Articles

4 alternatives to encryption backdoors, but no silver bullet

Alternatives to backdoors in end-to-end encryption exist, but not all address privacy and security concerns, say experts at last week’s Enigma conference.

End-to-end encrypted communication has been a boon to security and privacy over the past 12 years since Apple, Signal, email providers, and other early adopters first started deploying the technology. At the same time, law enforcement authorities around the globe have pushed for technological solutions to pry open the chain of protected end-to-end encrypted content, arguing that the lack of visibility provides a haven for criminals, terrorists and child abusers to hatch their plans with impunity.

In 2016, Apple prevailed in a now-famous legal standoff with FBI Director James Comey to unlock an encrypted phone used by a mass shooter in San Bernardino, California. In 2019, Attorney General William Barr revived the so-called backdoor debate to advocate some means of breaking encryption to thwart those who distribute child sexual abuse material. Last month, the UK government kicked off a PR campaign to lay the groundwork for killing off end-to-end encryption ostensibly to crack down on child sex abusers.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Tumisu, please consider ☕ Thank you! 🤗 from Pixabay

 

Apple

Apple plan to scan users’ iCloud photos raises new…

Experts argue that Apple is clearing a path for governments to gain access to their citizens’ data–essentially an encryption backdoor.

A firestorm emerged on Friday and raged during the weekend over Apple’s new “Expanded Protections for Children,” a series of measures across Apple’s platforms aimed at cracking down on child sexual abuse material (CSAM). The new protections address three areas, including communications tools for parents and updates to Siri and search to help children and parents deal with unsafe situations.

The flashpoint for cryptographers, cybersecurity specialists, and privacy advocates is Apple’s planned use of “new applications of cryptography to help limit the spread of CSAM online, while designing for user privacy.” The plan is to scan users’ photo libraries and then apply a new form of encryption to compare those photos to images from existing CSAM libraries.

The new cryptography applications in iOS and iPadOS would allow Apple to scan users’ entire photo libraries hunting for known CSAM images uploaded from their devices to iCloud Photos and then report these instances to the National Center for Missing and Exploited Children (NCMEC). Apple says, “the hashing technology, called NeuralHash, analyzes an image and converts it to a unique number specific to that image,” which allows systems “to perform on-device matching using a database of known CSAM image hashes provided by NCMEC and other child-safety organizations.”

“This is a really bad idea,” leading cryptographer Matthew Green tweeted at the start of a lengthy thread that sparked the now widespread uproar over Apple’s plan. The problem is that this system could be the tip of the spear that essentially provides an encryption backdoor that the US and other global authorities have sought since the 1990s. “This sort of tool can be a boon for finding child pornography in people’s phones, but imagine what it could do in the hands of an authoritarian government,” Green tweeted.

As the implications of what Apple is proposing became clear, over 4,000 security and privacy experts, cryptographers, researchers, professors, legal experts, and Apple customers signed An Open Letter Against Apple’s Privacy-Invasive Content Scanning Technology. The signatories, including NSA whistleblower Edward Snowden, contend that “Apple’s proposal introduces a backdoor that threatens to undermine fundamental privacy protections for all users of Apple products.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by iMattSmart on Unsplash

Articles

Mathematical Mesh alpha release promises better end-to-end encryption

lead centered=”no”
Web pioneer proposes a new cryptographic system that relies on threshold key infrastructure to improve end-to-end encryption.
/lead

One of the main challenges posed by the internet has been the need to secure communications across a massive tangle of public and private networks. Security experts agree that end-to-end communication encryption is the best means of defending users against third-party interception or breaches that could expose the potentially sensitive content.

End-to-end encryption, however, has been more of a dream than a reality, particularly given the rise of “walled gardens” led by internet giants such as Google, Facebook and Amazon. Each always maintains some form of access to their users’ communications.

A new approach to end-to-end encryption called Mathematical Mesh was quietly introduced at this year’s HOPE (Hackers of Planet Earth) conference by esteemed cryptographer Phillip Hallam-Baker, who is currently a principal scientist at Comodo and was formerly a member of the CERN team that designed the World Wide Web, among many other accomplishments.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

New Republican bill latest in long line to force…

lead centered=”no”
Here we go again. Senate Republicans push a new bill to mandate “lawful access” to encrypted devices and data. It won’t end until law enforcement has better cyber forensics capabilities./lead

In what seems like Groundhog Day when it comes to encrypted communications, a group of Republican senators last week introduced the Lawful Access to Encrypted Data Act, which aims to end the use of so-called “warrant-proof” encrypted technology by terrorists and criminals. Senate Judiciary Committee Chairman Lindsey Graham (R-SC), Tom Cotton (R-AR) and Marsha Blackburn (R-TN) introduced this latest measure to find a way for law enforcement to gain access to devices and data that are protected by unbreakable encryption methods.

“The Lawful Access to Encrypted Data Act is a balanced solution that keeps in mind the constitutional rights afforded to all Americans while providing law enforcement the tools needed to protect the public from everyday violent crime and threats to our national security,” the Senators said in a statement.

Although the bill’s proponents don’t say so explicitly, the “lawful access” it seeks to establish mirrors a long string of potentially damaging efforts by the federal government to install backdoors into encrypted communications, according to critics. Virtually all cybersecurity and cryptography experts insist that any break in the encryption chain will break security and protection altogether, leaving criminals and adversarial nation-states with even more power to hack into users’ devices and communications for nefarious purposes.

This article appeared in CSO Online. To read the rest of the article please visit here.