Category: Encryption
17. November 2016
This week, Reuters reported that U.S. internet companies, such as Facebook and Amazon have sent a detailied letter including a list of their policiy priorities to President-elect Donald Trump. Among the topics of these policies are encryption, immigration reform and maintaining liability protections from user’s content.
The mentioned letter was sent by the so called Internet Association, which is a group of 40 members, also including Alphabet’s Google, Uber and Twitter. The letter tries to repair the relationship between the internet giants and Trump due to the fact that he was almost universally disliked during the presidential campaign.
The president of the Internet Association, Michael Beckermann signed the letter talking about “The internet industry looks forward to engaging in an open and productive dialogue”. Furthermore, Beckerman issued a statement syaing that the internet industry looked forward to working closely with Trump and lawmakers in Congress in order to “cement the internet’s role as a driver of economic and social progress for future generations.”
The letter describes some of the policies which go along with Trump’s prior statements, for example easing the regulation on the sharing economy and applying pressure on Europe to not erect too many barriers that restrict U.S. internet companies from growing in that market.
However, other topics are likely to be opposed with Trump’s campaign as he offered numerous broadsides against the tech sector.
15. November 2016
Motherboard online just published numbers that were disclosed by the FBI concerning whether the FBI is able to unlock most devices they need to get into.
According to General Counsel Jim Baker the FBI is able to unlock or/and access data stored on both smartphones and computers. This statement is supported by the numbers that were released.
In 2016 the FBI
- has encountered passwords or passcodes in 2,095 out of 6,814 – 31%,
- with regard to the 2,095 devices that were locked, the investigators were able to get access in 1,210 cases and
- couldn’t unlock around 880 devices.
- In conclusion, in the vast majority of cases, namely 87%, the FBI was able to access the data that was needed.
Concidering that the FBI and Apple fought in court earlier this year regarding the FBI’s request to help breaking into the iPhone of an alleged terrorist who killed 14 people in a shooting and that this case led to a battle on encryption in which the FBI argued that encryption, which cannot be broken, supports criminal investigations rather than making them harder due to the fact that access to the data can sometimes lead to important evidence on a suspect or on a victim’s phone or computer.
However, the mentioned numbers, that have so far never been published, “demonstrate that even with encryption turned on by default on all newer iPhones and some Android phones, it is posing a problem in a relatively small number of cases – while that same encryption is presumably preventing a wide range of crimes”, according to Kevin Bankston, the director of the New America.
24. October 2016
… The reality is that our communications are under constant threat from cybercriminals and spying by state authorities. Young people, the most prolific sharers of personal details and photos over apps like Snapchat, are especially at risk,” concluded Sherif Elsayed-Ali, the head of Amnesty International’s Technology and Human Rights Team, after ranking 11 of the most popular messaging apps in a Message Privacy Ranking.
In this ranking, both Snapchat and Skype received some of the lowest scores. Snapchat only got 26 out of 100 on the organization’s scale, whereas Skype received 40 out of 100. This is due to the fact that end-to-end encryption is not used, although it is highly recommendet to do so, according to Amnesty.
The report explaines that “The apps were marked on their use of encryption and privacy safeguards, as well as how well they advised their users of the app’s security, and whether they released details of government requests for user data.” Furthermore, Sherif Elsayed-Ali stated that “It is up to tech firms to respond to well-known threats to their users’ privacy and freedom of expression, yet many companies are falling at the first hurdle by failing to provide an adequate level of encryption”.
Therefore, it is to note that although they are the world-leading messaging applications, Skype and Snapchat are among the least secure on the market, according to Amnesty.
7. October 2016
A new biometric corporate credit card programm, called Identity Check Mobile, has been released by BMO Financial Group (BMO) and MasterCard in Canada and in the U.S. at the beginning of the year.
This programm enables cardholders to verify their transactions by using facial recognition and fingerprint biometrics in case they purchase online.
Introducing this verification process will increase security when purchasing without a face-to-face interaction so that the possibility of a card being used by anyone who is not the cardholder will be reduced.
Steve Pedersen, Vice President, Head, North American Corporate Card Products, BMO Financial Group commented on the programm by saying “The use of biometric technology has become more common for consumers looking for convenient and secure ways to make purchases using their smartphones, so this was the natural next step for us as innovators in the payment security space” he continued “Mitigating the risk of fraud is always our top priority, and the inclusion of this technology is going to make payment authentication easier, and strengthen the security of the entire payments ecosystem.”
MasterCard just published that starting from the 4th Octobre 2016 this form of payment is also available in Germany.
5. October 2016
The Cloud Infrastructure Services Providers in Europe, CISPE, published a Data Protection Code of Conduct for Cloud Infrastructure Service Providers.
CISPE is a relatively new accosiation including more than 20 cloud infrastructure providers that operate within Europe.
The CISPE Code of Conduct focuses on transparency and compliance with EU data protection laws. Therefore, the CISPE Code of Conduct has been designed in such a way that it will be compliant with the GDPR coming into force in May 2018. The CISPE Code of Conduct has been built on internationally recognised state-of-the-art of security measures increasing the data security for cloud customers.
In the press release, Axelle Lemaire, French Minister for Digital Affairs and Innovation, commented that “The CISPE Code of Conduct show that the European cloud computing industry is capable to provide secure and compliant services for all personal and technical data in Europe and improve trust in digital services.”
29. September 2016
Forbes just released an article saying that Apple invited some of the best hackers to its headquarter in Cupertino.
Among them:
- the 19-year-old teenage prodigy who was the first to jailbreak an iPhone 7, and therefore now being a world-renowned iOS hacker as well as an
- ex-NSA employee who has repeatedly found security lacks concerning Mac OS X Luca Todesco.
The meeting should have been secret and kept confidential, but unfortunately some details leaked. So for example that Apple plans to brief them on the launch of its bug bounty program. The hackers will be rewarded with up to $200,000 in case they can provide Apple with information on vulnerabilities about its laptops and phones. Furthermore, the mentioned program is expected to be put into effect before the end of the month due to the fact that this has been promised at the Black Hat security conference in Las Vegas last months. Nevertheless, Apple pursues an invite-only list-strategy in order to get quality over quantity.
16. September 2016
Last week Google announced that specific icons will appear on HTTP websites that transfer data without using encryption methods. This measure will be implemented beginning 2017. However, not every unencrypted website will be marked. Furthermore, the icon will appear on those websites that transmit passwords or credit card data.
Currently, unencrypted HTTP websites are marked with a neutral sign. So that users are not always able to identify unsecure websites. The new indicator will consist of a red triangle. This is the same triangle that appears on broken HTTPS.
The number of websites that have started using a secure system (HTTPS) has increased considerably.
Google encourages website administrators to start using encrypted HTTPS websites in order to ensure a better functioning of websites and provides a guide to get started.
