‘Real People’ Don’t Need Encrypted Messaging Services, Claims U.K. Home Secretary

The U.K. home secretary Amber Rudd has argued that "real people" do not want secure end-to-end encryption on messaging platforms and are more concerned with usability and features than unbreakable security (via Yahoo News).

Rudd made her case in a newspaper article, published ahead of a meeting today with technology companies in San Francisco, where she will warn tech giants that their services are being misused by terrorists. Writing in The Daily Telegraph, Rudd said:
"Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family?

"So this is not about asking the companies to break encryption or create so-called 'back doors'.

"Companies are constantly making trade-offs between security and 'usability', and it is here where our experts believe opportunities may lie.

"Real people often prefer ease of use and a multitude of features to perfect, unbreakable security."
Rudd's comments were immediately criticized by privacy campaigners, with civil liberties organization Big Brother Watch calling her viewpoint "at best naïve, at worst dangerous".

"Suggesting that people don't really want security from their online services is frankly insulting," said Renate Samson, chief executive of BBW. "What of those in society who are in dangerous or vulnerable situations, let alone those of us who simply want to protect our communications from breach, hack or cybercrime."

"Once again the government are attempting to undermine the security of all in response to the actions of a few. We are all digital citizens, we all deserve security in the digital space."

Rudd is due to give her speech to tech companies like Twitter, Facebook, and Microsoft, in which she will urge them to do more to remove extremist content online or face new laws forcing them to do so.

Speaking to the BBC, Rudd said she wanted to work more closely with companies on encryption so that "where there is a particular need, where there is a targeted need" the government should be given access to metadata and encrypted content.

But Facebook's chief operating officer, Sheryl Sandberg, pushed back against that argument, and warned about pushing criminals into even harder to reach parts of the internet.

"If people move off those encrypted services to go to encrypted services in countries that won't share the metadata, the government actually has less information, not more," she said.

Tuesday's summit is the first gathering of the Global Internet Forum to Counter Terrorism, an organization set up by the major tech companies following recent terror attacks. Organization members are likely to resist any action that would result in compromised encryption, however.

In a joint statement, the companies taking part said they were co-operating to "substantially disrupt terrorists' ability to use the internet in furthering their causes, while also respecting human rights".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Changes to iCloud Put Apple on Collision Course With Governments Seeking Access to Encrypted Messages

Apple has sent its top privacy executives to Australia twice in the past month to lobby government officials over proposed new laws that would require companies to provide access to encrypted messages.

According to the Sydney Morning Herald, Apple privacy advocates met with attorney general George Brandis and senior staff in Prime Minister Malcolm Turnbull's office on Tuesday to discuss their concerns about the legal changes, which could compel tech companies to provide decryption keys to allow access to secure communications such as that provided by WhatsApp and iMessage.

Apple has consistently argued against laws that would require tech companies to build so-called "back doors" into their software, claiming that such a move would weaken security for everyone and simply make terrorists and criminals turn to open-source encryption methods for their digital communications.

While Apple's position is clear, the Turnbull government has yet to clarify exactly what it expects tech companies to give up as part of the proposals. A source familiar with the discussions said that the government explicitly said it did not want a back door into people's phones, nor to weaken encryption.

However, given that encrypted services like WhatsApp and iMessage do not possess private keys that would enable them to decrypt messages, a back door would seem the only alternative. "If the government laid a subpoena to get iMessages, we can't provide it," CEO Tim Cook said in 2014. "It's encrypted and we don't have a key."

As it happens, Cook's comment only applies to iMessages that aren't backed up to the cloud: Apple doesn't have access to messages sent between devices because they're end-to-end encrypted, but if iCloud Backup is enabled those messages are encrypted on Apple's servers using an encryption key that the company has access to and could potentially provide to authorities.

However, Apple is moving in the same direction as WhatsApp and Telegram to make encryption keys entirely private. As announced at WWDC in June, macOS High Sierra and iOS 11 will synchronize iMessages across devices signed into the same account using iCloud and a new encryption method that ensures the keys stay out of Apple's hands.

As senior VP of software Craig Federighi noted in interview with Daring Fireball's John Gruber, even if users store information in the cloud, "it's encrypted with keys that Apple doesn't have. And so they can put things in the cloud, they can pull stuff down from the cloud, so the cloud still serves as a conduit — and even ultimately a kind of a backup for them — but only they can read it."

How this will play out in Apple's discussions with the Australian government – and indeed other governments in the "Five Eyes" intelligence sharing network seeking similar access to encrypted communications – is anything but clear. According to sources, Apple and the Turnbull government are taking a collaborative approach in the discussions, but previous statements by officials imply a tougher stance behind the scenes.

Last week, Senator Brandis said the Australian government would work with companies such as Apple to facilitate greater access to secure communications, but warned that "we'll also ensure that the appropriate legal powers, if need be, as a last resort, coercive powers of the kind that recently were introduced into the United Kingdom under the Investigatory Powers Act... are available to Australian intelligence and law enforcement authorities as well".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Encrypted Chat App Telegram to Remove Terrorist Content Following Ban Threat in Indonesia

Telegram is to form a team of moderators to remove terrorist-related content from the encrypted messaging platform in Indonesia, after the country's government threatened to ban the app.

Indonesia's Ministry of Communications and Information Technology has already blocked access to the web version of the chat platform, citing concerns that it was being used to spread "radical and terrorist propaganda" in the country, according to Reuters.

"This has to be done because there are many channels on this service that are full of radical and terrorist propaganda, hatred, ways to make bombs, how to carry out attacks, disturbing images, which are all in conflict with Indonesian law," the communications ministry said in a statement on its website.
Telegram co-founder Pavel Durov said on Sunday that the service had blocked channels reported by the government and that it would take further action to remove the illegal content.
"We are forming a dedicated team of moderators with knowledge of Indonesian culture and language to be able to process reports of terrorist-related content more quickly and accurately," Durov said in a Telegram post quoted by Associated Press.
Telegram has been criticized by governments before for its use by terrorist groups to spread propaganda and recruit members. Last month Telegram agreed to provide basic information about the company to Russia after authorities threatened to block access to the service.

Despite pressure from governments, Telegram's founders have refused to bow to demands for backdoors into the platform for authorities to access encrypted messages, arguing that security and privacy are central tenets of the service.

Speaking to The Wall Street Journal on Sunday, Durov said Telegram is "heavily encrypted and privacy-oriented, but we're no friends of terrorists – in fact, every month we block thousands of ISIS-related public channels".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Australia Proposes Law That Would Compel Tech Companies to Decrypt Messages

Australia on Friday proposed new laws that would require companies like Apple to provide law enforcement authorities with access to encrypted communications (via Reuters).

Australia's proposed legislation will compel companies to help security agencies intercept and read messages sent by suspects. It appears to take cues from the U.K.'s Investigatory Powers Bill, which includes provisions that require technology companies to bypass encryption where technically feasible.
"We need to ensure the internet is not used as a dark place for bad people to hide their criminal activities from the law," Australian Prim Minister Malcolm Turnbull told reporters in Sydney.

"The reality is, however, that these encrypted messaging applications and voice applications are being used obviously by all of us, but they're also being used by people who seek to do us harm."
The proposal will be introduced when parliament resumes in August and could be adopted within months, according to lawmakers. Other nations have said they will introduce similar laws.

Apple, along with Facebook, Google, and other major tech companies, have historically opposed such law changes, which they say threaten online security protocols.

For example, Apple claimed the U.K.'s recent bill would "weaken security" for millions of law-abiding customers. "The creation of backdoors and intercept capabilities would weaken the protections built into Apple products and endanger all our customers," Apple stated in December 2015. "A key left under the doormat would not just be there for the good guys. The bad guys would find it too."

Facebook rejected the need to introduce the new Australian law, insisting it already had a system in place to work alongside security agencies, while the new legislation could not be implemented on an individual basis.

"Weakening encrypted systems for them would mean weakening it for everyone," a spokeswoman for Facebook told Reuters.

Notably, Australia has not explained how the proposed law would prevent nefarious actors from using open-source encryption tools to encrypt messages that can be transferred through conventional means such as email.

Last month it was reported that Australia attended a meeting of officials from the "Five Eyes" intelligence sharing network, where it pushed for greater international powers to thwart the use of encrypted messaging services by terrorists and criminals.


Discuss this article in our forums

Australia to Push for Greater Powers on Encrypted Messaging at ‘Five eyes’ Meeting

Australia is set to push for greater international powers to thwart the use of encrypted messaging services by terrorists and criminals, according to reports on Sunday (via Reuters).

The topic will be addressed this week at a meeting of officials from the "Five Eyes" intelligence sharing network, which includes the U.S., the U.K, Canada, Australia, and New Zealand.

Australia claimed the increasing use of strong encryption on smartphones and other devices was hindering law enforcement's capacity to gather and act on intelligence, and said it wants tech companies to do much more to give intelligence and law enforcement agencies access to encrypted communications.

Security experts and privacy groups regularly argue that any such methods would simply weaken overall security for everyone.
"I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption," Australian Attorney General Senator Brandis said in a joint statement.

"These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies."
The announcement followed the U.K. government's recent statement of intent to pressure technology companies to do more to put an end to the "safe spaces" that the internet offers extremists. The country has also called for measures to "regulate cyberspace", following terror attacks in the country.

In related news, a leaked draft technical paper prepared by the U.K. government states that technology companies would be required to remove encryption from private communications and provide the raw data "in an intelligible form" without "electronic protection". However, it's not clear if the Conservatives still intend to pursue these powers after recent elections left the party with a minority government and a diminished mandate.

Last year Apple refused requests from the FBI to break the security of its mobile software, following the recovery of an iPhone used by the San Bernardino shooter. Apple argued the FBI's request would set a "dangerous precedent" with serious implications for the future of smartphone encryption. The dispute ended after the government found an alternate way to access the data on the iPhone through the help of professional hackers.

Last week, the European Union published draft proposals that would enforce end-to-end encryption on all digital communications and forbid backdoors that enable law enforcement to access private message data. If ratified, the law would put it at odds with both the U.S. and U.K. intelligence communities.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Russia Threatens to Ban Encrypted Messaging App Telegram

Russia has threatened to block access to the Telegram messaging platform unless the company that runs the app provides more information about itself (via Sky News).

The head of communications regulator Roskomnadzor, Alexander Zharov, said repeated efforts to obtain the information had been ignored by the company and warned that "time is running out" for the app.

"There is one demand and it is simple: to fill in a form with information on the company that controls Telegram," Zharov said in an open letter. "And to officially send it to Roskomnadzor to include this data in the registry of organizers of dissemination of information. In case of refusal… Telegram shall be blocked in Russia until we receive the needed information."
Telegram's non-response appears to be down to the repercussions of handing over the requested details: Doing so would effectively add it to the state regulators' registry, which would require it to retain users' chat histories and encryption keys and share them with authorities if asked, according to Russian news agency TASS.

The demand isn't the first time the Russian founders of Telegram – Kremlin, Nikolai and Pavel Durov – have failed to comply with state requests. In 2014, the Durovs refused to turn over data on Ukranian users of Vkontakte, a social network they also set up together.

Telegram claims to split its encryption keys into separate data centers around the world to ensure "no single government or block of like-minded countries can intrude on people's privacy and freedom of expression".

According to the group's policy, it can only be forced to hand over data if "an issue is grave and universal enough to pass the scrutiny of several different legal systems around the world".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Swiss Encrypted Email Provider Launches ProtonVPN With Free Subscription Tier

Encrypted email provider ProtonMail today launched its own VPN service called ProtonVPN, which includes a free user tier in its pricing plan.

The Swiss-based company said it had been testing its VPN service for four months with the help of over 10,000 members of the ProtonMail community, and the group was ready to make ProtonVPN available to everyone starting Tuesday.


The Proton group said they were motivated to create ProtonVPN to combat increased threats to online freedom, such as the recent repeal of Obama-era rules designed to protect consumer internet browsing history, calls by British Prime Minister Theresa May for increased online surveillance, and the attempts by the U.S. FCC to dismantle net neutrality.
"In the past year, we have seen more and more challenges against Internet freedom," said ProtonMail Co-Founder Dr. Andy Yen, "now more than ever, we need robust tools for defending privacy, security, and freedom online.

"The best way to ensure that encryption and privacy rights are not encroached upon is to get the tools into the hands of the public as soon as possible and widely distributing them," said Yen. "This is why, as with ProtonMail, we're committed to making a free version of ProtonVPN available to the world."
The group says it has worked to make the best possible VPN service by addressing many of the common pitfalls with existing VPNs. Features therefore include a Secure Core architecture that routes traffic through multiple encrypted tunnels in multiple countries to better defend against network based attacks, a no logs policy backed by Swiss law, as well as seamless integration with the Tor anonymity network. Headquartered in Switzerland, the VPN is also outside of E.U. and U.S. jurisdiction and is not a member of the fourteen eyes surveillance network.

The free tier includes servers in three countries and usage on one device, but bandwidth speeds cannot be guaranteed. The Basic tier costs $4 a month (billed as $48 a year) and includes access to all 112 ProtonVPN servers across 14 countries, high speed bandwidth, and usage on up to two devices, while the Plus tier ($8 per month/$96 per year) offers the highest bandwidth, connection on up to 5 devices, Tor servers, and access to Secure Core data networks hosted in Switzerland, Iceland, and Sweden. The Highest tier ($24 a month/$288 a year) includes a ProtonMail Visionary account.

ProtonMail began crowdfunding in May 2014 and launched in March 2016, led by a group of scientists from CERN and MIT who aimed to deliver an easy-to-use end-to-end encrypted email service with freely available open source code. Earlier this year, the team launched a Tor-based site to make ProtonMail available to users in regions under the oppression of strict state online censorship.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Encrypted Messaging App ‘Signal’ Approved for Use by U.S. Senate

The U.S. Senate has approved popular encrypted messaging app Signal for official use by staffers in the chamber, it was revealed yesterday (via ZDNet).

The news came in a letter sent on Tuesday by Senator Ron Wyden (D-OR), known to be a staunch privacy advocate, in which he underlined his belief that "backdoor-free" encryption should be embraced by the state at all levels rather than something the government should fear.

I have long argued that strong, backdoor-free encryption is an important cybersecurity technology that the government should be embracing, not seeking to regulate or outlaw. My own Senate website, which has used HTTPS by default since 2015, was the first Senate website to do so. With the transition to default HTTPS for all of the other Senate websites and the recent announcement by your office that the end-to-end encrypted messaging app Signal is approved for Senate staff use, I am happy to see that you too recognize the important defensive cybersecurity role that encryption can play.
Signal by Open Whisper Systems is widely considered by security experts to be the most secure mobile messaging platform on iOS and Android, due to features like end-to-end encryption of text, picture, and video messages, support for private calling, and a lack of separate logins.

Members of Congress are for the most part exempt from record-keeping laws, so long as encrypted communications are not "historically valuable", or do not include committee documents. However, workers of the federal government and those who work directly with the president are governed by federal and presidential record-keeping laws. Indeed, communications over encrypted apps may fall foul of the Presidential Records Act, which requires staff to keep records of those conversations.

In January, The Wall Street Journal reported that political aides close to the president had been using Signal, but the White House declined to comment on whether the Trump administration has set up data retention policies for its encrypted messaging use.

Last year, Apple was embroiled in a public dispute with the FBI over a request to create a backdoor into iPhone software so that it could unlock the phone of the San Bernardino shooter. Apple refused to comply with the request, claiming that the code would lead to weaker smartphone encryption and inevitably get into the wrong hands.

Eventually the FBI backed down in its request and resorted to third-party hacking tools, but throughout the case, Apple CEO Tim Cook remained adamant on the company's continuing stance for user privacy, calling the FBI's request for entering an iPhone "the software equivalent of cancer".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

ProtonMail Launches Tor Onion Site to Evade State Censorship

Encrypted email provider ProtonMail has launched its own onion address, allowing users to access the service over the Tor anonymizing network (via TechCrunch).

The Swiss-based email account provider, which has more than 2 million users, said the measure was aimed at defending against state-sponsored censorship, and pointed to recent moves around the world to block encrypted communications and expand surveillance.

facebook_logo
ProtonMail said it was worried about increased attacks on online privacy, such as encryption messaging app Signal being blocked in Egypt, and the UK passing expansive surveillance legislation which mandates tracking of web activity.

The service also reported a bump in registrations following President-Elect Donald Trump's election win, with web users said to be seeking a non-U.S. based secure email provider in case of a broad expansion of online surveillance activity.
"Given ProtonMail's recent growth, we realize that the censorship of ProtonMail in certain countries is inevitable and we are proactively working to prevent this," said co-founder Andy Yen in a statement on the launch. "Tor provides a way to circumvent certain Internet blocks so improving our compatibility with Tor is a natural first step."
ProtonMail can now be reached over the Tor network directly using the onion address https://protonirockerxow.onion. The provider has also posted instructions on how to access the site on iOS devices, although it is currently looking into problems with access via the free Onion Browser app.

ProtonMail is a free download for iPad and iPhone on the App Store. [Direct Link]


Discuss this article in our forums

Leaked Documents Reveal What Kind of Data Cellebrite Can Extract From iPhones

Israeli mobile software developer Cellebrite gained media attention earlier this year when rumors suggested the FBI recruited the company to unlock San Bernardino shooter Syed Farook's iPhone. While the FBI did not enlist Cellebrite's help, the company does have technology licensed by governments that can extract iPhone data. ZDNet has obtained documents that reveal the scope of this technology.

cellebrite
The leaked files are "extraction reports," which are organized to allow investigators to easily see and analyze data from a phone. Extraction is conducted by plugging the phone into a Cellebrite UFED device. While the device is primarily for extracting information currently on the phone it can, in some cases, extract recently deleted items. The phone at the heart of ZDNet's extraction report was an non-passcode protected iPhone 5 running iOS 8.

The first couple pages of the report include case numbers and unique identifying information for the device, including phone number, IMEI numbers and Apple ID. In these first pages, the report also divulges which plugins the software used to extract information from the device. These plugins can help the software extract data from QuickTime and iPhone backups.

The report compiles geolocation data from every photo taken on the device and visualizes it on a map, allowing an investigator to easily see when and where a person was. Text messages are organized in chronological order, which makes it easier for investigators to track conversations. The wireless networks a device has connected to are also logged, including the MAC address of the router, encryption type and the time last connected to the network.

Call log information includes whether the call is incoming or outgoing, the time, date, the other number on the call, and the duration of the call. Contacts, installed apps and user accounts on the device are also collected. Configurations and databases from apps, which include settings and cache data, are included in collection. Notes and voice mails are also extracted.

Finally, Cellebrite's technology includes an analytics engine that can figure out how many actions have taken place per phone number. For instance, it can tell investigators how many calls and text messages have occurred with each contact.

Cellebrite notes that its UFED device cannot crack passcodes on iPhone 4s and later. iPhone 5s and later come with a secure enclave co-processor that makes it even more difficult to crack for information. In November, Cellebrite signed a deal with the Indian government to provide technology to bypass locked iPhones.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums