Tag: encryption

5 WAYS TO PREPARE FOR THE ONLINE PRIVACY CRACKDOWN

The internet is about to change. In many countries, there’s currently a coordinated legislative push to effectively outlaw encryption of user uploaded content under the guise of protecting children. This means websites or internet services (messaging apps, email, etc.) could be held criminally or civilly liable if someone used it to upload abusive material. If these bills become law, people like myself who help supply private communication services could be penalized or put into prison for simply protecting the privacy of our users. In fact, anyone who runs a website with user-uploaded content could be punished the same way. In today’s article, I’ll show you why these bills not only fail at protecting children, but also put the internet as we know it in jeopardy, as well as why we should question the organizations behind the push.

Let’s quickly recap some of the legislation.

Keep reading

The EU Could Push its Private Message Ban as Early as Next Week

The EU is getting ever closer to pushing through the legislation known among critics as “chat control” – officially, Child Sexual Abuse Regulation, CSAR – and is hoping to reach a deal on this within the bloc as early as next week.

One of those who have been consistently opposed to the controversial upcoming rules, a German member of European Parliament (MEP) and lawyer Patrick Breyer, has reacted by warning once again that regardless of some minor changes if passed, the bill would effectively spell the end of proper encryption and private messaging in the EU.

Instead, the implication is, that CSAR would usher in the era of indiscriminate mass surveillance in this part of the digital space.

Warning that a recent “minor concession” the EU member-states have managed to agree on was a bid to finally come up with a majority and push the plans over the top, Breyer, referring to the proposal as “chat control 2.0,” calls it an “unprecedented” (at least for the EU) example of mass surveillance.

The summary of the regulation is that online services that provide messaging and chat would, going forward, have to implement automatic scanning of all private text and images – looking for potential abusive content, and then let the EU know about it.

There is no shortage of controversy and misgivings here, with two clearly standing out: once in place, what can this infrastructure be used for next (if politicians decide) – and the other, how are online platforms even supposed to make it work accurately and fairly, technically speaking?

Now, we are hearing that the EU Council is looking to “soften the blow,” at least rhetorically, but saying that the scanning would at first only apply to “previously classified CSAM (child sexual abuse material)” – but then later still expand it to everything.

Keep reading

9 Mysterious Undeciphered Codes and Inscriptions in History

From Neolithic tablets containing the oldest known system of writing, to a series of letters scrawled on the back of a dead man’s book, some of the most legendary undeciphered codes and texts remain a challenge for even the world’s best cryptographers, code breakers and linguists. Yet unravelling these mysterious puzzles remains as important as ever, since many of these enigmatic inscriptions could hold the keys to understanding civilizations that have long since faded into historic oblivion. Here we feature nine of the most fascinating undeciphered codes and inscriptions throughout history.

Keep reading

Police Seek a Radio Silence That Would Mute Critics in the Press

As a freelance journalist many years ago, I was walking the streets of Brooklyn, looking for a juicy story, anything that I could get into print. I was coming up empty. So I did what anyone would do in that situation. I had lunch.

Halfway through my Jamaican jerk chicken, I heard several gunshots, and in a flash, a man ran by the restaurant. I threw my money on the table and headed to the scene. When I got there a bystander pointed me toward the spent shells. I looked around and talked to witnesses. As one young man pontificated to me about poverty and unemployment leading to crime, I noticed that the cops weren’t there yet. But a photographer from the Daily News was.

That was because, like any good crime reporter, he was listening to police radio and responding to 911 calls, hoping to catch fresh crime footage, fires and other colorful photos that editors love. He’s not alone. Journalists around the country do this, as does anyone who is simply interested in cops, firefighters and other emergency services. Police scanners aren’t cheap, but they are readily available at many electronics retailers.

Keep reading

The UK passes massive online safety bill

The UK’s Online Safety Bill is ready to become law. The bill, which aims to make the UK “the safest place in the world to be online,” passed through the Houses of Parliament on Tuesday and imposes strict requirements on large social platforms to remove illegal content. It will be enforced by UK telecom regulatory agency Ofcom.

Additionally, the Online Safety Bill mandates new age-checking measures to prevent underage children from seeing harmful content. It also pushes large social media platforms to become more transparent about the dangers they pose to children, while also giving parents and kids the ability to report issues online. Potential penalties are also harsh: up to 10 percent of a company’s global annual revenue. The bill has been reworked several times in a multiyear journey through Parliament.

But not only does online age verification raise serious privacy concerns — the bill could also put encrypted messaging services, like WhatsApp, at risk. Under the terms of the bill, encrypted messaging apps would be obligated to check users’ messages for child sexual abuse material.

Depending on how the rule is enforced, this could essentially break apps’ end-to-end encryption promise, which prevents third parties — including the app itself — from viewing users’ messages. In March, WhatsApp refused to comply with the bill and threatened to leave the UK rather than change its encryption policies. It joined Signal and other encrypted messaging services in protesting the bill, leading UK regulators to attempt to assuage their concerns by promising to only require “technically feasible” measures.

Keep reading

U.K. Government Finally Admits It Can’t Scan for Child Porn Without Violating Everybody’s Privacy

The U.K. government finally acknowledges that a component of the Online Safety Bill that would force tech companies to scan data and messages for child porn images can’t be implemented without violating the privacy rights of all internet users and undermining the data encryption tools that keep our information safe.

And so the government is backing down—for now—on what’s been called the “spy clause.” Using the justification of fighting the spread of child sexual abuse material (CSAM), part of the Online Safety Bill would have required online platforms to create “backdoors” that the British government could use to scan messages between social media users. The law also would’ve allowed the government to punish platforms or sites that implement end-to-end encryption and prevent the government from accessing messages and data.

While British officials have insisted that this intrusive surveillance power would be used only to track down CSAM, tech and privacy experts have warned repeatedly that there’s no way to implement a surveillance system that could be used only for this particular purpose. Encryption backdoors allow criminals and oppressive governments to snoop on people for dangerous and predatory purposes. Firms like Signal and WhatsApp threatened to pull their services from the U.K. entirely if this bill component moved forward.

Keep reading

Researchers find deliberate backdoor in police radio encryption algorithm

For more than 25 years, a technology used for critical data and voice radio communications around the world has been shrouded in secrecy to prevent anyone from closely scrutinizing its security properties for vulnerabilities. But now it’s finally getting a public airing thanks to a small group of researchers in the Netherlands who got their hands on its viscera and found serious flaws, including a deliberate backdoor.

The backdoor, known for years by vendors that sold the technology but not necessarily by customers, exists in an encryption algorithm baked into radios sold for commercial use in critical infrastructure. It’s used to transmit encrypted data and commands in pipelines, railways, the electric grid, mass transit, and freight trains. It would allow someone to snoop on communications to learn how a system works, then potentially send commands to the radios that could trigger blackouts, halt gas pipeline flows, or reroute trains.

Researchers found a second vulnerability in a different part of the same radio technology that is used in more specialized systems sold exclusively to police forces, prison personnel, military, intelligence agencies, and emergency services, such as the C2000 communication system used by Dutch police, fire brigades, ambulance services, and Ministry of Defense for mission-critical voice and data communications. The flaw would let someone decrypt encrypted voice and data communications and send fraudulent messages to spread misinformation or redirect personnel and forces during critical times.

Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, but the flaws remained unknown because encryption algorithms used in TETRA were kept secret until now.

The technology is not widely used in the US, where other radio standards are more commonly deployed. But Caleb Mathis, a consultant with Ampere Industrial Security, conducted open source research for WIRED and uncovered contracts, press releases, and other documentation showing TETRA-based radios are used in at least two dozen critical infrastructures in the US. Because TETRA is embedded in radios supplied through resellers and system integrators like PowerTrunk, it’s difficult to identify who might be using them and for what. But Mathis helped WIRED identify several electric utilities, a state border control agency, an oil refinery, chemical plants, a major mass transit system on the East Coast, three international airports that use them for communications among security and ground crew personnel, and a US Army training base.

Carlo Meijer, Wouter Bokslag, and Jos Wetzels of Midnight Blue in the Netherlands discovered the TETRA vulnerabilities—which they’re calling TETRA:Burst—in 2021 but agreed not to disclose them publicly until radio manufacturers could create patches and mitigations. Not all of the issues can be fixed with a patch, however, and it’s not clear which manufacturers have prepared them for customers. Motorola—one of the largest radio vendors—didn’t respond to repeated inquiries from WIRED.

Keep reading

UK Home Secretary Uses Idea of Keeping Children Safe as a Justification To Demand Ban on Private Messaging

It would be extremely refreshing to hear a government official in the UK, or in a number of other countries, make a, “think of the encryption” plea – which would show they understand the very fundamentals of a safe and privacy-preserving internet.

But instead, we are getting more and more “think of the children” platitudes – as always, designed not to actually do that, but mask other, controversial and unpopular policies.

This time, it is UK’s Home Secretary Suella Braverman who claims that her opposition to Facebook’s slow-moving, alleged attempt to make a number of its products safe via implementing end-to-end encryption has to do with fears that children might get abused online.

Any tech-literate person would present the big picture, and argue quite the opposite, but Braverman is either not one of those, or elects to pretend not to be, in order to serve a policy that is staunchly anti-encryption, for a whole different reason – summed up, that technology stands severely annoyingly, no doubt, in the way of governments’ wholesale mass surveillance of everybody on the internet.

And what better place to twist the narrative about fears of awful things like child grooming and sexual abuse – perversely juxtaposed with actually improving internet security, i.e., encryption – than a get-together of the (in)famous “Five Eyes,” held in one eager member – New Zealand.

Braverman made an effort to write to Facebook CEO Mark Zuckerberg and, ignoring the reality of what an internet without encryption would turn into, tried, no doubt, above all to pull at her constituents’ heartstrings:

“As a mother to young children,” the politician stomped her feet, “I won’t stand by idly and watch this happen,” The Daily Mail reported.

“This” would be – platforms like Facebook Messenger and Instagram Direct introducing secure communications, so that third parties – be they criminals, malign (foreign) actors, or (sometimes (effectively malign) domestic law enforcement – cannot just swoop in and use personal information in any way they please, including to directly harm those participating, children included, by gaining unfettered access to all their data.

Keep reading

These ‘Psychedelic Cryptography’ Videos Have Hidden Messages Designed to Be Seen While Tripping

A new competition focused on “Psychedelic Cryptography” has awarded cash prizes to artists who made videos encoded with hidden messages that can be most easily deciphered by a person who is tripping on psychedelic substances, such as LSD, ayahuasca, or psilocybin mushrooms.

Qualia Research Institute (QRI), a California-based nonprofit group that researches consciousness with backing from tech investors and experts, announced the winners of its Psychedelic Cryptography (PsyCrypto) contest last week. The goal of the exercise was “to create encodings of sensory information that are only meaningful when experienced on psychedelics in order to show the specific information-processing advantages of those states,” according to the original contest page, which was posted in March.

Artist Raimonds Jermaks clinched the first and second place prizes in the contest for videos entitled “Can You See Us?” and “ We Are Here. Let’s Talk.” The third prize went to Rūdolfs Balcers for the video “The Key.” The contest entries were judged by members of QRI’s international phenomenologist network, and evaluated based on their effectiveness, specificity, and aesthetic value.

The winning videos play on the common psychedelic experience of seeing radiant “tracers,” which are trails of colors and afterimages that linger in the visual field. The winning artists used this effect to write out tracer-based messages that are incomprehensible to a sober person, but that can be understood while tripping.  

Keep reading

Leaked Document Shows The EU Countries That Want To Ban Private Messaging

A leaked European Council survey of the views on encryption of member countries showed that Spain strongly supports banning end-to-end encryption, a measure that has been proposed to combat the spread of child sexual abuse material (CSAM), but would end privacy for all citizens.

The proposed law would require tech platforms to scan encrypted communications, something tech experts have warned is not possible without breaking the encryption.

According to the document, which was obtained by Wired, Spain’s position in encryption is the most radical.

“Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption,” representatives from Spain said.

End-to-end encryption ensures that only the sender and receiver can see the content of a message. Even the owner of the platform does not have access to the content.

Of the 20 member countries represented in the survey, 15 support the banning of end-to-end encrypted communications, the report stated.

Poland suggested the introduction of measures that would allow a court to lift encryption and for parents to be allowed to decrypt the communications of their children.

“It is of utmost importance to provide clear wording in the CSA Regulation that end-to-end encryption is not a reason not to report CSA material,” Croatia’s representatives said.

Romania said: “We don’t want E2EE encryption to become a ‘safe haven’ for malicious actors…”

Keep reading