There are only two types of companies, it is commonly said: those that have been hacked, and those thatjust don't know ityet.

IBM, the computing giant, wants to get rid of both. The company said Monday that it has achieved a breakthrough in security technology that will allow every business, from banks to retailers to travel-booking companies, toencrypt their customer data on a massive scale turning most, if not all, of their digital information into gibberish that is illegible to thieves with its new mainframe.

The last generation of mainframes did encryption very well and very fast, but not in bulk, Ross Mauri, general manager ofIBM's mainframe business, said in an interview. Mauri estimates that only 4 percent of data stolen since 2013 was ever encrypted.

As the number of data breaches affecting U.S. entities steadily grows resulting in theleakage every year ofmillions ofpeople'spersonal information IBM argues that universal encryption could be the answer to what has become an epidemic of hacking.

The key, according toIBM officials, is an update to the computer chipsdriving the powerful mainframe serversthat house corporate or institutional information and process millions of transactions a day worldwide, from ATM withdrawals to credit card payments to flight reservations.

Cryptography,the scienceofturning legibleinformation into coded gobbledygook, is already commonly used among certain email providers and storage services. But because of the enormous computational power needed to quickly encrypt and decrypt information as it passes from one entity to another, many businesses use encryption only selectively, if at all. A December report by the security firm Sophos found that while 3 out of 4 organizations routinely encrypt customer data or billing information, far more do not encrypt their intellectual property or HR records. Sixty percent of organizations also leave work files created by employees unencrypted, the study found.

All of these represent opportunities for digital criminals, said Austin Carson, executive director of the technology think tank TechFreedom.

One of the big problems is that way too much information is stored in clear text, he said. But universal or pervasive encryption, he added, could help ensure that even if hackers successfully broke into a company's network, any information they found there would be impossible to decode. That would be a huge step forward just in terms of protecting a much larger body of information, Carson said.

But the same technology could frustrate law enforcement, which in recent years has waged a furious battle with Silicon Valley over encryption technology and how extensively it should be used. In a high-profile dispute last year with Apple, the Justice Department argued that the companyshould help officials break into an encrypted iPhone used by one of the San Bernardino shooters. Apple refused, saying that developing tools to break encryption would undermine its customers' security, particularly if the tools were to fall into the wrong hands. Apple's concern is not theoretical: This year's WannaCry ransomware attack, which held thousands of PCs hostage, has been linked to a Windows vulnerability that was secretly discovered and exploited by the National Security Agency long before it leaked into the wild.

In its push to expand universal encryption, IBM is taking Apple's side in the debate.

IBM fully supports the need for governments to protect their citizens from evolving threats, the company said in a statement on the issue. Weakening encryption technology, however, is not the answer. Encryption is simply too prevalent and necessary in modern society.

For IBM, encryption is also a massive business opportunity. Businesses spend over $1 trillion a year making sure that their security meets government standards, according to company officials. One aspect of IBM's new approach to mainframes is the concept of automating that compliance work, using artificial intelligence to check that what's being protected passes regulatory muster in various industries. In doing so, IBM expects to turn a chunk of that annual compliance spending into revenue for itself. And that's on top of the roughly $500,000 it expects to charge new customers for using IBM's newest mainframe technology. Most businesses, said Mauri, will be upgrading from an existing setup, so the cost for those clients could be less.

For some small businesses, that may still be too expensive. Still, the history of technology suggests that with time, those prices may fall.

This is the turning point. The idea here is that you can start to encrypt all data, saidMauri. But even as IBM makes encrypting everything a priority, security experts like Mauri already have their eyes set on the next holy grail: the ability to securely edit and manipulate encrypted files without ever having to decrypt them in the first place.

Read the original:
To battle hackers, IBM wants to encrypt the world - Washington Post

Avalon.red/NewscomAustralia's Prime Minister Malcolm Turnbull is getting mocked by the encryption savvy for asserting that the laws of mathematics are subservient to the laws of Australia.

The Australian government is considering legislation that would require online communication companies decrypt messages on demand of law enforcement officials in order to fight crime. The problem is end-to-end encryption blocks companies from decrypting the communications. It's a safety and security measure to make it much harder for people with sinister intentionseither criminals or dangerous governmentsto access users' private data.

Turnbull's quote may make him look like an idiot, but the fundamental attitude he's expressing is shared by lawmakers and government officials in other countries, including the United States and England. These people want to deliberately jeopardize everybody's data privacy and security in order to serve the demands for information by law enforcement and the intelligence community.

Government officials have been wanting to force "back doors" into encryption so that they can get access to data in order to fight crime and terrorism. But there's no such thing as a back door that only the government can access.

Once there is a key to break encryption, it can be (and frequently has been) either discovered or reverse engineered by others. Furthermore, no single government, no matter how powerful it is, has the ability to prevent new, unheard of encryption tools from becoming available for criminals and terrorists to access. The inevitable outcome would be average users of commonly distributed communication apps having their data compromised, and actual criminals finding new ways to keep their communications secret.

In this context, Turnbull was asked whether this mathematical reality trumped government's desire to get access on demand to encrypted communication. His response:

"Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia."

We should actually appreciate the blunt stupidity of Turnbull's response, because it highlights how stubbornly unwilling government officials have been in recognizing the actual consequences of their proposals. We've seen it from American senators on both the left and the right like Dianne Feinstein (D-California) and Richard Burr (R-North Carolina). We've seen it from British Prime Minister Theresa May's administration.

Throughout this encryption fight we have seen government and law enforcement officials lean on their power to legally demand access to information with warrants and investigatory tools in a bid for the authority to compromise everybody's security. The quote from Turnbull vividly demonstrates their belief that the existence of a government law outweighs consideration of other consequences.

The quote should be used as a rhetorical weapon against the likes of Feinstein and May to force them (and law enforcement representatives) to deal with the dangerous consequences of the laws they propose.

Read the original post:
Australian Leader's Stupid Quote About Laws Trumping Math Is Encryption Fight in a Nutshell - Reason (blog)

Australias Attorney-General has said he will be meeting with Apple as the country becomes the latest to demand that the company cease offering end-to-end encryption, reportsSky News.

Attorney-General George Brandis says he will hold talks with tech giant Apple this week in bid to get co-operation on the Turnbull governments proposed laws compelling tech companies to give police and intelligence agencies access to encrypted information messages from suspected terrorists and criminals

Australia is apparently determined to join the US and UK in the hall of fame of governments who dont understand how encryption works. Brandis said that the new laws would be directly modelled on the UKsInvestigatory Powers Act, introduced last year.

So far, there has been no clash between the British government and Apple on the subject, though a future one seems inevitable. The law requires Apple and other tech companies to hand over details of messages sent through services such as iMessage and FaceTime, but Apples use of end-to-end encryption means that it will be unable to comply.

Apple will doubtless be making the point that the only way to comply with such a law would be to cease using end-to-end encryption, compromising everyones privacy.

Brandis says that he will be seeking voluntary cooperation first, and legislating if needed.

Senator Brandis says the government will be seeking voluntary cooperation as a first preference. But we will also be legislating so that we do have that coercive power if need be if we dont get the cooperation we seek, he told Sky News On Sunday.

Apple has of course demonstrated its willingness to stand up to government attempts to force it to compromise user privacy through the San Bernardino case in the USA.

Check out 9to5Mac on YouTube for more Apple news!

View post:
Apple meeting with Australian Attorney-General to discuss proposed ban on end-to-end encryption - 9to5Mac

Legislating against cryptography will drive encryption underground, says Tim Gallagher

The chief executive of a Swiss digital encryption app provider has lambasted the Australian governments proposed new laws that will compel tech companies to help local security forces access encrypted messages.

Theproposed lawsare expected to be put to Parliament by the end of this year, and are expected to resemble the UKsInvestigatory Powers Act 2016. This legislation obligates messaging platform operators such as Facebook and Google to cooperate with investigators looking to access encrypted messages.

SafeSwiss CEO Tim Gallagher said on Monday that the nature of his companys free messaging service for Android, iOS and Windows devices places it beyond the legal jurisdiction of the Australian government."

Gallagher warned users who are concerned about their privacy that serious design flaws in products such as WhatsApp, Telegram Messenger and WICKR potentially make them vulnerable to government-mandated backdoors.

Banning or legislating encryption apps is not the answer, this is a true paradox of security against privacy, Gallagher said.

Legislating against cryptography will drive encryption underground. It will open the doors to malicious attacks from adversaries everywhere.

Gallagher noted that encryption also applies to banking, purchasing goods online and in keyless ignition systems.

A good preview on how backdoors operate is to look at the US transport security administration (TSA) requirement that all baggage passing or travelling within the USA must be equipped with travel sentry locks that are designed to allow anyone with a readily available master key access.

As a result, a CNN investigation found thousands of incidents of theft, he said.

Gallagher added that to consider governments to be a trusted third-party is extremely misguided.

Governments would be better placed to put resources into the source of the problem the continued brainwashing of predominantly youth under the guise of medieval religion.

We are most certainly not anti-government or anti-police. We are pro privacy, and we firmly believe that both privacy and freedom of speech are two basic fundamental human rights.

Follow CIO Australia on Twitter and Like us on FacebookTwitter: @CIO_Australia,Facebook: CIO Australia, or take part in the CIO conversation onLinkedIn: CIO Australia

Follow Byron Connolly on Twitter:@ByronConnolly

Error: Please check your email address.

Tags WhatsAppdigital encryption appTelegram MessengerWickrswissTim GallagherAustralian GovernmentUSA

More about AustraliaCNNFacebookGoogleMessengerTwitter

Go here to read the rest:
Government's encryption backdoor plan flawed: SafeSwiss chief - CIO Australia