Posts Tagged “encryption”

Responsible encryption »

Kurt Opsahl, The EFF:

The Department of Justice has said that they want to have an “adult conversation” about encryption. This is not it. The DOJ needs to understand that secure end-to-end encryption is a responsible security measure that helps protect people.

EFF argues border agents need warrants to search digital devices »

“Our cell phones and laptops provide access to an unprecedented amount of detailed, private information, often going back many months or years, from emails to our coworkers to photos of our loved ones and lists of our closest contacts. This is light years beyond the minimal information generally contained in other kinds of personal items we might carry in our suitcases. It’s time for courts and the government to acknowledge that examining the contents of a digital device is highly intrusive, and Fourth Amendment protections should be strong, even at the border,” said EFF Staff Attorney Sophia Cope.

It’s ludicrous that a warrant is not currently required for these searches. If a search is truly necessary, the authorities in question should be able to obtain a warrant with ease.

We Should All Care About Encryption

Andy Yen, via TED.com:

If we squander privacy by allowing back doors or building illicit vulnerabilities into encryption tools, there is nothing to protect us from prying corporations, spying governments or even criminals bent on abusing our data. Unfortunately, there is no such thing as a back door that only lets the good guys in.

Data must always be encrypted, end-to-end, period — before it leaves your computer. Privacy is a fundamental right. Let’s not squander it in the name of security.

Senate push for encryption legislation falters

Via Reuters:

Draft legislation that Senators Richard Burr and Dianne Feinstein, the Republican and Democratic leaders of the Intelligence Committee, had circulated weeks ago likely will not be introduced this year and, even if it were, would stand no chance of advancing, the sources said.

Fantastic news. This bill (and the push behind it) was ill-conceived at best and would have caused untold damage were it to pass.

DHS Boss Calls For More Fear, Less Encryption »

Techdirt:

This is wonderful stuff if you’re a fan of authoritarianism. Shut up and show your support. It’s a message that’s been sent several times by the new president. Now, it’s being echoed by his top officials.

Yet another ill-considered power grab in the name of safety.

Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.

The year encryption won »

Via Wired:

It’s not a firm guarantee, and who knows what a Trump administration will bring. For now, though, it’s enough to appreciate the gains encryption made in 2016, and be hopeful that 2017 will only build on them.

DOJ takes war on encryption to WhatsApp

Via The EFF:

The government’s theory, that the All Writs Act gives it the power to compel American companies to write code and design products to ensure law enforcement access to encrypted content, is virtually without limits. No devices, and indeed no encrypted messaging services, would be safe from such backdoor orders. If the government wins in San Bernardino, it could even force companies to give it access to software update systems, and send their users government surveillance software disguised as security patches.

The government is taking its war on encryption to WhatsApp’s front door. This is, perhaps, even more terrifying than their effort to force Apple to hamstring its device security. It’s one thing if the government can force its way in to devices but, oftentimes, services used on secured devices have their own, additional layers of security. This is the government attempting to compromise security further by making inroads in to security provided by messaging (and other) service providers.

Chilling.

Dutch government on encryption

Via Ars Technica:

…forcing companies to add backdoors to their products and services would have “undesirable consequences for the security of communicated and stored information,” since “digital systems can become vulnerable to criminals, terrorists and foreign intelligence services.”

Exactly.

Backdoor password in Juniper's firewall code

Via Ars Technica:

On December 17, Juniper Networks issued an urgent security advisory about “unauthorized code” found within the operating system used by some of the company’s NetScreen firewalls and Secure Service Gateway (SSG) appliances. The vulnerability, which may have been in place in some firewalls as far back as 2012 and which shipped with systems to customers until late 2013, allows an attacker to gain remote administrative access to systems with telnet or ssh access enabled.

This is exactly why creating back doors in to encryption is a really bad thing. We don’t need a ‘Manhattan-like project’ to create more security holes like this one — if you create backdoors, even for legitimate purposes, you’ll simply be increasing the likelihood that incidents like this will continue to happen.