms which scramble the plaintext data to render it into apparently random gibberish.

Applying the decryption key will put it back into understandable plaintext. There are different possible setups with single or double sets of keys.

Symmetric key encryption is based on algorithms that apply the same keys for both encryption and decryption. Its the same concept that worked for the Scytale in which the same size cylinder is used both to set the code and to rewrap the strips to make sense of the apparently random letters.

The same key that rendered the plaintext into ciphertext will turn the ciphertext back into plaintext In his blog, Panayotis Vryonis offers the analogy of locking something away in a box. The same key used to remove the contents from view is used to unlock the box and reveal them.

This is also sometimes called public key encryption. The name is a bit misleading because the asymmetry actually depends on having both a public and a private key. The public key is used to encrypt the message that is decrypted with the private key.

You can also encrypt data with the private key and have the receiver decrypted with the public key. The point is just that different keys are used for two functions.

Vryonis once again offers an image of a locked box to understand the concept: This lock has three states: A (locked), B (unlocked) and C (locked). And it has two separate (yes, two) keys. The first one can only turn clockwise (from A to B to C) and the second one can only turn anticlockwise (from C to B to A).

He names the one who locks it Anna, and she has an exclusive on one key the private key. The second key is the public one, which is copied and distributed.

So. Anna has her private key that can turn from A to B to C. And everyone else has her public-key that can turn from C to B to A. This opens up the possibility of locking up what you dont have the power to unlock.

"First of all, imagine you want to send Anna a very personal document. You put the document in the box and use a copy of her public-key to lock it. Remember, Annas public-key only turns anticlockwise, so you turn it to position A. Now the box is locked. The only key that can turn from A to B is Annas private key, the one shes kept for herself."

Anyone with the public key can make sure the box is locked, and only the person in possession of the private key can unlock it. Back to the world of algorithms, only the private key can decrypt what was encrypted by the public key. But it also has the possibility of allowing the public key to decrypt what was decrypt what was encrypted with the private key.

That opens up the possibility of attaching digital signatures, which Vryonis explains as follows:

"Someone delivers me this box and he says its from Anna. I dont believe him, but I pick Annas public-key from the drawer where I keep all the public-keys of my friends, and try it. I turn right, nothing. I turn left and the box opens! Hmm, I think. This can only mean one thing: the box was locked using Annas private key, the one that only she has.

In that scenario, the lock that is only possible from the private key guarantees that the sender is the one represented, which is the function of the digital signature. It would be like an unbroken seal on a letter formed by the persons signet ring used in the days of quill pens.

Accordingly, the asymmetric key offers more possible functions than the symmetric key system. Anyone with the public key can secure their data transmission to be decrypted only by the one in possession of the private key.

Plus anyone who receives data encrypted by the private key can trust the source. That preserves the integrity of the files and the validation of origin for digital communication, both of which are essential for functional and secure digital interactions.

See more here:
Encryption Vs. Decryption: What's the Difference? - Techopedia

The contentious case of a man held in custody since 2015 for refusing to decrypt two hard drives appears to have reached a resolution of sorts after the US Court of Appeals ordered his release.

Former Philadelphia police sergeant Francis Rawls was arrested in September 2015, during which the external hard drives were seized along with other computers from his home.

Based on forensic analysis of his download habits and the testimony of his sister, the police believe they contained child abuse imagery but were unable to prove that without access to the drives.

Rawls claimed he did not know or had forgotten the passcodes while his lawyers argued that on principle forcing him to reveal these violated his Fifth Amendment right against self-incrimination.

Ruled in civil contempt of court, in 2017 a second court rejected the Fifth Amendment argument.

Never formally charged with a crime, a lot seems to have hinged on whether Rawls should be treated as a suspect or a witness. If Rawls was considered a witness, the fact that hes being asked to provide information that could be used against himself, is, in effect, self-incriminating testimony.

From the start, this was an unusual case that will be referenced for years to come, not last by the civil liberties campaigners who took up the case and opposed the Governments arguments.

The prosecutors said they had ample evidence of Rawls alleged downloading of child abuse images but seemed happy to leave him in jail without charge.

Their assumption that he knew the passcode meant that he would surely relent rather than languish in jail indefinitely. And yet, Rawls didnt relent, perhaps calculating that the courts would eventually take his side in a highly technical argument.

Rawls has now been released on the basis that the detention under civil contempt does not allow prosecutors to hold a witness for longer than 18 months.

But there was always a technical dimension hovering over this case the hard drives were reportedly encrypted using Apples FileVault software.

Although Rawls could have been using any encryption software, Apples involvement must have hit a nerve.

The company has been in dispute with the Government over a series of cases, most famously attempts to force Apple to aid access the iPhone of the San Bernardino shooter in 2015. More recently, the iPhone access issue came up again after a shooting at a US Naval base.

The Rawls case is different in that its not the company being pursued but the suspect. But it underlines the battle now happening between companies offering encryption which can be used by anyone and a Government keen to head off the inconvenience this creates.

In January it was alleged that Apple has been more cooperative with the Government than its yet admitted, rowing back on a plan to extend end-to-end encryption to iCloud backups.

Ultimately, the FBI would like a backdoor only they could use, a move Apple has resisted.

But failing that, theres always the front door. Rawls seems to have held out against demands for encryption passcodes, but he wont be the last to be asked.

Continued here:
Suspect who refused to decrypt hard drives released after four years - Naked Security

Know How The Best Growth Opportunities in Encryption Software Market to Generate Huge Acquisition in Forthcoming Years [2020-2029]?

Have a look at the recently added report by MarketResearch.Biz titled as Encryption Software Market 2020: Market Geographical Segmentation, Key players, Key Topics Industry Value and Demand Analysis Forecast to 2029 provides comprehensive investigation. The investigation additionally provides the Encryption Software market competitors offer and region-wise analysis around the world.In this report you will learn;

In this report, our team offers a thorough investigation of Encryption Software Market, SWOT examination of the most prominent players right now. Alongside an industrial chain, market measurements regarding revenue, sales, value, capacity, regional market examination, section insightful information, and market forecast are offered in the full investigation, and so forth.

Browse Complete Summary of this report andDownload FREE Sample PDF!

Scope of Encryption Software Market: Products in the Encryption Software classification furnish clients with assets to get ready for tests, tests, and evaluations.

Key Highlights of theEncryption Software Market Report:

1. Encryption Software Market Study Coverage: It incorporates key market sections, key makers secured, the extent of items offered in the years considered, worldwide Encryption Software market and study goals. Moreover, it contacts the division study gave in the report based on the sort of item and applications.

2. Encryption Software Market Executive outline: This area stresses the key investigations, market development rate, serious scene, market drivers, patterns, and issues notwithstanding the naturally visible pointers.

3. Encryption Software Market Production by Region: The report conveys information identified with import and fare, income, creation, and key players of every single local market contemplated are canvassed right now.

4. Encryption Software Market Profile of Manufacturers: Analysis of each market player profiled is detailed in this section. This portion likewise provides SWOT investigation, items, generation, worth, limit, and other indispensable elements of the individual player.

Some of the major objectives of this report:

1) To provide a detailed investigation of the market structure alongside conjecture of the different sections and sub-portions of the worldwide Encryption Software Market.

2. To provide bits of knowledge about factors influencing market development. To examine the Encryption Software Market dependent on different variables value examination, store network investigation, porter five power investigation and so on.

3. To provide authentically and estimate the income of the Encryption Software Market portions and sub-fragments concerning four principle geographies and their nations North America, Europe, Asia, and the Rest of the World.

4. Nation level examination of the market regarding the present market size and future prospective.

5. To provide a national level examination of the market for section by Application, Deployment, Industry Type, And Region.

6. To provide key profiling of key players in the market, thoroughly investigating their center capabilities, and drawing a serious scene for the market.

7. Track and break down serious advancements, for example, joint endeavors, key coalitions, mergers and acquisitions, new item improvements, and research and improvements in the worldwide Encryption Software Market.

Have Any Query Or Specific Requirement? Ask Our Industry Experts!

Encryption Software Market Report Covers the Following Segments:

Global encryption software market segmentation by application:Disk encryptionFile/folder encryptionDatabase encryptionCommunication encryptionCloud encryption

Global encryption software market segmentation by deployment:CloudOn-Premise

Global encryption software market segmentation by industry type:Banking, financial services and insurance (BFSI)HealthcareGovernment & public sectorTelecom & retailAerospace & defenseOthers

Market Size Segmentation by Region & Countries (Customizable):

Following 15 Chapters Speaks To The Encryption Software Market All Globally:

Chapter 1, Enroll the objective of worldwide Encryption Software Market covering the market presentation, item picture, market outline, advancement scope, Encryption Software Market nearness;

Chapter 2, Contemplates the key global Encryption Software Market contenders, their business volume, market benefits and cost of Encryption Software Market in 2020 and 2029;

Chapter3, Shows the serious scene perspective on worldwide Encryption Software Market based on predominant market players and their offer in the market development in 2020 and 2029;

Chapter4, Directs the region-wise investigation of the worldwide Encryption Software Market dependent on the business proportion in every area, and market share from 2020 to 2029;

Chapter 5,6,7,8 and 9 Shows the key nations present in these districts which have revenue share in Encryption Software Market;

Chapter 10 and 11 portrays the market dependent on Encryption Software Market item classification, a wide scope of utilizations, development dependent on a market pattern, type and application from 2020 to 2029;

Chapter 12 Shows the worldwide Encryption Software Market plans during the figure time frame from 2020 to 2029 isolated by areas, type, and item application.

Chapter13, 14, 15 notices the worldwide Encryption Software Market deals channels, market sellers, vendors, market data and study ends, supplement and information sources.

Whats more, For detailed informationhttps://marketresearch.biz/report/encryption-software-market/#toc

Thanks for reading this article; you can also get individual chapter wise section or region wise report versions like North America, Europe or Asia

Get in touch:

Mr. Benni Johnson

MarketResearch.Biz (Powered By Prudour Pvt. Ltd.)

420 Lexington Avenue, Suite 300

New York City, NY 10170,

United States

Tel: +1 347 826 1876

Website:https://marketresearch.biz

Email ID:inquiry@marketresearch.biz

See the original post here:
(PDF Innovation): Encryption Software Market Report By MarketResearch.Biz [Involved Key Players Are: Microsoft,Sophos Ltd. and .] - Sound On Sound...

Given the responsibility to ensure data protection in the cloud, how can organisations encrypt, share and manage data securely?

Data protection is of top priority for business leaders and consumers alike. The implementation of GDPR and the extensive media coverage of major data breaches has made organisations more mindful of their responsibility to ensure data protection. Despite the numerous benefits of cloud usage, many are reluctant to migrate to the cloud as they feel storing data off-premises robs them of the control needed to ensure its security, thus exposing their organisation to the risk of being faced with hefty GDPR fines, job losses or suffering substantial brand damage.

A recent study reveals that, alarmingly, only 32 per cent of organisations believe that protecting data in the cloud is their own responsibility. The terms and conditions of major cloud providers includes a Limitations of Liability clause which puts responsibility for data security on the cloud user. For example, AWS states it accepts no liability in the case of any unauthorised access to, alteration of, or the deletion, destruction, damage, loss or failure to store any of the users content or other data.

Those responsible for cloud infrastructure in an organisation generally understand the risks involved with storing data in the cloud. However, all cloud users need to be conscious of the severity of protecting data in the cloud. Hackers are devising many sophisticated methods to target innocent and vulnerable users, making human error prevalent among data leakage incidents.

It has often been said that data is the new oil. Data can provide valuable insights that drive key business decisions, political campaigns and marketing initiatives. And just as the oil industry has security measures in place to protect against terrorism and maritime piracy, organisations need to establish security measures to ensure the protection of their data.

One vital step is encryption. More than half (51 per cent) of organisations fail to use encryption to protect sensitive data in the cloud. Arguably, most cloud providers will encrypt their customers data. However, the encryption key is stored in the cloud and thus accessible to hackers and cloud staff much like leaving your house key under the doormat, which half the neighbourhood knows about. Interestingly, Apple was recently pressured by the FBI to abandon its plans to fully encrypt its iCloud backups as it did not give the FBI a backdoor. Recall the liability clause? Full encryption of data cannot be dependent on the cloud provider.

To be a truly secure solution, the user needs full and secure control of the encryption key that is stored away from the data. This will protect the data even if the cloud account is hacked.

The more people the data is shared with, the greater the challenge to ensure security. Sharing encrypted data securely allows for instant collaboration in the cloud, saving time when compared with what would be days spent posting encrypted USB flash drives between colleagues. Keeping the encryption key, which is encrypted itself with a PIN-authenticated code, away from the cloud increases the number of security measures from just one (the cloud account login) to up to five factors of authentication.

Another important step to ensure data privacy is a central management of data shared. Not being able to efficiently monitor and manage data can have severe implications. For example, an engineer at Raytheon Missile Systems took US missile defence secrets to China, despite warnings from officials not to travel with his laptop. This incident could have been avoided if Raytheon had been able to remotely disable the engineers access to the confidential files, place geofencing restrictions or monitor file activity.

The cloud is here to stay and shouldnt have to be avoided for security concerns. At an age when sensitive data needs to be stored and shared digitally, businesses and particularly government institutions must assume responsibility for encrypting sensitive data, securing the encryption key and monitoring and managing that data.

By John Michael, CEO iStorage

Discover your solution to encrypt, share and manage your data in the cloud at istorage-uk.com/product/cloudashur/ or visit iStorage at Stand 14 during TEISS 2020, to see a demonstration.

See the original post:
Assuming responsibility for data protection in the cloud - TEISS