Opinion Conspiracy theories are nothing new, but the recent one that blamed the rollout of 5G networks for the spread of Covid-19 is one of the more bizarre examples in recent memory. Not only is it very obviously untrue to anyone that understands either the technology or virology, but there is also little real correlation. New Zealand which was one of the first countries to declare itself virus-free is accelerating its current 5G rollout while Brazil and the USA which have seen the highest death rates are not among the leaders in 5G adoption.

However, there are other parallels and lessons that could be learned here. Firstly, around following the science rather than political agendas and secondly around protection not only from radiation, but also from malware and snooping.

Many political leaders across the globe have claimed that their response to the pandemic has been led by the science. Unfortunately, there are many different ways of interpreting the science and also still many unknowns. Consequently, politicians have used the science to back their own agendas, at times arguing either in favour or against the use of face masks, lockdowns and testing depending on how well prepared they were or how much they were willing to admit to earlier mistakes. Populist leaders in particular have not fared well during the pandemic, being more prone to grandstanding than accepting the best scientific advice.

Similarly, with 5G, there are undeniable technological and economic advantages from having collaboration in the market to drive innovation and interoperability, as well as from having a level competitive playing field to ensure choice and value for money. Unfortunately, a populist agenda in the US to scapegoat certain Chinese players as part of a trade war has had a massively negative impact on the entire 5G rollout. The irony is that while nobody has yet found any backdoors in the Chinese equipment, the US Congress is currently seeking to pass a bill that would force companies to include backdoors in all encryption, showing that the US is actually doing what it want us to believe that the Chinese might be doing. The US arsonist is too busy shouting at the Chinese to stop playing with matches to spot the irony here.

The issue of PPE (masks, gowns, gloves) during the pandemic has shown us how important protection is. Firstly, it can be shown beyond doubt that in radiation terms 5G is far safer than previous generations of mobile communications, just as 4G was safer than 3G. Our ability to communicate more efficiently, increasing performance as we reducing power consumption, has been as effective for mobile communications as it has been for microprocessors (see Moores Law) and many other areas of technology.

Secondly, if encryption can be maintained then 5G is also more secure than previous generations of mobile technology. 5G uses encryption to provide anti-tracking and spoofing features that make it harder to track and manipulate individual device connections. 5G is also a much more software and cloud-based than previous wireless network technologies, which will allow for better monitoring to spot potential threats. It also allows operators to use network slicing to segment the system in numerous virtual networks, each of which can be managed and customized separately. This means that different slices can have different protections set up for specific types of devices.

At a time when the variety and sophistication of cyber threats is not only at an all-time high, but is also on the increase, we cannot afford either to drop our level of vigilance or to create any unnecessary vulnerabilities.

Patching vulnerabilities is a fulltime job for all technology vendors, the race to find and patch flaws is one that we need to win every time, while the cybercriminals only need to win occasionally. Independent scrutiny can be of benefit here. Many vendors offer bug bounties and Huawei has put its equipment forward for additional testing by labs based in the UK and elsewhere.

Almost all the 5G security is built on encryption. The problem about creating backdoors in this encryption is that you create additional associated vulnerabilities as well as governance issues. It is a bit like having a particularly virulent strain of smallpox held in a secure lab that if it escaped would instantly infect everyone. You would want to be sure that the lab was really secure and that those that held it were trustworthy.

Unfortunately, the proposed congressional bill would put the keys to the encryption backdoors in the hands of an administration that is unashamedly America First and does not feel obliged either to abide by international treaties or to cooperate with global institutions (such as the WHO) and an intelligence community that has already allowed its own hacking tools to be stolen and that has also already shown that it is neither open or honest about its use of encryption backdoors. Not only would governance issues be of concern to almost all other nations, but it would also be probably only a matter of time before criminals obtained access to the backdoors, thereby undermining everyones security.

The congressional encryption bill, while a well-intentioned initiative by politicians who do not understand the technological consequences, is a far greater threat to our collective security (over 5G and all other technologies) than the vendor that the US administration is currently seeking to scapegoat.

We need to be focusing on bug bounties and enhanced testing of equipment from all vendors, as well as global collaboration to patch vulnerabilities and counter the real threats, rather than creating back doors that would open up what could be calamitous new vulnerabilities.

After all, if you are not confident in the security of Huawei equipment then in a competitive market you have alternative vendors to choose from. However, if the back doors mandated by congress are universal then you may not have another choice and you certainly dont have any choice in terms governance keys to the backdoors are controlled by the US government and its intelligence services alone (not the UN or your own government), until that is they fall into the hands of cybercriminals.

Given the mess that the current US administration has made over coronavirus, are we confident that they can be trusted with the keys to encryption backdoors for all our data either to use them responsibly or to keep them safe?

I am not in favour of backdoors at all, as they create new vulnerabilities. If, however, they are a political necessity, then maybe every member of the UN should nominate a country CTO and this group should be collectively responsible not only for holding the encryption keys, but also for collaborating on an international basis to address the growing cyber threat (especially from rogue nations).

Editors note: Bill works with a number of global vendors and accepts paid commissions from them, including Huawei; however, he has requested for us to point out that he is paid for his time and not his opinions therefore the opinions expressed in this and other articles are entirely his own.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend theCyber Security & Cloud Expo World Serieswith upcoming events in Silicon Valley, London and Amsterdam to learn more.

Original post:
Thoughts on encryption legislation - and the real 'link' between 5G and coronavirus - Cloud Tech

Police scanners in Scott County are set to go silent under a radio replacement plan currently being rolled outcountywide.

Local law enforcement dispatch communications will be aired over anencrypted channel oncethe new radios are in use, local officials confirmed.

The switch to encryption, expected to take place in spring 2021, means the general public will no longer be able to hear police incidents unfold through handheld scanners, scanner applications and websites such as Broadcastify.

Scott County Sheriff Luke Hennen said the change is being made in the interest of publicsafety and victim privacy.

"Calls we go to and people's struggles don't need to be broadcast," Hennensaid.

Scott County Sheriff's Office Capt. Scott Haas said listening to police radio traffic is increasingly popular, and changes in technology have made it easy for anyone including individuals engaged in criminal activity to tune in.

"We have an obligation to protect people having a bad day, and to protect people's private information," Haas said.

Law enforcement agencies in Dakota County have also been purchasing radioswithencryptioncapabilities in recent years, but officials said they don't have a plan for how or if they'll use the encryption feature.

"There's arguments on both sides," said Dakota County Sheriff's Office Deputy Chief Joe Leko. "Officer safety and transparency."

Mark Anfinson, a Minnesota attorney specializing in information law and data practices, said both sides represent a strong, legitimate public policy issue. Anfinson represents the Minnesota Newspaper Association, which includes this newspaper.

"You dont want law enforcement operating in the dark anymore than you have to," he said. "And to some degree, secrecy of law enforcement is totally legitimate."

But to thinkencryptionalways falls on the side of protecting victims ofcrime ignores thevalue of publicaccountability, Afinson continued.

Thats what public accountability is all about helping the victims," he said.

Critics of encryption, which include many news organizations throughout the country, say the change weakens transparency and ends a longstanding, essential news-gathering practice of responding to an incident, such as a crash or shooting.

Last year, the Minnesota Chapter of the Society of Professional Journalists called on Hennepin County Sheriff Dave Hutchinson to reverse a decision to encrypt the police communications from all departments using the county's dispatch services.

"Particularly with incidents that involve a police response, this transparency helps hold authorities accountable if something should go wrong an essential part of building trust between law enforcement and the communities they serve," Chris Snowbeck, the journalist organization's president, wrote last year. "It also can help readers and viewers better understand the actions of law enforcement."

Under the current radio system, not all 911 communications are publicly available. State law protects the public from hearing 911 callers, and Scott County's current equipment keeps tactical operations off the air.

Officers involved with SWAT or drug task for operations already use encrypted radios, for example, but moving routine police calls to an encrypted channel is an "all or nothing" decision, Hennen said.

In recent years, each police department in Scott County has been replacingold radio equipment with equipment that offers encryptioncapability, but the switch to an encrypted channel won't occuruntil every officer is ready.

Hennen said that's expected to happen sometime next year.

After the switch, fire department calls throughout the county will remain accessible to the public on an open channel.

Hennen and Haas both said continuing to offer access to fire department communications provides a point of balance to residents wanting information about major public safety incidents.

"The fire channel captures that, yet itdoesn't downplay our safety," Hennen said.

Burnsville Police Capt. Don Stenger said Burnsville officers all have encryption technology on their radios these days, but the department doesn't yet use it.

Tom Folie, executive director of the Dakota County Communications Center where the county's emergency calls are dispatched, said he thinks encryption is desired in the long-term, but it's probably two to three years away.

Read the original:
Scanner shutdown: Local law enforcement to take dispatches off the air - SW News Media

A few weeks ago a group of U.S. Republican senators introduced the Lawful Access to Encrypted Data Act, a bill that would compel American tech companies to put backdoors in their products to give law enforcement access to customers data with a warrant.

If passed, the Act will put everyones data at risk, while reversing decades of work to make encryption stronger and personal data more secure.

Even for purposes of lawful access, no company wants government pressure to insert vulnerabilities in their products. Adding any sort of hidden backdoor access or decryption capability potentially jeopardizes a companys reputation and its business prospects.

Yet such pressure is reality in the tech industry. In 2016, for example, Apple famously refused an FBI request to unlock an iPhone linked to a shooting in California.

But its not just the U.S. government pushing companies to install backdoors. In 2018, a letter was issued by the Five Eyes intelligence-sharing alliance, consisting of the U.S., U.K., Canada, Australia and New Zealand. The letter warned that if private companies refused to help authorities de-code encrypted emails, text messages, and voice communications, the Five Eyes governments might pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.

Tech companies have faced such pressure to compromise privacy for decades. In the 1990s, the FBI floated the concept of key escrow, whereby software developers would copy the keys to every algorithm and give them to authorities upon request. In 2017, thenU.S. Deputy Attorney General Rod Rosenstein claimed that encrypted apps were protecting criminals like terrorists and drug dealers. Rosenstein acknowledged that the approach taken in the recent past negotiating with technology companies and hoping that they eventually will assist law enforcement out of a sense of civic duty is unlikely to work.

Why would that be? Do technology companies lack a sense of civic duty? A more likely explanation is that they know vulnerabilities are inevitably discovered and exploited. This turns their products into the cyber-equivalent of a suitcase lock made for the Transportation Security Administration. TSA authorities have master keys that can open any TSA-approved lock, allowing the agency to open your luggage without breaking the lock and damaging your suitcase.

As many people predicted when the program was rolled out, this vulnerability was soon exploited by hackers, allowing anyone with a 3D printer copy of the master keys and sell them on the black market. The same thing could easily happen with data networks.

As the Internet of Things ushers in an era of cyber-physical systems, network security is becoming a matter of life and death: instead of just disclosing your credit card information, a system breach could highjack the car youre driving or stop the pacemaker that controls your heart.

Think about the legal liability, reputational damage, and potential loss of life. What company wants any part of that?

Its sponsors in Congress will argue that the Lawful Access to Encrypted Data Act will keep Americas networks safe. Sadly, the effect will be the exact opposite. And tech companies know it.

Just as no organization wants to get hacked, no company in the world wants to install backdoors in their technology. Its just bad for business, as products are compromised, customers angered, and corporate reputations tarnished or destroyed.

Building a backdoor access that may be exploited by #hackers is a risk that no technology company is willing to take. #cybersecurity #respectdata Click to Tweet

Any backdoor makes us all less secure. As cyber security expert Bruce Schneier points out, you cant build a backdoor that only works with proper legal authorization, or only for people with a particular citizenship or the proper morality. If a backdoor exists, it can be exploited. Thats a risk no company is willing to take.

Read more from the original source:
Bill That Mandates Cyber Backdoors Will Leave Front Doors Wide Open - CPO Magazine

What do you think of competition? What sets you apart? What do you have to say about competition from India, more specifically JioMeet?

We have been dealing with competition since 2011, when the company was founded. We have had to deal with very large incumbents in the marketplace from an early timeframe. We view competition as a good thing. It only spurs us to focus on what we can controlour innovation and our ability to deliver happiness to our customers.

It takes a lot for us to deliver Zoom in the way it is: a very easy to use, high quality, video collaboration service. And as I mentioned, the architecture is very important. The know-how around the globally distributed network that we have, even the user interface, the simplicity, the feature set, etc. These are all things that we agonise over and have agonised over in our development. And really take feedback from our customers to heartboth our free customers all the way to our paid customers.

I would say there is no one thing that makes Zoom special. I think it is a combination of all of that and an intensely focussed and driven employee base that really cares for its customer and its community. And I think that has helped us up to this point address competitive threats, and it will help us going forward.

About JioMeet, to be honest, I havent looked at the product. But I will say the factors that help us compete, you know, historically are going to be the factors that help us compete going forward, we are focussed on delivering a very secure, very reliable, and very easy to use product. And that we are going to focus on what we can control.

Having said that competition just makes you more hungry. There should be no difference to how that impacts Zoom today as it has impacted Zoom years before as well and all along.

There is speculation about Zoom being a Chinese company. Could you tell us something about its origins?

I will just say that Zoom is not a Chinese company. We are listed on the Nasdaq and our headquarters are here in San Jose. Our founder [Yuan] may be ethnically Chinese, but hes an American citizen. He's been in this country since 1997. His three kids go to the local schools. His life has largely been American by choice.

We were set up with the intention to provide workplace collaboration services, for businesses, and with the view that, if we can provide video conferencing or video collaboration services to enterprises. That would be sort of the holy grail for us. At the end of December, we had around 10 million daily meeting participants. And by the end of April we had 300 million daily meeting participants, and that has been the significant shift during the pandemic.

A lot of it are schools. Education has always had a big value for our company. Erics core passion in education, but it's also our employees core passion. We did a ground-up survey of our employees and education was one of the top three initiatives. So, it made sense when the pandemic hit, to offer countries across the world, the opportunity to have free service for schools.

I think I noticed the difference when we offered K through 12 services for free in the U.S. Suddenly everybody knew about Zoom. We started to get a lot of different use-cases that we had probably not anticipated, because largely we are focussed on enterprises. And the challenge we face going forward is how do we embrace and continue to allow to flourish these various use-cases.

Zoom was made for the enterprise, but individuals took to it in droves. Did problems such as Zoombombing and the like crop up because it wasnt being used the way it was envisaged to be?

Zoom was originally developed for enterprise use and has been confidently selected for complete deployment by a large number of institutions globally, following security reviews of our user, network, and datacentre layers. However, we saw more participation from standalone users, who have been using the platform to connect to their family, friends, and colleagues; increased usage by schools to continue the education processes, etc. A lot of such users are unaware of various security measures one should adopt while on a virtual platform, leading to issues like meeting bombing.

Zoom has recently launched the latest version, Zoom 5.0, that delivers one of our most advanced security enhancements to date with support for AES 256-bit GCM encryption, which provides added protection for meeting data and greater resistance to tampering. The version provides users with features like reporting a user, new encryption icon, and enhanced data centre information which allows more flexibility and security to users.

Let us talk about end-to-end encryption (E2EE) and endless speculation about whether it would be offered to free users. How do you end the speculation?

Well, let me end it right now. We are in the development process for end-to-end encryption. We have already announced that were going to have a limited beta. And then we are going to continue working on rolling out this product through the end of the year. It will be the first end-to-end encryption feature available on video collaboration. Its very hard to do and then it will be the first. What were trying to accomplish is to have in Zoom formats or Zoom scale I want to be very clear that it will be available for all customers across the platform, both paid and free. Were still working out the details, but we will probably deploy some sort of a one-time risk-based authentication for free users that use E2EE.

But at the end of the day, it is extremely important that we provide an opportunity for our customers to have communications that they believe are private and secure. I want to just make sure that youre aware that today even without E2EE, when our customers are using the application and are on the parts of the application that are controlled by Zoom, they have AES 256-bit GCM encryption, which is industry leading today.

All Zoom users will continue to use AES 256 GCM transport encryption as the default encryption, while E2EE will be an optional feature. This is because it limits some meeting functionality, such as the ability to include traditional PSTN phone lines or SIP/H.323 hardware conference room systems. Hosts will toggle E2EE on or off on a per-meeting basis. And account administrators can enable and disable E2EE at the account and group level.

Read the original:
Virtual and face-to-face connect to coexist: Zoom COO - Fortune India