Forwarded from BlackBox (Security) Archiv
Strategic autonomy in danger: European Tech companies warn of lowering data protection levels in the EU.
The EU is highly respected internationally for its data protection laws such as the GDPR. Now an EC initiative could be a threat to Europe's strategic autonomy.
Today we are sending an open letter to the European Commission together with #Boxcryptor, #Cryptomator, mail.de, #Mailfence, #Praxonomy, and #Tresorit to draw attention to the dangers of undermining encryption and people's privacy. Mass surveillance will not stop terrorism or child sexual abuse.
Joint open letter for right to privacy
In the course of the initiative "Fighting child sexual abuse: detection, removal, and reporting of illegal content", the European Union plans to abolish the digital privacy of correspondence. In order to automatically detect illegal content, all private chat messages are to be screened in the future. This should also apply to content that has so far been protected with strong end-to-end encryption. If this initiative is implemented according to the current plan it would enormously damage our European ideals and the indisputable foundations of our democracy, namely freedom of expression and the protection of privacy (see EDRi letter). The initiative would also severely harm Europe’s strategic autonomy and thus EU-based companies.
Europe as a global technology leader is respected internationally for its high level of data protection, notably due to the exemplary effect of the GDPR. In an internationally very competitive market, European companies are in first position when it comes to data protection. The EU initiative could now endanger this unique selling point of European IT companies.
https://tutanota.com/blog/posts/european-autonomy-in-danger/
#tutanota #surveillance #gdpr #eu #encryption #privacy #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
The EU is highly respected internationally for its data protection laws such as the GDPR. Now an EC initiative could be a threat to Europe's strategic autonomy.
Today we are sending an open letter to the European Commission together with #Boxcryptor, #Cryptomator, mail.de, #Mailfence, #Praxonomy, and #Tresorit to draw attention to the dangers of undermining encryption and people's privacy. Mass surveillance will not stop terrorism or child sexual abuse.
Joint open letter for right to privacy
In the course of the initiative "Fighting child sexual abuse: detection, removal, and reporting of illegal content", the European Union plans to abolish the digital privacy of correspondence. In order to automatically detect illegal content, all private chat messages are to be screened in the future. This should also apply to content that has so far been protected with strong end-to-end encryption. If this initiative is implemented according to the current plan it would enormously damage our European ideals and the indisputable foundations of our democracy, namely freedom of expression and the protection of privacy (see EDRi letter). The initiative would also severely harm Europe’s strategic autonomy and thus EU-based companies.
Europe as a global technology leader is respected internationally for its high level of data protection, notably due to the exemplary effect of the GDPR. In an internationally very competitive market, European companies are in first position when it comes to data protection. The EU initiative could now endanger this unique selling point of European IT companies.
https://tutanota.com/blog/posts/european-autonomy-in-danger/
#tutanota #surveillance #gdpr #eu #encryption #privacy #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Tutanota
Strategic autonomy in danger: European Tech companies warn of lowering data protection levels in the EU.
The EU is highly respected internationally for its data protection laws such as the GDPR. Now an EC initiative could be a threat to Europe's strategic autonomy.
Forwarded from BlackBox (Security) Archiv
Facebook Pushes Ahead with Plans for Full End-to-End Encryption of its Messaging Tools
Despite ongoing concerns about the proposal among various authorities, Facebook is pushing ahead with its plan to implement full end-to-end encryption by default within all of its messaging tools.
Within an overview of a recent virtual workshop Facebook held with experts in privacy, safety, human rights and consumer protection, the company noted that:
"We’re working hard to bring default end-to-end encryption to all of our messaging services. This will protect people’s private messages and mean only the sender and recipient, not even us, can access their messages. While we expect to make more progress on default end-to-end encryption for Messenger and Instagram Direct this year, it’s a long-term project and we won’t be fully end-to-end encrypted until sometime in 2022 at the earliest."
The news of Facebook's continued work on this front will please privacy advocates - but as noted, various authorities have raised significant concerns with the plan, with respect to how such a process could be used to hide criminal activity, with no way for authorities to track such exchanges.
https://telegra.ph/Facebook-Pushes-Ahead-with-Plans-for-Full-End-to-End-Encryption-of-its-Messaging-Tools-05-01
via www.socialmediatoday.com
#facebook #DeleteFacebook #encryption #messaging
📡 @nogoolag 📡 @blackbox_archiv
Despite ongoing concerns about the proposal among various authorities, Facebook is pushing ahead with its plan to implement full end-to-end encryption by default within all of its messaging tools.
Within an overview of a recent virtual workshop Facebook held with experts in privacy, safety, human rights and consumer protection, the company noted that:
"We’re working hard to bring default end-to-end encryption to all of our messaging services. This will protect people’s private messages and mean only the sender and recipient, not even us, can access their messages. While we expect to make more progress on default end-to-end encryption for Messenger and Instagram Direct this year, it’s a long-term project and we won’t be fully end-to-end encrypted until sometime in 2022 at the earliest."
The news of Facebook's continued work on this front will please privacy advocates - but as noted, various authorities have raised significant concerns with the plan, with respect to how such a process could be used to hide criminal activity, with no way for authorities to track such exchanges.
https://telegra.ph/Facebook-Pushes-Ahead-with-Plans-for-Full-End-to-End-Encryption-of-its-Messaging-Tools-05-01
via www.socialmediatoday.com
#facebook #DeleteFacebook #encryption #messaging
📡 @nogoolag 📡 @blackbox_archiv
Telegraph
Facebook Pushes Ahead with Plans for Full End-to-End Encryption of its Messaging Tools
Despite ongoing concerns about the proposal among various authorities, Facebook is pushing ahead with its plan to implement full end-to-end encryption by default within all of its messaging tools. Within an overview of a recent virtual workshop Facebook held…
Australian Crime Commission: Only Criminals Use Encrypted Communications
https://www.techdirt.com/articles/20210509/10235546763/australian-crime-commission-only-criminals-use-encrypted-communications.shtml
#australia #encryption #gov #why
https://www.techdirt.com/articles/20210509/10235546763/australian-crime-commission-only-criminals-use-encrypted-communications.shtml
#australia #encryption #gov #why
Techdirt
Australian Crime Commission: Only Criminals Use Encrypted Communications
Well, someone finally said the quiet part loud: some government officials actually believe the only people who need, want, or use...
https://searx.monicz.pl/morty/?mortyurl=https%3A%2F%2Fwww.nytimes.com%2F2021%2F05%2F17%2Ftechnology%2Fapple-china-censorship-data.html
https://nitter.fdn.fr/matthew_d_green/status/1394389869540089856
#apple #china #encryption
https://nitter.fdn.fr/matthew_d_green/status/1394389869540089856
#apple #china #encryption
Nitter
Matthew Green (@matthew_d_green)
Interesting story about how Apple is moving encryption keys to China. https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html
Forwarded from GJ `°÷°` 🇵🇸🕊 (t ``~__/>_GJ06)
The Draft EU Drugs Action Plan 2021-25 is heading to the Council for approval, and amongst other things includes an action to "improve possibilities to tackle encryption," as well as the use of new technologies (including the near-ubiquitous "artificial intelligence") for "monitoring suspicious postal items... while preserving the fundamental right of privacy of correspondence." https://www.statewatch.org/news/2021/june/eu-drugs-strategy-includes-actions-to-tackle-encryption-and-postal-snooping/
#Encryption #EU #AI
#Encryption #EU #AI
Backdoor found in 2G mobile data encryption standard
Cryptanalysis of GPRS Encryption Algorithms GEA-1 suggest intentional weakness
GPRS is the mobile data standard for GSM mobile phones. It's from the 2G era, and is old and slow. GEA-1 is an encryption algorithm used with GPRS.
Excerpt from the abstract:
"This paper presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms."
[..]
"This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design."
So in other words: GPRS was intentionally backdoored.
https://eprint.iacr.org/2021/819
Comments
https://news.ycombinator.com/item?id=27686422
https://apnews.com/article/europe-technology-business-3bddc473856a9af259feb511f58a51d3
https://link.springer.com/chapter/10.1007%2F978-3-030-77886-6_6
https://www.sueddeutsche.de/wirtschaft/handy-gprs-verschluesselung-1.5323228
#backdoor #2g #gprs #encryption
Cryptanalysis of GPRS Encryption Algorithms GEA-1 suggest intentional weakness
GPRS is the mobile data standard for GSM mobile phones. It's from the 2G era, and is old and slow. GEA-1 is an encryption algorithm used with GPRS.
Excerpt from the abstract:
"This paper presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms."
[..]
"This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design."
So in other words: GPRS was intentionally backdoored.
https://eprint.iacr.org/2021/819
Comments
https://news.ycombinator.com/item?id=27686422
https://apnews.com/article/europe-technology-business-3bddc473856a9af259feb511f58a51d3
https://link.springer.com/chapter/10.1007%2F978-3-030-77886-6_6
https://www.sueddeutsche.de/wirtschaft/handy-gprs-verschluesselung-1.5323228
#backdoor #2g #gprs #encryption
AP NEWS
Security flaw found in 2G mobile data encryption standard
BERLIN (AP) — Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades.
Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened
Comments
https://news.ycombinator.com/item?id=27686422
via www.vice.com
#backdoor #2g #gprs #encryption
Comments
https://news.ycombinator.com/item?id=27686422
via www.vice.com
#backdoor #2g #gprs #encryption
Telegraph
Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet. See More → A weakness in the algorithm used to encrypt cellphone data in the 1990s and 2000s allowed hackers to spy on some internet…
Facebook wants to analyze encrypted WhatsApp messages "for ads"
TL;DR
Facebook has hired a team of researchers for the purpose of analyzing WhatsApp encryption.
The goal would be to have ways to data-mine WhatsApp messages without actually decrypting them.
One report alleges that Facebook is doing this for ad purposes.
https://www.androidauthority.com/whatsapp-encryption-ads-2728774/
#WhatsApp #Facebook #fb #encryption
TL;DR
Facebook has hired a team of researchers for the purpose of analyzing WhatsApp encryption.
The goal would be to have ways to data-mine WhatsApp messages without actually decrypting them.
One report alleges that Facebook is doing this for ad purposes.
https://www.androidauthority.com/whatsapp-encryption-ads-2728774/
#WhatsApp #Facebook #fb #encryption
Android Authority
Report: Facebook wants to analyze encrypted WhatsApp messages for ads
Facebook has hired a team of researchers to "crack" WhatsApp encryption without actually decrypting it. Why? For ads, according to a report.
#Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News
https://web.archive.org/web/20230224103103/https://www.bbc.com/news/technology-64584001
#UK #Privacy #Encryption
https://web.archive.org/web/20230224103103/https://www.bbc.com/news/technology-64584001
The encrypted-messaging app Signal has said it would stop providing services in the UK if a new law undermined encryption.
If forced to weaken the privacy of its messaging system under the Online Safety Bill, the organisation "would absolutely, 100% walk" Signal president Meredith Whittaker told the BBC.
#UK #Privacy #Encryption
edri@eupolicy.social - 🚨Recent POLITICO Europe leak revealed that US and EU officials have agreed to cooperate on measures to turn public opinion against #encryption.
Experts' statements by EDRi and Global Encryption Coalition have called out against this plan:
➡️https://edri.org/our-work/eu-us-plan-offensive-to-legitimise-police-access-to-data-civil-society-responds-amid-growing-fears-press-release/
➡️https://www.globalencryption.org/2023/04/statement-on-eu-us-cooperation-against-encryption/
Experts' statements by EDRi and Global Encryption Coalition have called out against this plan:
➡️https://edri.org/our-work/eu-us-plan-offensive-to-legitimise-police-access-to-data-civil-society-responds-amid-growing-fears-press-release/
➡️https://www.globalencryption.org/2023/04/statement-on-eu-us-cooperation-against-encryption/
European Digital Rights (EDRi)
EU-US plan offensive to legitimise police access to data, civil society responds amid growing fears - Press Release - European…
Through the letter, the organisations called out the clear and deliberate plans to disregard international human rights standards.
On the security of the Linux disk encryption LUKS
2023-05-03
In the past few days, there have been uncertainties and concerns about the #LUKS (“Linux Unified Key Setup”) disk #encryption, which is widely used on Linux. We publish our assessment of this here.
dys2p – https://dys2p.com/en/2023-05-luks-security.html
https://archive.is/KQxTH
https://archive.is/ELYH2
2023-05-03
In the past few days, there have been uncertainties and concerns about the #LUKS (“Linux Unified Key Setup”) disk #encryption, which is widely used on Linux. We publish our assessment of this here.
dys2p – https://dys2p.com/en/2023-05-luks-security.html
https://archive.is/KQxTH
https://archive.is/ELYH2
0xor0ne@infosec.exchange - Nice short blog post by Aditya Dixit explaining how to intercept and manipulate AES encrypted traffic used by mobile applications
https://blog.dixitaditya.com/manipulating-aes-traffic-using-a-chain-of-proxies-and-hardcoded-keys
#android #infosec #cybersecurity #AES #APK #mobile #encryption
https://blog.dixitaditya.com/manipulating-aes-traffic-using-a-chain-of-proxies-and-hardcoded-keys
#android #infosec #cybersecurity #AES #APK #mobile #encryption
law-enforcement-working-party-document-encryption.pdf
1.6 MB
Leaked EU Document Shows #Spain Wants to Ban End-to-End #Encryption
https://www.wired.com/story/europe-break-encryption-leaked-document-csa-law/
Law Enforcement Working Party document, encryption
https://www.documentcloud.org/documents/23819681-law-enforcement-working-party-document-encryption
https://www.wired.com/story/europe-break-encryption-leaked-document-csa-law/
Law Enforcement Working Party document, encryption
https://www.documentcloud.org/documents/23819681-law-enforcement-working-party-document-encryption
This media is not supported in your browser
VIEW IN TELEGRAM
KryptEY - Secure E2EE communication
An Android keyboard for secure end-to-end-encrypted messages through the Signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE. No server needed.
https://github.com/amnesica/KryptEY
F-Droid
https://f-droid.org/packages/com.amnesica.kryptey/
IzzyOnDroid
https://android.izzysoft.de/repo/apk/com.amnesica.kryptey
Reminder :
https://gitlab.com/fdroid/wiki/-/wikis/FAQ#how-long-does-it-take-for-my-app-to-show-up-on-website-and-client
#encryption #keyboard #E2EE
#messenger #security #Signal
An Android keyboard for secure end-to-end-encrypted messages through the Signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE. No server needed.
https://github.com/amnesica/KryptEY
F-Droid
https://f-droid.org/packages/com.amnesica.kryptey/
IzzyOnDroid
https://android.izzysoft.de/repo/apk/com.amnesica.kryptey
Reminder :
new apps available in F-Droid app may not emmediatly show on the F-Droid web site ( ie when you share the link app it returns a 404 error ) some extra time is needed for both to be available
https://gitlab.com/fdroid/wiki/-/wikis/FAQ#how-long-does-it-take-for-my-app-to-show-up-on-website-and-client
#encryption #keyboard #E2EE
#messenger #security #Signal
SimpleX Chat: private and secure cross platform messenger without any user IDs (not even random)
:~
Website : https://simplex.chat/
SimpleX Chat (SimpleX Chat - e2e encrypted messenger without any user IDs - private by design!)
https://f-droid.org/packages/chat.simplex.app/
Quick start – https://simplex.chat/docs/guide/readme.html
#SimpleXchat #security #privacy #encryption #E2EE
#FLOSS
:~
E2E-encrypted messages with markdown and editing
:~ E2E-encrypted images and files
:~ Decentralized secret groups — only users know they exist
:~ E2E-encrypted voice messages
:~ Disappearing messages
:~ E2E-encrypted audio and video calls
:~ Portable encrypted database — move your profile to another device
:~Incognito mode —
unique to SimpleX Chat
Website : https://simplex.chat/
SimpleX Chat (SimpleX Chat - e2e encrypted messenger without any user IDs - private by design!)
https://f-droid.org/packages/chat.simplex.app/
Quick start – https://simplex.chat/docs/guide/readme.html
#SimpleXchat #security #privacy #encryption #E2EE
#FLOSS
Criminalization of encryption : the 8 december case – La Quadrature du Net –
#lqdn #France #encryption #surveillance
Mixing fantasies, bad faith and technical incompetence, a police story has been constructed around the (good) digital practices of the accused, with the aim of staging a “clandestine group”, “conspirative”, “conspiratist” and therefore… terrorist
We are facing the fantasy of a State demanding total transparency from everyone at the risk of being called a “suspect”, a State whose desire for widespread surveillance seems limitless. In this context, we reaffirm our rights to privacy, intimacy and the protection of our personal data. Encryption is, and will remain, an essential element of our civil liberties in the digital age.
#lqdn #France #encryption #surveillance
The U.K. Government Is Very Close To Eroding Encryption Worldwide | Electronic Frontier Foundation –
The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption. No amendments have been accepted that would mitigate the bill’s most dangerous elements.
#OnlineSafetyBill #Backdoors #BigBrother #UK #encryption #e2ee
The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption. No amendments have been accepted that would mitigate the bill’s most dangerous elements.
#OnlineSafetyBill #Backdoors #BigBrother #UK #encryption #e2ee
Electronic Frontier Foundation
The U.K. Government Is Very Close To Eroding Encryption Worldwide
The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the
Media is too big
VIEW IN TELEGRAM
Online Safety Bill
What happens next?
Third reading - a final chance to amend the bill – is scheduled for 6 September.
On Tuesday 18 July, the House of Commons agreed a Carry-over Motion as follows: That the period on the expiry of which proceedings on the Online Safety Bill shall lapse in pursuance of paragraph (13) of Standing Order No. 80A, as extended by the Order of 13 March 2023 (Online Safety Bill: Carry-over Extension), shall be further extended by 103 days until 31 October 2023.
Online Safety Bill - Parliamentary Bills - UK Parliament – https://bills.parliament.uk/bills/3137/news
#OnlineSafetyBill #UK #BigBrother #surveillance #encryption #e2ee
Music & clip by Killing Joke - Full Spectrum Dominance - 2023
The final day of report stage – a chance to closely scrutinise elements of the bill and make changes – took place on 19 July.
What happens next?
Third reading - a final chance to amend the bill – is scheduled for 6 September.
On Tuesday 18 July, the House of Commons agreed a Carry-over Motion as follows: That the period on the expiry of which proceedings on the Online Safety Bill shall lapse in pursuance of paragraph (13) of Standing Order No. 80A, as extended by the Order of 13 March 2023 (Online Safety Bill: Carry-over Extension), shall be further extended by 103 days until 31 October 2023.
Online Safety Bill - Parliamentary Bills - UK Parliament – https://bills.parliament.uk/bills/3137/news
#OnlineSafetyBill #UK #BigBrother #surveillance #encryption #e2ee
Music & clip by Killing Joke - Full Spectrum Dominance - 2023
Changes to UK Surveillance Regime May Violate International Law | JusticeOrg -
Blocking End-to-End Encryption and Important Security Updates
The United Kingdom (U.K.) government has recently unveiled plans to revise the Investigatory Powers Act 2016 (IPA), the primary legislation governing the surveillance of electronic communications in the United Kingdom. The proposed revisions include five objectives pertaining to changes in the notices regime within the IPA, the process through which the government can ask private companies to carry out surveillance on its behalf, such as interception of communications and equipment interference (hacking).
The proposed changes to the IPA notices regimes include an obligation to comply with the content of a potential notice during the review period and before a notice is actually served, an obligation to disclose technical information about the company’s systems during the same review period, measures to strengthen the extraterritorial application of the notices and obligations for companies to give advance notice to the U.K. Secretary of State before implementing any technical changes. This article focuses on the latter two changes. It examines how the United Kingdom likely would be in breach of international human rights law
#UK #Censorship #IPA
#BigBrother #Surveillance #Backdoors #E2E #Encryption
Blocking End-to-End Encryption and Important Security Updates
The United Kingdom (U.K.) government has recently unveiled plans to revise the Investigatory Powers Act 2016 (IPA), the primary legislation governing the surveillance of electronic communications in the United Kingdom. The proposed revisions include five objectives pertaining to changes in the notices regime within the IPA, the process through which the government can ask private companies to carry out surveillance on its behalf, such as interception of communications and equipment interference (hacking).
The proposed changes to the IPA notices regimes include an obligation to comply with the content of a potential notice during the review period and before a notice is actually served, an obligation to disclose technical information about the company’s systems during the same review period, measures to strengthen the extraterritorial application of the notices and obligations for companies to give advance notice to the U.K. Secretary of State before implementing any technical changes. This article focuses on the latter two changes. It examines how the United Kingdom likely would be in breach of international human rights law
#UK #Censorship #IPA
#BigBrother #Surveillance #Backdoors #E2E #Encryption
Just Security
Changes to UK Surveillance Regime May Violate International Law
Proposed changes to the UK Investigatory Powers Act 2016 may violate international human rights law.
Privacy Companies Push Back Against EU Plot To End Online Privacy
An urgent appeal has been relayed to ministers across the #EU by a consortium of tech companies, exacting a grave warning against backing a proposed regulation focusing on child sexual abuse as a pretense to jeopardize the security integrity of internet services relying on end-to-end encryption and end privacy for all citizens.
In a open letter a total of 18 organizations – predominantly comprising providers of encrypted email and messaging services – have voiced concerns about the potential experimental regulation by the European Commission (EC), singling out the “detrimental” effects on children’s #privacy and #security and the possible dire repercussions for #cybersecurity.
#BigBrother #EUChatControl
#ChatControl #Encryption
An urgent appeal has been relayed to ministers across the #EU by a consortium of tech companies, exacting a grave warning against backing a proposed regulation focusing on child sexual abuse as a pretense to jeopardize the security integrity of internet services relying on end-to-end encryption and end privacy for all citizens.
In a open letter a total of 18 organizations – predominantly comprising providers of encrypted email and messaging services – have voiced concerns about the potential experimental regulation by the European Commission (EC), singling out the “detrimental” effects on children’s #privacy and #security and the possible dire repercussions for #cybersecurity.
#BigBrother #EUChatControl
#ChatControl #Encryption