Archive | Cryptography

In Turkey, using encryption gets you arrested

Privacy International is particularly concerned that suspicion of membership of the Gülen movement is based on the use of encryption, specifically a freely available messaging service called Bylock which the government claims is the communication tool of choice for Gülen supporters and was used to organise the coup. There is very little information about Bylock; it is not widely known among security experts or outside of Turkey, it is no longer available from any app store and its origins and developer are something of a mystery.

Privacy International @ Medium » Encryption At The Centre Of Mass Arrests: One Year On From Turkey’s Failed Coup »


Meanwhile, in Australia…

“The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia”, said Australian Prime Minister Malcolm Turnbull today. He has been rightly mocked for this nonsense claim, that foreshadows moves to require online messaging providers to provide law enforcement with back door access to encrypted messages.

EFF: Australian PM Calls for End-to-End Encryption Ban, Says the Laws of Mathematics Don’t Apply Down Under »


Australia leading new »Five Eyes« attack on encryption

Ars Technica: Australia advocates weakening strong crypto at upcoming “Five Eyes” meeting »

Two top Australian government officials said Sunday that they will push for “thwarting the encryption of terrorist messaging” during an upcoming meeting next week of the so-called “Five Eyes” group of English-speaking nations that routinely share intelligence.

Techcrunch: Australia wants Five Eyes to squeeze tech firms on encryption »

“I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption,” Australian Attorney General Senator Brandis is quoted as saying, ahead of the meeting of the group next week.

“These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies.”

The Five Eyes countries are: the US, the UK, Canada, Australia and New Zealand.

Techdirt: Australia To Push For Encryption Backdoors At Next ‘Five Eyes’ Meeting »

So far, there’s very little real evidence criminals and terrorists are using encrypted services at a higher rate than non-criminals/terrorists. There have been several statements made to that effect and backed by public displays of devices law enforcement officials claim can’t be unlocked, but most post-attack investigations show terrorists are still mostly using unencrypted communications platforms. Available evidence also shows investigations of normal criminal activity is rarely thwarted by device encryption. At this point, backdoors are a “solution” in need of a problem.


Paging Theresa May

Aaron Swartz once said, “It’s no longer OK not to understand how the Internet works.”

BoingBoing: Theresa May wants to ban crypto: here’s what that would cost, and here’s why it won’t work anyway »

This, then, is what Theresa May is proposing:

• All Britons’ communications must be easy for criminals, voyeurs and foreign spies to interceptAny firms within reach of the UK government must be banned from producing secure software

• All major code repositories, such as Github and Sourceforge, must be blocked

• Search engines must not answer queries about web-pages that carry secure software

• Virtually all academic security work in the UK must cease — security research must only take place in proprietary research environments where there is no onus to publish one’s findings, such as industry R&D and the security services

• All packets in and out of the country, and within the country, must be subject to Chinese-style deep-packet inspection and any packets that appear to originate from secure software must be dropped

• Existing walled gardens (like Ios and games consoles) must be ordered to ban their users from installing secure software

• Anyone visiting the country from abroad must have their smartphones held at the border until they leave

• Proprietary operating system vendors (Microsoft and Apple) must be ordered to redesign their operating systems as walled gardens that only allow users to run software from an app store, which will not sell or give secure software to Britons

• Free/open source operating systems — that power the energy, banking, ecommerce, and infrastructure sectors — must be banned outright


UK to move against end-to-end encryption after general election

Once again there are indications the UK government intends to use the law to lean on encryption. A report in The Sun this week quoted a Conservative minister saying that should the government be re-elected, which polls suggest it will, it will move quickly to compel social media firms to hand over decrypted data.

Techcrunch: Could the UK be about to break end-to-end encryption? »


Online porn and your privacy

The Pornhub announcement comes at an auspicious time. Congress this week affirmed the power of cable providers to sell user data, while as of a few weeks ago more than half the web had officially embraced HTTPS. Encryption doesn’t solve your ISP woes altogether—they’ll still know that you were on Pornhub—but it does make it much harder to know what exactly you’re looking at while you’re there.

Wired: The World’s Biggest Porn Site Goes All-In on Encryption »


EU to target encrypted apps

Last week, the UK’s Home Secretary Amber Rudd said that WhatsApp risked becoming a “place for terrorists to hide.” Then, like many others that have used this tired old trope, she went on to call for the development of some magic unicorn key to unlock all encrypted communications, one that was somehow available only to those on the side of truth, beauty, law and order, and not to the other lot. In doing so, her cluelessness was particularly evident, as her invocation of the “necessary hashtags” emphasized, but she’s not alone in that. Despite the chorus of experts pointing out for the thousandth time why it’s not possible, the EU Justice Commissioner has just said that the EU must have magic unicorn keys, too.

• Techdirt: EU Plans To Weaken Encrypted Communications Despite Countless Warnings It Can’t Be Done Safely »
• Ars Technica: Cryptic crypto clash: EU justice chief holds “intensive talks” with IT giants »
• Euractiv: EU to propose new rules targeting encrypted apps in June »