IEEE Statement on Strong Encryption vs. Backdoors

A note in Bruce Schneier’s excellent Crypto-Gram newsletter  mentions the following:

The IEEE came out in favor of strong encryption:

IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as “backdoors” or “key escrow schemes” in order to facilitate government access to encrypted data. Governments have legitimate law enforcement and national security interests. IEEE believes that mandating the intentional creation of backdoors or escrow schemes — no matter how well intentioned — does not serve those interests well and will lead to the creation of vulnerabilities that would result in unforeseen effects as well as some predictable negative consequences

The full statement is available at http://globalpolicy.ieee.org/wp-content/uploads/2018/06/IEEE18006.pdf.

A Report about Banning the Telegram Encrypted Messaging App in Iran

The Center for Human Rights in Iran (CHRI) is an independent, nonpartisan, nonprofit organization dedicated to the protection and promotion of human rights in Iran. The Center has released a report entitled Closing of the Gates – Implications of Iran’s Ban on the Telegram Messaging App. I would suggest this report should be required reading by every elected official, every bureaucrat, and every law enforcement official in every country. It shows the efforts of one totalitarian regime, run by strong dictators, to eradicate democracy. Hopefully, free and open societies will reject such tactics.

This report publicizes many issues involved with banning encryption. One quote that illustrates the effect on free speech is:

Continue reading

Encryption Backdoors are Dangerous and Don’t Work

The Proton Mail Blog has an article that serves as a tutorial about backdoors in encryption and the dangers of using any encrypted data that contains a “backdoor” for use by law enforcement personnel and others. In short, the use of “backdoors” makes it easier for hackers, credit card thieves, and others to spy on you, not more difficult.

The article states: “With appeals to ‘national security,’ governments around the world are pushing for encryption backdoors that would allow them to break into the secure data of suspected criminals. Simply put, this is a terrible idea.”

If you do not fully understand backdoors and the dangers of using them, you need to read the article by Ben Wolford at https://protonmail.com/blog/encryption-backdoor.

The FBI Lied About the Number of Cell Phones Where Criminal Investigations were Blocked due to Encryption

For the last two years, the FBI has repeatedly claimed that thousands of phones linked to criminal investigations were inaccessible due to locks and encryption. Last year FBI Director Christopher Wray said it had failed to access 7,800 mobile devices, but tonight a Washington Post report reveals that number is incorrect. According to the Post, the accurate number is between 1,000 and 2,000, with a recent internal estimate putting at about 1,200 devices, and in a statement, the FBI responded: “The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported.”

Details may be found in a report by Richard Lawler in the EnGadget web site at https://engt.co/2IL3od9.

The Truth about PGP’s So-Called Email Bug: It Isn’t Much of a Problem

Word has been circulating in recent days that PGP has a major bug called Efail can can lead to encrypted emails being decrypted. Details about the problem have now been released and it seems the problem is not with PGP itself. It is with the way that some programmers implement PGP in their various email systems. PGP itself is not the problem.

In fact, decrypting PGP-encrypted email messages with Efail is a difficult task, at best. It probably is not practical for most hackers although NSA or agencies of other governments with access to high-powered computers and sophisticated software tools might be able to decrypt your email messages.

Continue reading

Virginia Beach Police Plan to Encrypt Radio Channels, Supposedly to Stop the Public from Listening In

In city documents, Virginia Beach police said encryption is needed because criminals listen to police communications. It would greatly increase officer safety and help protect citizens, they wrote. You can read the details in an article by Robyn Sidersky, Amy Poulter, and Jane Harper in The Virginian-Pilot at: http://bit.ly/2I9rzlx.

One has to wonder why some government officials are trying to block encrypted communications or else place “back doors” in all encryption products to allow police and other government agents as well as hackers to spy on all citizens. I am sure the Virginia Beach police will agree to having “back doors” installed in their encrypted channels, right?

Russia Accidentally Hacks Its Own Internet

The latest Kremlin attempt to clamp down on Russians’ online activity and spy on its own citizens resulted in thousands of web sites becoming unavailable to Russian residents.

Almost 16 million IP addresses belonging to Amazon and Google became unavailable to Russians. Many of these IP addresses were used by online services that pay Amazon or Google to host web sites in the Amazon or Google data centers. Hundreds, possibly thousands, of web sites became unavailable to Russian residents, including some of the Russian government’s own sites. While it is humorous to realize this happened to the Russians, similar actions could happen in any country where the government wishes to spy on its own citizens.

Continue reading