MOSCOW, September 20 (RIA Novosti) - Data encryption will come as a default setting for the next version of Googles Android operating system, so far known as Android L to be released next month, the company reports. This change will make it practically impossible for law enforcement to gain access to a users personal data without consent.

"For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement," said company spokeswoman Niki Christoff as cited by Washington Post. "As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on."

Android has offered optional data encryption in some devices since 2011, however, it has not be a default setting for its software. The security feature was buried deep within the OS and was not clear on how to activate it. Thus, few users have actually employed the security feature. Now with the coming release, smartphones with Android L will be automatically encrypted. Only those who know the devices password will be able to access the devices pictures, videos or e-mails.

The move will bring Android in line with Apple, who also added default data encryption to iOS 8, in offering a high level of data protection. Both rival operating systems now make it practically impossible for law enforcement officials to harvest data from detained smartphones. The move by Google and Apple reflects a growing trend of many American technology companies who are focusing on greater security a users personal data. These new products are being designed to become more resistant to government surveillance programs in the aftermath of revelations made by former NSA contractor Edward Snowden.

The enhanced data protection provided by Google and Apple will directly affect law enforcement officers who have long argued that access restrictions to personal electronic devices make it difficult to prevent crimes and terrorist attacks. In June the Supreme Court ruled that police must acquire a search warrant to gain access to data stored on smartphones. These new features will leave law enforcement in the dark. Police have no legal right to force a suspect to unlock their phone. However, law enforcement still may use a search warrant to gain all information stored in the Cloud.

Privacy advocates praise the moves by Apple and Google to embrace default data encryption for mobile devices.

"Most people aren't going to go out of their way to do these things," said Joseph Lorenzo Hall, chief technologist for the Center for Democracy & Technology, a Washington-based non-profit group that receives substantial industry support. "It's so awesome, as someone who has worked on these issues for a long time, to see these two companies switch their defaults to where these things will be strongly encrypted, and rightly so."

The new Apple update will only affect those phones which are running iOS 8. The iPhone 4 and older models will still be open to data harvesting by law enforcement. Apple is able to update their phones remotely as well, making the transition to iOS 8 very easy.

By contrast, Google does not have the ability to deliver the Android L update quickly to most users. The software is fragmented, meaning there are hundreds of different versions of Android worldwide which makes it difficult to keep them up to date with the latest software updates. It will take several months for most Android devices to be updated with this new feature.

Originally posted here:
Google to Offer Automatic Data Encryption in Next Version of Android

Apple will switch to the TLS encryption standard after disclosure of vulnerability that could expose encrypted data.

CNET

Apple said Wednesday it will stop supporting the encryption standard Secure Sockets Layer 3.0 for its push notifications service in response to a vulnerability identified earlier this month in the aging protocol.

Apple announced on its developer site that it will switch on October 29 from SSL 3.0 to Transport Layer Security (TLS), SSL's more modern, less vulnerable younger sibling. Disclosed earlier this month, the vulnerability -- called Poodle -- allows encrypted information to be exposed by an attacker with network access.

"Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected," Apple said in its bulletin. "Providers that support both TLS and SSL 3.0 will not be affected and require no changes."

To help developers test compatibility, Apple said it has already disabled SSL 3.0 in the development environment on its Provider Communication interface.

Poodle, which stands for Padding Oracle On Downgraded Legacy Encryption (PDF), is a problem because it's used by both websites and Web browsers. Both must be reconfigured to prevent using SSL 3.0, and Poodle will remain a problem as long as SSL 3.0 is supported.

Once the most advanced form of Web encryption in use, the 15-year-old SSL 3.0 is used by few websites anymore, according to a study by the University of Michigan. However, Poodle still poses a threat because attackers can force browsers to downgrade to SSL 3.0.

Twitter already notified its users that it has disabled SSL 3.0 support, while Mozilla advised Firefox users to install a Mozilla security add-on that disables SSL 3.0. Along with Google and Mozilla, the University of Michigan researchers detailed how to disable SSL 3.0 for Internet Explorer.

Mozilla plans to disable SSL 3.0 in Firefox 34, the next version of the open-source browser. It's currently in beta testing, with a release planned for the end of November. Mozilla has been testing the change in its Aurora version of Firefox, the precursor to the beta version, and so far, "There has been much less screaming about this than I anticipated," said Mozilla's Martin Thomson on Wednesday, discussing the change on Mozilla's bug-tracker. Complaints would come from people who couldn't use Web sites that required SSL 3.0.

See the rest here:
Apple dumps SSL 3.0 for push notifications due to Poodle flaw

Representatives say such a mandate stands "zero chance" of passing

The U.S. Congress doesn't always get it right -- some would even argue it seldom gets it right these days. But occasionally the interests of special interest donors align fortunately with the public interest and Congress does something praiseworthy.

I. The Right to Encrypt

This is the case with the recent decision to rebuff requests fromThe U.S. Federal Bureau of Investigation's (FBI) director, James Brien Comey, Jr., who wanted Congress to pass a law forcing American smartphone makers to decrypt citizens' devices at the request of federal law enforcement.

The request was bizarre in the first place, as the Electronic Frontier Foundation (EFF) points out, as theCommunications Assistance for Law Enforcement Act (CALEA) of 1994 states (47 U.S. Code 1002):

A telecommunications carrier shall not be responsible for decrypting, or ensuring the governments ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

But that didn't stop Director Comey from attempting to bend logic -- and the law. His comments come after Google Inc. (GOOG) and Apple, Inc. (AAPL), the world's top two smartphone platform companies, began advertising encryption features that keep Americans' data private and secure.

II. On "Back Doors" and "Front Doors"

In a recent interview, Director Comey said that people shouldn't trust the FBI given its history of misbehavior and illegal investigations. But then he went on to daftly suggest that the public entrust the behavior with new investigation authority -- including regulating decryption -- with nary a promise of transparency in exchange.

And just months after the U.S. Supreme Court beat back warrantless smartphone searches, Director Comey brazenly stepped up his rhetoric, last week calling on Congress to pass a bill to revamp CALEA, scrapping its encryption protections.

See original here:
Congress to FBI Director Comey on Smartphone Encryption: Stand Down