Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label End-to-End Encryption. Show all posts
Technology
AI Artificial Intelligence child abuse Cyberhackers CyberThreat End-to-End Encryption Online Safety Technology

Child Abuse Detection Efforts Face Setbacks Due to End-to-End Encryption


 

Technology has advanced dramatically in the last few decades, and data has been exchanged across devices, networks, and borders at a rapid pace. It is imperative to safeguard sensitive information today, as it has never been more important-or more complicated—than it is today. End-to-end encryption is among the most robust tools available for the purpose of safeguarding digital communication, and it ensures that data remains safe from its origin to its destination, regardless of where it was created. 

The benefits of encryption are undeniable when it comes to maintaining privacy and preventing unauthorised access, however, the process of effectively implementing such encryption presents both a practical and ethical challenge for both public organisations as well as private organisations. Several law enforcement agencies and public safety agencies are also experiencing a shift in their capabilities due to the emergence of artificial intelligence (AI). 

Artificial intelligence has access to technologies that support the solving of cases and improving operational efficiency to a much greater degree. AI has several benefits, including facial recognition, head detection, and intelligent evidence management systems. However, the increasing use of artificial intelligence also raises serious concerns about personal privacy, regulatory compliance, and possible data misuse.

A critical aspect of government and organisation adoption of these powerful technologies is striking a balance between harnessing the strengths of artificial intelligence and encryption while maintaining the commitment to public trust, privacy laws, and ethical standards. As a key pillar of modern data protection, end-to-end encryption (E2EE) has become a vital tool for safeguarding digital information. It ensures that only the intended sender and recipient can access the information being exchanged, providing a robust method of protecting digital communication.

It is highly effective for preventing unauthorised access to data by encrypting it at origin and decrypting it only at the destination, even by service providers or intermediaries who manage the data transfer infrastructure. By implementing this secure framework, information is protected from interception, manipulation, or surveillance during its transit, eliminating any potential for interception or manipulation.

A company that handles sensitive or confidential data, especially in the health, financial, or legal sectors, isn't just practising best practices when it comes to encrypting data in a secure manner. It is a strategic imperative that the company adopt this end-to-end encryption technology as soon as possible. By strengthening overall cybersecurity posture, cultivating client trust and ensuring regulatory compliance, these measures strengthen overall cybersecurity posture. 

As the implementation of E2EE technologies has become increasingly important to complying with stringent data privacy laws like the Health Insurance Portability and Accountability Act (HIPAA) in the United States, and the General Data Protection Regulation (GDPR) in Europe, as well as other jurisdictional frameworks, it is increasingly important that the implementation of E2EE technologies is implemented. 

Since cyber threats are on the rise and are both frequent and sophisticated, the implementation of end-to-end encryption is an effective way to safeguard against information exposure in this digital age. With it, businesses can confidently manage digital communication, giving stakeholders peace of mind that their personal and professional data is protected throughout the entire process. While end-to-end encryption is widely regarded as a vital tool for safeguarding digital privacy, its increasing adoption by law enforcement agencies as well as child protection agencies is posing significant challenges to these agencies. 

There have been over 1 million attempts made by New Zealanders to access illegal online material over the past year alone, which range from child sexual abuse to extreme forms of explicit content like bestiality and necrophilia. During these efforts, 13 individuals were arrested for possessing, disseminating, or generating such content, according to the Department of Internal Affairs (DIA). The DIA has expressed concerns about the increasing difficulty in detecting and reacting to criminal activity that is being caused by encryption technologies. 

As the name implies, end-to-end encryption restricts the level of access to message content to just the sender and recipient, thus preventing third parties from monitoring harmful exchanges, including regulatory authorities. Several of these concerns were also expressed by Eleanor Parkes, National Director of End Child Prostitution and Trafficking (ECPAT), who warned that the widespread use of encryption could make it possible for illegal material to circulate undetected. 

Since digital platforms are increasingly focusing on privacy-enhanced technologies, striking a balance between individual rights and collective safety has become an issue not only for technical purposes but also for societal reasons  It has never been more clearly recognised how important it is to ensure users' privacy on the Internet, and standard encryption remains a cornerstone for the protection of their personal information across a wide array of digital services. 

In the banking industry, the healthcare industry, as well as private communications, encryption ensures the integrity and security of information that is being transmitted across networks. This form of technology is called end-to-end encryption (E2EE), which is a more advanced and more restrictive implementation of this technology. It enhances privacy while significantly restricting oversight at the same time. In contrast to traditional methods of encrypting information, E2EE allows only the sender and recipient of the message to access its content. 

As the service provider operating the platform has no power to view or intercept communications, it appears that this is the perfect solution in theory. However, the absence of oversight mechanisms poses serious risks in practice, especially when it comes to the protection of children. Platforms may inadvertently be used as a safe haven for the sharing of illegal material, including images of child sexual abuse, if they do not provide built-in safeguards or the ability to monitor content. Despite this, there remains the troubling paradox: the same technology that is designed to protect users' privacy can also shield criminals from detection, thus creating a troubling paradox. 

As digital platforms continue to place a high value on user privacy, it becomes increasingly important to explore balanced approaches that do not compromise the safety and well-being of vulnerable populations, especially children, that are also being safe. A robust Digital Child Exploitation Filtering System has been implemented by New Zealand's Department of Internal Affairs (DIA) to combat the spread of illegal child sexual abuse material online. This system has been designed to block access to websites that host content that contains child sexual abuse, even when they use end-to-end encryption as part of their encryption method.

Even though encrypted platforms do present inherent challenges, the system has proven to be an invaluable weapon in the fight against the exploitation of children online. In the last year alone, it enabled the execution of 60 search warrants and the seizure of 235 digital devices, which demonstrates how serious the issue is and how large it is. The DIA reports that investigators are increasingly encountering offenders with vast quantities of illegal material on their hands, which not only increases in quantity but also in intensity as they describe the harm they cause to society. 

According to Eleanor Parkes, National Director of End Child Prostitution and Trafficking (ECPAT), the widespread adoption of encryption is indicative of the public's growing concern over digital security. Her statement, however, was based on a recent study which revealed an alarming reality that revealed a far more distressing reality than most people know. Parkes said that young people, who are often engaged in completely normal online interactions, are particularly vulnerable to exploitation in this changing digital environment since child abuse material is alarmingly prevalent far beyond what people might believe. 

A prominent representative of the New Zealand government made a point of highlighting the fact that this is not an isolated or distant issue, but a deeply rooted problem that requires urgent attention and collective responsibility within the country as well as internationally. As technology continues to evolve at an exponential rate, it becomes increasingly important to be sure that, particularly in sensitive areas like child protection, both legally sound and responsible. As with all technological innovations, these tools must be implemented within a clearly defined legislative framework which prioritises privacy while enabling effective intervention within the context of an existing legislative framework.

To detect child sexual abuse material, safeguarding technologies should be used exclusively for that purpose, with the intent of identifying and eliminating content that is clearly harmful and unacceptable. Law enforcement agencies that rely on artificial intelligence-driven systems, such as biometric analysis and head recognition systems, need to follow strict legal frameworks to ensure compliance with complex legal frameworks. As the General Data Protection Regulation (GDPR) is established in the European Union, and the California Consumer Privacy Act (CCPA) is established in the United States, there is a clear understanding of how to handle, consent to, and disclose data. 

The use of biometric data is also tightly regulated, as legislation such as Illinois' Biometric Information Privacy Act (BIPA) imposes very strict limitations on how this data can be used. Increasingly, AI governance policies are being developed at both the national and regional levels, reinforcing the importance of ethical, transparent, and accountable technology use. Noncompliance not only results in legal repercussions, but it also threatens to undermine public trust, which is essential for successfully integrating AI into public safety initiatives. 

The future will require striking a delicate balance between innovation and regulation, ensuring that technology empowers protective efforts while protecting fundamental rights in the meantime. For all parties involved—policymakers, technology developers, law enforcement, as well as advocacy organisations—to address the complex interplay between safeguarding privacy and ensuring child protection, they must come together and develop innovative, forward-looking approaches. The importance of moving beyond the viewpoint of privacy and safety as opposing priorities must be underscored to foster innovations that learn from the past and build strong ethical protections into the core of their designs. 

The steps that must be taken to ensure privacy-conscious technology is developed that can detect harmful content without compromising user confidentiality, that secure and transparent reporting channels are established within encrypted platforms, and that international cooperation is enhanced to combat exploitation effectively and respect data sovereignty at the same time. Further, industry transparency must be promoted through independent oversight and accountability mechanisms to maintain public trust and validate the integrity of these protective measures. 

Regulatory frameworks and technological solutions should be adapted rapidly to safeguard vulnerable populations without sacrificing fundamental rights to keep pace with the rapid evolution of the digital landscape. As the world becomes increasingly interconnected, technology will only be able to fulfil its promise as a force for good if it is properly balanced, ethically robust, and proactive in its approach in terms of the protection of children and ensuring privacy rights for everyone.
Read more »
Government surveillance
Cyber Security Data Privacy Digital Security Encryption End-to-End Encryption Government surveillance

Encryption Under Siege: A New Wave of Attacks Intensifies

 

Over the past decade, encrypted communication has become a standard for billions worldwide. Platforms like Signal, iMessage, and WhatsApp use default end-to-end encryption, ensuring user privacy. Despite widespread adoption, governments continue pushing for greater access, threatening encryption’s integrity.

Recently, authorities in the UK, France, and Sweden have introduced policies that could weaken encryption, adding to EU and Indian regulatory measures that challenge privacy. Meanwhile, US intelligence agencies, previously critical of encryption, now advocate for its use after major cybersecurity breaches. The shift follows an incident where the China-backed hacking group Salt Typhoon infiltrated US telecom networks. Simultaneously, the second Trump administration is expanding surveillance of undocumented migrants and reassessing intelligence-sharing agreements.

“The trend is bleak,” says Carmela Troncoso, privacy and cryptography researcher at the Max-Planck Institute for Security and Privacy. “New policies are emerging that undermine encryption.”

Law enforcement argues encryption obstructs criminal investigations, leading governments to demand backdoor access to encrypted platforms. Experts warn such access could be exploited by malicious actors, jeopardizing security. Apple, for example, recently withdrew its encrypted iCloud backup system from the UK after receiving a secret government order. The company’s compliance would require creating a backdoor, a move expected to be challenged in court on March 14. Similarly, Sweden is considering laws requiring messaging services like Signal and WhatsApp to retain message copies for law enforcement access, prompting Signal to threaten market exit.

“Some democracies are reverting to crude approaches to circumvent encryption,” says Callum Voge, director of governmental affairs at the Internet Society.

A growing concern is client-side scanning, a technology that scans messages on users’ devices before encryption. While presented as a compromise, experts argue it introduces vulnerabilities. The EU has debated its implementation for years, with some member states advocating stronger encryption while others push for increased surveillance. Apple abandoned a similar initiative after warning that scanning for one type of content could pave the way for mass surveillance.

“Europe is divided, with some countries strongly in favor of scanning and others strongly against it,” says Voge.

Another pressing threat is the potential banning of encrypted services. Russia blocked Signal in 2024, while India’s legal battle with WhatsApp could force the platform to abandon encryption or exit the market. The country has already prohibited multiple VPN services, further limiting digital privacy options.

Despite mounting threats, pro-encryption responses have emerged. The US Cybersecurity and Infrastructure Security Agency and the FBI have urged encrypted communication use following recent cybersecurity breaches. Sweden’s armed forces also endorse Signal for unclassified communications, recognizing its security benefits.

With the UK’s March 14 legal proceedings over Apple’s backdoor request approaching, US senators and privacy organizations are demanding greater transparency. UK civil rights groups are challenging the confidential nature of such surveillance orders.

“The UK government may have come for Apple today, but tomorrow it could be Google, Microsoft, or even your VPN provider,” warns Privacy International.

Encryption remains fundamental to human rights, safeguarding free speech, secure communication, and data privacy. “Encryption is crucial because it enables a full spectrum of human rights,” says Namrata Maheshwari of Access Now. “It supports privacy, freedom of expression, organization, and association.”

As governments push for greater surveillance, the fight for encryption and privacy continues, shaping the future of digital security worldwide.


Read more »
WireGuard
Cyber Security End-to-End Encryption IPsec secure VPN VPN encryption VPN protocols VPN research VPN security VPN vulnerabilities WireGuard

VPN Services May Not Be as Secure as They Seem, Recent Research Finds

 

VPNs are widely known for their benefits, including preventing location-based overcharging, safeguarding online privacy, and enabling access to geographically restricted content like foreign Netflix libraries. Historically, VPNs have been considered safe, but a new investigation by Top10VPN challenges this assumption.

Collaborating with security researcher Mathy Vanhoef, Top10VPN uncovered critical vulnerabilities impacting over 4 million systems. These include VPN servers, home routers, mobile servers, and CDN nodes, with high-profile companies like Meta and Tencent among those affected. The findings, set to be presented at the USENIX 2025 conference in Seattle, highlight flaws in key protocols—IP6IP6, GRE6, 4in6, and 6in4—designed to secure data transmission.

According to the research, these protocols fail to ensure sender identity matches the authorized VPN user profile. This weakness allows attackers to exploit one-way proxies, repeatedly gaining unauthorized access undetected. By sending data packets using compromised protocols, hackers can launch denial-of-service (DoS) attacks or infiltrate private networks to steal sensitive information.

To mitigate these risks, experts recommend additional security mechanisms like IPsec or WireGuard, which ensure end-to-end encryption. These tools limit the ability to access VPN traffic data, decryptable only by the designated server.

The investigation revealed that VPN services and servers deemed insecure were concentrated in the US, Brazil, China, France, and Japan. Users are advised to select VPNs that incorporate robust encryption methods and to remain cautious when using such services. Independent testing of VPN security is essential for ensuring reliability and safety.

For those seeking trusted options, refer to independent reviews and comparisons of the best VPN services, which prioritize user security and encryption protocols.
Read more »
VPN
Cyber Security Encrypted Email encrypted messaging apps Encryption End-to-End Encryption internet Security private browser Protonmail Signal app Telegram Tor Browser TutaNota VPN

Top 5 Ways to Encrypt Your Internet Traffic for Enhanced Securit

 

Encryption involves converting data into a format that is unreadable without the corresponding decryption key, thereby bolstering security and preventing unauthorized access.

Securing your internet connection with encryption is indeed possible, but it necessitates a multi-pronged strategy. Here are five approaches to encrypting your internet traffic:

1. Utilize a Private Browser:

Your browser serves as the primary gateway to the internet. If it doesn't shield you from tracking, other security measures won't be as effective. The Tor Browser stands out as a truly private option. It redirects traffic through a series of relays, encrypting it at each step. While it's indispensable for privacy-conscious tasks, its speed may be a limitation for everyday use. In such cases, browsers like Brave or Firefox, while not as robust as Tor, offer enhanced privacy and tracking protection compared to mainstream options like Chrome or Microsoft Edge.

2. Employ a VPN:

The use of a Virtual Private Network (VPN) is recommended, especially when combined with browsers other than Tor. A VPN enhances privacy and complicates efforts to track online activities. However, not all VPN providers are equal. It's crucial to choose one with robust encryption, a strict no-logs policy, protection against DNS leaks, a kill-switch feature, and reliable performance. Ensure thorough testing after selection, and extend VPN use to all devices, not just computers.

3. Embrace Encrypted Messaging Apps:

While a secure browser and VPN are crucial, using an encrypted messaging app is equally important. Opt for apps with end-to-end encryption, ensuring only the sender and recipient can read messages. Signal is highly recommended due to its reputation and emphasis on user privacy. Telegram offers a good alternative, especially for those seeking social features. WhatsApp, despite being owned by Meta, also provides end-to-end encryption and is more secure than many mainstream messaging apps.

4. Switch to an Encrypted Email Provider:

Email services from major companies like Google, Microsoft, and Yahoo collect substantial amounts of user data. By using their services, you not only contribute to Big Tech profits but also expose yourself to potential risks. Consider migrating to an encrypted email provider, which typically offer superior encryption, advanced security measures, and a focus on user privacy. While some advanced features may require payment, providers like ProtonMail, TutaNota, and Mailfence enjoy excellent reputations.

5. Invest in Encrypted Cloud Storage:

File storage plays a crucial role in internet traffic encryption, especially with the widespread use of cloud storage for personal data. Opt for providers offering end-to-end encryption and robust security practices. While numerous options are available, paid encrypted cloud storage services like Icedrive, pCloud, Tresorit, and Proton Drive provide reliable and secure solutions. Free options are scarce due to the substantial costs associated with providing this level of security and infrastructure.

By implementing these measures, you can significantly enhance the encryption of your internet traffic and fortify your overall cyber infrastructure. Additionally, consider local encryption and encrypting your entire hard drive for added security.
Read more »
WhatsApp
alternative messaging apps Cyber Security End-to-End Encryption Privacy Concerns Secure Messaging Signal app SMS security risks SMS vulnerabilities Telegram WhatsApp

Seure Messaging Apps: A Safer Alternative to SMS for Enhanced Privacy and Cybersecurity

 

The Short Messaging Service (SMS) has been a fundamental part of mobile communication since the 1990s when it was introduced on cellular networks globally. 

Despite the rise of Internet Protocol-based messaging services with the advent of smartphones, SMS continues to see widespread use. However, this persistence raises concerns about its safety and privacy implications.

Reasons Why SMS Is Not Secure

1. Lack of End-to-End Encryption

SMS lacks end-to-end encryption, with messages typically transmitted in plain text. This leaves them vulnerable to interception by anyone with the necessary expertise. Even if a mobile carrier employs encryption, it's often a weak and outdated algorithm applied only during transit.

2. Dependence on Outdated Technology

SMS relies on Signaling System No. 7 (SS7), a set of signalling protocols developed in the 1970s. This aging technology is highly insecure and susceptible to various cyberattacks. Instances of hackers exploiting SS7 vulnerabilities for malicious purposes have been recorded.

3. Government Access to SMS

SS7 security holes have not been adequately addressed, potentially due to government interest in monitoring citizens. This raises concerns about governments having the ability to read SMS messages. In the U.S., law enforcement can access messages older than 180 days without a warrant, despite efforts to change this.

4. Carrier Storage of Messages

Carriers retain SMS messages for a defined period, and metadata is stored even longer. While laws and policies aim to prevent unauthorized access, breaches can still occur, potentially compromising user privacy.

5. Irreversible Nature of SMS Messages

Once sent, SMS messages cannot be retracted. They persist on the recipient's device indefinitely, unless manually deleted. This lack of control raises concerns about the potential exposure of sensitive information in cases of phone compromise or hacking.

Several secure messaging apps provide safer alternatives to SMS:

1. Signal
 
Signal is a leading secure messaging app known for its robust end-to-end encryption, ensuring only intended recipients can access messages. Developed by the non-profit Signal Foundation, it prioritizes user privacy and does not collect personal data.

2. Telegram

Telegram offers a solid alternative to SMS. While messages are not end-to-end encrypted by default, users can enable Secret Chats for enhanced security. This feature prevents forwarding and limits access to messages, photos, videos, and documents.

3. WhatsApp

Despite its affiliation with Meta, WhatsApp is a popular alternative with billions of active users. It employs end-to-end encryption for message security, surpassing the safety provided by SMS. It's available on major platforms and is widely used among contacts.

In conclusion, SMS is not a recommended option for individuals concerned about personal cybersecurity and privacy. While it offers convenience, its security shortcomings are significant. 

Secure messaging apps with end-to-end encryption are superior alternatives, providing a higher level of protection for sensitive communications. If using SMS is unavoidable, caution and additional security measures are advised to safeguard information.
Read more »
WhatsApp
Cyberattacks CyberCrime Cybersecurity End-to-End Encryption iMessage Privacy WhatsApp

E2E Encryption Under Scrutiny: Debating Big Tech's Role in Reading Messages

 


A recurring conflict between Silicon Valley and several governments is primarily about "end-to-end encryption," "backdoors," and "client-side scanning," which appear to be complex issues. However, in its simplest form, this issue boils down to the question: should technology companies be allowed to read people's messages?  

In the last few years, this fundamental dispute has rumbled. With such a platform, you can chat with others using popular platforms such as WhatsApp, iMessage, Android Messages, and Signal. These platforms offer end-to-end encryption to ensure your privacy.  

In response to a potential landmark law being considered by the UK government, Meta's Mark Zuckerberg is on a collision course with the UK government. This is over his continued plans to build ultra-secure messaging into all his apps despite a ban. Various governments around the world are closely watching the showdown to see who blinks first as they oppose popular technology as well. 

The biggest argument in technology, the argument about End-to-End encryption, backdoors, and client-side scanning, seems very complicated right now. There is, however, a simple question to answer to determine the outcome. What are the consequences of technology companies reading text messages? 

The crux of this disagreement has been brewing in Silicon Valley for years. It continues to have repercussions across the globe involving at least a dozen nations. There are several end-to-end encryption services in the market including WhatsApp, iMessage, Android Messages, and Signal.

This technology means that only the person sending the message, at one end, and the person receiving the message, at the other end, will be able to see, hear, and read the messages. There is no access to the content for anyone but the app makers. 

Messages are encrypted and decrypted using cryptographic keys stored on endpoints that are configured to handle them. Encryption is based on public key technology, which is very secure. 

Personalized, or asymmetric, encryption is composed of a private key and a public key shared with others. Upon sharing the public key, others can use the private key to encrypt a message and send it to the private key owner. Decrypting the message with the corresponding private key involves using the decryption key. 

Almost always, when two parties involved in an exchange communicate online, an intermediary is entrusted with the task of handling the messages between the two parties. There are usually a variety of intermediaries including servers that belong to ISPs, telecom companies, or a variety of other companies that serve as mediators.  

Using a public key infrastructure such as E2EE's, intermediaries are unable to intercept messages that are sent between parties. It is recommended to embed the public key within a certificate digitally certified by a recognized certificate authority (CA) to ensure that a public key is a legitimate key created by a legitimate recipient. It can be assumed that a certificate signed by that public key is authentic since its distribution and knowledge of the public key is widespread; the legitimacy of a certificate signed by the public key can be relied upon. 

There might be a case in which the CA would reject a certificate that has a different public key associated with the same name as the one associated with the recipient since the certificate identifies the recipient's name and public key. 

It is imperative to note that a system that provides end-to-end encryption ensures that only the parties involved in sending and receiving messages, media, and phone calls can access the content, including app developers. Governments and security agencies reluctantly accepted the rise of these encrypted apps as they gained immense popularity and became increasingly popular. The fact that end-to-end encryption was not the standard for Messenger and Instagram arose four years ago when Mark Zuckerberg, the CEO of Meta, announced plans to implement it in their applications. 

Having launched this ambitious project back in 2012, Meta has been diligently working on it ever since. However, there are insufficient details regarding the project progress and the switchover timeline. There have been growing concerns, leading to requests to halt the switchover or create safeguards to protect consumers. As well, law enforcement agencies such as Interpol, in several countries have expressed concerns about the technology. These countries include the United Kingdom, Australia, Canada, New Zealand, the United States, India, Turkey, Japan, and Brazil.

One of the most noticeable attempts to address this issue is the proposed Online Safety Bill in the UK. The paper suggests that technology companies must be encouraged to include backdoors in their systems that allow them to scan messages for illegal content. Even though this bill has sparked debates over the balance between privacy and security, it remains in the bill. There is no doubt that governments and law enforcement agencies believe that accessing message content is crucial for convicting criminals and protecting children from online grooming. However, opponents assert that end-to-end encryption is critical for maintaining privacy and safety online.

A recent survey conducted by the National Society for the Prevention of Cruelty to Children (NSPCC) revealed that 73% of the UK public believe that technology companies should have the legal obligation to scan private messages for child sexual abuse when they are in an end-to-end encrypted environment, according to the study conducted by YouGov. The Research Crime and Security Initiative has voiced concerns that the Online Safety Bill could have detrimental effects on end-to-end encryption, undermining privacy guarantees and setting the stage for citizen surveillance by repressive regimes to become more common. 

Adding to the discussion, WhatsApp and Signal have both announced that they will withdraw their services from the UK if security is compromised in favor of end-to-end encryption. It is thought that this may be their way of expressing their commitment to end-end encryption. The discussion about end-to-end encryption in Twitter messages was further sparked by Elon Musk's announcement of his plans to integrate it directly into the system. 

Although implementing end-to-end encryption is a complex process and a significant financial undertaking, technology companies view it as necessary to regain users' trust after several high-profile data breaches. As a result of this encryption, it becomes much harder to monitor content users share with others, which makes content moderation more challenging. 

There is a continuing debate between governments, privacy organizations, and tech companies regarding the ethical and legal ramifications of end-to-end encryption while negotiating a careful balance between privacy, security, and online abuses. 

Big Switchover 

End-to-end encrypted apps have grown in the last ten years as billions of people use them every day, making them one of the fastest-growing app categories. Law enforcement officers will likely lose out on one of their most critical sources of evidence if they cannot ask Meta for people's messages in the future. 

The government and security agencies were slow to accept that end-to-end encryption would, as a standard, be implemented in the Messenger and Instagram apps. This was until Facebook founder Mark Zuckerberg announced four years ago that apps would transition to end-to-end encryption. 

End-to-end: Undermines Privacy

In another letter published on Wednesday, 68 prominent defense and privacy researchers expressed their dissatisfaction with the Online Safety Bill for breaking end-to-end encryption, which shows the passion on both sides of this debate. 

As a result of the law, experts say tech firms cannot implement safety measures to prevent children from being harmed. However, they can maintain user privacy.

Rebuilding Trust

Despite this, WhatsApp and Signal have made it clear that they are strongly opposed to any compromise to the security of end-to-end encryption in the UK. 

Announcing in May that Elon Musk was incorporating end-to-end encryption into Twitter messages was not only a worry for those who criticize the technology but also compounded the problem for those who criticize it. A meta-analysis shows that switching to technology is one of the most challenging decisions companies have to make, but it is worth it in the end. 

After years of data scandals, big tech organizations feel regaining customers' trust in their services is the key to regaining customers' confidence.
Read more »
User Privacy
Apple data security End-to-End Encryption FBI Mobile Security User Privacy

FBI: 'Deeply Concerning' Apple’s End-to-End Encryption

 

Apple recently unveiled several new privacy-focused features intended at better safeguarding user data stored in iCloud, but although privacy advocates and human rights organizations have praised the move, law enforcement agencies have expressed concerns. 

They seem to be worried that criminals from all backgrounds would abuse the privilege rather than being against increased privacy. 

The FBI said in an email to the Washington Times that Apple's end-to-end encryption "reduces our capacity to defend the American people from criminal activities ranging from cyber-attacks and crimes against minors to drug trafficking, organized crime, and terrorism." 

Sasha O'Connell, a former FBI agent, also commented at the time, telling the New York Times that there are some important considerations. Although it is excellent to see businesses putting security first, there are trade-offs to be aware of, one of which is the effect on law enforcement's ability to access digital evidence. 

iMessage Contact Key Verification, Advanced Data Protection for iCloud, and Security Keys for Apple ID are just a few of the new security-focused features that Apple recently unveiled. However, it was Advanced Data Protection for iCloud that really got the FBI's attention. With the new functionality, only reputable devices will be able to decrypt and view the encrypted data that is saved in iCloud. 

In other words, neither Apple nor anyone else will be able to read the information that users have stored in iCloud on Apple's servers. 

FBI versus Apple 

The FBI and Apple have previously run into each other. Approximately six years ago, the FBI seized an iPhone from Syed Farook, one of the two terrorists who attacked the Inland Regional Center in San Bernardino, California. Farook was one of the two attackers. The two murdered 14 people and injured 22 others on December 2, 2015.  

When the iPhone became locked, there was a big conflict between the FBI and Apple over whether or not the latter had the ability or inclination to unlock the endpoint. Even the US Congress took up the issue, with practically all of the nation's tech firms supporting Apple. When the FBI, with the aid of a third party, was able to unlock the iPhone, everything calmed down. Later, the media revealed that the in question third party is Cellebrite, an Israeli mobile forensics company.
Read more »
Subscribe to: Posts (Atom)