Photo: MANDEL NGAN/AFP (Getty Images)

Since at least the 1990s, federal officials have publicly worried that encrypted communications give aid to terrorists and criminals. More often than not they have, to some degree, been right.

In the early 2000s, Los Zetas, the infamous Mexican cartel, actually created their own military-grade encrypted radio network, which they used to mask the movements of their narco-trafficking supply chain. Around the same time, al Qaeda and other terrorist Mujahideen groups began using self-engineered encryption software in the hopes of avoiding the all-seeing eye of Americas national security state. Other criminal groups quickly followed suit and, today, the need for dark capabilities has given rise to companies that intentionally court and sell exclusively to underworld clientele. These firms, which allegedly go to great lengths to protect their customers, appear to have a short life span, however: In the last few years, a number of prominent encryption platforms and other technologies have been infiltrated and dismantled by law enforcementwith the most recent example occurring just a week ago.

Last Tuesday, the U.S. Department of Justice announced Trojan Shield, a bold, over-the-top law enforcement operation. In it, the FBI used a high-level criminal informant to co-opt and then run an encrypted chat platform, called ANOM, designed specifically for transnational criminal organizations. Rather than infiltrate an existing platform, the feds had decided to create and operate their own. When drug traffickers and money launderers flocked to ANOM, the FBI and other authorities were waiting, ready to intercept and study all of the communications the crooks offered up. It was the honeypot to end all honeypotsa baited trap on a global scale.

Certainly, the short-term payoff from the operation has been overwhelming: all last week, governments throughout the world continued a parade of hundreds of arrests, with police holding press conferences and gleefully trotting out indictments related to the operation. Alleged biker gangs, Italian crime families, drug traffickers throughout the world were all ensnared. In the U.S., the Justice Department indicted 17 people allegedly involved in managing ANOM (despite the FBIs secret role), arresting a majority of them. The operation has also revealed a deluge of intelligence about the ways in which international criminal syndicates operate, which will doubtlessly help inform future investigations targeted against such groups.

And yet, one of the operations long-term goals, as stated by police, seems elusiveif not quixotic. We aim to shatter any confidence in the hardened encrypted device industry with our indictment and announcement that this platform was run by the FBI, said Acting U.S. Attorney Randy Grossman during a press conference last week. Similarly, Suzanne Turner, the special agent in charge of the FBIs San Diego Field Office, said that this should be considered a warning to criminals. [Those] who believe they are operating under an encrypted cloak of secrecy, your communications are not secure, Turner said. She later added that the operation would hopefully keep criminals guessing as to whether a platform was a legitimate business or one secretly run by the feds.

G/O Media may get a commission

Grossman and Turners statements mark a turning point in a decades-long effort by the U.S. government to undermine encrypted communication, which has proliferated into the mainstream in recent years, from Signal to iMessage, WhatsApp to Google Messages. If the cops cant break encrypted technologies, theyll break our confidence in them insteadeven if it means crossing the line themselves.

Encrypted messaging apps are pretty much untouchable by law enforcement, said James A. Lewis, a security professional with the Center for Strategic and International Studies, in a phone call. Lewis has studied the issue for years.

People used to speak by air-conditioners, or go for a walk in the park, he said, referencing Godfather-type scenarios, in which criminals would sneak around to avoid wiretapping. Now, he said, everybody, including the mafia, has a smartphone in their pocket. Thus, the temptation to rely on such easy methods of communication is strong. Its just a general shift to relying on messaging, he said. Criminals have moved with the rest of the population.

The companies that have preceded ANOMmany of which were infiltrated and dismantled by copsworked hard to conceal their activities, which were done in the service of criminal ecosystems centered around drug dealing and murder, government officials have argued. For instance, Phantom Secure, a now-defunct phone company that offered modified, encrypted Blackberry and Android devices, reportedly sold a majority of its services to Mexican drug cartels, which used the devices to communicate with underlings and strategize narcotics shipments. Two other platforms that were recently taken down by policeSky Global and EncroChatallegedly functioned in very much the same way.

Similarly, the devices used by the kind of groups ensnared in Trojan Shield are far different than your average civilian encrypted chat app like Signal or WhatsAppboth of which use end-to-end encryption, meaning only the sender and recipient have access to any conversations. Most often, they are modified phones that have had the GPS, mic, and camera capabilities disabled, and include a specialized encrypted chat app that functions on a closed loop with other devices specifically designed to communicate with each other. On top of this, the government claims companies that sell such devices will often offer covert protection to their customershelping to remotely wipe the contents of phones if they are confiscated by police. With all of these benefits, criminals have little incentive to give up these types of services because they are simply too useful to their operations.

A lot of the encryption is un-hackable, Lewis said. If you can get access to the device then your chances are better, but if you are just intercepting traffic, it can be exceptionally difficultmaybe even impossible [to hack it].

That unbridgeable impasse is partially why the FBI and other federal agencies have spent the last 30 years waging a slow-motion campaign against the use of encryption. During the first so-called Crypto Wars in the 1990s, national security politicos in the Clinton administration argued that the proliferation of encryption technologies worldwide would effectively create a force-field around corruption. Ever since then, federal officials have, in one way or another, aggressively pursued a workaround for the technology, often employing strategies that threatened civil liberties and treated Americans privacy as an afterthought.

This has gone through a number of different iterations. When the 90s lobbying to halt encryptions export didnt work, the feds quickly turned to a different strategy: lobbying the private sector to install backdoors in their encrypted networks so that the FBI could enjoy intimate access to Americans protected communications. Beginning in the mid-2000s, the Justice Department and the FBI went on a charm offensivetrying to explain to Congress and the American people why it really needed to do this. That campaign has lasted for years, with ongoing lobbying by the FBI director continuing to the present moment.

With Trojan Shield, it really seems like a whole new tactic in the governments ongoing battle against encryption, but one that is far more psychological than legal. Here, the bureau seems to be attempting to shake overall confidence in encrypted platformsinspiring doubt over whether those communications are really secure or just a giant honeypot with an FBI agent lingering in the rearview. In so doing, theyre basically trying to undermine a technology that serves as one of the few protections for everyday peoples privacy in a world intentionally designed to eviscerate it.

Jennifer Lynch, the surveillance litigation director at the Electronic Frontier Foundation, said that the recent operation was concerningadding that she doubted the FBI even had the legal authority in the U.S. to carry out Trojan Shield, which is probably why it was partnered with more than 100 countries, according to the DOJ.

We still dont know a lot about how this investigation occurred and how all of the data-sharing transpired among the different countries that were involved, Lynch said in a phone interview. What we do know, however, is concerning enough. The FBI said that they geo-fenced communications of Americans. That says to me that even the FBI doesnt believe they have legal authority under the Fourth Amendment or our federal wiretapping act to do what they did.

Extrapolating on that point, Lynch noted the bureaus partnership with Australia, which recently passed the TOLA Act. The law allows the Australian government to compel private companies and technologists to reengineer software and products so that they can be used to spy on users. Australias laws also allow for extensive wiretapping, ones that far outstrip the ones available in the U.S., Lynch said.

Basically, the FBI is laundering its surveillance through another country, she said.

Alternately, Lewis argues that the challenges posed by encryption force law enforcement to get creative with how they combat the increasing use of the technology by criminal groups.

You have to get a subpoena, you have to get the company to cooperate, said Lewis, explaining the current restrictions when police try to investigate malfeasance via encrypted chat platforms. The company wontin many caseshave access to the unencrypted data. Thats where something like this becomes attractive [to criminals].

Even with high-powered entities like the National Security Agency, the data they intercept wont necessarily be useful in traditional law enforcement investigations, he said. The NSA is not in the law enforcement business, he said. Theyre not collecting evidence. So even in the cases where they have intercepted traffic, it could not be used in court, said Lewis. So youve got technology problems and legal problems.

If the operation has seeded doubt about the security of the platforms for criminal use, then its done its job, he argues.

Its certainly planted a seed of doubt in their minds, he said, of the criminals. Uncertainty really helps. It means theyll want to do more face-to-face meetings or something else other than talk on the phone, which may make them easier to catch, he said.

Of course, the FBI plants seeds of doubt by chucking handfuls of the stuff at everyone within earshotits not just criminals who will fear that someones reading every text, its all of us. And for Lynch, thats an injustice.

I think that what the FBI did is highly suspect, she said, and I think that we should all be concerned about itbecause it makes us question the privacy and security of our communications.

See the original post:
How the FBI Is Trying to Break Encryption Without Actually Breaking Encryption - Gizmodo

Every Friday, The Verge publishes our flagship podcast, The Vergecast, where co-hosts Nilay Patel and Dieter Bohn discuss the week in tech news with the reporters and editors covering the biggest stories.

In this episode, the show is split into three sections. First, Nilay and Dieter talk to Verge senior editor Tom Warren about this week in Microsoft: leaks of the Windows 11 UI, announcements from E3 2021, and Microsoft CEO Satya Nadella doubling as the companys chairman.

In section two of the show, Verge politics reporter Makena Kelly returns to explain the continuing push by the US government to enact antitrust legislation on tech monopolies this week, five new bills were introduced and the Senate confirmed a new commissioner of the FTC.

In part 3, Verge managing editor Alex Cranz joins in to chat about this week in gadgets and Google the company is adding end-to-end encryption to their Messages app, Sonos officially announced their picture frame speaker, and Telsas Model S Plaid made its big debut.

You can listen to the full discussion here or in your preferred podcast player.

The rest is here:
Vergecast: Windows 11 leaks, RCS encryption, and this week in antitrust - The Verge

Law enforcement also has an advantage when it gets ahold of digital devices. Despite claims from Apple, Google and even the Justice Department that smartphones are largely impenetrable, thousands of law enforcement agencies have tools that can infiltrate the latest phones to extract data.

Police today are facing a situation of an explosion of data, said Yossi Carmil, the chief executive of Cellebrite, an Israeli company that has sold data extraction tools to more than 5,000 law enforcement agencies, including hundreds of small police departments across the United States. The solutions are there. There is no real challenge to accessing the data.

The police also have an easier time getting to data stored in the cloud. Technology companies like Apple, Google and Microsoft regularly turn over customers personal data, such as photographs, emails, contacts and text messages, to the authorities with a warrant.

From January 2013 through June 2020, Apple said, it turned over the contents of tens of thousands of iCloud accounts to U.S. law enforcement in 13,371 cases.

And on Friday, Apple said that in 2018, it had unknowingly turned over to the Justice Department the phone records of congressional staff members, their families and at least two members of Congress, including Representative Adam B. Schiff of California, now the chairman of the House Intelligence Committee. The subpoena was part of an investigation by the Trump administration into leaks of classified information.

Yet intercepting communications has remained a troublesome problem for the police. While criminals used to talk over channels that were relatively simple to tap like phones, emails and basic text messages most now use encrypted messengers, which are not.

Two of the worlds most popular messaging services, Apples iMessage and Facebooks WhatsApp, use so-called end-to-end encryption, meaning only the sender and receiver can see the messages. Not even the companies have access to their contents, allowing Apple and Facebook to argue that they cannot turn them over to law enforcement.

Read more from the original source:
Bitcoin and Encryption: A Race Between Criminals and the F.B.I. - The New York Times

Amidst WhatsApp's own privacy policy havoc, many have questioned the irony of WhatsApp's recent challenge to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (Intermediary Rules) on grounds of privacy.

That said, WhatsApp's challenge brings some key issues to light, especially with respect to compatibility of these rules with end-to-end encryption technologies and the consequent privacy implications.

Encryption technologies in India have long been a bone of contention, especially with the government's authority to require decryption of content under Information Technology laws.

Also Read: WhatsApp sues Indian govt, says new media rules mean end to privacy

The recently notified Intermediary Rules on 25 February 2021 for 'intermediaries' (e.g. WhatsApp, Facebook and Twitter) and digital media publishers (e.g. online news portals and video streaming platforms) have now created a pandemonium in the industry by requiring tracing and identification of users and deploying technological tools for content moderation.

Though these tracing and content moderation obligations apply only to 'Significant Social Media Intermediaries' (SSMIs) (i.e. social media intermediaries having over five million registered users in India), these rules create serious implications for online platforms and users across the board. Notably, WhatsApp has challenged these rules before the Delhi High Court as the 3-month timeline given to SSMIs to implement these obligations came to an end on May 26, 2021.

Identification of 'first originator'

Under the new Intermediary Rules, SSMIs 'primarily' providing messaging services are obligated to identify the first originator of information in India (without identifying the contents of the information) when required by court or executive order on grounds such as national security, public interest etc. This is a step further in the existing obligations to decrypt content upon government orders and maintaining decryption keys.

This is likely to be an obstacle for popular messaging platforms such as WhatsApp, Signal and Telegram deploying the signal protocol end-to-end encryption technology. With this cryptographic protocol, the users on such platforms are generally allotted numeric fingerprints (e.g. adding users through QR codes) and the messages are secured and only visible to the sender and receiver. This is an attractive feature for users to protect their privacy. However, pursuant to these new obligations, the privacy of users will be impacted with platforms implementing technical changes to enable user tracing.

Citing the landmark Supreme Court decision in KS Puttaswamy v Union of India (2017) 10 SCC 1 (Puttaswamy) on the fundamental right to privacy, WhatsApp, in its challenge, has reportedly contended that this obligation violates users' privacy rights as traceability of users will require collection and storage of user data on a massive scale. As per the recent statement published by WhatsApp on its website, "in order to trace even one message, services would have to trace every message". Though there have been several petitions challenging these rules (including WhatsApp's), there is presently no stay on the operation of these rules.

Also Read: MeitY defends new social media rules after WhatsApp lawsuit, assures right to privacy

While it may be argued that SSMIs can trace users by fingerprinting content with numeric codes, there are doubts about the accuracy of tracing without undermining encryption protocols.

For instance, WhatsApp has argued that tracing will be impacted if there are even microscopic changes in the information being shared and the format of sharing (e.g. sharing of an image versus screenshot of that image or adding an extra character or space to a text message).

Interestingly, in separate ongoing litigations since 2019, WhatsApp has objected to suggestions for enabling tracing, such as displaying the originator's information to the recipient of a forwarded message or encrypting original messages with special encryption keys (and corresponding private keys) known only to WhatsApp.

News reports also suggest that WhatsApp has also not confirmed the latest government proposal to the messaging platform for assigning alpha-numeric hash to messages exchanged on its platform. Technology experts have had an apathetic response to the feasibility of such measures, citing concerns such as difficulty in storing hashed copies of millions of messages exchanged on the platform, creating a virtual partition for the platform features across various countries, etc.

Content moderation

Apart from tracing and identification of users, another controversial obligation for SSMIs is to 'proactively' identify and moderate certain categories of information (such as child sexual abuse materials) using technology-based measures (including automated tools or other mechanisms). Adding another layer of review, the rules also require human oversight and periodic review of such measures by SSMIs.

This obligation is another challenge for platforms using encryption technology since, in order to identify and filter content, the content transmitted by users would need to be visible to the platform operators. In parallel, WhatsApp had also expressed its reluctance to implement measures for content filtering before the Supreme Court in In Re: Prajwala (Videos of Sexual Violence and Recommendations) Suo Motu W.P. (Crl.) No. 3 of 2015 due to its end-to-end encryption.

Since the present rules also envisage human oversight and periodic review of these measures, it appears that simply using automated tools (to analyse the encrypted content through numeric codes) to enable content moderation will not be sufficient. Implementing human oversight on content moderation without disrupting end-to-end encryption technology and ensuring accuracy and fairness with automated tools seems to be a Herculean task at this stage.

Also Read: 'User privacy remains highest priority': WhatsApp responds to Centre's 'trick consent' remark

Commercial implications and way forward

Circulation of fake news, child abuse material and other unlawful content has been a rapidly growing problem in India. While encryption protects users' privacy and security, it also leaves unlawful activities online unchecked. It is undeniable that regulation of online content is required to some extent and identification of perpetrators could be useful, but, on the other hand, there is also potential for arbitrary executive orders for user identification and content monitoring on vague and overbroad grounds.

The shield of encryption protecting the users' privacy may have to be redevised to comply with the new Intermediary Rules. Further to the proportionality test propounded by the apex court in the Puttaswamy decision, it is vital to ensure that there is a proportionate balance between regulatory scrutiny and privacy rights. Regulatory scrutiny should not be at the cost of users' privacy.

Although there are some safeguards prescribed under the rules, the existing review mechanisms under information technology laws should also be duly implemented against executive orders. To balance commercial concerns with regulation by the government, it is also crucial to have autonomous review mechanism and independent oversight by industry bodies (similar to some recommendations for regulation of cloud communication and the proposed data protection framework).

These rules are also riddled with certain ambiguities, such as interpretation of 'messaging' services, extent of moderation required, scope of human oversight and periodic review, etc., which may open doors to overcorrection, excessive regulation and potential misuse by administrative authorities.

Another aspect wreaking havoc on the industry is the impact on global practices of such platforms. For instance, storing meta data and location data for tracing the first originator may require weakening the encryption standards and open risks to data breaches and potential violations under stricter data protection laws like in the European Union. Gaps in legislative guidance and unrest in the industry have rendered the burning question for stakeholders (and the industry at large) - is end-to-end encryption technology compatible with these obligations?

While the Ministry of Electronics and Information Technology has stated that the new Intermediary Rules will not force platforms to break their end-to-end encryption, some stakeholders and experts have repeatedly argued that traceability and encryption cannot co-exist. Evidently, these additional obligations will significantly impact the commercial and technical operations of platforms that use encryption. It will be interesting to see the outcome of WhatsApp's recent challenge to the new rules and how the leading messaging platforms (or other SSMIs using encryption protocols) in India implement the necessary technical changes to comply with the new obligations.

(Harsh Walia (Partner), Abhinav Chandan (Partner) and Tanya Varshney (Associate), Khaitan & Co.)

See the rest here:
WhatsApp vs govt: Can traceability and encryption co-exist? - Business Today

The pandemic has made Zoom one of the most popular video conferencing applications. When it comes to video conferencing apps, we always try to make sure our privacy settings are up to the mark to keep the communications secure.

Zoom is trying to ensure that users get the security they deserve, and it has an essential encryption feature that many people dont know about.End-to-end encryption ensures that even if you are hacked, the hacker will not be able to make any sense out of your data. It also keeps your data safe from the company itself.

How to Restore HomePod mini Software Using iTunes or Finder

Zoom initially only encrypted data on its own servers, but with the end-to-end encryption feature, an encrypted key will be generated on the users computer, making your data truly secure. In today's tutorial,I will show you how to enable end-to-end encryption in Zoom on Windows 10 computers in just a few simple steps.

Step-1: Open Zoom App and sign in.

Step-2: Click on the settings cog on the top right corner of the app.

Step-3: Click on View More Settings at the bottom of the settings window.

How to Stop Windows 10 Apps From Accessing Your Messages

Step-4: You will be directed to the settings in your browser. Click on the Settings tab on the left side of your screen.

Step-5: Click on the Meeting tab.

Step-6: Scroll down till you reach the toggle switch for Allow use of end-to-end encryption. Turn it On. [If it is grey, it is Off. If it is blue, it is switched On]

Step-7: You will be asked to verify your number. After you enter your phone number. Click on Send Verification Code. You will then be sent a 6-digit code on your given number. Enter that code and then move on to the next step.

Step-8: After verification, your settings will be updated. Click on End-to-end encryption in the Default encryption type section.

Step-9: Click Save.

After following these steps, your Zoom will be end-to-end encrypted.

Here is the original post:
How to Enable Zooms End-to-End Encryption Feature - Wccftech

WhatsApp will make its multi-device support available with end-to-end encryption, according to a report. The Facebook-owned instant messaging app has marketed its privacy-focussed encryption for some time. It is claimed to protect text and voice messages, photos, videos, documents, and calls in a way that they aren't accessible by anyone except the sender and receiver. However, enabling the same level of protection on multiple devices alongside syncing communication between them is not that easy and involves technical challenges in its implementation.

Although WhatsApp is yet to provide official details, WhatsApp beta tracker WABetaInfo has reported that the end-to-end encryption available on WhatsApp will be compatible with its upcoming multi-device support.

Earlier this month, Mark Zuckerbergmentionedin an alleged conversation with WABetaInfo that chats when using multi-device support on WhatsApp will still be end-to-end encrypted. Screenshots shared by WABetaInfo showed that the Facebook CEO stated that the company solved the challenges involved in implementing end-to-end encryption in an elegant way to make sure that the chats between users are protected even when using the messaging app on multiple devices.

WhatsApp was thought to be working on enabling multi-device support since at least July 2019. The feature lets users simultaneously access the app on up to four devices. It seems to be at a final stage of its internal testing as screenshots detailing the new addition appeared online in the recent past. WhatsApp Head Will Cathcart also purportedly noted in the messages exchanged with WABetaInfo that the new addition could be provided in a public beta in the next month or two.

Alongside enabling end-to-end encryption when using multi-device support, WhatsApp is said to be bringing end-to-end encrypted backups. There is, however, no exact timeline on when it would be available even for public beta testers.

WhatsApp uses Signal's encryption protocol for offering end-to-end encrypted communication experience on its app. Competitors including Google Messages also embraced the same protection method to address privacy concerns raised by digital activists. However, since end-to-end encryption limits traceability on platforms, governments and regulators in some countries including India have demanded ways to get a backdoor entry.

Does WhatsApp's new privacy policy spell the end for your privacy? We discussed this on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.

More:
WhatsApp to Enable Multi-Device Support With End-to-End Encryption: Report - Gadgets 360

Operation Ironside last week resulted in more than 800 suspected underworld criminals arrested after being tricked into using an encrypted messaging app in which police were able to monitor chats about serious crime, including murder.

The operation was run in conjunction with the Australian Federal Police, targeting global serious and organised crime. Drugs, weapons, luxury vehicles and cash were seized across more than a dozen countries in whats been called a watershed moment for international policing. Its again highlighted issues relating to encrypted communications within criminal networks.

This operation involved the distribution amongcriminal networks of a secure encrypted communication system known as An0m that was in reality controlled by law-enforcement agencies. However, while ultimately enormously successful in disrupting criminal networks, the use of An0m very likely accounted for only a small percentage of criminal communication in Australia the AFP estimated this at around 5%.

Like much of the world, many of the conversations between Australians are conducted via text messaging. And increasingly, these messages are sent and received in encrypted form.

Well-known messaging apps such as WhatsApp, iMessage and Signal employ end-to-end encryption technology. This means that the digital material making up the messages, including text, images, audio and video are all encrypted on the sending device before theyre transmitted, and are only able to be decrypted by the final receiving device.

Under this model, its not feasible, at least with current computer technology, for an eavesdropper (or law enforcement agency) to decrypt any messages they intercept.

This enables completely private information exchange. For many reasons, this facility of modern life is highly desirable. It provides comfort that our interactions arent being spied upon, and allows us to securely exchange sensitive information. Indeed, beyond text messaging, end-to-end data encryption is crucial for the safety of many of the online transactions we now take for granted.

So, tools for pervasive encrypted communication, once thought of as the purview of security agencies and secretive intelligence operatives, sit in all our hands today. But as recent events highlight, theres a darker consequence of this technology. Along with hiding our innocuous conversations with friends, our work discussion groups, not to mention the voices of freedom under oppression, end-to-end encryption does just as good a job at hiding criminal activity of the worst kind.

Although law-breaking is increasingly technology-driven, criminal networks do not need to be particularly sophisticated to obscure their communications with these widely available secure messaging apps.

This has resulted in the always-present tension between the privacy of individuals, and the safety of communities, being writ large. Coupled with the anonymisation of online activity afforded by the dark web, these technologies have placed enormous barriers in the way of policing and disrupting serious crime. After all, surveillance by law enforcement authorities under warrant is only fruitful if the data gathered is able to be read and understood.

As one particularly damaging example of crime facilitated by the internet, and increasingly by encrypted communication, the distribution of child sexual abuse material has reached a horrendous scale.

Last year, the US-based National Center for Missing and Exploited Children received more than 21 million reports of it from electronic service providers, 94% of which were from Facebook. At the same time, in order to meet oft-stated commitments to user privacy, Facebook is racing to implement end-to-end encryption across its platform. But the company has since acknowledged that this change will make uncovering such material much more difficult.

Although the Facebook-owned WhatsApp has increased its reporting of child sexual abuse material through sophisticated analysis of metadata, its clear that the absence of an ability to analyse the content of images themselves hampers the technological countering of this crime. Similarly, terrorism, drug trafficking and illegal weapons trading are all beneficiaries of the capacity to effectively obscure communication.

Here lies the challenge.

As more and more of our communications are hardened by encryption, the debate will continue as to where the line between privacy and safety sits.

Theres a widespread expectation that users in many parts of the world want to engage in privacy-preserving communication, and hence theres a high value in marketing such systems to gain competitive advantage.

How, then, do we best respond to the need for disruption of criminal activity and preservation of safety in communities in such an environment?

Legislative responses to the rise of end-to-end encryption and the challenges it poses to law enforcement agencies, so far, vary.

In Australia, perhaps the most powerful feature of controversial laws passed in 2018 is the capacity to issue enforceable technical capability notices.

These notices could require service providers to take actions to ensure the provider is able to help to enable laws to be enforced or national security safeguarded. These notices are so named as they may require providers to employ new technical capabilities beyond those they already implement.

Importantly, these notices are prohibited from requiring that providers implement back doorsor other systemic weaknesses such as building a decryption capability or requiring that providers make their encrypted systems less effective. A range of other notices can be issued to providers to require them to provide assistance using their existing technologies via whats known as an industry assistance framework.

As more and more of our communications are hardened by encryption, the debate will continue as to where the line between privacy and safety sits.

Governments will likely be grappling with this issue for some time, given simultaneous commitments to security of personal data and safety of their population.

Indeed, the Council of the European Union adopted a resolution in December entitled Security through encryption and security despite encryption, calling for a new regulatory framework and investigation of technical solutions. Also last year, an international statement calling for similar action was released by the US Department of Justice.

More widely, the topic of end-to-end encryption, including technical and legal responses, continues to be the subject of much dialogue between the tech industry, government, academia, and law enforcement.

Ultimately, the whole community must be genuinely involved in this debate so that a balanced position that is both workable and broadly acceptable is achieved.

View original post here:
Finding the balance in encryption and crime-fighting Monash Lens - Monash Lens

EXECUTIVE SUMMARY

Encrypted messaging applications (EMAs) that rely on end-to-end encryption (E2EE), like Signal, Telegram, and WhatsApp, offer a level of intimacy and security that have made them remarkably popular among activists and others who want to communicate without fear of government surveillance. These qualities also make them a useful vector for disinformation: they offer a means of spreading untraceable claims to users via trusted contacts in a secure environment. This policy brief argues that successfully countering disinformation on EMAs does not require undermining this stronger form of encryption.

Although EMAs typically end-to-end encrypt the content of private messages, they often do not encrypt the metadata of those messages. Interventions based on that metadata show particular promise. Metadata-based forwarding limits on WhatsApp, for instance, appear to have slowed the proliferation of disinformation in India and elsewhere. Third-party evaluations of such approaches are needed to develop and guide best practices for use on other platforms, particularly given criticism of, and broader worry surrounding, WhatsApps use of said metadata.

Disinformation campaigns on EMAs are successful primarily because of the intimacy and trust they afford. Regulatory responses to disinformation EMAs should therefore target how that trust is leveraged, rather than EMAs use of E2EE. For example, stricter advertising disclosure laws would prevent influence farms coordinating on EMAs from spreading untraceable political messaging.

The rest is here:
Countering disinformation and protecting democratic communication on encrypted messaging applications - Brookings Institution