New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire


The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. Government Privacy apple Data Privacy Encryption End to end encryption Facebook FBI Lawful Access to Encrypted Data Act Security

Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

E.U. Authorities Crack Encryption of Massive Criminal and Murder Network


Cryptography Government Mobile Security Privacy Android criminal communications Criminals EncroChat encrypted chat Encryption European Union France law enforcement mobile murder network secure mobile messaging The Netherlands U.K.

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

Report: Encrypted Smartphone Takedown Outed Canadian Mole

Data Breach Today

After Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale The Canadian government has arrested a senior intelligence official on charges of working as a mole.

Report: Apple Scuttled Encryption Plans for iCloud Backups

Data Breach Today

Technology Giant Didn't Want to 'Poke the Bear,' Sources Tell Reuters Apple previously scuttled plans add end-to-end encryption to iCloud backups, Reuters reports, noting that such a move would have complicated law enforcement investigations.

Enhancing the Security of Government Websites

Data Breach Today

All the sites eventually will use the HSTS protocol, which ensures that a users' connection to a website is encrypted and can protect against man-in-the middle attacks and cookie hijacking

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Q&A: The troubling implications of normalizing encryption backdoors — for government use

The Last Watchdog

Should law enforcement and military officials have access to a digital backdoor enabling them to bypass any and all types of encryption that exist today? The disturbing thing is that in North America and Europe more and more arguments are being raised in support of creating and maintaining encryption backdoors for government use. Here are excerpts edited for clarity and space: LW: What’s wrong with granting governments the ability to break encryption?

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data.

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations.

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. Governments have legitimate law enforcement and national security interests.

Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors

Schneier on Security

This is true even though encryption will impose costs on society, especially victims of other types of crime. [.]. Basically, he argues that the security value of strong encryption greatly outweighs the security value of encryption that can be bypassed.

US Government Sites Give Bad Security Advice

Krebs on Security

government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Census Bureau website [link] carries a message that reads, “An official Web site of the United States government. “It only indicates that the connection is encrypted. government. Many U.S.

Apple to Store Encryption Keys in China

Schneier on Security

Apple is bowing to pressure from the Chinese government and storing encryption keys in China. apple china cloudcomputing encryption iphone keyescrow privacy

Apple Mail stores parts of encrypted emails in plaintext DB

Security Affairs

The Apple Mail app available on macOS stores leave s a portion of users encrypted emails in plaintext in a database called snippets. SecurityAffairs – encryption, hacking). The post Apple Mail stores parts of encrypted emails in plaintext DB appeared first on Security Affairs.

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

The Last Watchdog

Encryption is a cornerstone of digital commerce. Related: A ‘homomorphic-like’ encryption solution We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest. However, we’ve yet to arrive at a seminal means to crunch encrypted data – without first having to decrypt it. PKI is the authentication and encryption framework on which the Internet is built.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. What is the purpose of Enterprise Key Management if Slack really encrypts the data? Slack currently encrypts your data in transit and at rest.

Amazon, Google Block Trick That Let Encrypted Chats Flow

Data Breach Today

Collateral damage is already being felt by the likes of Signal, a popular, encrypted-messaging app blocked by some governments

Russian govn blocked Tutanota service in Russia to stop encrypted communication

Security Affairs

Tutanota , the popular free and open-source end-to-end encrypted email software, has been blocked by Russian authorities. The popular free and open-source end-to-end encrypted email service Tutanota has been blocked in Russia on Friday evening.

The GDPR: Requirements for encryption

IT Governance

Six months since the GDPR (General Data Protection Regulation) came into force, pseudonymisation and data encryption remain the only technology measures specifically mentioned in the famously technology-agnostic Regulation. But what exactly is meant by ‘pseudonymisation’ and ‘encryption’?

Encryption trends and predictions over 50 years

Thales eSecurity

Modern encryption can trace its root back to before WWII when Alan Turing built a modern computer in order to break the Enigma. We’ve also seen promising approaches, such as homomorphic encryption, come out of academia that have yet to find common practice in real-world applications.

Why Enterprises Should Control Their Encryption Keys

Thales eSecurity

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data.

Failure to encrypt mobile devices results in $3 million HIPAA settlement

IG Guru

A US health system is forced to settle as a result of not encrypting mobile phones. The post Failure to encrypt mobile devices results in $3 million HIPAA settlement appeared first on IG GURU. Check out the source or the report here. Photo by Yura Fresh on Unsplash.

Decrypting Basic Encryption — A Layperson’s Guide to Words and Phrases


Most people recognize that basic encryption is vital to protecting the organization. But, what is basic encryption? Here are some basic encryption words and phrases for everyone to use with confidence. Ciphertext is encrypted text. Encryption and decryption keys lock and unlock encrypted data, respectively. Data encryption uses math to scramble and encode text so that no one can read it. Encryption Standards. •

So Wait, How Encrypted Are Zoom Meetings Really?

WIRED Threat Level

The service's mixed messages have frustrated cryptographers, as the US government and other sensitive organizations increasingly depend on it. Security Security / Security News

New Method Proposed for Secure Government Access to Encrypted Data

Dark Reading

Crumple Zones' in crypto mechanisms can make it possible - but astronomically expensive - to access encrypted data, say researchers from Boston University and Portland State University

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. In 1939, just before Germany was invading Poland, the British government received an Enigma machine from Polish code breakers.

The grand “finale” of China’s Encryption Law

HL Chronicle of Data Protection

Two years on since the first draft, the final act of the legislative passage saga of the long-awaited People’s Republic of China Encryption Law ended with its passage on 26 October 2019. To read Hogan Lovells’ The grand “finale” of China’s Encryption Law, click here.

Texas Government Agencies Hit by Ransomware

Adam Levin

The local governments and agencies from twenty-three Texas towns were hit by a coordinated ransomware campaign last week. . The ransomware deployed is known is.JSE and typically works by encrypting files and appending the suffix “.jse.”.JSE

Encryption & Privacy Policy and Technology

Adam Shostack

UK, and Australia: Weak Encryption Puts Billions of Internet Users at Risk. government information security privacy SecurityThe Open Technology Institute has an Open Letter to Law Enforcement in the U.S., press release , letter.) I am pleased to be one of the signers. In closely related news, nominations for the 2020 Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies are open.

AG Barr, Officials to Facebook: Don’t Encrypt Messaging


Officials say they are concerned about their ability to fight crime and protect citizens, while privacy advocates remain critical of government interference. Cryptography Facebook Privacy Attorney General William Barr Consumer Privacy Encryption Instagram internet Mark Zuckerberg messaging private messaging WhatsApp

FBI Director Calls Smartphone Encryption an ‘Urgent Public Safety Issue’


The debate over the government's authority to access private encrypted data on digital devices was amplified when the Federal Bureau of Investigation Director Christopher Wray called unbreakable encryption an 'urgent public safety issue.'. Cryptography Government Mobile Security Privacy Android Smartphones apple Christopher Wray Electronic Frontier Foundation FBI Director Christopher Wray Federal Bureau of Investigation Going Dark.

Does Encryption Really Protect My Cloud Data?

Thales eSecurity

With the increase of malicious behaviors, governments across the globe have strengthened their policies as to enterprise and cloud provider responsibilities to add stronger data security controls, especially for data in the cloud. The post Does Encryption Really Protect My Cloud Data?

The grand “finale” of China’s Encryption Law

HL Chronicle of Data Protection

Two years on since the first draft, the final act of the legislative passage saga of the long-awaited People’s Republic of China Encryption Law ended with its passage on 26 October 2019. To read Hogan Lovells’ The grand “finale” of China’s Encryption Law, click here.

Punjab bans use of WhatsApp in government offices via The Express Tribune

IG Guru

The order of banning WhatsApp use by the provincial government has been taken in light of a decision taken in a meeting of the Cabinet Division on January 31. The post Punjab bans use of WhatsApp in government offices via The Express Tribune appeared first on IG GURU.

Using Strategic Data Governance to Manage GDPR/CCPA Complexity


In light of recent, high-profile data breaches, it’s past-time we re-examined strategic data governance and its role in managing regulatory requirements. Govern PII “at rest”. Govern PII “in motion”.

GDPR 112

Apple Battling with the Government Again Over Breaking iPhone Encryption of Mass Shooters: Data Privacy Trends

eDiscovery Daily

Remember back in 2016 when Apple with in a court battle with the Department of Justice over giving investigators access to encrypted data on the iPhone used by one of the San Bernardino shooters? Now, Apple is in a new dispute with the government again over the same issue.

Kazakhstan Government Intercepting All Secured Internet Traffic

Adam Levin

The Kazakhstan government is intercepting all HTTPS-encrypted internet traffic within its borders. Once installed, this certificate allows the government to decrypt and analyze all incoming internet traffic. .