Friends, back in 2013, we told you about how Ladar Levison, founder of the encrypted email service Lavabit, took the defiant step of shutting down the company’s service rather than comply with a federal law enforcement request that could compromise its customers’ communications. The FBI had sought access to the email account of one of Lavabit’s most prominent users — Edward Snowden. Levison had custody of his service’s SSL encryption key that could help the government obtain Snowden’s password. And though the feds insisted they were only after Snowden’s account, the key would have helped them obtain the credentials for other users as well. Rather than undermine the trust and privacy of his users, Levison ended the company’s email service entirely, preventing the feds from getting access to emails stored on his servers. But the company’s users lost access to their accounts as well. Levison, who became a hero of the privacy community for his tough stance, has spent the last three years trying to ensure he’ll never have to help the feds break into customer accounts again.
Lavabit is relaunching with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. He’s also announcing plans to roll out end-to-end encryption later this year, which would give users an even more secure way to send email. The new service addresses what has become a major fault line between tech companies and the government: the ability to demand backdoor access to customer data. Last year when the FBI sought access to an iPhone used by the San Bernardino shooter, Apple couldn’t get into the phone because the security scheme the company built in to the device prevented it from unlocking the phone without the shooter’s password. (Eventually, the FBI found another way to access the phone’s data, ending the dispute with Apple.)
SOURCE – The Intercept
Friends, first of all no encryption scheme is “unbreakable”; None. Its simply a function of time and effort. That being said, there is a computing revolution coming, although nobody knows exactly when. What are known as “quantum computers” will be substantially more powerful than the devices we use today, capable of performing many types of computation that are impossible on modern machines. But while faster computers are usually welcome, there are some computing operations that we currently rely on being hard (or slow) to perform.
Specifically, we rely on the fact that there are some codes that computers can’t break – or at least it would take them too long to break to be practical. Encryption algorithms scramble data into a form that renders it unintelligible to anyone that does not possess the necessary decryption key (normally a long string of random numbers). This is what lets us send information securely over the internet. But will quantum computers mean we can no longer create encryption techniques that can’t be broken?
For one system, known as symmetric encryption, quantum computing doesn’t pose much of a threat. To break symmetric encryption you need to work out which (of many) possible keys has been used, and trying all possible combinations would take an unimaginable amount of time. It turns out that a quantum computer can test all these keys out in one square root of the time it would take existing computers – in other words, slightly less time but not so dramatically that we need to worry. This, in part, is the reason we have been working hard on OTPSME; unbroken in over two years with over 6000 decryption attempts.
But for another type of encryption system, known as asymmetric or public-key encryption, it doesn’t look so good. Public-key systems are used for things like securing the data that comes through your web browser. They encrypt data using a key that is available to anyone but need another private key for decryption. Fortunately, we have already foreseen this pending disaster. Researchers across academia, government and industry are currently working hard to develop new public-key encryption techniques that rely on different, harder calculations that will be immune to the powers of a quantum computer. I am confident that these efforts will be successful, particularly since we already know some techniques that appear to work. By the time that quantum computers arrive, we will be ready. Below is a really good primer on Encryption in general as well as Quantum Encryption:
SOURCE – TheConversation.com
For a long time, some people have worried about the government eavesdropping on their communications. But, it wasn’t until Edward Snowden showed us how widespread and routinely this was being done that most people began to worry about eavesdropping. The latest global story about the San Bernardino iPhone was interesting because it showed how angry and agitated a government agency became because it could not easily read all of the messaging on one specific device used by one individual. All of the governmental surveillance agencies have expressed great concern over the idea that people can “go dark”.
Now it turns out that DARPA (Defense Advanced Research Projects Agency) wants you to develop a completely secure messaging app. The exact language they use to describe what they want is a “secure messaging and transaction platform”…”that can provide repudiation or deniability, perfect forward and backward secrecy, time to live/self-delete for messages, one time eyes only messages, a decentralized infrastructure to be resilient to cyber-attacks, and ease of use for individuals in less than ideal situations.” This all sounds very “dark” to me. And, not only do they wanted to use the current encryption and security in existing communications apps, they also wanted to incorporate a decentralized backbone (rather than point-to-point) that would make eavesdropping even more difficult. The official technology request from DARPA is here. BTW, if you’re looking for perfect encryption, look no further than here. Perhaps the crypto-system used in the VooDoo network will meet DARPA’s needs…
SOURCE – dzone.com
The NSA is worried about quantum computers. It warns that it “must act now” to ensure that encryption systems can’t be broken wide open by the new super-fast hardware. In a document outlining common concerns about the effects that quantum computing may have on national security and encryption of sensitive data, the NSA warns…
“public-key algorithms… are all vulnerable to attack by a sufficiently large quantum computer.”
Quantum computers can, theoretically, be so much faster because they take advantage of a quirk in quantum mechanics. While classical computers use bits in 0 or 1, quantum computers use “qubits” that can exist in 0, 1 or a superposition of the two. In turn, that allows it to work through possible solutions more quickly meaning they could crack encryption that normal computers can’t.
It’s unclear if any public encryption algorithms are quantum computer-proof. In the document, the NSA explains that “while a number of interesting quantum resistant public key algorithms have been proposed… nothing has been standardized… and NSA is not specifying any commercial quantum resistant standards at this time.” Instead, it suggests that companies and government departments concerned about the threat of quantum computing use one of a number of algorithms that don’t use a public key to encrypt data where possible. By the way, OTPSME is not a public-key encryption system.
SOURCE – Gizmodo.com
Federal investigative agencies like the FBI have long argued that encryption and other new technologies severely hamper their ability to spy on terrorists and other criminals, putting our safety at risk. A new report from Harvard debunks that “going dark” claim, concluding that the rise of network-connected devices will lead to more, not fewer, opportunities for surveillance. Harvard’s Berkman Center for Internet & Society convened a group of security and policy experts to explore questions of surveillance and encryption at a time when major tech companies like Apple and Google are encrypting their phones and other products by default. The 37-page report, released Monday, concludes that the feds’ “going dark” argument falls flat on its face.
FBI Director James Comey, in an October 2014 speech, argued that the law hasn’t kept pace with technologies, like encryption, that have become “the tool of choice for some very dangerous people.” What it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority,” Comey said. “We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.”
SOURCE – NBCNews.com