Australia's favourite Attorney-General, Senator George Brandis QC, has been in Ottawa discussing how we and our Five Eyes intelligence partners can 'thwart' terrorists' encrypted communications. What has he achieved?

Brandis told ABC Radio on Wednesday morning that defeating encryption was a "very important part of the proceedings" at the meetings between the US, UK, Canada, New Zealand, and Australia, because encryption is "impeding lawful access to the content of communications".

"So what we decided to do in particular was to engage with ISPs and device makers to secure from them the greatest possible level of cooperation. I also discussed with my American counterpart, Attorney-General Sessions, the development of cross-border access without having to go through the rather prolonged procedure of mutual legal assistance," Brandis said.

Leaving aside the question of whether lawful access rules should be re-examined, improving the pace at which law enforcement agencies can respond is a sensible goal. But what of the technical aspects?

As ABC Radio asked: "What are you actually asking them to do? Because tech companies say you can only break into these messages if you've planted a flaw or a bug into the software before it's sold. Is that what you want the device makers to do?"

Not specifically, said Brandis, and it's not as simple as that. And indeed, he's previously said he's not interested in backdoors.

"What we need is to develop, and what we'll be asking the device makers and the ISPs to agree to, is a series of protocols as to the circumstances in which they will be able to provide voluntary assistance to law enforcement," Brandis said.

"There is also of course the capacity which exists now in the UK and in New Zealand, under their legislation, for coercive powers, but we don't want to resort to that," he added. Brandis wants a set of "voluntary solutions".

When pressured about what that might mean, Brandis said that is a discussion that is yet to happen, and he didn't want to get ahead of himself, or narrow or confine its scope.

"First of all, I've made it clear that we're not going to ask the tech companies to backdoor their systems. Secondly [for example] section 253 of the British Investigative Powers Act does impose an obligation, subject to reasonableness and proportionality, upon providers to do whatever they reasonably can be expected to do to enable law enforcement to inspect messages that are the subject of encryption, or inspect devices," Brandis said.

And as for the idea of banning end-to-end encrypted messaging apps like Signal and WhatsApp entirely, Brandis said "it was not discussed, and wasn't thought of, and it would be infeasible."

So here's where we're up to.

Brandis says end-to-end encryption is a problem for law enforcement, which it is. He's not going for a backdoor, and says that's not feasible, which it isn't. So has he started a war on mathematics? Has he foolishly tried to tackle maths with the law?

After all, Brandis isn't known for his technical acumen, particularly after that Walkley Award-winning interview where he struggled to explain metadata.

No. Forget the maths. Join some different dots.

First, Brandis plans to talk to device manufacturers. Even now, telco switches must have a lawful interception (LI) capability, so that conversations can be intercepted -- or wiretapped, as Americans say. I'm guessing he simply means extending that requirement to endpoint devices, where messages could be intercepted before they're encrypted.

Second, Brandis wants to talk to ISPs. That's probably not to decrypt messages as they pass through, because that's kinda hard. It's probably to help the telcos identify the device in use, so that its lawful interception capability can be turned on.

That's all technically possible, achievable with legal pressure, and fits nicely within the national and international legal frameworks already in place.

But it's not a win, at least not for us citizens.

Current LI capabilities work through telco switches, so in theory they can only be turned on from within the telcos themselves. Yeah, shoosh you.

But mobile devices can be anywhere on the planet. The Brandis Plan, if it's what I think it is, would mean devices could potentially have their LI capability turned on from any telco on the planet and routed ... somewhere.

Why?

Because research as recently as late 2016 has shown that international mobile data networks are a security nightmare.

The only protections from LI capabilities going rogue would be mobile network switching security, and the processes within device makers' supply chains, and telcos, to prevent information leaking to bad people. There's no attack surface in there at all, right?

Sigh.

The Brandis Plan may well be able to achieve his goals, but at what cost?

Read more from the original source:
Australia's encryption thwart thought is fraught | ZDNet - ZDNet

It is a rare law enforcement officer or intelligence agent who doesnt want access to more information. Yet total information awareness, to use a term from the George W. Bush administration era, has never been possible. Some people whisper to avoid prying ears. Others draw the blinds to prevent looking in.

More fundamentally, the right to privacy the personal preserve where governments should not be allowed to snoop is an impediment to official surveillance. That privacy is necessary to safeguard such sensitive matters as our banking information, our medical history, our personal relationships, or our ability to explore unpopular or potentially embarrassing points of view.

Today the battle between law enforcement and privacy is being fought over encryption. One response to Edward Snowdens revelations about the extent of U.S. government surveillance has been growing popular insistence on encryption such as the end-to-end encrypted communications used in iPhones or WhatsApp to which no phone or Internet company holds an access key. Meeting this week in Ottawa, the Five Eyes intelligence sharing partnership Australia, Canada, New Zealand, the United Kingdom and the United States is considering an Australian proposal to mandate such a key, or back door, to encryption. Officials in the U.S. and U.K. have made similar proposals.

The rationale is that many terrorists and other criminals are using end-to-end encryption to hide their activities. Even if law enforcement officers or intelligence agents obtain a judicial warrant to monitor their communications, the lack of a back door key means there is no way that phone or Internet companies can let these officers in.

Yet a mandated back door essentially a built-in vulnerability is dangerous because there is no way to ensure that only the good guys will exploit it. Todays hackers, both criminal and governmental, are increasingly sophisticated. They have hacked Internet companies, sensitive infrastructure, even the National Security Agency itself. Technology companies are in a feverish race to enhance privacy and security protections. The last thing they need is to introduce a deliberate vulnerability. Few would want to return to an era when encryption was not the norm.

And to what end? A mandated back door to encryption might enable governments to catch some criminals. But criminals with any degree of sophistication would simply download encryption services that are widely available on the Internet without going through one of the brand-name companies that might be mandated to introduce a back door. Meanwhile, ordinary members of the public would be stuck with vulnerable communications.

Moreover, Western Internet and phone companies would be competitively crippled. Even if Five Eyes and other Western governments mandated a back door for devices made in their country, other countries might not follow suit. Anyone concerned with their privacy and security would flock to and try to sneak in devices produced in non-back-door countries.

The crimes that might be stopped through a back-door mandate must be weighed against the crimes that would be created. The vulnerability in our software and digital devices would mean more theft, blackmail and extortion as hackers enjoy a field day. Street crime would also be affected. The rise of strong default smartphone encryption has contributed to a plummeting in once-rampant cellphone theft. Theres no point in stealing a phone (often violently) if you cant penetrate its encryption. A mandated back door, once its vulnerability has been hacked, would once again expand the market for stolen phones.

Proponents of a back door also tend to assume that law-enforcement or intelligence access to it would require a judicial warrant or some lawful process, but it is easy to imagine circumstances in which these processes would be circumvented or subverted. In many countries where these devices are used, unscrupulous governments or officials in possession of this information would be more likely to persecute dissidents for their private criticisms.

For these reasons, a pantheon of senior security officials think a mandated back door is a bad and dangerous idea. In the United States, these include the past heads of the CIA, the NSA, and the Department of Homeland Security, as well as former president Barack Obamas Presidential Review Group on Intelligence and Communications Technologies. Europol has also warned that solutions that intentionally weaken technical-protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well. Security officials would be better off adapting to a world of encryption than to weaken the security of our communications.

Even where end-to-end encryption is used, many types of communication already are subject to judicially-ordered surveillance. Metadata such as the data that guides a communication to the proper destination cannot do its job if it is encrypted. It remains available to government monitoring by appropriate judicial order, although care should be taken to ensure that this data, which can reveal a great deal about our personal life, is not collected excessively. Other metadata can pinpoint where a phone (and presumptively its user) has gone. Much information stored in the cloud is unencrypted.

The plethora of such unencrypted information has led some to say that today is the golden age of surveillance. Rather than press for encryption back doors, governments would be better off teaching investigators how to access important unencrypted sources of information.

Its time to abandon the quest for total information awareness. Yes, some criminals will benefit from encryption. But just as we dont outlaw whispering or drawing the shades, so we should accept that encryption is the only way to safeguard our communications in an era of increasingly sophisticated cybercrime and unauthorized surveillance.

Read more:
The battle over encryption and what it means for our privacy - Human Rights Watch

Tresorit, the cloud encryption company, andRealm, the mobile platform powering the worlds most responsive applications, announced a partnership to deliver end-to-end encryption capabilities to developers using the Realm Mobile Platform. The combination of the two companies solutions provides developers with a comprehensive solution for building realtime, collaborative and secure mobile applications across the most regulated and data-sensitive industries including healthcare and financial services.

Bringing end-to-end encryption to realtime collaborative appsDelivering end-to-end encryption across mobile devices and backend systems of record has traditionally required significant amounts of engineering and cryptography expertise to implement, making it possible for only the largest companies with considerable resources. The combination of TresoritsZeroKitSDK and the Realm Mobile Platform make it realistic for any developer to securely authenticate users and provide an end-to-end encrypted platform for realtime reactive mobile apps.

The combined Tresorit and Realmsolutiongoes beyond protecting end-users from being hacked or spied on. Tresorits end-to-end encryption for Realm Mobile Platform can also help companies easily comply with HIPAA or the EUs General Data Protection Regulation (GDPR).

Realtime collaboration is increasingly a requirement for critical applications in digital health or financial services, where data security and privacy are essential. Our joint solution makes it extremely easy for developers to build modern and secure applications in these markets, said Alexander Stigsen, co-founder and CEO, Realm.

The Realm Mobile Platform and ZeroKit solve many of the hardest problems of developing mobile applications with an intuitive and secure end-user experience. For the first time, developers can build end-to-end encrypted, realtime collaborative apps without being experts in cryptography, networking or backend development, said David Szabo, Senior Vice President of the ZeroKit platform at Tresorit.

Solving security challenges in data-sensitive industriesEarly customers adopting the Tresorit and Realm solution are building collaborative digital healthcare apps that require the highest level of security for sensitive patient data and realtime sync capabilities.

AmbulApps, a German healthcare startup is building a next-gen cloud and mobile doctor-patient engagement app using Realm Mobile Platform and ZeroKit. The app extends traditional health record management systems, empowering doctors and patients to share health data and maintain consistent communications.

Healthcare startup, Riverbay Softworks uses Realm Mobile Platform and ZeroKit in their cloud-based, privacy-first app Allergistic, to help allergists across California, Oregon and Washington treat patients via iPhones and iPads.

ZeroKit and Realm allow us to bring forth a new generation of healthcare applications that will reduce the documentation stress experienced by providers and organizations. These technologies allow us to easily implement end-to-end encryption and data syncing, while enabling us to focus more on creating apps that mirror true clinical workflow, adds Mark Pruitt, CEO at Riverbay Softworks.

Here is the original post:
Tresorit and Realm to deliver end-to-end encryption for reactive, collaborative mobile apps - SDTimes.com

As the Five Eyes intelligence alliance meets in Ottawa this week, Australian officials are heading to Canada with encryption as a top priority.

Australias attorney general, George Brandis, published a memo this weekend detailing a plan to seek greater legal powers against encrypted data in the meeting with representatives of the United Kingdom, Canada, New Zealand and the United States.

As Australias priority issue, I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption, Brandis, who also serves in Australias Senate, said in a statement. These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies.

Some of the biggest tech companies in the world, including Apple and Facebook, have adopted strong encryption for their products. The mainstreaming of encryption helped spark an international debate famously referred to as the problem ofgoing dark by then-FBI Director James Comey in 2014 that continues to this day. The most famous fight took place when Apple and the FBI faced off over iPhone encryption following the San Bernardino terrorist attack in 2015.

Just last month, Facebook quietly upgraded its secret conversations featuretoenable encrypted communications between two people on multiple devices. The same company owns WhatsApp, the popular encrypted messaging app. Apple CEO Tim Cook has taken center stage in promoting encryption, while Facebook CEO Mark Zuckerberg has taken a quieter but supportive public position.

Top officials in the United States and United Kingdom have called for backdoors into encrypted data.U.K. Home Secretary Amber Rudd called WhatsApp completely unacceptable in March followingthe Westminster attack. Donald Trump called for a boycott of Apple following the San Bernardino attack. The presidenthasnt publicly commented on the issue since, but U.S. law enforcement and intelligence officials have repeatedly called for greater access.

Australias plans attracted immediate criticism including from Human Rights Watch, an American human rights nonprofit, whichwarnedagainst a dangerous strategy that will subvert the rights and cybersecurity of all internet users.

Encryption protects billions of ordinary people worldwide from criminals and authoritarian regimes, Cynthia Wong, senior internet researcher at Human Rights Watch, said in a statement. Agencies charged with protecting national security shouldnt be trying to undermine a cornerstone of security in the digital age.

Brandiss Five Eyes statement follows numerous government comments in Australian media warning against the security threats encryption poses and floating the idea of changing laws to force tech and telecommunications firms to decrypt data.

The Australian senator said that over 40 percent of counterterrorism investigations now intercept encrypted communications, a trend that will within a short number of years reach 100 percent.

This problem is going to degrade if not destroy our capacity to gather and act upon intelligence unless its addressed, he said.

Across Europe, the debate is heating upwith talk including encryption backdoors, expanded government authority and greater offensive hacking to achieve access.The Investigatory Powers Act in the U.K. grants the governmentauthority to force tech firms togive access to encrypted data but the exact parameters remain unclear.

One of the things the U.K. bill does is what may be an authorization to command companies to either not include encryption or to modify in some way the encryption they use in their products, Ross Schulman, the co-director of the cybersecurity initiative at New Americas Open Technology Institute, told CyberScoop last month. There is some debate about the actual extent of the powers. Its not entirely clear how far some of the escape hatches extend.

The encryption debate, also known as the crypto wars, has been grabbing headlines for the last three years since Edward Snowden gave thousands of documents on Five Eyes global surveillance to journalists. The larger debate extends back several decades, however, to President Bill Clintons administration, when Vice President Al Gore, heavily promoted a technology dubbed the Clipper Chip, which was intended to allowa backdoor into American products. It rapidly collapsed fortechnical, commercial and security reasons, accordingto many of the worlds top cryptography experts.

Read more:
Encryption debate is a top focus at Five Eyes meeting - CyberScoop

Ever heard of quantum entanglement? If you havent, dont feel bad. As I have written about before, quantum theory is the abstract basis of modern physics. It explains the nature and behavior of how matter acts.

Albert Einstein discovered quantum entanglement in 1935.He said it is "spooky action at a distance."It examines how one quantum particle could affect one another, and that effect is faster than the speed of light. It is one of those advanced/emerging technologies that has been around for a while and is really beginning to show promise.

It should be noted that this is just one of a number of Chinas strategic initiatives to develop new technology that will create an extremely secure, ultrahigh-speed, quantum-based global communications network. Researchers in several countries, such as the U.S., Canada and Singapore (as well as Google), are also working on a broad spectrum of quantum theory applications including quantum encryption.

Originally posted here:
The weird science of quantum computing, communications and encryption - C4ISR & Networks