Microsoft has released end-to-end encryption for one-on-one Teams calls, adding a feature already offered by competitors Zoom and Webex.

Microsoft this week made E2EE generally available to Teams users on Windows and Mac computers, allowing workers to secure calls so only the participants have access to the content. Usually, Teams secures data through Transport Layer Security encryption, in which data can be decrypted in Microsoft's cloud before being re-encrypted and sent to the intended recipient.

Because E2EE removes Microsoft's ability to access meeting data, customers' employees can't use cloud-based services when using the feature. The company said workers would be unable to record, capture or transcribe meetings while E2EE is on. Transferring calls, merging calls, adding a meeting participant and moving calls onto another device will not work either.

The feature is more limited than the E2EE offered by Microsoft competitors. While Teams E2EE calls are limited to two workers, Zoom and Webex allow encrypted meetings with multiple participants.

E2EE will make Teams more attractive to customers in highly regulated fields, like government, military, healthcare and finance.

"[E2EE] comes up where it's mandated that you must have [meetings] encrypted end to end," said Tom Arbuthnot, an IT architect at systems integrator Modality Systems. He added that most organizations are unlikely to use the E2EE for typical staff meetings, however. "It's really a pretty niche requirement."

Administrators need to enable E2EE before workers can use it. Once IT configures its encryption policy, employees must activate the security feature in their Teams settings. According to Microsoft, IT retains the ability to disable E2EE at any time.

E2EE for video conferencing became a hot topic after the pandemic made Teams and Zoom household names. In 2020, individual users filed a class-action suit against Zoom, claiming the company did not provide E2EE as advertised. Zoom settled the lawsuit and a Federal Trade Commission complaint about its E2EE marketing. It later added the feature to its service in October 2020.

In other Teams news, Microsoft has improved search in the service to help users find the information they want more effectively. The redesigned search lets people choose whether they're looking for a chat message, file or person within the company. Workers can specify by date and the people involved and exclude messages from apps and bots.

It can be challenging to find information in Teams, Arbuthnot said. In chat, a flood of messages can quickly bury a needed attachment.

"[Teams search] wasn't the best, to be honest," he said. "There's so much data, so finding the exact thing you need was challenging."

Microsoft also plans to improve its Teams Rooms conference-room product next year to bridge the gap between in-office and remote meeting attendees. A new layout will place remote workers at eye level and let those in the room see the meeting chat and which participants have raised their hands to speak. Microsoft plans to release the layout, called front row, in January.

Zoom and Cisco's Webex have introduced features to level the playing field for hybrid work. Zoom's Smart Gallery and Webex's People Focus place conference-room participants in individual video frames to allow remote workers to read body language and nonverbal cues readily.

Providing an equal experience for at-home and in-office workers will be the most prominent video conferencing problem of 2022, said Bob O'Donnell, founder of Technalysis Research. He added that he expects it will take some time before vendors fix it.

"The experience of having some people remote and some in the room is pretty bad right now," he said. "It's incredibly hard to do well."

Many workers will just bring their laptops into conference rooms and individually join meetings until room-based systems provide parity, O'Donnell said.

Mike Gleason is a reporter covering unified communications and collaboration tools. He previously covered communities in the MetroWest region of Massachusetts for theMilford Daily News,Walpole Times,Sharon AdvocateandMedfield Press. He has also worked for newspapers in central Massachusetts and southwestern Vermont and served as a local editor for Patch. He can be found on Twitter at @MGleason_TT.

See the rest here:
Microsoft adds end-to-end encryption to Teams - TechTarget

What user data can U.S. federal law enforcement obtain from providers of encrypted messaging services? A recently disclosed January 2021 document from the Federal Bureau of Investigation (FBI) supplies a concise summary with respect to nine different secure messaging apps. It shows that with legal process, the FBI can get various types of metadata, and in some cases even stored message content. Exactly whats available, though, varies widely by app. The one-page document should give useful guidance to privacy-conscious people including journalists, whistleblowers, and activists while also helping to dispel misconceptions about the FBIs surveillance capabilities (or lack thereof) in the encrypted messaging context. Kudos to government-transparency nonprofit Property of the People (POTP), run by FOIA guru Ryan Shapiro and indefatigable lawyer Jeffrey Light, for obtaining this record under the Freedom of Information Act.

Dated Jan. 7, 2021, the document states that it reflects FBI capabilities as of November 2020. The apps included in the chart are iMessage, LINE, Signal, Telegram, Threema, Viber, WeChat, WhatsApp (owned by Meta, fka Facebook), and Wickr (which was acquired by AWS in June). Most of these appsiMessage, Signal, Threema, Viber, WhatsApp, and Wickrend-to-end encrypt messages by default. As for the rest, Telegram uses default end-to-end encryption (E2EE) in some contexts, but not others. E2EE is on by default in newer versions of LINE, but it may not be turned on in older clients. And WeChat, owned by Chinese giant Tencent, does not support end-to-end encryption at all (just client-to-server encryption). This variance may explain why the document refers to the apps as secure instead of E2EE.

What User Data Can the FBI Get?

The chart illuminates the variation in how much data different services collect and retain about users and their communicationsand consequently, what data theyll provide to law enforcement given a valid warrant, subpoena, or court order. (Think, for example, about a warrant asking for all records in a providers possession pertaining to a user: the more information it retains about its users, the more it can be required to provide to law enforcement.) This ranges from the minimal information available from Signal and Telegram, to the basic subscriber information and other metadata that several services disclose to the FBI, and even limited stored message content from three of the nine apps: LINE (which, as said, still supports non-E2EE chats), iMessage, and WhatsApp.

That last part may come as a surprise to some iMessage and WhatsApp users, given that were talking about E2EE messaging. True, E2EE renders users messages inaccessible to law enforcement in transit, but its a different story for cloud storage. If an iMessage user has iCloud backups turned on, a copy of the encryption key is backed up along with the messages (for recovery purposes) and will be disclosed as part of Apples warrant return, enabling the messages to be read. WhatsApp messages can be backed up to iCloud or Google Drive, so a search warrant to one of those cloud services may yield WhatsApp data including message content (although a search warrant to WhatsApp wont return message content). (WhatsApp recently started rolling out the option to E2EE message backups in the cloud, rendering the FBI chart slightly out-of-date.)

While its possible to piece together some of the information in the chart by scouring app makers public documentation and courts criminal dockets, the FBI conveniently pulled it into one at-a-glance page. It might be old news to you, if you happen to be familiar with both the law governing electronic communications privacy and the technical nuances of your encrypted messaging app(s) of choice. That may describe a lot of Just Security readers and government surveillance beat reporters, but it probably doesnt reflect the average users mental model of how an E2EE messaging service works.

The chart also reveals details that app makers dont talk about forthrightly, if at all, in their public-facing guidelines about law enforcement requests. With a warrant, WhatsApp will disclose which WhatsApp users have the target user in their address books, something not mentioned on WhatsApps law enforcement information page. And Apple will give 25 days worth of iMessage lookups to and from the target number irrespective of whether a conversation took place, which is described in Apples law enforcement guidelines but takes a little digging to understand since neither the FBI nor Apple explains what that means in plain English. In each case, the company is disclosing a list of its other users that happen to have the target users contact info, whether or not the target communicated with them. (If other messaging services make a practice of disclosing similar information, its not reflected in the chart.) These details underscore the broad sweep of U.S. electronic surveillance law, which lets investigators demand any record or other information pertaining to a [target] subscriber in response to a 2703(d) order or search warrant. While Apple and Meta have both fought for user privacy against overreaching government demands, the law nevertheless renders a lot of user data fair game.

Popular Misperceptions of Messaging Privacy

In short, its no easy task for the average person to accurately understand precisely what information from their messaging apps could wind up in the hands of federal investigators. Not only do different apps have different properties, but app makers dont have much of an incentive to be straightforward about such details. As the FBI chart demonstrates, the market of free, secure messaging apps is a gratifyingly crowded and competitive field. Providers want to give current and would-be users the impression that their app is tops when it comes to user security and privacy, whether the user is concerned about malicious hackers, governments, or the provider itself. Providers have learned to be wary of overstating their services security properties, but theyre betting that marketing copy will get more attention than technical whitepapers or transparency reports.

In this regard, app makers incentives are aligned with those of the FBI. Given the FBIs years-long campaign against encryption, it makes a strange bedfellow to the encrypted service providers it has condemned by name in public speeches. But service providers and the FBI both benefit from a popular misconception that underestimates the user data available to investigators from certain E2EE services. That misapprehension simultaneously maintains the providers image in the eyes of privacy-conscious users while upholding the FBIs narrative that its going dark in criminal investigations due to encryption.

Although this misunderstanding may help law enforcement investigators, it can have significant consequences for their targets. Not just garden-variety criminals, but also journalists and their sources, whistleblowers, and activists have a lot riding on their choice of communications service. As noted in Rolling Stones article about the FBI chart, WhatsApp metadata was key to the arrest and conviction of Natalie Edwards, a former U.S. Treasury Department official who leaked internal documents to a reporter with whom she exchanged hundreds of messages over WhatsApp. Edwards (and presumably also the reporter, who owed Edwards an ethical duty of source protection) believed that WhatsApp was safe for journalist/source communication. That misunderstanding cost Edwards her freedom.

The Reality Behind the Myth

Thanks to FOIA and its zealous disciples at POTP, the public can now see the internal FBI document that neatly summarizes the reality behind the myth. It shows that despite its going dark claims, the FBI can obtain a remarkable amount of user data from messaging apps that collectively have several billion global users. (The ability to test the governments public claims against its internal statements is one of the reasons why public access to government records, POTPs raison dtre, is so crucial.) It shows the role that cloud storage and metadata play in mitigating end-to-end encryptions impact on real-time communications surveillance. And it shows which popular E2EE messaging services truly do know next to nothing about their users.

If users think the encrypted apps they use dont keep much information about them, the FBI chart shows that belief to be largely false. With some exceptions, many major E2EE messaging services hand over all kinds of data to federal law enforcement, and cloud backups can even enable the disclosure of stored messages sent on two of the biggest E2EE messaging apps. Even if little or none of whats in the document is truly news, its still helpful to see it laid out so succinctly in a single page. If you are concerned about messaging privacy, use this chart (together with privacy and security guides specific to your situation, such as for journalism or protests) to help you decide which app is best for youand share it with the people you chat with, too. That way, you can make a more informed decision about which app(s) to keep (and which to leave behind) as we enter the new year.

Apple, Digital Surveillance, Encryption, FBI, FOIA, Law enforcement, Privacy, Stored Communications Act, Technology, WeChat, WhatsApp

See the original post:
We Now Know What Information the FBI Can Obtain from Encrypted Messaging Apps - Just Security

Previous chairman of the U.S. Securities and Exchange Commission, or SEC, Jay Clayton, was delegated by ex-President Donald Trump to serve in 2017. In his tenure as head of the SEC, Clayton often defended Bitcoin (BTC) as a store of significant worth. This previous Wednesday, during a interview with CNBCs Squawk Box show, Jay shared his musings on digital currency and how it ought to be directed going ahead. The previous SEC seat said that he is a huge believer in crypto technology and that its productivity benefits in the financial system and tokenization are enormous.

When asked whether the present chairperson is creating too many restrictions for the crypto industry, Jay said that cryptocurrencies have numerous purposes and are connected to a variety of industries, and the SEC should be in charge of regulating only those sectors that are linked to it.

Claytons remarks come as the current SEC chair, Gary Gensler, recently confirmed that the watchdog has no plans to ban crypto, but that U.S. congress could. Gensler warned, however, that crypto in its current form is comparable to the wild west without proper regulation.

Crypto is a wide variety of products, with a wide variety of functions, and the rules of our financial system are clear and long-standing. If you are raising capital for a project, you have to register your capital raising with SEC. If you are trading securities it has to be on a registered venue, But there are many crypto sectors like stablecoins that are not securities and outside of SEC purview.

Clayton did not allow the approval of a Bitcoin ETF during his term, which occurred now in 2021 under Gary Gensler. The agency has since come under fire for rejecting spot ETF applications and approving Bitcoin futures ETFs. Grayscale submitted a letter to SECs secretary, Vanessa Countryman, in which it stated that there is no basis for the position that investing in derivatives for an asset is acceptable for investors but not investing in the asset itself. The SEC was accused of treating the two Bitcoin ETF proposals unequally under the Administrative Protections Act, or APA.

According to Clayton, cryptocurrencies should be implemented but with appropriate regulation. He said that the government should be reactive to people who are violating our well-defined laws but proactive in encouraging the adoption of this technology throughout our financial system.

News Summary:

See the article here:
'I'm a big believer in encryption technology,' says the former chairman of the US SEC. - BollyInside

Britain's Online Safety Bill is being enthusiastically endorsed in a "manifesto" issued today by MPs who were tasked with scrutinising its controversial contents.

Parliament's Joint Committee on the Online Safety Bill published the report declaring the bill would let government ministers "call time on the Wild West online."

The committee, made up of MPs and peers from various political parties, was asked to carry out a serious analysis of the controversial legislation. Surprising some onlookers, its Conservative chairman, Damian Collins MP, used the committee's 193-page report to talk about what he described as a "wider manifesto" for Big Tech regulation.

Ministers have two months before they have to formally respond to the report. As drafted, the bill doesn't go far enough (in the committee's view) and ought to impose more bans and regulations on activities that take place over an internet connection for example, "cyberflashing" (using Apple Airdrop and similar mobile device technologies to send obscene content to unwitting recipients), promotion of self-harm, posting adverts for online fraud, and so on.

"The Committee has set out recommendations to bring more offences clearly within the scope of the Online Safety Bill, give Ofcom the power in law to set minimum safety standards for the services they will regulate, and to take enforcement action against companies if they don't comply," said Collins in a canned statement.

Among other things, the committee called for:

It also said:

British legislators have been grappling with largely US-owned social media and web platforms failing to pay enough attention to increasingly loud demands for content censorship and for end-to-end encryption to be banned.

The bill's stated aim is protecting children from unsuitable content on the World Wide Web, though every political campaigning group imaginable (including a pro-free speech group) has weighed in during the general public debate about the bill.

The British Computer Society, the chartered institute for IT, praised the bill's focus on public risk assessments by platforms and nascent internet regulator Ofcom alike, but expressed reservations about exactly what legal duties it will impose.

"The Bill leaves a lot of definitions abstract, and much of the concrete expectations for what platforms will be asked to do will be set out in secondary legislation and Codes of Practice," said the BCS, "meaning it's currently very difficult to assess what exactly platforms will be asked to do to reduce harms and protect rights, and whether it will be sufficient."

Warnings about the risks to free expression online of over-regulation have largely been ignored by the committee, whose members included politicians from the Conservative, Labour, SNP, and Lib Dem parties.

The bill's second reading in Parliament is expected this week as the government moves to make it legally binding.

See the rest here:
MPs charged with analysing Online Safety Bill say end-to-end encryption should be called out as 'specific risk factor' - The Register