FBI Director James Comey JOSHUA ROBERTS / Reuters

He said there needs to a balance between privacy and the FBI's ability to lawfully access information, a conversation that he acknowledged will require some "humility" on the part of the bureau.

"We need to stop bumper-stickering each other. This isn't the 'FBI versus Apple,'" he said.

"We need to build trust between the government and private sector."

Related:

Comey also addressed the need for the FBI to recruit top computer talent who might otherwise head to Apple or Google but joked that the bureau isn't resorting to "beanbag chairs and granola" to draw Silicon Valley whiz kids.

He said new hires do appreciate the FBI's culture.

"We are dogged people," he said. "We just gave up on D.B. Cooper, and that was after 50 years."

And Comey, who is three and a half years into a 10-year term, referenced his own doggedness.

"You're stuck with me for another six and a half years," he quipped.

Read the original here:
Comey: FBI Couldn't Access Hundreds of Devices Because of Encryption - NBCNews.com

Slide: 1 / of 1. Caption: WIRED

Of all the revelations to come out of the 9,000-page data dump of CIA hacking tools, one of the most explosive is the possibility that the spy agency can compromise Signal, WhatsApp, and other encrypted chat apps. If you use those apps, lets be perfectly clear: Nothing in the WikiLeaks docs says the CIA can do that.

A close reading of the descriptions of mobile hacking outlined in the documents released by WikiLeaks shows that the CIA has not yet cracked those invaluable encryption tools. That has done little to prevent confusion on the matter, something WikiLeaks itself contributed to with a carelessly worded tweet:

The end-to-end encryption protocols underpinning theseprivate messaging apps protect all communications as they pass between devices. No one, not even the companies providing the service, can read or see that data while it is in transit. Nothing in the CIA leak disputes that. The underlying software remains every bitas trustworthy nowas it was before WikiLeaks released the documents.

Of course, the CIA can compromise the devices sending or receiving those messages. By taking control of a so-called end point, spies can access everything on a smartphone, be it texts, videos, the camera, or the microphone. It isnt about defeating encryption, despite the hype, says Nicholas Weaver, a computer security researcher at the International Computer Science Institute. If you compromise a targets phone, you dont care about encryption anymore.

Its an important distinction. More than a billion people use Signal and WhatsApp, both of which use Open Whisper Systems Signal Protocol to protect communications. Other end-to-end encrypted apps, like Confide, have also seen a recent uptick in popularity. The people who use these apps rely on that rock-solid security to facilitatesensitive discussions, avoid oppressive regimes, communicate withjournalists, and more. Undermining trust in those tools creates the impression that vulnerable people have nowhere to turn. This is not true. They absolutely do.

The CIA/WikiLeaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption, said Open Whisper Systems in a response on Twitter. The story isnt about Signal or WhatsApp, but to the extent that it is, we see it as confirmation that what were doing is working.

The only people who may need to worry are those who might be the target of a total-device takeover, an exploit largely limited to nation-state actors. At that point, youve got farbigger concernsthan end-to-end encrypted chat. That Signal and WhatsApp are still viable also doesnt lessen the broader implications of the CIAs secrets being in the wild.

Specifically, users of encrypted comms programs arent targeted, but everyone is made less safe, says Malwarebytes security researcher Jean-Phillipe Taggart.

Fortunately, WikiLeaksclarified what it meant. After all, it values the ability to keep secrets as well as anyone.

This story has been updated to include a comment from Jean-Phillipe Taggart.

Go here to see the original:
Don't Let WikiLeaks Scare You Off of Signal and Other Encrypted Chat Apps - WIRED

In light of Wikileaks latest Vault 7 release, we figured it'd be prudent to take a look at the different levels of encryption used on popular messaging apps, as not all encryption is created equally.

However, if Wikileaks latest release is to be believed none of it matters anyway, as the CIA can get around it all.

Still, it does pay to be mindful about security as the CIA is one thing but hackers are something else completely.

Encryption was once a technology many thought was relegated to spies and security services, but the tech has actually been around for a long while in the ordinary persons everyday life. For example, when you make a bank transfer online, that data is encrypted so someone cant hack your account. But recently people have become interested in how well their less monetary communicationssuch as their text messages and calls with friendsare protected. Thats why a bunch of apps have sprung up that offer high-level encryption and existing communication apps have begun implementing encryption.

But not all encryption is created equal so the Electronic Frontier Foundation has put together an awesome Secure Messaging Scorecard that shows you just how well individual apps encrypt your data. Some apps offer end-to-end encryption that is almost unbreakable, but others only encrypt a message in transit. How well do your common messaging apps hold up and which are the most secure apps? Heres what the EFF, which rates each app as a pass or fail on 7 different metrics, says:

iMessage: Apples messaging app gets a 5 out of 7. It earns points for being both encrypted in transit and encrypted so even Apple couldnt read the messages if they were ordered to, but it loses points because you cant verify contacts identities and the code isnt open to independent review.

Facebook Chat: Facebooks chat messaging system scores a lowly 2 out of 7. Messages are only encrypted in transit, but Facebook could access them if ordered too.

Google Hangouts/Chat: As with Facebook, so with Google: Hangouts scores a lowly 2 out of 7. Messages are only encrypted in transit, but Google could access them if ordered too.

Skype: The worlds most popular VOIP client scores of horrible 1 out of 7. Messages are encrypted in transfer, but Microsoft could access them on their side, past comms arent secure if the encryption keys are stolen, and the code isnt open to independent review.

Snapchat: Snapchat scores a lowly 2 out of 7. Messages and pics are only encrypted in transit, so be sure any pic you send is something you wouldnt mind the world seeing if Snapchat gets hacked.

Viber: As with Facebook and Google: Viber scores a lowly 2 out of 7. Messages are only encrypted in transit, but the company could access them if ordered too.

WhatsApp: recently WhatsApp has started encrypting everything you send. This earned the app a 6 out of 7 on the EFFs scorecard. The only thing WhatsApp got dinged for is that the code is not open to independent review.

As you can see, the most commonly used messaging apps (above) arent completely secureor, because many lack independent review, users cant know 100% that the encryption on the apps actually works. But the EFF says there are other apps that score a 7 out of 7 on their scorecard. These apps are:

Signal: The free iOS and Android app allows you to take part in completely encrypted voice calls. Signal uses your existing number, doesn't require a password, and leverages privacy-preserving contact discovery to immediately display which of your contacts are reachable with Signal. Under the hood, it uses ZRTP, a well-tested protocol for secure voice communication, the company says.

Silent Phone: The company Silent Circle makes software and hardware for businesses who are worried about secure communications. Their Silent Phone software is available on Android and iOS and allows users to call and text with complete privacy.

Telegram: is another secure messaging app that received a 7 out of 7 from the EFF. The app allows you to text and chat with other Telegram users. Best of all, not only is it available on iOS and Android, they also make a Windows Phone app as well as clients for Mac and PCs.

Text Secure: Made by Open Whisper Systems, Text Secure enables encrypted voice calls and texts. Its available for Android and iOS and among its many advocates is Edward Snowden who has recommended those interested in secure communications should use anything by Open Whisper Systems.

See the rest here:
The Best Encryption Apps For Your Phone - Know Your Mobile

The importance of an adequate cyber security strategy cannot be exaggerated enough, with recent research revealing that almost seven in ten consumers will happily take their custom elsewhere in the event of a data breach

In 2016 consumers were exposed to a larger number of high profile data breaches than any year previously last year Yahoo disclosed the loss of more than half a billion customer records.

These events have helped raise public awareness around the serious threats to personal data that exist in the modern era. Awareness is also growing for some of the solutions that businesses and individuals can use to minimise the risks from data breaches.

Encryption is starting to gain some prominence in stories concerning data breaches, but do consumers actually understand what it involves, or how important it is?

Gemaltosrecent study has revealed that only 14% of UK consumers claim to fully understand what encryption is.

>See also:Network security doesnt just begin and end with encryption

Some responses were surprising, including believing encryption to be a fingerprint scanner, a puzzle and a system which sends parts of messages over many networks to protect it.

In reality, encryption is the process of converting data to an unrecognisable form. An encrypted document will appear scrambled to anyone who tries to view it.

It can only be decrypted using the correct encryption key, which must be kept secure at all times. If consumers dont truly understand the measures that businesses are putting in place to protect their data as this evidence suggests, they wont be aware of how secure their data is.

This contributes to any concerns and uncertainty consumers may have when sharing personal data with companies.

Businesses are increasingly starting to understand the potential financial damages that a data breach can incur, however they also need to consider the reputational damage too.

Educating consumers about the steps a business is taking to protect their data is crucial for building consumer trust and loyalty. If consumers are unsure of which protections are in place with a business, they may avoid dealing with them entirely.

Any business that suffers a data breach or gains a reputation for handling customer data insecurely will see consumers move to competitors they perceive to be more secure.

>See also:Will WhatsApp trigger an encryption revolution?

Additionally, with GDPR coming into effect in under 18 months, it will soon be mandatory for any business handling EU specific data, or doing business within the EU, to report any and all data breaches.

Any business found to be insecurely storing data will face severe fines. So, what can a business do to avoid this happening?

There are five key steps that any business must undertake when protecting their own, and consumers data.

First, in order for a business to begin protecting itself, it should organise a data sweep to understand what data it has produced or collected, and where the most sensitive parts of that data are stored.

Examples of personal identifiable information a business may collect include a customers email address, date of birth or financial details. Before a business can even think about how theyre going to protect their data, its crucial that they understand what they are trying to protect.

The next step an organisation should take is to adopt strong two-factor authentication, which provides an extra layer of security should user IDs or passwords ever become compromised.

Two-factor authentication involves an individual having something they have like a message on their smartphone and something they know, rather than simply relying on something they know, such as a password.

While two-factor authentication helps to stop information being taken in the first place, or accessed by people who dont have the correct permissions, encryption gives a layer of security which stops customers sensitive data being used if it is accessed or stolen.

>See also:Who owns your companys encryption keys?

This is why it is necessary for a business to understand where their most valuable data is stored before this step can occur. Whether the data is stored on your own servers, in a public cloud, or a hybrid environment, encryption must be used to protect it.

As consumers have seen in 2016, it is no longer a question of if, but when a data breach will occur. Companies need to approach protection with the assumption that they will be breached and employ the encryption necessary to protect their most important asset, the data.

Of course, once a business is properly encrypting their data, attention must turn to strong management of the encryption keys. Whenever data is encrypted, an encryption key is created, and is necessary for unlocking and accessing the encrypted data.

Encryption is only as good as the key management strategy employed. Companies must ensure the keys are kept safe through steps like storing them in secure locations, in external hardware away from the data itself for example, to prevent them being hacked.

After all, theres no point in buying the best locks for your house and then leaving the key under the mat for any passing burglar to pick up!

The final step a business should undertake is educating both their consumers and their workforce on the processes they have undertaken to protect their data. And it doesnt just end there.

Businesses need to employ a double-sided approach, educating both their employees and consumers on the steps they should also be taking to remain safe and protect their personal data themselves.

This helps to build their understanding of how to protect the companys data, and builds consumer confidence.

>See also:Researchers break hole in Apples unbreakable encryption

Only once a business has followed these steps, and educated their customers, can they be confident that they have adequate processes in place to protect their data.

The importance of an adequate cyber security strategy cannot be exaggerated enough, with recent research revealing that almost seven in ten consumers will happily take their custom elsewhere in the event of a data breach.

Additionally, an educated population of consumers will help encourage other businesses to improve their cybersecurity, ultimately leading to a more secure environment for both organisations and individuals to do business.

Sourced byJason Hart, CTO, data protect at Gemalto

The rest is here:
Encryption everybody claims to be doing it, but what does it mean? - Information Age

The Egyptian e-Signature Competence Center (ESCC) of the Information Technology Industry Development Agency (ITIDA) completed the e-signature encryption for financing cheques of government agencies at the Central Bank of Egypt (CBE).

Through the centre, ITIDA has encrypted the certified data and e-signatures from government agencies to the CBE and government banks linked to that system in order to protect the security of these checks and the data related to them.

The project comes within the framework of ITIDAs role in spreading the culture of e-signature in Egypt to ease and secure commercial and administrative transactions for individuals, companies, and government agencies.

The project included ESCC preparing the infrastructure for this system within the CBE, government agencies, and public banks linked to the system. This infrastructure is a group of computer servers and encryption-software produced in ESCC, next to service and technical support.

ITIDA CEO Asmaa Hosni stressed the importance of shifting into the digital economy and the need to begin strengthening cooperation to provide government services electronically, which requires the activation of e-signatures to ensure the protection and confidentiality of personal information.

Hosni also urged the need for cooperation of all stakeholders to activate the existing projects and move to securing and encrypting commercial e-transactions considering the impact on the economy, noting that ITIDA aims to achieve a breakthrough in electronic signature services.

ESCC has recently implemented a number of e-signature projects and securing e-mails for a number of government agencies, including the National Telecommunications Regulatory Authority (NTRA) and Damietta Ports Authority. The centre has also approved the e-signature software at the Ahli United Bank and the Suez Canal Insurance Company.

The centre is also set to implement a number of projects in encryption and e-signature, as well as securing emails for judiciary bodies and the commercial agreement sector of the Ministry of Trade and Industry, along with the Industrial Development Authority and the Ministry of Health.

Established in 2011, the ESCC works on managing and regulating e-signature standards and issues the licenses for electronic transactions activity.

ESCC is the only centre of its kind in the Middle East and North Africa to provide e-signature infrastructure services and their applications on different operating systems to achieve integration between the software and the Public Key Infrastructure.

E-signature practices in Egypt are governed and regulated by Law No. 15 of 2004 and its bylaw No. 109 of 2005, including civil, commercial, and administrative transactions that can be completed electronically. This aims to increase the efficiency of e-commerce and upgrade the performance of government services.

See original here:
ESCC completes signature encryption for financing checks of agencies at CBE - Daily News Egypt - Daily News Egypt