Download free GDPR compliance checklist!

Tag Archives for " encryption "

Sen. Graham Draft Bill Would Ban Encryption, Undermine User Privacy, Security

Senator Lindsey Graham, a top Trump ally, is targeting giant internet platforms with a child protection measure that could threaten tech companies’ use of encryption and a liability exemption they prize.

Although the measure doesn’t directly mention encryption, it would require that companies work with law enforcement to identify, remove, report and preserve evidence related to child exploitation — which critics said would be impossible to do for services such as WhatsApp that are encrypted from end-to-end.

Source: Lindsey Graham Proposal Could Expose Apple, Facebook to Lawsuits – Bloomberg

Exploit Fully Breaks SHA-1 encryption

Users of GnuPG, OpenSSL and Git could be in danger from an attack that’s practical for ordinary attackers to carry out.

A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering.

Source: Exploit Fully Breaks SHA-1, Lowers the Attack Bar | Threatpost

Facebook and Barr Escalate Standoff Over Encrypted Messages

With 1.5 billion users, Facebook’s WhatsApp is perhaps the world’s most commonly used encrypted communications platform.

Facebook executives and Attorney General William P. Barr sparred on Monday over whether encrypted messaging products should be open to law enforcement, escalating a standoff over privacy and policing.

In a letter to Mr. Barr, the executives overseeing Facebook’s WhatsApp and Messenger, Will Cathcart and Stan Chudnovsky, wrote that creating a so-called backdoor into their services for law enforcement would make their users less safe.

Source: Facebook and Barr Escalate Standoff Over Encrypted Messages – The New York Times

Interpol: Strong encryption helps online predators. Build backdoors

Multinational police agency Interpol is due to say that tech companies deploying strong encryption helps paedophiles – unless they build backdoors for police workers.

So-called “think of the children” rhetoric is a tried and trusted strategy for police workers who are determined to get their way with politicians. The agency has yet to issue the communique in question, though it is expected to be welcomed by Western governments increasingly fed up that their internal security agencies are unable to exercise China-style social control and surveillance over their populations.

Source: Interpol: Strong encryption helps online predators. Build backdoors • The Register

Deidentification versus anonymization

Anonymization is hard. Just like cryptography, most people are not qualified to build their own.

Unlike cryptography, the research is far earlier-stage, and the pre-built code is virtually unavailable. That hasn’t stopped people from claiming certain datasets (like this ) are anonymized and (sadly) having them re-identified.

Full article: Deidentification versus anonymization

Germany mulls giving end-to-end chat app encryption

Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.

Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people’s private enciphered chats to authorities that obtain a court order.

Source: Germany mulls giving end-to-end chat app encryption das boot: Law requiring decrypted plain-text is in the works • The Register

Big Tech condemn GCHQ proposal to listen in on encrypted chats

An international coalition of civic society organizations, security and policy experts and tech companies — including Apple, Google, Microsoft and WhatsApp — has penned a critical slap-down to a surveillance proposal made last year by the UK’s intelligence agency, warning it would undermine trust and security and threaten fundamental rights.

GCHQ’s idea for a so-called ‘ghost protocol’ would be for state intelligence or law enforcement agencies to be invisibly CC’d by service providers into encrypted communications — on what’s billed as targeted, government authorized basis.

If implemented, it will undermine the authentication process, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused. Users won’t be able to trust that their communications are secure, thereby posing threats to fundamental human rights, including privacy and free expression.

Source: Apple, Google, Microsoft, WhatsApp sign open letter condemning GCHQ proposal to listen in on encrypted chats | TechCrunch

Irish data regulator looking into Facebook password gaffe

Ireland’s Data Protection Commission (DCP) has confirmed it’s looking into the hundreds of millions of passwords that Facebook stored without encryption.

The social network notified the regulator that user passwords for Facebook, Facebook Lite and Instagram were stored in plain text in the company’s internal servers.

Source: Irish data regulator looking into Facebook password gaffe | IT PRO

HTTPS Isn’t Always as Secure as It Seems

A surprising number of high-traffic sites have TLS vulnerabilities that are subtle enough for the green padlock to still appear.

Transport Layer Security, or TLS, encrypts data between your browser and the web servers it communicates with to protect your travel plans, passwords, and Google searches from prying eyes. But new findings from researchers at Ca’ Foscari University of Venice in Italy and Tu Wien in Austria indicate that a surprising number of encrypted sites still leave these connections exposed.

Source: HTTPS Isn’t Always as Secure as It Seems | WIRED

Silicon Valley – Not Governments – Will Kill Encryption

It is Silicon Valley that will roll back the protections of encryption, not for the needs of governments to combat terrorists and criminals, but for their own profit-minded needs to continue mining, monetizing and manipulating their users.

The growing popularity of end-to-end encryption threatens to upend this uneasy truce between digital security and the ability of web companies to mine our personal data.

Full article: Silicon Valley – Not Governments – Will Kill Encryption

1 2 3 10