The Australian government wants to introduce laws that would force technology companies to ensure their systems are capable of decrypting communications.

The plan is a response to the use of encrypted communications channels by terrorists, and follows in the footsteps of the United Kingdom's moves to force communications operators to make sure they canhand over encrypted messages to law enforcement agencies.

The UK's new 'technology capability notices' were proposed following the Westminster terrorist attack. They impose obligations on operators of communications services to ensure they are technically able to hand over decrypted data in "near real time" to the government.

The Australian government over the weekend revealed its intention to pursue a similar path, but is yet to work out much of the detail of its plans.

Attorney-General George Brandis specifically called out the UK's technical capability notices when revealing the government's plan to "lift the legal obligations on device makers and social media companies to co-operate with authorities in decrypting communications".

He said current Commonwealth legislation 'doesn't go far enough' to impose obligations of "co-operation" on technology companies.

"Now I should also say of course, that in the first instance the best way to approach this is to solicit the cooperation of companies like Apple and Facebook and Google, and so on, and I think there has been a change of the culture in the last year or more," Brandis said.

"There is a much greater conscious proactive willingness on the part of the companies to be cooperative but we need the legal sanction as well."

He insisted the government had no intention of forcing technology companies to introduce backdoors in their products.

"A technical capability notice ... subject to tests of reasonableness and proportionality, imposes upon them a greater obligation to work with authorities where a notice is given to them to assist in breaking a communication," Brandis told Sky News.

"So thats not backdooring."

But it is unclear how the government expects technology companies to break encryption.

The UK's new laws have been fiercely criticised as being vague and giving communications providers no option but to build backdoors into their systems.

End-to-end encryption prevents the operators of Signal, WhatsApp, Telegram and Apple's iMessage, among others, from being able to simply hand over messages: the keys to decrypt the information are held by those involved in the communication.

Because of this some have taken the UK law as an attempt by the government tooutlaw end-to-end encryption.The UK government has avoided answering questions on the matter.

Brandis suggested to the Sydney Morning Heraldthat one option would be to "improve warrant-based access ... at the sender or receiver ends". However, this can largely only be achieved through compromise of an end user device, or the application.

"At one point or more of that process, access to the encrypted communication is essential for intelligence and law enforcement," Brandis told the SMH.

"If there are encryption keys then those encryption keys have to be put at the disposal of the authorities."

Brandis said the details of the plan would be nutted out at the Five Eyes conference in Canada in two weeks' time.

He indicated the government had not yet decided whether warrants would be needed to access decrypted information, but again referenced the UK technical capability notice model.

A notice works as a first step to "prepare the ground" in case an operator receives an interception warrant, ensuring they have the technical ability to comply. It does not, of itself, require an operator to conduct an interception.

"Thats a discussion that we need to have," Brandis said.

"The point at which a power is only exercised under warrant as opposed to a power that resides without the requirement for a warrant in law enforcement and intelligence will always be a part of this discussion and thats one of the issues that will be on the table at Five Eyes in Ottawa in a fortnights time."

He claimed Australians would not be concerned at the privacy implications involved in the government's plan because the "Facebook generation ... put more and more of their own personal data out there".

"I think that there is an entirely different attitude of privacy among young people than there was perhaps a generation or two ago. And I think the social media companies are regardful of that as well. So let the civil liberties point of view be heard, let legitimate privacy considerations always be had regard to," Brandis said.

"But I think where the community is at at the moment is to prioritise their concern about giving law enforcement and intelligence agencies the tools they need to thwart terrorism, and everyone knows that the internet and cyberspace are important vectors for terrorists."

Privacy and civil liberties advocates have warned that moves to decrypt communications would simply push terrorists onto other technology platforms whilst having negative consequences for financial transactions, online commerce, and security of personal data.

A UK public bills parliamentary committee highlighted several technical issues with the legislation and said it should include a specific threshold that recognises it is unreasonable to hand over decrypted content from end-to-end encrypted channels.

"The damage to security may be done as soon as a company finds itself having to comply with such a notice and install a back door, whether or not it subsequently has to provide data under warrant," the committee said.

More here:
Turnbull govt wants to force companies to break encryption - iTnews

As we learn details from investigations into recent terrorist attacks in Tehran, London, Jakarta and Manchester, a common theme is emerging of terrorists using commercial encrypted communications services to plan, support and commit terrorist attacks.

In Australia, the heads of ASIO and the Australian Federal Police have warned of the challenges of "going blind" in their attempts to lawfully keep up with criminal use of rapidly evolving communications technology - a sentiment echoed by their "five eyes" intelligence-sharing partners in the United States, UK, Canada and New Zealand.

The answer isn't just in keeping up with technical intrusion methodologies the modern-day equivalent of wire tapping. This will, of course, always continue to play a part for intelligence agencies. But encrypted communications bring challenges and unintended consequences on another scale from these previous technical interceptions.

The recent "Wannacry" ransomware attack demonstrates the hazards of the back-door approach: information on technical vulnerabilities, first identified by western intelligence agencies, wasobtained by others and used for criminal purposes - harming both public services and business.

Concerns about privacy are another reason to rethink how we go about dealing with this challenge.

In an age where most freely give much of their personal information to global corporations, the paradox of public demands for privacy from government is well known. But it is incumbent on governments in liberal democracies to protect human rights and privacy, in balance with the public interest.

The importance of secure and confidential communication to support a free press is also critical for legitimate governments. This sets a high benchmark for balancing privacy with the complex and global challenge that encrypted communications poses to security.

Get the latest news and updates emailed straight to your inbox.

We must be focused on the principles, not the technology. Communications have evolved substantially from the phone, fax and telegraph technology of the time when much of Australia's existing telecommunications security legislation was introduced. But the principles remain the same.

Where an individual or group is using any form of communications to support terrorism or other designated criminal activity, this may be intercepted by specified authorities and under appropriate authority.

For Australia and the "five eyes" community in particular - and other liberal democracies - this means that both our laws and practices need to be updated to work in partnership with the communications sector to ensure access when needed to prevent and prosecute criminal activities, including terrorism.

Just as the telecommunications sector already works closely with intelligence and law enforcement to access "wires" and call data, so the globalised communications sector is the key to dealing effectively with terrorist use of current and evolving communications and data technology.

This means that these companies - whether headquartered in Australia or overseas - must maintain visibility and access to the service they are providing.

Most businesses understand their shared responsibility for security - including corporate responsibilities to not facilitate crime - they just need to be involved as partners with government in working out how to best do this. This is where a multilateral approach is key: few of the major business players are Australian.

The laws regulating access to communications data would be, in principle, the same as those currently in place for other forms of telecommunications intercepts: companies ensuring data is available to access if required, warrants being issued by the appropriate authority such as the Attorney-General, with both time limits and regular scrutiny and review through the Inspector-General of Intelligence and Security, the Independent National Security Legislation Monitor, parliamentary committees and others.

Encrypted communications are yet another valuable innovation for our society and our economy. As our technology evolves, our policies, practices and laws need to evolve with them.

Jacinta Carroll ishead of the Australian Strategic Policy Institute's Counter-Terrorism Policy Centreand a former national security official in the federal government.

Go here to read the rest:
Terrorists are using encryption. Our laws need to keep up with the technology - The Sydney Morning Herald

Conservative MPs are reportedly plotting the end of Theresa May's premiership via the very communication method she has campaigned against for so long - encrypted WhatsApp messages.

It's almost as beautiful as calling a snap election, after repeatedly promising you wouldn't, to "strengthen your mandate," only to end up with a minority government forced into discussions with the DUP.

According to reports in theWashington Post, some Conservative MPs are now using WhatsApp to discuss who they could replace her with:

Former minister Ed Vaizey told theBBCthat he supports May staying on, but that Tories were discussing possible replacements.

Asked whether members were calling one another to plot May's ouster this weekend, he denied it.

'That's so 20th century,' he said. 'It's all on WhatsApp.'

As part of her campaign Maypledged wide-ranging internet regulation planswhich could force internet companies to let intelligence services read private communications.

The manifesto read:

Some people say it is not for government to regulate when it comes to technology and the internet. We disagree.

The Tories demand that social media companies - like WhatsApp, for example - remove privacy features in order to 'better combat terrorism', as opposed to not cutting police numbers.

The Investigatory Powers act, commonly known as the 'Snooper's Charter', came into lawin December granting security services some of the widest-ranging spying powers in the world and permitting authorities to read browsing records.

The Prime Minister's plans to regulate the internet and encryption werecriticised as "making life easier for terrorists"by campaign group Open Rights Groups.

Jim Killock, the campaign group's executive director, said:

If successful, Theresa May could push these vile networks into even darker corners of the web, where they will be even harder to observe.

Last December,The Telegraphreportedthat Conservative Brexiteers operated within aWhatsApp group of more than 40 members, apparently to agree'lines to take' in public appearances.

Steve Baker, a Tory MP and group admin said at the time:

That requires instant communication, which is what we use the WhatsApp group for... It is extremely effective.

More:How the UK passed the most invasive surveillance law in democratic history and what we can do about it

More:Map: Did your MP vote for the controversial Snoopers' Charter?

More here:
Ironically, Tory MPs might be using WhatsApp encryption to plot ... - The indy100

The march of Samsung apps moving to Google Play continues. This time it's Secure Folder that has made its way over to every Android Police reader's favorite app store. Whatever it is you might need to keep hidden from prying eyes, now you have one more way to keep the app up-to-date. Unfortunately, it seems that it's limited to Samsung devices.

For the unfamiliar, Secure Folder is an app by Samsung that allows you to store sensitive information in a secure, encrypted folder. Files and applications can both be moved to the secure folder, and it can be locked by a pin, password, pattern, or fingerprint. You can keep an entire user profile separated and encrypted via the app, making it that much easier to hide your double life as a world-renowned pigeon fancier. It's also tied to Samsung's Knox security platform as well so any tampering with the device, such as rooting or a custom ROM, will lock out access to the folder.

I was able to pull the app down onto a tablet I have with a build.prop that was modified with a fictitious device name (long story), but even then it wouldn't launch. Sideloading the APK on other devices also resulted in failure, so unless you have a Samsung phone or tablet, you are probably out of luck. For non-Samsung users, this is less ( ) and more _()_/, but if you have a compatible device, now you have one more way to keep the app updated.

Now the question is, which Samsung app will be next to move to Google Play? If you've got a Samsung device that somehow doesn't have Secure Folder installed, give it a try at Google Play below, or over on APK Mirror.

Read the original here:
Samsung has added its Secure Folder app and file encryption tool to the Play Store - Android Police