Tech Letter

Fresh Technology Insights

Category: Encryption

UK government’s MI5 spies want “exceptional access” to your encrypted communications

Dan Sabbagh, The Guardian »

MI5’s director general has called on technology companies to find a way to allow spy agencies “exceptional access” to encrypted messages, amid fears they cannot otherwise access such communications.

Sir Andrew Parker is understood to be particularly concerned about Facebook, which announced plans to introduce powerful end-to-end encryption last March across all the social media firm’s services.

In an ITV interview to be broadcast on Thursday, Sir Andrew Parker says he has found it “increasingly mystifying” that intelligence agencies like his are not able to easily read secret messages of terror suspects they are monitoring.

EU Commission recommends staff use the Signal messaging app

The EU and other world governments have suffered high profile data breaches, often because they were using insecure commercial apps, or apps that were handling data in ways that were not obvious or stated.

Signal is a true end-to-end messaging app that has been verified by security experts around the world. Journalist and activists dealing in sensitive areas where their lives are often at stake, depend on Signal.

Laurens Cerulus, Pro Publica »

The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications.

The instruction appeared on internal messaging boards in early February, notifying employees that “Signal has been selected as the recommended application for public instant messaging.”

[…]

Privacy experts consider that Signal’s security is superior to other apps’. “We can’t read your messages or see your calls,” its website reads, “and no one else can either.”

The Signal App is available free on several platforms (iOS, Android, etc) through the official web site.

New bill would establish a US Data Protection Agency

It might startle you to learn how little privacy protection is available to Americans.

Issie Lapowsky, Protocol »

The so-called Data Protection Act of 2020 would create the country’s first data protection agency to oversee how privacy laws in America are enforced and guide Congress on the development of those laws. The agency would be empowered to impose penalties on companies that violate people’s privacy, taken them to court, field consumer complaints, and launch investigations.

[…]

The agency would enforce current privacy laws and any future laws Congress passes and have rule-making authority to determine how those laws are carried out. Specifically, the agency would be able to conduct impact assessments on companies deploying “high-risk practices” with regard to data. That includes companies using data to profile people on a large scale. The bill also gives the agency the power to regulate consumer scoring in sensitive areas like housing, employment and education.

The agency would have subpoena power and the ability to take companies to court over violations of federal privacy law. It would also closely monitor large companies — both in terms of revenue and in terms of the amount of data they collect — and ask for reports from these companies, to ensure they’re complying with the law. Meanwhile, the agency would be tasked with guiding Congress on emerging technologies and representing the United States in international deals regarding privacy.

Personal information belonging to 144,000 Canadians breached at federal departments and agencies over the past two years

Catharine Tunney, CBC »

Federal departments or agencies have mishandled personal information belonging to 144,000 Canadians over the past two years, according to new figures tabled in the House of Commons — and not everyone who was swept up in a privacy breach was told about it.

The new figures were included in the federal government’s answer to an order paper question filed by Conservative MP Dean Allison late last month. The nearly 800-page response didn’t offer an explanation for the errors, which range in seriousness from minor hiccups to serious breaches involving sensitive personal information.

[…]

The Canada Revenue Agency leads the pack in breaches, with more than 3,005 separate incidents affecting close to 60,000 Canadians between Jan. 1, 2018 and Dec. 10, 2019.

The department blames the breaches on misdirected mail, security incidents and employee misconduct.

Even the keepers of Canada’s official secrets aren’t immune. The Canadian Security Intelligence Service, the Communications Security Establishment and the RCMP all reported missteps as well.

The Department of National Defence said most of its 170 breaches, which affected more than 2,000 people, were due to inappropriate access to, or use or disclosure of, personal information.

Apple dropped plan for encrypting iCloud after FBI complained about the initiative

Joseph Menn, Reuters »

Apple Inc. dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

The long-running tug of war between investigators’ concerns about security and tech companies’ desire for user privacy moved back into the public spotlight last week, as U.S. Attorney General William Barr took the rare step of publicly calling on Apple to unlock two iPhones used by a Saudi Air Force officer who shot dead three Americans at a Pensacola, Florida naval base last month.

James Vincent, The Verge » Apple can’t read your on-device data, but it can read your iCloud backups

This information is encrypted to stop attackers, but Apple holds the keys to decrypt it and shares it with police and governments when legally required.

Jon Brodkin, Ars Technica »

Apple has not implemented end-to-end encryption for iCloud Backup, the service that lets customers back up their iPhones and iPads to Apple servers, or for iCloud Drive. The iCloud Backup and iCloud Drive data sets are encrypted at rest and in transit, but Apple has the key to unlock them and can thus give decrypted versions to law enforcement.

More » AppleInsider, Tom’s Guide

FBI calls on Interpol for a ban on end-to-end encryption

Sean Gallagher »

A draft of the resolution viewed by Ars Technica stated that INTERPOL would “strongly urge providers of technology services to allow for lawful access to encrypted data enabled or facilitated by their systems” in the interest of fighting child sexual exploitation. Currently, it is not clear whether Interpol will issue a statement.

Read the whole article at Ars Technica »

Related » NY Times » What is end-to-end encryption

© 2020 Tech Letter

Theme by Anders NorenUp ↑