fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " encryption "

Worries arise about security of new WebAuthn protocol

A team of security researchers has raised the alarm about some cryptography-related issues with the newly released WebAuthn passwordless authentication protocol.

WebAuthn was officially launched earlier this year, in April. It’s a standard developed under the patronage of the World Wide Web Consortium (W3C), the official body for all web standards. Cryptography experts point out that new WebAuthn protocol recommends or requires the implementation of old and weak algorithms known to be vulnerable to attacks for years.

Source: Worries arise about security of new WebAuthn protocol | ZDNet

Russia May Unban Telegram…if it Shares Encryption Keys with the FSB

Russia’s telecom watchdog said that it may reverese the ban on Telegram if the company shares its encryption keys with federal law enforcement. Nevertheless, Telegram has not given any indication that it will update its stance in response to the Supreme Court ruling or RKN’s offer.

Source: Russia May Unban Telegram…if it Shares Encryption Keys with the FSB

Tech industry told ‘privacy is not absolute’ and end-to-end encryption ‘should be rare’

An international network of intelligence agencies, so-called Five Eyes nations – the US, UK, Canada, Australia and New Zealand, in a joint communiqué and statement of principles has told the tech industry that ‘privacy is not an absolute’ and that the use of end-to-end encryption ‘should be rare’.

The statement on privacy contains a veiled threat to tech companies that they may face legislation if they don’t take steps to ensure that they can allow access to ‘appropriate government authorities.’

Source: Tech industry told ‘privacy is not absolute’ and end-to-end encryption ‘should be rare’ | 9to5Mac

U.S. government seeks Facebook help to wiretap Messenger

The U.S. government is trying to force Facebook to break the encryption in its popular Messenger app so law enforcement may listen to a suspect’s voice conversations in a criminal probe, three people briefed on the case said, resurrecting the issue of whether companies can be compelled to alter their products to enable surveillance.

Source: Exclusive: U.S. government seeks Facebook help to wiretap Messenger – sources | Reuters

Australian Law Draft Requires Companies to share Encryption Data

The Australian government has proposed a new law that would force tech companies that have encrypted data relevant to an investigation to hand over the information they have stored when requested by law enforcement. Companies that don’t comply could face fines up to $7.3 million and people involved in not complying could face jail time.

Source: Proposed Australian Law Threatens Apple and Facebook’s Privacy Policies | Fortune

Proposed UK surveillance laws give police power to access electronic devices

Proposed laws would also compel Facebook, Apple and Google to assist in decrypting private communications Law enforcement agencies would gain new powers to conduct covert surveillance on electronic devices and compel technology companies to assist in decrypting private communications under proposed legislation.

Source: Coalition’s surveillance laws give police power to access electronic devices

There is No Middle Ground on Encryption

Encryption is back in the headlines again, with government officials insisting that they still need to compromise our security via a backdoor for law enforcement.

Opponents of encryption imagine that there is a “middle ground” approach that allows for strong encryption but with “exceptional access” for law enforcement.

Source: There is No Middle Ground on Encryption

Telefonica breach leaves data on millions exposed

Identity and payment information – including land line and mobile numbers, national ID numbers, addresses, banks, names and call records – was exposed although there is no evidence that any of the data was used in fraudulently. If Telefonica’s data had been protected by end-to-end encryption “there would be no breach to report under GDPR,as stolen encrypted data would be unusable. Now that GDPR is in effect, the Telefonica customer notifications and follow-up must be done in a compliant and potentially expensive way.

Source: Telefonica breach leaves data on millions exposed

UK’s police warns tech companies on use of encryption

The encryption technology that keeps smartphone users’ private messages safe could be regulated by the government because it is sometimes used by terrorists, the senior inspector overseeing the UK’s police forces has claimed.

Firms responsible for instant messaging apps are “making life easier for terrorists, paedophiles and organised criminals” while frustrating law enforcement by locking out the police, HM Chief Inspector of Constabulary said.

Source: Tech companies are bringing regulation on themselves by using encryption, warns UK’s top police watchdog | The Independent

Why the ‘encryption exception’ may be over used

EU General Data Protection Regulation and some U.S. state laws provides the “encryption exception” – it can be used to exempt a company from breach reporting and notification obligations if data was encrypted and the key had not also been compromised.

The reasoning is that encryption preserves confidentiality – even for stolen data – by rendering it unreadable. But it’s not really true.

Source: Why the ‘encryption exception’ may be over used

>