Krypt.co, a new security startup foundedby two former MIT students and one of their professors, is launching today with a free product called Kryptonite, designed to help developers protect their private encryption keys, using an app on their smartphones.

Itsa big day for the fledgling company as it also announced a $1.2 million seed round led by Rough Draft Ventures/General Catalyst with participation from Slow Ventures, SV Angel and Akamai Labs. Thats a solid rosterof backers for their first swing at funding.

The company came out of research by two former MIT students, Alex Grinman and Kevin King, who shared a common passion for encryption. The two friendsbelieved that they had found a better way to protect encryption keys and they approached their professor David Gifford, who thought it was a good idea and helped them launch the company.

Kryptonite takes advantage oftypical public/private key encryption using the Secure Socket Shell (SSH) protocol used by developers to log onto networks remotely. Typically, they store their private keys on a laptop, but the founders saw this as inherently insecure because apps arent sandboxed and separated from one another as they are on a smartphone.

They believed that by moving the process to the phone, it would make it more convenient and safer. You simply download the free Kryptonite app, pair it with your computer and use SSH in the normal fashion. As you try to log onto remote services like Github to commit your code, youll see a notification on your phone. If it wasnt you who made that request, your keys might be compromised and you can reject access and revoke the keys.If it is you, you can sign in and continue.

Photo: Krypt.co

While they acknowledge that people could lose their phones, they say that you could cut off access to services using your privatekey, and render the key essentially useless to the person who found (or stole) your phone.

While the initial product is free, the company sees this offering as a way to build relationships in the developer community, and eventually add services on top of that free product they can charge for.

The founders are still working on the administrative architecture, but they are envisioning a team administrator, who will have access to a central dashboard to set device policies and view the public keys for all of the developers on the team.

Down the road, they could apply this technology to code signing to avoid fraudulent commits, oreven possibly at some point, simplify the use ofencrypted emails for all users, not just developers.

For now, they have the money from this seed round to add some more employees and begin to build beyond the free product and see where this takes them.

Originally posted here:
Krypt.co scores a $1.2M seed round to simplify developer encryption ... - TechCrunch

Theresa May making a statement following Saturdays attack in London

Chris Ratcliffe/Bloomberg via Getty Images

By Timothy Revell

In the wake of Saturdays terrorist attack in London, the Prime Minister Theresa May has again called for new laws to regulate the internet, demanding that internet companies do more to stamp out spaces where terrorists can communicate freely.

We cannot allow this ideology the safe space it needs to breed, she said. Yet that is precisely what the internet and the big companies that provide internet-based services provide.

Her comments echo those made in March by the home secretary, Amber Rudd. Speaking after the previous terrorist attack in London, Rudd said thatend-to-end encryption in apps like WhatsApp is completely unacceptableand that there should be no hiding place for terrorists.

Yet most experts agree that these repeated calls to be tougher on technology are poorly thought through. Undermining cryptography simply could not work.

The arguments against banning encryption are well rehearsed, but worth repeating. Encryption is not just a tool used by terrorists. Anyone who uses the internet uses encryption. Messaging apps, online banking, e-commerce, government websites, or your local hospital all use encryption.

A ban on encryption would make it impossible to do anything online that relies on keeping things private, like sending your credit card details or messaging your doctor.

Even if governments were willing to sacrifice their citizens online privacy, any sort of ban would be futile anyway. Anyone with a little technical know-how could write their own code to encrypt and decrypt data. In fact, the code to do so is so smallit easily fits on a t-shirt.

Another way to get rid of Mays safe spaces that has been mooted is to give security services special access to encrypted messages, so-called back doors. Again this is impractical.

If a master key was created that allowed security services to bypass encryption it would immediately become a target for hackers. Anyone feeling hostile could focus their efforts on cracking the master key, and in doing so would not just get access to one persons data, but everyones.

Whats more, despite members of the government once again insisting on the need to ban or bypass encryption, we still have no details on how they plan to achieve it.

Theresa Mays response is predictable but disappointing, saysPaul Bernalat the University of East Anglia, UK. If you stop safe places for terrorists, you stop safe places for everyone, and we rely on those safe places for a great deal of our lives.

Last month New Scientist called fora greater understanding of technology among politicians. Until that happens, having a reasonable conversation about how best to tackle extremism online will remain out of reach.

The internet is a convenient scapegoat and a distraction from the awkward questions that might otherwise be asked about things like foreign policy and arms sales, says Bernal.

Read more:

Why breaking encryption is a bad idea that could never work

How 2016s war on encryption will change your way of life

WhatsApp enables encryption and ramps up for government fight

More on these topics:

More here:
Theresa May's repeated calls to ban encryption still won't work - New Scientist

Slide: 1 / of 1. Caption: Caption: Prime Minister Theresa May makes a statement in Downing Street after chairing a meeting of the Government's emergency Cobra committee following the June 4th 2017 terrorist incident in London.Andrew Matthews/AP

British Prime Minister Theresa May has found somethingto blame for Saturday nights terror attack in London: the internet.

May, responding to the attack by three young men who killed seven people and injured scores more, called for an end to the safe spaces that the internet provides, and for measures to regulate cyberspace.

We cannot allow this ideology the safe space it needs to breed. Yet that is precisely what the internetand the big companies that provide internet-based servicesprovide, Maysaid Sunday night outside 10 Downing Street. The statement, which appears on her official Facebook page, is among four solutions she offered for fighting terrorism. We need to work with allied, democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremism and terrorist planning.

What May suggests will not work.As WIREDand others have explained timeand timeagain, undermining encryptionwhich is what May is calling for hereso the good guys can see what the bad guys are up to jeopardizes everyones safety. Simply put, weakened encryption makes everything fromworld banking to travel and healthcare riskier.

When May and other politicians call for encryption-busting protocols, what they really hope to do is turn back the clock to a time when the internet didntconnecting everyone and everything and underpin howthe world works. They need to realize that time is past. Regulation, fines, pleadingnothing will return the world to the pre-internet era.

ABritish proverb applies well here: If wishes were horses, beggars would ride. May might wish for some way of securelydisruptingonline cryptography so it can be used only for good, but wishing cant make it so. Instead, May and her ilk must learn to focus on solutionsthat can make a difference. The British prime minister made four suggestionsfor combating terrorism. Here, we offer four that experts agree make more sense.

Though the internet helpsterrorists communicate (and celebratetheir actions), experts agree it does not causeterrorism, or even do much to radicalize. The internet is often oversold in terms of radicalization, says Colin Clarke, a counterterrorism expert at RAND. Despite what youve heard, he says, most conversations among extremists occurface to face.

Though the internet does play a role in helping terrorists communicate, it is not the cause of terrorism. Not by a long shot.

Traditionally the way [UK extremist group] Al-Muhajiroun have worked is that most of their radicalization has occurred offline, saysMichael Kenney of the University of Pittsburgh who has extensively studied the Al-Muhajiroun extremist group that one of the London attackers has been reportedly linked to. It occurs in small group settings. Its a group of guys. They gather, they talk, they indoctrinate each other, he says.Expanding online surveillance, eliminating full encryption, and even preventing the spread of violent videos cant eradicatethat.

Terrorism researchers note that violence inEurope and the UK followsa familiar pattern, one thatcan teach governments how to counter the problem if they expendmoney and resources where they can do the most good. MostEuropean jihadis are young Muslims, usuallymen, living in poor neighborhoods withhigh unemployment. They often are second- or third-generation immigrants from countries they have never lived in, they are not well-integrated into society, and they are unemployed or poorly educated. Their lives lack meaning and purpose.

Scapegoating the internet as the root of the problemrisks ignoring the underlying problems: avast swath of youth that have left behind, bullied, or ignored. Thesedisaffectedteenagers and young adults also often are angeredby what they consider bad foreign policies. They kind of exist in this netherworld that makes them vulnerable to radicalization, says Clarke.

Instead, Clarke, Kenney, and experts like Thomas Hegghammer of the Norwegian Defence Research Establishment say the focus must be on offline solutions. Namely, education. Clarke advocates for a really broad expansive overhaul of education in immigrant areas, and an emphasis on youth work. Hegghammer has called this a Marshall Plan for improved education in immigrant-heavy areas.

In her approach to improving counterterrorism, May never mentionededucation, though it may offer the best way to, as she says, turn peoples minds away from this violenceand make them understand that our values pluralistic, British valuesare superior to anything offered by the preachers and supporters of hate.

Mays suggestions include longer prison sentences forterrorist-linked activity, something experts agree with. Current sentencing, they say, tends to give extremists and terrorists just enough time to develop new contacts, and perhaps plan attacks. Jail can be a networking event for these guys, says Clarke. Longer sentences could deter that.

Kenney adds another suggestion: empower families and friends to intervene when they see someonebeing radicalized. Teach them how to counter the rhetoric of jihadism. Many young men and women when they radicalize its something that takes place over many months, in some cases even years. And if youre a member of a group like Al-Muhajiroun, youre not quiet, youre trying to recruit others.

This posesits own problems, though. In both the London and Manchester attacks, friends of the attackers reportedly reached out to the authorities, but British law enforcement is overwhelmed by the thousands of people already on government watch lists.

Tech companies and governments can work togetherto combat terrorism. But as US Representative Ro Khanna, who represents Silicon Valley, said Sunday on Fox News, We have to have a factual approach. Rather than attempt to turn theinternet into a world of walled gardens, the government should make smarterinvestments in certain technologies, like usingbiometrics at the border to better track people on watch lists. Orencourage tech companies to adopt technologies like eGlyph, a systemdeveloped by computer scientist Hany Farid, of the Counter Extremism Project, that can help the likes of Facebook, Twitter, and Google identify violent videos and ban them.

Farids team hopes to address the problem of groups gathering online to plan attacksby developing an early warning system that useslinguistic analysis on sites like Facebook or Twitter.Not to say you are bad or you are good but to simply give these companies some ability to monitor content and to say look, theres some bad stuff happening here,' Farid says.

The idea that we are going to somehow eradicate the problem by more closely monitoring the internet and Facebook is unrealistic and not likely to reach those intended outcomes, says Kenney. It also reflects a lack of understanding of how radicalization actually occurs. The sooner May and politicians like her accept that reality, the safer the world will be.

Read more from the original source:
Blaming the Internet For Terrorism Misses The Point - WIRED

Australia will be pushing the United States, UK and its other intelligence allies on the need to crack down on encrypted technology in the fight against terrorism.

The federal government has listed the issue as its priority agenda item for a meeting of the Five Eyes partners in Canada at the end of June.

Attorney-General George Brandis said it had become one of the biggest challenges facing law enforcement and security agencies worldwide.

"If those encrypted communications contain information which is necessary to a prosecution, an intelligence task like keeping a terrorism suspect under appropriate surveillance, then there does need to be a level of co-operation from the carriage services providers," Senator Brandis told Sky News on Tuesday.

Whether it be gaining access through telcos or internet giants Facebook and Google, it was important law enforcement could monitor people of concern.

"There is a corporate social responsibility issue here, there is an evidentiary issue here as well," he said.

It follows comments by Prime Minister Malcolm Turnbull, who believes there is too much tolerance of extremist material online.

He met with telcos, Facebook and others last week in Canberra as part of the federal government's cyber security agenda.

"It is a very high priority of my government," Mr Turnbull told reporters.

Labor leader Bill Shorten on Tuesday joined calls for global internet giants to play a greater role in stamping out terrorist propaganda online.

He said extremism was unacceptable both on Australia's streets and on the internet, which was being used to distribute evil messages.

"We need to make it clear that terrorists have nowhere to hide on our streets, in the air, in their countries and also on the internet," he told reporters in Brisbane.

"It is no good being in a 21st century fight if you are using 20th century weapons."

Facebook, Twitter and Google insist they are taking the issue seriously.

Facebook said it does not allow groups or people who engage in terrorist activity, or posts that express support for terrorism.

"Using a combination of technology and human review, we're working aggressively to remove terrorist content from our platform as soon as we become aware of it," director of policy Simon Milner said in a statement.

"If we become aware of an emergency involving imminent harm to someone's safety, we notify law enforcement."

A YouTube spokeswoman told AAP it, too, has clear policies prohibiting terrorist recruitment and content intending to incite violence, and quickly removes flagged videos in violation.

It also terminates accounts run by terrorist organisations or those that repeatedly breach their rules.

Twitter's UK head of public policy Nick Pickles said terrorist content had no place on Twitter and the company had a systematic approach to removing such material.

"We will never stop working to stay one step ahead and will continue to engage with our partners across industry, government, civil society and academia," he said in a statement.

In the six months to December last year, Twitter suspended 376,890 accounts in relation to the promotion of terrorism.

Nearly three-quarters of those were picked up by the company's spam-fighting tools, while two per cent were done at the request of governments.

Read the original post:
Aust takes encryption worries to Five Eyes - News.com.au - NEWS.com.au

Share

Share

Share

Share

Email

The U.K. government, in the wake of the terrorist attack over the weekend, is increasing its calls for governments around the world to work together to on internet regulation so the web cant be used as a so-called safe space for terrorists to communicate and spread propaganda or messages of hate.

According to a report in TechCrunch, U.K. Prime Minister Theresa May called for a clampdown on end-to-end encryption and said during the weekend that internet companies provide these safe havens to spread their messages. Media reports surfaced saying attackers may have turned to YouTube to access extremist videos.

We cannot allow this ideology the safe space it needs to breed. Yet that is precisely what the internet and the big companies that provide internet-based services provide, May said, according to TechCrunch. We need to work with allied, democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremism and terrorist planning. And we need to do everything we can at home to reduce the risks of extremism online. We need to deprive the extremists of their safe spaces online.

Meanwhile, Amber Rudd, the U.K. home secretary, said on a Sunday television program that the government in the U.K. wants technology companies to do more to remove extremist content and limit who gets access to end-to-end encryption. In March, right after the Westminster terror attack, Rudd went after the use of encryption. The report noted that the idea that the U.K. will be able to garner the support of other countries to regulate online content across borders seems farfetched given the fact that different governments have different rules governing free speech. For instance, the U.S. has protections on the books for hate speech, while in certain European countries its illegal. On Saturday night three terrorists used a van to run down pedestrians on the London Bridge and then went on a rampage stabbing people in the streets and in bars. Its the third terrorist attack in the U.K. since March.

Share

Share

Share

Share

Email

See original here:
UK Government Renews Calls For Clampdown On End-To-End Encryption - PYMNTS.com