Note: The following letter was sentFriday to Lancaster County Commissioners Dennis Stuckey, Craig Lehman and Josh Parsons.

I strongly urge you to reconsider the decision to encrypt police department radio transmissions before this change takes place in November.

First, the health and safety of both our Lancaster County community and the law enforcement officials who protect it are paramount.

Second, essential to the well-being of our county must be a government system that values public accessibility, transparency and accountability.

These two truths must find a way to co-exist.

Certainly, a healthy democracy and an informed citizenry here do not depend solely on public and news media access to Lancaster County police radio broadcasts. Both are, however, seriously diminished when the publics right to know is further eroded something that is becoming alarmingly common in our commonwealth and across this country.

Our newspaper has long relied on police communication to provide the public with emergency information. I consider a scanner as essential to my job as a wrench to a plumber, a longtime television journalist in Oklahoma wrote to me last Sunday. He reached out in support of LNPs July 5 editorial opposing encryption.

Think snowstorms. Vehicular accidents. Road closings. Gas leaks. Homicides. Violent protests.

Radio access enables news outlets to work hand-in-hand with first responders to keep the public away from dangerous situations, Melissa Melewsky, media law counsel for the Pennsylvania NewsMedia Association, noted in a recent LNP article. Total encryption addresses a problem that doesnt exist where the media is concerned.

West Hempfield Township Police Chief Mark Pugliese I, who chairs the county chiefs Police Advisory Board to Lancaster County-Wide Communications and represents the county Chiefs of Police Association on this issue, appears to agree.

Referring to events worldwide and expressing concern for police safety, he told you its not unusual for officers today to be ambushed. But he also acknowledged that were not getting that so much in Lancaster County.

Additionally, the chief spoke about incidents here where the public or the media interfered with investigations, in some cases by getting to crime scenes more quickly than police.

When pressed by an LNP reporter, Chief Pugliese could not cite a single situation in Lancaster County where the media interfered at a crime scene.

The chief says he is not anti-media.

Nor am I anti-law enforcement.

When the earth rumbles or a gun fires, citizens rely on police and other first responders to courageously address the emergency. They expect us in the news media to tell them what is happening. Shutting off access to information feeds distrust and anxiety; it fuels the spread of misinformation by social media commenters unbound by the journalistic standards of citing sources and confirming details.

Chief Pugliese said that the removal of public and media access to police broadcasts will make it incumbent on police to improve the lines of communication.

Experience suggests to me that will not happen; I dont see that as law enforcements primary role, and I dont see how it does either. Access to timely and accurate information that serves the public interest will suffer as a result.

Like law enforcement, we in the news media must be allowed to do the work we are trained to do. It is incumbent upon us to get it right and to be held accountable if we dont.

While all three of you are and must be concerned about police safety, Commissioner Lehman has said that blocking police communication might give officers a false sense of security and further isolate them from the community. Hes suggested a compromise of encrypting public transmissions, but allowing access to the news media.

It is certainly a better option.

I was at home July 2 and only yards away from the horrific Manor Township gas explosion that killed one man and injured others as it leveled a house, severely damaged neighboring homes and, in seconds, rattled the psyche of an entire community.

Frightened neighbors ran outside their homes, erroneously speculating about the cause of the blast. I called the newsroom and was accurately informed that it was a gas explosion. Then I walked to the scene to join my newspaper colleagues in probing more deeply as we talked with witnesses, questioned officials and provided real-time information that a county wanted and needed in that moment.

Fire and ambulance dispatches, the ones that guided us that day, are not part of the planned encryption here. At least not yet. As Chief Pugliese noted, the scrambling of police communication, and that of fire and ambulance, is becoming the national norm.

I dont think thats the way to go. I do believe a compromise can be struck, one that will allow law enforcement to do its work, and enable those of us in the news media to do ours.

We both exist, after all, to serve our Lancaster County community to the very best of our abilities.

Barbara Hough Roda is executive editor of LNP and LancasterOnline. Email: broda@LNPnews.com; phone, 717-481-7335; Twitter, @BarbRodaLNP.

Originally posted here:
Commissioners need to rethink encryption - LancasterOnline

SAN FRANCISCO: Responding to a call that Facebook should do away with the encryption that prevents police from accessing WhatsApp data, the company's top executive has said such a move would make it difficult to track terrorists if government gets such access.

The call for ditching the WhatsApp encryption emerged after five people were killed in an attack on March 22 when Khalid Masood ploughed his car into crowds on the bridge and tried to storm the Parliament. Masood is said to have used WhatsApp minutes before carrying out the attack.

"The goal for governments is to get as much information as possible, and so when there are message services like WhatsApp that are encrypted the message itself is encrypted but the metadata is not. Meaning that when you send me a message we don't know what that message says but we know that you contacted me," Express.co.uk quoted Sheryl Sandberg, Chief Operating Officer Facebook, as saying on Saturday.

"If people move off those encrypted services and go to encrypted services in countries that won't share the metadata the government actually has less information, not more. And so as technology evolves these are complicated conversations. We are in close conversations working through the issues all around the world," she added.

With the growing terror attacks in London and Europe, social media has come under severe criticism for not doing enough to curb online terrorism. Facebook hired an online army of more than 7,000 people which is assigned to crack down on terrorists using the site.

Facebook also has 4,500 people who work to stop any attempt from extremists to hijack the site and the company plans to hire 3,000 more later this year.

"Our Facebook policies are very clear. There is absolutely no place for terrorism, hate or calls for violence of any kind. Our goal is to not just pull it off Facebook but to use artificial intelligence technology to get it before it is even uploaded," Sandberg said.

"We are working in collaboration with other tech companies now so if a video is uploaded to any of our platforms we are able to fingerprint it for all the others so they can't move from platform to platform," she added.

See the rest here:
Ditching WhatsApp encryption will help terrorists: Facebook COO - Economic Times

Facebook's chief operating officer Sheryl Sandberg has responded to the suggestion that messaging apps and social networks should remove end-to-end encryption implying such a move would be a step backwards for governments looking to monitor extremism online.

The executive tackled the issue on Sunday's edition of Desert Island Discs on BBC Radio 4. She said that if Facebook-owned WhatsApp was to ditch encryption, which prevents authorities from seeing the messages users are sending to each other, then people would turn to alternative encrypted platforms; leaving governments with even less information as a result.

"The goal for governments is to get as much information as possible, and so when there are message services like WhatsApp that are encrypted the message itself is encrypted but the metadata is not. Meaning that when you send me a message we don't know what that message says but we know that you contacted me," she explained.

Following extremist attacks at London Bridge and nearby Borough Market earlier this year, British prime minister Theresa May accused tech giants of having provided a safe space for terrorism to breed. Home Secretary Amber Rudd, meanwhile, said she believed intelligence services should have the ability to get access to encrypted platforms like WhatsApp.

Facebook has stood firm on its belief that protecting private communications is one of its core principles.

"If people move off those encrypted services and go to encrypted services in countries that won't share the metadata the government actually has less information, not more," Sandberg added.

The Facebook lead admitted that as technology continues to evolve there are "complicated conversations" to be had and that her company is working closely with authorities on such issues.

Last month Facebook announced an anti-terror counterspeech programme in the UK. As part of the initiative the company will give anti-terror groups free advertising credits to promote their messages to individuals that might be at risk of radicalisation.

Speaking on the subject, Sandberg said: "Our Facebook policies are very clear. There is absolutely no place for terrorism, hate or calls for violence of any kind. Our goal is to not just pull it off Facebook but to use artificial intelligence technology to get it before it is even uploaded."

"We are working in collaboration with other tech companies now so if a video is uploaded to any of our platforms we are able to fingerprint it for all the others so they can't move from platform to platform," she added.

Read more here:
Sheryl Sandberg defends WhatsApp's end-to-end encryption policy - The Drum

It's hard -- for me at least -- to get too excited about hard drives. They get bigger, they get faster, and that's about it. But the iStorage diskAshur2 is a little different. This is a 1TB USB 3.1 external hard drive with a twist.

It offers hardware-level AES-XTS 256-bit encryption -- so no software is needed -- secured with PIN authentication. As you can see from the photo, there's a PIN pad built into the drive for easy locking and unlocking, and it's compatible with Windows, macOS and Linux ("it will work on any device with a USB port!"). We've already look at the diskAshur Pro 2, but this diskAshur2drive is nearly 20 percent cheaper.

The primary difference between the Pro drive and this one is the form of encryption that's used. While the diskAshur Pro 2 is "designed to be certified to" FIPS 140-2 Level 3, NCSC CPA, Common Criteria and NLNCSA, in the case of the diskAshur2, it's the lesser, older FIPS PUB 197 validation that's in place. In both instance, however, there's AES-XTS 256-bit hardware encryption protecting data which should be more than enough for most circumstances.

FIPS 140-2 Level 3 means that the diskAshur Pro 2's circuit board has a tamper-proof design, but there are still physical protection measures in place with the diskAshur2 for added peace of mind. The protection comes from the built in EDGE (Enhanced Dual Generating Encryption) Technology which protects from "external tamper, bypass laser attacks and fault injections and incorporates active-shield violation technology." There's also security against unauthorized firmware updates, and the onboard processor "reacts to all forms of automated hacking attempts by entering the deadlock frozen state where the device can only restart through a 'Power On' reset procedure."

In short, it's secure. But what's it like to use?

In a word, great. But you're probably looking for a little more detail than that...

The iStorage diskAshur2 is designed with travelling in mind. It's pretty light at 216g, measures a pocketable 124 x 84 x 19 mm and comes with a hand carry case (the 3TB, 4TB and 5TB models are slightly heavier and larger at 325g and 124 x 84 x 27mm). There's a (short) built in USB 3.1 cable so you don't have to remember to carry one around with you, and the drive is available in a choice of four colors -- Fiery Red, Phantom Black, Racing Green and Ocean Blue. It's IP56 rated for water and dust resistance.

What's great about the drive is the incredible ease of use. Encryption usually means having to fiddle around with software, but that's not the case here; everything is built into the drive. The drive is, by default, encrypted. Plug it in, and it remains inaccessible -- and invisible to the computer -- until you enter the necessary PIN and hit the unlock button. From this point, you can manually lock the drive at any time. You can also unplug the drive and it will be automatically locked, or auto-locking will kick in after a predetermined period of inactivity. The lack of software means that it's easy to take the drive from one computer to another, regardless of the operating system it is using.

This video from iStorage gives a good introduction to the device range:

Unlocking the drive is incredibly fast -- much faster than if computer-based software was involved. In terms of performance, this is a 5,400 RPM drive offering read speed of up to 148 MBps and write speeds of up to 140 MBps -- far from earth-shattering, but this is a drive that focuses on security, not performance.

As with the diskAshur Pro 2, brute force protection means that the drive will delete its encryption key (rendering data completely inaccessible) after fifteen consecutive incorrect PINs are entered. You can create a PIN of up to 15 digits, so it should be fairly easy to create a non-guessable PIN. For those who need it, there is also the option of using a Self-Destruct PIN to wipe out the encryption key so data cannot be accessed under any circumstances. For peace of mind, there is a two-year warranty covering the device.

For the vast majority of people, AES-XTS 256-bit hardware encryption and conforming to FIPS PUB 197 should be more than enough. If the relatively high price of the diskAshur Pro 2 was off-putting to you, the diskAshur2 gives you a way to get very much the same product at a pleasingly lower price.

You can find out more and buy a drive direct from iStorage. The 1TB model is priced at 219 (262).

Visit link:
iStorage diskAshur2 1TB PIN-protected encrypted external hard drive [Review] - BetaNews

LAS VEGAS Rep. Will Hurd (R-Texas) said Sunday that Europe can't pretend to be more idealistic on privacy issues than the U.S. while many of its nations try to enact laws limiting encryption.

Hurd is one of a sturdy number of legislators including a bipartisan House Judiciary working group on encryption that opposeslaws allowing law enforcement agencies to access all encrypted datain the United States. Proponents believe access would helppreventand solvecrime, including terrorist-related activities.

Europe likes to act like they take privacy more severely than we do. That is patently false, he toldThe Hill at the DEF CON cybersecurity conference in Las Vegas.This notion we dont take this seriously in the U.S. is wrong.

Current encryption methods make it impossible for law enforcement to access chat apps or files from criminals in a timely manner, even with a warrant. Various U.S. law enforcement agencies have waged periodic efforts to force manufacturers to provide some form of access.

European nations including Germany and the United Kingdom have either enacted or are poised to enact these types of rules.

The terrorism challenges in Europe are really kind of tough, and they may lead the way and carry some of our water on this, said Acting Assistant Attorney General for National Security Dana Boente at the Aspen Security Forum earlier this month.

But cybersecurity experts people who design secure communication systems and those who develop techniques to hack into those systems universally believe that adding "backdoors" into encryption is a substantial national security threat. Adding new entry points into encryption makes its design far more perilous and far more likely for the system to be cracked by hackers or for the keys to be stolen.

We should be making encryption more secure, not less, Hurdsaid.

European Union courts struck down exemptions allowing the U.S. to store European citizens' data on stateside servers based on privacy concerns. But, claimed Hurd, the threats to privacy caused by an encryption rule demonstrated the EU'strue colors when it came to privacy.

Hurd has experience in security issues both as a former CIA agent and as a former security consultant, including a stint at a cybersecurity consultancy.

He said his trip to DEF CON was, in part, to keep his knowledge of cybersecurity from becoming stale.

DEF CON is the pointy end of the spear. These are the folks that are thinking about the real problems, he said.

DEF CON is the last of three cybersecurity conferences held back-to-back to back in Las Vegas each summer. While the other conferencesare targeted tocorporate cybersecurity providers or a more general security audience, DEF CON appeals to iconoclastic, individual researchers often on the bleeding edge of the field.

Being out here gives me perspective on where policy needs to go, Hurdsaid.

Hurd and fellow congressman Rep. Jim Langevin (D-R.I.) gave one presentation on Saturday and will give a second on Sunday. Those are two of the five panels being given by current government officials.

I want the people here to know that there are people in government that care about this stuff, Hurdsaid.

He said he had visited a number of DEF CON sub-conferences, known as villages, including ones focusing on hacking voting machines and automobiles, both of which he praised.

Hurd has focused on other cybersecurity issues while in office including IT modernization and workforce shortages. He said he was excited to see children as young as nine at the conference learning to hack and hopefully preparing to fill a widening skills gap of cybersecurity talent.

Read more:
House Republican: US just as focused on data security as Europe - The Hill