Tag: encryption

The UK passes massive online safety bill

The UK’s Online Safety Bill is ready to become law. The bill, which aims to make the UK “the safest place in the world to be online,” passed through the Houses of Parliament on Tuesday and imposes strict requirements on large social platforms to remove illegal content. It will be enforced by UK telecom regulatory agency Ofcom.

Additionally, the Online Safety Bill mandates new age-checking measures to prevent underage children from seeing harmful content. It also pushes large social media platforms to become more transparent about the dangers they pose to children, while also giving parents and kids the ability to report issues online. Potential penalties are also harsh: up to 10 percent of a company’s global annual revenue. The bill has been reworked several times in a multiyear journey through Parliament.

But not only does online age verification raise serious privacy concerns — the bill could also put encrypted messaging services, like WhatsApp, at risk. Under the terms of the bill, encrypted messaging apps would be obligated to check users’ messages for child sexual abuse material.

Depending on how the rule is enforced, this could essentially break apps’ end-to-end encryption promise, which prevents third parties — including the app itself — from viewing users’ messages. In March, WhatsApp refused to comply with the bill and threatened to leave the UK rather than change its encryption policies. It joined Signal and other encrypted messaging services in protesting the bill, leading UK regulators to attempt to assuage their concerns by promising to only require “technically feasible” measures.

Keep reading

U.K. Government Finally Admits It Can’t Scan for Child Porn Without Violating Everybody’s Privacy

The U.K. government finally acknowledges that a component of the Online Safety Bill that would force tech companies to scan data and messages for child porn images can’t be implemented without violating the privacy rights of all internet users and undermining the data encryption tools that keep our information safe.

And so the government is backing down—for now—on what’s been called the “spy clause.” Using the justification of fighting the spread of child sexual abuse material (CSAM), part of the Online Safety Bill would have required online platforms to create “backdoors” that the British government could use to scan messages between social media users. The law also would’ve allowed the government to punish platforms or sites that implement end-to-end encryption and prevent the government from accessing messages and data.

While British officials have insisted that this intrusive surveillance power would be used only to track down CSAM, tech and privacy experts have warned repeatedly that there’s no way to implement a surveillance system that could be used only for this particular purpose. Encryption backdoors allow criminals and oppressive governments to snoop on people for dangerous and predatory purposes. Firms like Signal and WhatsApp threatened to pull their services from the U.K. entirely if this bill component moved forward.

Keep reading

Researchers find deliberate backdoor in police radio encryption algorithm

For more than 25 years, a technology used for critical data and voice radio communications around the world has been shrouded in secrecy to prevent anyone from closely scrutinizing its security properties for vulnerabilities. But now it’s finally getting a public airing thanks to a small group of researchers in the Netherlands who got their hands on its viscera and found serious flaws, including a deliberate backdoor.

The backdoor, known for years by vendors that sold the technology but not necessarily by customers, exists in an encryption algorithm baked into radios sold for commercial use in critical infrastructure. It’s used to transmit encrypted data and commands in pipelines, railways, the electric grid, mass transit, and freight trains. It would allow someone to snoop on communications to learn how a system works, then potentially send commands to the radios that could trigger blackouts, halt gas pipeline flows, or reroute trains.

Researchers found a second vulnerability in a different part of the same radio technology that is used in more specialized systems sold exclusively to police forces, prison personnel, military, intelligence agencies, and emergency services, such as the C2000 communication system used by Dutch police, fire brigades, ambulance services, and Ministry of Defense for mission-critical voice and data communications. The flaw would let someone decrypt encrypted voice and data communications and send fraudulent messages to spread misinformation or redirect personnel and forces during critical times.

Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, but the flaws remained unknown because encryption algorithms used in TETRA were kept secret until now.

The technology is not widely used in the US, where other radio standards are more commonly deployed. But Caleb Mathis, a consultant with Ampere Industrial Security, conducted open source research for WIRED and uncovered contracts, press releases, and other documentation showing TETRA-based radios are used in at least two dozen critical infrastructures in the US. Because TETRA is embedded in radios supplied through resellers and system integrators like PowerTrunk, it’s difficult to identify who might be using them and for what. But Mathis helped WIRED identify several electric utilities, a state border control agency, an oil refinery, chemical plants, a major mass transit system on the East Coast, three international airports that use them for communications among security and ground crew personnel, and a US Army training base.

Carlo Meijer, Wouter Bokslag, and Jos Wetzels of Midnight Blue in the Netherlands discovered the TETRA vulnerabilities—which they’re calling TETRA:Burst—in 2021 but agreed not to disclose them publicly until radio manufacturers could create patches and mitigations. Not all of the issues can be fixed with a patch, however, and it’s not clear which manufacturers have prepared them for customers. Motorola—one of the largest radio vendors—didn’t respond to repeated inquiries from WIRED.

Keep reading

UK Home Secretary Uses Idea of Keeping Children Safe as a Justification To Demand Ban on Private Messaging

It would be extremely refreshing to hear a government official in the UK, or in a number of other countries, make a, “think of the encryption” plea – which would show they understand the very fundamentals of a safe and privacy-preserving internet.

But instead, we are getting more and more “think of the children” platitudes – as always, designed not to actually do that, but mask other, controversial and unpopular policies.

This time, it is UK’s Home Secretary Suella Braverman who claims that her opposition to Facebook’s slow-moving, alleged attempt to make a number of its products safe via implementing end-to-end encryption has to do with fears that children might get abused online.

Any tech-literate person would present the big picture, and argue quite the opposite, but Braverman is either not one of those, or elects to pretend not to be, in order to serve a policy that is staunchly anti-encryption, for a whole different reason – summed up, that technology stands severely annoyingly, no doubt, in the way of governments’ wholesale mass surveillance of everybody on the internet.

And what better place to twist the narrative about fears of awful things like child grooming and sexual abuse – perversely juxtaposed with actually improving internet security, i.e., encryption – than a get-together of the (in)famous “Five Eyes,” held in one eager member – New Zealand.

Braverman made an effort to write to Facebook CEO Mark Zuckerberg and, ignoring the reality of what an internet without encryption would turn into, tried, no doubt, above all to pull at her constituents’ heartstrings:

“As a mother to young children,” the politician stomped her feet, “I won’t stand by idly and watch this happen,” The Daily Mail reported.

“This” would be – platforms like Facebook Messenger and Instagram Direct introducing secure communications, so that third parties – be they criminals, malign (foreign) actors, or (sometimes (effectively malign) domestic law enforcement – cannot just swoop in and use personal information in any way they please, including to directly harm those participating, children included, by gaining unfettered access to all their data.

Keep reading

These ‘Psychedelic Cryptography’ Videos Have Hidden Messages Designed to Be Seen While Tripping

A new competition focused on “Psychedelic Cryptography” has awarded cash prizes to artists who made videos encoded with hidden messages that can be most easily deciphered by a person who is tripping on psychedelic substances, such as LSD, ayahuasca, or psilocybin mushrooms.

Qualia Research Institute (QRI), a California-based nonprofit group that researches consciousness with backing from tech investors and experts, announced the winners of its Psychedelic Cryptography (PsyCrypto) contest last week. The goal of the exercise was “to create encodings of sensory information that are only meaningful when experienced on psychedelics in order to show the specific information-processing advantages of those states,” according to the original contest page, which was posted in March.

Artist Raimonds Jermaks clinched the first and second place prizes in the contest for videos entitled “Can You See Us?” and “ We Are Here. Let’s Talk.” The third prize went to Rūdolfs Balcers for the video “The Key.” The contest entries were judged by members of QRI’s international phenomenologist network, and evaluated based on their effectiveness, specificity, and aesthetic value.

The winning videos play on the common psychedelic experience of seeing radiant “tracers,” which are trails of colors and afterimages that linger in the visual field. The winning artists used this effect to write out tracer-based messages that are incomprehensible to a sober person, but that can be understood while tripping.  

Keep reading

Leaked Document Shows The EU Countries That Want To Ban Private Messaging

A leaked European Council survey of the views on encryption of member countries showed that Spain strongly supports banning end-to-end encryption, a measure that has been proposed to combat the spread of child sexual abuse material (CSAM), but would end privacy for all citizens.

The proposed law would require tech platforms to scan encrypted communications, something tech experts have warned is not possible without breaking the encryption.

According to the document, which was obtained by Wired, Spain’s position in encryption is the most radical.

“Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption,” representatives from Spain said.

End-to-end encryption ensures that only the sender and receiver can see the content of a message. Even the owner of the platform does not have access to the content.

Of the 20 member countries represented in the survey, 15 support the banning of end-to-end encrypted communications, the report stated.

Poland suggested the introduction of measures that would allow a court to lift encryption and for parents to be allowed to decrypt the communications of their children.

“It is of utmost importance to provide clear wording in the CSA Regulation that end-to-end encryption is not a reason not to report CSA material,” Croatia’s representatives said.

Romania said: “We don’t want E2EE encryption to become a ‘safe haven’ for malicious actors…”

Keep reading

The EARN IT Act, an attack on encrypted communications, to be reintroduced next week

Those behind the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act must be hoping that third time’s a charm for this previously widely-opposed piece of legislation, that is set to be reintroduced next week.

The previous two attempts to make EARN IT into law failed amid outcry from opponents who said that while designed to protect children, the bill would fail to do that – but would still damage online privacy.

Now here’s the third, bipartisan attempt sponsored by Republican Lindsey Graham and Democrat Richard Blumenthal to bring changes to the Communication Decency Act (CDA) Section 230.

Critics say that the amendment as envisaged by EARN IT would harm internet users by removing legal protections Section 230 gives tech companies for third party content.

The consequence would be those companies protecting themselves by engaging in (even more) censorship, and “working” with the government to this end – even more than we are aware they already do.

At the core of EARN IT is to target platforms for violations related to child sexual abuse material (CSAM) rules that exist at the federal and state level.

But allegedly, these platforms are reluctant to “moderate” i.e., censor content in a heavy-handed manner, and for that reason oppose the legislation.

Keep reading

Lori Lightfoot ripped by Chicago media for ignoring concerns about police scanner suppression

Chicago Mayor Lori Lightfoot, D., is facing criticism for ignoring local media members who are critical of her administration transitioning away from the traditional police scanner toward the use of an encrypted radio frequency.

A coalition of news organizations claims the new system will be inaccessible to the public and will hamper journalists’ ability to listen in real-time to warn the public about ongoing threats to safety. 

Traditional police scanner transmissions have always been accessible to the public, as well as media personnel, but the new encryption method is only accessible to the police and those offered a decryption key.

“Mayor Lori Lightfoot’s administration has refused to meet with members of the Chicago media who have voiced concern this will impact journalists’ ability to cover events as they unfold and warn the public about ongoing threats to safety,” Chicago outlet WGN9 reported.

Keep reading

UK government hires ad agency to convince the public they don’t need privacy

The UK is stepping up its “war on encryption,” reports are saying, and like in any good old war, propaganda comes first to “prepare the ground.” And a new campaign is expected to launch as early as this month.

In this case, they call it publicity, with the Home Office being behind the effort whose goal is to sway public opinion in favor of undermining the privacy of the very members of that public – using their own money from public funds, to the tune of over half a million pounds.

Meanwhile the “hired gun” is ad agency M&C Saatchi. The Rolling Stone said it had a chance to review documents thanks to a Freedom of Information request, and that what it discovered were “some shockingly manipulative tactics.”

Keep reading

London Met police chief invokes 9/11 to call for ban on private messaging

London’s controversial police boss Cressida Dick used 9/11 to attack companies like Telegram, Signal, WhatsApp, and Apple for using end-to-end encryption. Her remarks came a few days after the Home Office announced it would award tech companies that would find a way to break end-to-end encryption.

In an opinion piece published in The Telegraph, Dick, the Metropolitan Police Commissioner, while commemorating 9/11, noted that encrypted messaging services make stopping terror attacks difficult, and sometimes impossible.

Keep reading