Five Hard Encryption Questions

BY BENJAMIN WITTES LAWFARE

Over the past few weeks, I have been up to my neck in encryption. Usually, when a public policy issue consumes me like this, it’s because I have taken a strong position on it of one sort or another—one with which people disagree—and the result is a debate. In this case, I haven’t taken a strong position. Rather, I have struggled with a variety of ideas, trying to think my own way through to the right answer. Along the way, I have identified some questions in this debate that are, to my mind anyway, really hard.

Let’s talk about iMessage (again)

BY MATTHEW GREEN THOUGHTS ON CRYPTOGRAPHY
Yesterday’s New York Times carried a story entitled “Apple and other tech companies tangle with U.S. over data access”. It’s a vague headline that manages to obscure the real thrust of the story, which is that according to reporters at the Times, Apple has not been forced to backdoor their popular encrypted iMessage system. This flies in the face of some rumors to the contrary. While there’s not much new information in here, people on Twitter seem to have some renewed interest in how iMessage works; whether Apple could backdoor it if they wanted to; and whether the courts could force them to. The answers to those questions are respectively: “very well”, “absolutely”, and “do I look like a national security lawyer?”

U.N. board pushes countries toward peace on the internet, gives short shrift to users’ rights

BY DREW MITNICK ACCESS
A U.N. board of security experts representing 20 governments has released a report critical to the future of the internet. This iterative report — prepared by the Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security — aims to identify areas of consensus and prevent conflict between nation states. The latest iteration of the report, released in July, fails to mention encryption, and includes underwhelming statements about rights online. However, it does help to establish boundaries for proper state behavior that are critical to maintaining a secure and free internet. What the report leaves out
Unfortunately, much of the content in the 2015 report remains unchanged from previous iterations published in 2010 and 2013.

How a Dancing Baby Struck a Blow for Balanced Copyright Law

BY MICHAEL GEIST MICHAELGEIST.CA
In February 2007, Stephanie Lenz, a California mother of a pair of young toddlers, shot a short video of her children dancing in the family kitchen with the Prince song “Let’s Go Crazy” playing in the background. Lenz proceeded to upload the 29 second video to YouTube so that friends and family could see it. Thousands of hours of user-generated video are posted online every day and there was nothing particularly remarkable about the dancing baby video. What set it apart, however, was that several months later Universal Music Group, Prince’s music label, sent a takedown notice to YouTube claiming that it infringed its copyright. My weekly technology law column (Toronto Star version, homepage version) notes that similar takedown notices are sent to Internet intermediaries such as Google every hour.

UK and US demands to access encrypted data are ‘unprincipled and unworkable’

BY EWEN MACASKILL THE GUARDIAN
Demands by US and British security agencies for access to encrypted communication data have been dealt a serious blow in a report by an influential group of cryptographers and computer scientists who dismiss the move as unprincipled and unworkable. They warn that such access “will open doors through which criminals and malicious nation states can attack the very individuals law enforcement seeks to defend”. The report says: “The costs would be substantial, the damage to innovation severe and the consequences for economic growth hard to predict. The costs to our moral authority would also be considerable.”
The expert opinion comes on the eve of an appearance before the US Senate intelligence committee by the FBI director, James Comey, who last year savaged tech companies for embracing end-to-end encryption, claiming it would deprive the security services of potentially life-saving information. David Cameron and the home secretary, Theresa May, are proposing to introduce legislation in the autumn to force companies such as Apple, Google and Microsoft to provide access to encrypted data.

Why a Back Door to the Internet Is a Bad Idea

BY VIKAS BAJAJ NEW YORK TIMES
In recent months top American and British political leaders have been arguing that there should be no encrypted communication system that they cannot unlock whenever they deem it necessary to do so. Officials like the director of the National Security Agency, Michael Rogers, and Prime Minister David Cameron have said that unless technology companies grant them the technical equivalent of a back door to snoop on encrypted communications, the world’s bad guys will “go dark” and become untraceable. Now, 13 prominent encryption and information security experts have responded with an important report that explains in plain English why what Mr. Rogers and Mr. Cameron are asking for would be terrible for the Internet. To start, giving governments back-door access to encrypted technologies like email servers, video chats, online banking services and so on would make those systems much more vulnerable to hacking. Furthermore, giving encryption keys to governments would increase the risk of those keys being stolen by criminals and spies from other countries.

The Ashley Madison hack will destroy the lives of perfectly innocent people

BY RUPERT MYERS THE TELEGRAPH

The alleged hacking of Ashley Madison is bad news. It isn’t just bad for the 37 million people who are now about to be exposed as having logged onto a site whose slogan is “Life is short. Have an affair”. This hack threatens the peace and stability of their families. The fabric of millions of interpersonal relationships will be ripped apart.

Encryption Debate Comes Out of the Shadows

BY DOUG BERNARD VOICE OF AMERICA
It’s no secret that James Comey, director of the Federal Bureau of Investigation, is not a fan of encryption – at least not when it puts data outside the reach of the FBI. For over a year now, Comey has pressured congressional leaders and Silicon Valley executives to curb the use and spread of encryption tools for computers, tablets and mobile phones, but with little effect. Comey said he wants encryption services to create secret “back doors” and “key escrows” for their products so agencies like the FBI can get emergency access to data critical for fighting crime and protecting national security. So far, the debate has been largely low-key and one-sided, with few corporate executives eager to pick a public fight with the FBI. But now, a group of cybersecurity professionals is pushing back at the FBI, warning that what Comey wants is not only infeasible, but could make the entire Internet significantly more vulnerable to hack attacks.

The Nuts and Bolts of XKEYSCORE

BY BRUCE SCHNEIER LAWFARE

I’ve been reading through the 48 classified documents about the NSA’s XKEYSCORE system released by the Intercept last week. From the article:

The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers. These servers store “full-take data” at the collection sites — meaning that they captured all of the traffic collected — and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days.

Civil society groups urge governments to promote and protect encryption and anonymity

ACCESS TEAM
Today at the 29th session of the UN’s Human Rights Council (HRC) in Geneva, Access joined a group of more than 25 civil society organizations in a joint statement that calls on all governments to promote the use of strong encryption technologies, and to protect the right to seek, receive, and impart information anonymously online. The groups submitted the joint statement to the Council in concert with the presentation today by David Kaye, the new UN Special Rapporteur on freedom of opinion and expression, of his landmark report on encryption and anonymity. The report affirms that anonymity and encryption are necessary for the advancement of human rights in the digital age. These tools provide journalists, human rights activists, and members of minority groups with the protective measures they need for exercising their rights to freedom of opinion and expression. Access and our cosigners emphasized that people across the globe are facing threats to fundamental rights, such as blanket state surveillance and unauthorized access to private data.