Archive for the ‘backdoors’ Category

UN says encryption “necessary for the exercise of the right to freedom”

May 28th, 2015

The United Nation's Office of the High Commissioner released a report Thursday heralding encryption, but it was wishy-washy when it came to government-mandated backdoors to undermine encryption.

The report said:

Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age. Such security may be essential for the exercise of other rights, including economic rights, privacy, due process, freedom of peaceful assembly and association, and the right to life and bodily integrity.

This isn't the first time the UN weighed in on the digital age. In 2011, it declared Internet access a human right.

Read 6 remaining paragraphs | Comments

Posted in backdoors, encryption, Law & Disorder, Mike Rogers, NSA, United Nations | Comments (0)

Tech sector tells Obama encryption backdoors “undermine human rights”

May 19th, 2015

Technology giants like Apple, Google, and Microsoft urged President Barack Obama on Tuesday to refrain from supporting any US policy that would require the tech sector to install backdoors into their products so the authorities can access encrypted data.

In a letter (PDF) to Obama, dozens of tech companies, cryptologists, and rights groups said mandatory backdoors—which many authorities in the US government and abroad have been calling for—would weaken cybersecurity as well as "undermine human rights."

More than undermining every American’s cybersecurity and the nation’s economic security, introducing new vulnerabilities to weaken encrypted products in the US would also undermine human rights and information security around the globe. If American companies maintain the ability to unlock their customers’ data and devices on request, governments other than the United States will demand the same access, and will also be emboldened to demand the same capability from their native companies. The US government, having made the same demands, will have little room to object. The result will be an information environment riddled with vulnerabilities that could be exploited by even the most repressive or dangerous regimes. That’s not a future that the American people or the people of the world deserve.

Tuesday's letter comes as the White House is in the process of coming up with a position on the issue and in response to a chorus of government officials at home and abroad—including British Prime Minister David Cameron, FBI Director James Comey, and former Attorney General Eric Holder—all calling for backdoors.

Read 7 remaining paragraphs | Comments

Posted in backdoors, Barack Obama, encryption, FBI, Law & Disorder, NSA | Comments (0)

Congress, Crypto and Craziness

April 30th, 2015
A Congressional hearing on encryption and "frontdoors" produced a generous amount of the usual "crazy" from lawmakers and law enforcement.

Posted in Amy Hess, apple, backdoors, congress, cryptography, Daniel Conley, encyrption, Fourth Amendment, google, Government, Matt Blaze, NSA, NSA surveillance, privacy, Ted Lieu, Web Security | Comments (0)

NSA dreams of smartphones with “split” crypto keys protecting user data

April 12th, 2015

National Security Agency officials are considering a range of options to ensure their surveillance efforts aren't stymied by the growing use of encryption, particularly in smartphones. Key among the solutions, according to The Washington Post, might be a requirement that technology companies create a digital key that can open any locked device to obtain text messages or other content, but divide the key into pieces so no one group could use it without the cooperation of other parties.

"I don't want a back door," Adm. Michael S. Rogers, director of the NSA, recently said during a speech at Princeton University, at which he laid out the proposal. "I want a front door. And I want the front door to have multiple locks. Big locks."

The proposal is part of a tense debate resulting from the growing number of companies that endow their hardware and software with strong encryption that when used properly makes it infeasible if not impossible for anyone other than the owner to access the contents. Chief among these companies is Apple, which has enabled such encryption by default in newer iPhones and iPads. On the one hand, national security and law enforcement officials say the trend could seriously hinder criminal and national security investigations. Tech industry representatives, meanwhile, chafe at the thought of backdoors, citing a raft of concerns, including abuse by hackers, government overreach, and harm to US competitiveness.

Read 4 remaining paragraphs | Comments

Posted in backdoors, cryptography, encryption, Law & Disorder, Risk Assessment, smartphones, Technology Lab | Comments (0)

OpenSSL Security Audit Ready to Start

March 10th, 2015
NCC Group Cryptography Services announced it will shortly begin an audit of OpenSSL.

Posted in backdoors, Core Infrastructure Initiative, cryptography, encryption, heartbleed, Internet-wide vulnerability, NCC Group, Open Crypto Audit Project, Open Source, Open Source Security, OpenSSL, OpenSSL audit, Security Audit, Tom Ritter, TrueCrypt, TrueCrypt Audit, vulnerabilities, Web Security | Comments (0)

Yahoo exec goes mano a mano with NSA director over crypto backdoors

February 24th, 2015

Echoing the concerns of many US-based technology companies have about US-led surveillance programs, Yahoo Chief Information Security Officer Alex Stamos asked the director of the National Security Agency some pointed questions concerning proposed or existing backdoors placed in encryption technologies. The responses from NSA director Adm. Mike Rogers only underscored the growing divide.

The frank exchange occurred Monday at the Cybersecurity for a New America conference in Washington DC. It came 17 months after materials leaked by former NSA subcontractor Edward Snowden documented NSA-engineered backdoors were built into widely used cryptography technologies so that government agents could decrypt communications. Critics have since warned that the policy could backfire on US citizens, since backdoors can be exploited by governments of a variety of counties. Rogers clearly disagreed, but his denials were notable for a lack of technical detail.

What follows is an excerpt of the exchange, as first provided by website Just Security:

Read on Ars Technica | Comments

Posted in backdoors, cryptography, encryption, Law & Disorder, NSA, Risk Assessment, Surveillance, Technology Lab | Comments (0)

Obama hedges position on encryption. It’s good. It’s bad.

February 17th, 2015

President Barack Obama is making his position on encryption known: he is a supporter and "believer in strong encryption" but also "sympathetic" to law enforcement's needs to prevent terror attacks.

"I think the only concern is... our law enforcement is expected to stop every plot. Every attack. Any bomb on a plane. The first time that attack takes place, where it turns out we had a lead and couldn't follow up on it, the public's going to demand answers. This is a public conversation that we should be having," Obama said in a Friday interview with Re/Code. "I lean probably further in the direction of strong encryption than some do inside law enforcement. But I am sympathetic to law enforcement, because I know the kind of pressure they're under to keep us safe. And it's not as black and white as it's sometimes portrayed. Now, in fairness, I think those in favor of air tight encryption also want to be protected from terrorists."

Read 7 remaining paragraphs | Comments

Posted in apple, backdoors, Barack Obama, data encryption, FBI, google, Justice Department, Law & Disorder | Comments (0)

Threatpost News Wrap, January 23, 2015

January 23rd, 2015
Dennis Fisher and Mike Mimoso talk about all of the zero days that were dropped this week on Adobe and Apple, the Oracle backdoor drama and the upcoming Kaspersky Security Analyst Summit in Cancun. Then, Dennis calls Brian Donohue to talk about the wonders of the Blackhat movie and Brian's dog makes a special appearance, too!

Posted in adobe, apple, backdoors, blackhat, Dennis Fisher, Kaspersky, malware, Mike Mimoso, oracle, Podcasts, Threatpost News Wrap, vulnerabilities, zero days | Comments (0)

UK prime minister wants backdoors into messaging apps or he’ll ban them

January 12th, 2015

David Cameron, the British Prime minister, is one-upping his Western allies when it comes to anti-encryption propaganda. Ahead of national elections in May, Cameron said that if re-elected, he would seek to ban encrypted online messaging apps unless the UK government is given backdoors.

"Are we going to allow a means of communications which it simply isn't possible to read?" Cameron said Monday while campaigning, in reference to apps such as WhatsApp, Snapchat, and other encrypted services. "My answer to that question is: 'No, we must not.'"

He said the Paris attacks, including the one last week on satirical newspaper Charlie Hebdo, underscored the need for greater access.

Read 11 remaining paragraphs | Comments

Posted in backdoors, Edward Snowden, encryption, FBI, Law & Disorder, snapchat, WhatsApp | Comments (0)

Schneier: Strategies for Designing and Defending Against Backdoors

October 16th, 2013
Schneier: Strategies for Designing and Defending Against Backdoors
What the NSA wants is to be able to read encrypted information in as close to real-time as possible. It wants backdoors, just like the cybercriminals and less benevolent governments do. And we have to figure out how to make ...

Posted in backdoors, Cybersecurity, NSA, Surveillance | Comments (0)