The Lava Lamps That Help Keep The Internet Secure

At the headquarters of Cloudflare, in San Francisco, there’s a wall of lava lamps: the Entropy Wall. They’re used to generate random numbers and keep a good bit of the internet secure: here’s how.

For a technical overview of the Entropy Wall click here.

Video by YouTuber Tom Scott

Read more: http://twistedsifter.com/videos/the-lava-lamps-that-help-keep-the-internet-secure/

Australia’s government turns the heat up on encrypted messaging apps

The Australian government is cracking down on encrypted apps.
Image: Getty Images

The jig is up for encrypted messaging, in the eyes of the Australian government.

Australian Prime Minister Malcolm Turnbull announced Friday morning the government will bring in new laws to force tech companies to hand over data protected by encrypted messaging apps such as WhatsApp, Telegram, and Signal.

It’s in light of increased use of encryption in cases related to terrorism, drugs trafficking, and paedophilia rings. The Australian Federal Police (AFP) said 65 percent of serious investigations now involve some sort of encryption.

“At the end of the day, what has happened here is legislation has not yet kept pace with technology,” AFP’s deputy commissioner, Michael Phelan, said during a press conference.

The new laws will be modelled on the UK’s Investigatory Powers Act, which gives intelligence agencies the power to de-encrypt communications.

But here’s the problem: Messaging apps like WhatsApp, Telegram and Signal use end-to-end encryption, which means the key to accessing these messages is held by the sender and the receiver, and not by the company.

So will these companies have to build a backdoor to these encrypted apps, creating a vulnerability that can be taken advantage by hackers with the right tools?

Well, Turnbull isn’t explicitly asking for a backdoor. Authorities will force companies to give access to these encrypted communications “lawfully” via a warrant or a court order.

“What we need is the cooperation where we can compel it, but we will need the cooperation from the tech companies to provide access in accordance with the law,” Turnbull said.

Encryption keys are devised by a mathematical formula. Asked if whether the laws of mathematics would curb the government’s bid to crack end-to-end encryption, Turnbull said Australia’s laws would overrule. No, you read that right.

“Well, the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia,” he said.

Given terrorists aren’t just using readily available messaging apps, it remains to be seen how the government’s proposed laws will deal with the problem of the dozens of encryption packages out there.

It likely won’t work in reality

Matthew Warren, a cyber security professor at Deakin University, said intelligence agencies will potentially focus their efforts on how they can intercept messages in realtime. But that’s unlikely to work.

“The problem is if it would work in reality. It would only work if you knew the terrorist target that you were tracking, and actually knew what technologies they were using,” he explained.

“In order for this to work in realtime it means the intelligence organisations will need access to the encryption keys. Apple and Facebook and WhatsApp aren’t going to do that.”

Even if certain companies agree to create a backdoor to their apps, Warren said those looking to break the law could simply change to one of the many dozen encrypted apps available on the market.

Nevertheless, he expects “a number of countries” will look to implement similar legal powers, after a G20 statement on countering terrorism encouraged companies to collaborate with law enforcement on providing “lawful and non-arbitrary access to available information.”

Facebook and Apple stand firm on encryption

Following a series of terrorist attacks, Facebook announced it will be using artificial intelligence and employed a team of 150 counterrorism experts to stop terrorist activity on its platform. But it will stop short of weakening encryption for authorities.

“We appreciate the important work law enforcement does, and we understand their need to carry out investigations,” a Facebook spokesperson said via email.

“That’s why we already have a protocol in place to respond to requests where we can. At the same time, weakening encrypted systems for them would mean weakening it for everyone.”

WhatsApp, which Facebook owns, won’t succumb to pressure either. Its co-founder Brian Acton stated in January it will “fight any government request to create a backdoor.”

Apple wouldn’t comment directly on the Australian government’s pressure on encrypted messaging, but pointed to a statement by CEO Tim Cook in which he said the company will never allow backdoor access to its products to any government agency.

We’ll find out if the Australian government’s plans hold much if any water, when the legislation is put to the country’s Parliament by the end of the year.

Read more: http://mashable.com/2017/07/14/australian-government-encrypted-apps/

Russian bill requires encryption backdoors in all messenger apps

Backdoors into encrypted communicationsmay soon be mandatory in Russia.

A new bill in the Russian Duma, the country’s lower legislative house, proposes to make cryptographic backdoors mandatory in all messaging apps in the country so the Federal Security Servicethe successor to the KGBcan obtain special access to all communications within the country.

Apps like WhatsApp, Viber, and Telegram, all of which offer varying levels of encrypted security for messages, are specifically targeted in the “anti-terrorism” bill, according to Russian-language media. Fines for offending companies could reach 1 million rubles or about $15,000.

The new Russian legislation, which has already been approved by the Committee on Security, is just the latest such flare up in a global debate over encryption that earned a bright spotlight in the U.S. earlier this year, particularly after the San Bernardino terrorist attack led the FBI to plead for access to one of the shooter’s encrypted iPhones.

Russian Senator Yelena Mizulina argued that the new bill ought to become law because, she said, teens are brainwashed in closed groups on the internet to murder police officers, a practice protected by encryption. Mizulina then went further.

“Maybe we should revisit the idea of pre-filtering ,” she said. “We cannot look silently on this.”

Encryption uses advanced mathematics to protect data so that even the world’s most powerful computers cannot unlock data they are not meant to have access to. The technology is used in various ways to protect everything from credit card transactions on the internet to your emails and internet traffic.

Government focus on encryption intensified in recent months afterAppleand Googleoffered encryption options on their smartphones. WhatsApp, with over 1 billion users around the world, offers encryption on messaging.

The technology is seen as a fundamental cornerstone of cybersecurity,such that if a business is not using encryption to protect sensitive data, it’s often deemed irresponsible by experts.

But just as encryption keeps out crooks, it keeps out governments, law enforcement, and intelligence agency spying. That’s led to high-level debates around the globe about the rising popularity of encryption.

While government authorities around the world argue in favor of special access backdoors, a vast consensus of technologists argue such backdoors will undermine cybersecurity and create an internet more dangerous and volatile than ever before.

H/TAnton Nesterov

Read more: http://www.dailydot.com/politics/encryption-backdoor-russia-fsb/