IS uses Encrypted Apps says FBI Chief

Uploaded on 2015-07-21 in INTELLIGENCE--International, GOVERNMENT-Law Enforcement, FREE TO VIEW, NEWS-Cybersecurity News

hqdefault.jpg

Wickr App Seeks To Outsmart FBI With Peer-To-Peer Encryption

FBI Director James Comey told US lawmakers recently that law enforcement agents are unable to access encrypted platforms, that are being used by Islamic State to recruit lone-wolf terrorists.
“This is not your grandfather’s al-Qaeda,” Comey told lawmakers during a Senate hearing. He said Islamic State is reaching out to 21,000 English-speaking followers on Twitter and other social-media networks and then directing them to encrypted messaging applications that his agency can’t access.

Companies such as Apple Inc. and Google Inc. are using harder-to-crack encryption in smartphones to protect user data and privacy, but the tools are also impeding criminal and law enforcement investigations into terrorists, Comey told the Senate Judiciary Committee.
“We’re not seeking special law enforcement access to any information,” Deputy Attorney General Sally Quillian Yates testified. While the government already has the legal authority to obtain electronic information using court warrants, some encryption technology can make data available only to the user. Yates said that the government wants companies to retain some capability to access encrypted data of users.

In a Senate intelligence committee hearing later, Senator Dianne Feinstein, a California Democrat, suggested that legislation could compel technology companies that don’t voluntarily keep a key to customers’ encrypted data.
Technology companies are working to block federal efforts to deliberately weaken encryption -- a method of scrambling data so it’s only accessible with a special key -- that protects e-mails, social media posts, instant messages and text messages.
They say revelations of government spying in documents leaked by former US contractor Edward Snowden have eroded consumer confidence in the security of their products and will cost more than $35 billion in lost sales and contracts by 2016, according to a report by the Information Technology and Innovation Foundation.

Under the Obama administration, the Federal Bureau of Investigation and the National Security Agency have called for government access to encrypted communications. Yates said Wednesday that the government doesn’t want the technology industry to build defects or “backdoors” into products to allow law enforcement access.

Comey also testified before the Senate intelligence committee and said that ramping up encryption technology comes at the expense of public safety. Law enforcement can access online communications with a warrant. “We cannot break strong encryption,” Comey said. It’s like trying to find a needle in a haystack, he said, but “the needle at that point goes invisible.”
In another analogy, Comey compared law enforcement’s struggle to access encrypted information to a safe or closet that can’t be broken into. This makes it particularly difficult for the agency to intercept communications between Islamic State and Americans vulnerable to recruitment.

A group of code specialists in a paper recently released argued that allowing law enforcement access to encrypted communications would compromise data security. “These proposals are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm,” the group wrote.

Several technology companies, including Apple and Google, have beefed up encryption on smartphones to protect users’ data and ensure privacy.

Info-management: http://bit.ly/1e2hkiC

 

 

« IBM Unveils Most Powerful Chip Ever Created
Adobe Tackles New Flash Threat After Hacker Team Leak »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Imperva

Imperva

Imperva is a leading provider of data and application security solutions including DDoS protection, Web application security, Data security and Cloud security.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

K&D Insurance Brokers

K&D Insurance Brokers

K&D provide insurance for all sectors of industry and commerce including cyber risk cover.

maCERT

maCERT

maCERT is the national Computer Emergency Response Team for Morocco.

Certus Software

Certus Software

Our Secure Data Erasure solutions protect customer data confidentiality by completely erasing it from data storage devices.

Wind River

Wind River

Wind River delivers the technology and expertise that enables the deployment of safe, secure, and reliable intelligent connected systems.

Mindmajix Technologies

Mindmajix Technologies

Mindmajix is a live and interactive e-learning platform that offers professional online IT training in areas including cyber security.

VikingCloud

VikingCloud

VikingCloud (formerly Sysnet Global Solutions) offers organizations an integrated cybersecurity and compliance solution to make informed, predictive, and cost-effective risk mitigation and prevention

Swiss Cyber Forum (SCF)

Swiss Cyber Forum (SCF)

The Swiss Cyber Forum (SCF) builds competences and helps its members to mitigate the cyber risks associated with digitalisation.

DoQubiz Technology

DoQubiz Technology

DoQubiz is using the idea of security through obscurity to develop their proprietary Fractal Security Engine that implements a highly resilient data protection protocol.

Panther Labs

Panther Labs

Panther’s mission is to make security monitoring fast, flexible and scalable for all security teams.

Dig Security

Dig Security

Dig Security offers the first data detection and response (DDR) solution, providing real-time visibility, control and protection of your data assets across any cloud.

Infosys

Infosys

Infosys is a global leader in consulting, technology and outsourcing solutions.. Services include IT strategy, technical architecture and operations including cybersecurity.

Unified National Networks (UNN)

Unified National Networks (UNN)

UNN’s mission is to unify the national networks and create a modern and cost efficient digital platform connecting the entire country.

APCERT

APCERT

APCERT cooperates with CERTs and CSIRTs to ensure internet security in the Asia Pacific region, based around genuine information sharing, trust and cooperation.

LockMagic

LockMagic

Lockmagic is an information asset management solution to protect, track, audit and control accesses to sensitive information inside and outside your organization.