24 Matching Annotations
  1. Jan 2024
    1. Some observers say law enforcement’sinvestigative capabilities may be outpaced by the speed oftechnological change, preventing investigators fromaccessing certain information they may otherwise beauthorized to obtain. Specifically, law enforcement officialscite strong, end-to-end encryption, or what they have calledwarrant-proof encryption, as preventing lawful access tocertain data.

      "warrant-proof" encryption

      Law enforcement's name for "end-to-end encryption"

  2. Aug 2021
    1. Zoom told its users that their video calls were end-to-end encrypted when actually they were protected by TLS encryption. Zoom generated and stored the keys to its users’ encrypted information on its servers rather than on its users’ devices, meaning anyone with access to those servers could monitor the unencrypted video and audio content of Zoom meetings. These servers are located around the world, often in countries where companies can be forced to share user data with law enforcement organizations. What’s worse is that, according to the most recent lawsuit, Zoom’s response made it clear that it “knew that it did not use the industry-accepted definition of E2E encryption and had made a conscious decision to use the term ‘end-to-end’ anyway”.
  3. Nov 2020
    1. People want to be able to choose which service they use to communicate with people. However, today if you want to message people on Facebook you have to use Messenger, on Instagram you have to use Direct, and on WhatsApp you have to use WhatsApp. We want to give people a choice so they can reach their friends across these networks from whichever app they prefer.We plan to start by making it possible for you to send messages to your contacts using any of our services, and then to extend that interoperability to SMS too. Of course, this would be opt-in and you will be able to keep your accounts separate if you'd like.

      Facebook plans to make messaging interoperable across Instagram, Facebook and Whatsapp. It will be opt-in.

  4. Oct 2020
    1. Mr Dutton will renew his attack on Facebook and other companies for moving to end-to-end encryption, saying it will hinder efforts to tackle online crime including child sexual abuse.This month, Australia joined its "Five-Eyes" intelligence partners – the United States, Britain, New Zealand and Canada – along with India and Japan, in signing a statement calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted messages.

      Countering child exploitation is an extremely important issue. It's a tough job and encryption makes it harder. But making encryption insecure is counter intuitive and has negative impacts on digital privacy. So poking a hole in encryption, while it can assist with countering child exploitation, can also inadvertently be helping, for example, tech-enabled domestic abuse.

      Hopefully DHA understands this and thus have thrown it back at the tech companies to come up with a solution for law enforcement.

  5. Jun 2020
    1. As billions of conversations transition online over the coming weeks and months, the widespread adoption of end-to-end encryption has never been more vital to national security and to the privacy of citizens in countries around the world.
    2. Proponents of this bill are quick to claim that end-to-end encryption isn’t the target. These arguments are disingenuous both because of the way that the bill is structured and the people who are involved.
    3. For a political body that devotes a lot of attention to national security, the implicit threat of revoking Section 230 protection from organizations that implement end-to-end encryption is both troubling and confusing. Signal is recommended by the United States military. It is routinely used by senators and their staff. American allies in the EU Commission are Signal users too. End-to-end encryption is fundamental to the safety, security, and privacy of conversations worldwide.
    4. The EARN IT act turns Section 230 protection into a hypocritical bargaining chip. At a high level, what the bill proposes is a system where companies have to earn Section 230 protection by following a set of designed-by-committee “best practices” that are extraordinarily unlikely to allow end-to-end encryption. Anyone who doesn’t comply with these recommendations will lose their Section 230 protection.
    1. Matrix provides state-of-the-art end-to-end-encryption via the Olm and Megolm cryptographic ratchets. This ensures that only the intended recipients can ever decrypt your messages, while warning if any unexpected devices are added to the conversation.
    1. More than two billion users exchange an unimaginable volume of end-to-end encrypted messages on WhatsApp each day. And unless an endpoint (phone) is compromised, or those chats are backed-up into accessible cloud platforms, neither owner Facebook nor law enforcement has a copy of those encryption keys.
    1. “End-to-end encryption,” NSA says, “is encrypted all the way from sender to recipient(s) without being intelligible to servers or other services along the way... Only the originator of the message and the intended recipients should be able to see the unencrypted content. Strong end-to-end encryption is dependent on keys being distributed carefully.” So, no backdoors then.
    2. On April 24, the U.S. National Security Agency published an advisory document on the security of popular messaging and video conferencing platforms. The NSA document “provides a snapshot of best practices,” it says, “coordinated with the Department of Homeland Security.” The NSA goes on to say that it “provides simple, actionable, considerations for individual government users—allowing its workforce to operate remotely using personal devices when deemed to be in the best interests of the health and welfare of its workforce and the nation.” Again somewhat awkwardly, the NSA awarded top marks to WhatsApp, Wickr and Signal, the three platforms that are the strongest advocates of end-to-end message encryption. Just to emphasize the point, the first criteria against which NSA marked the various platforms was, you guessed it, end-to-end encryption.
    3. And while all major tech platforms deploying end-to-end encryption argue against weakening their security, Facebook has become the champion-in-chief fighting against government moves, supported by Apple and others.
    4. While this debate has been raging for a year, the current “EARN-IT’ bill working its way through the U.S. legislative process is the biggest test yet for the survival of end-to-end encryption in its current form. In short, this would enforce best practices on the industry to “prevent, reduce and respond to” illicit material. There is no way they can do that without breaking their own encryption. QED.
    1. One thing that would certainly be a game-changer would be some form of standardized RCS end-to-end encryption that allows secure messages to be sent outside Google Messages.
    2. You should not use a messaging platform that is not end-to-end encrypted, it really is as simple as that.
    3. The answer, of course, is end-to-end encryption. The way this works is to remove any “man-in-the-middle” vulnerabilities by encrypting messages from endpoint to endpoint, with only the sender and recipient holding the decryption key. This level of messaging security was pushed into the mass-market by WhatsApp, and has now become a standard feature of every other decent platform.
    1. Just like Blackberry, WhatsApp has claimed that they are end to end encrypted but in fact that is not trueWhatsApp (and Blackberry) decrypt all your texts on their servers and they can read everything you say to anyone and everyoneThey (and Blackberry) then re-encrypt your messages, to send them to the recipient, so that your messages look like they were encrypted the entire time, when in fact they were not
    2. The only messaging app that has been proven, by an independent authoritative agency, is Apple’s Messages app (which uses Apple’s iMessage protocol that is truly end to end encrypted, Apple cannot read any of your texts which means that no one can read any of your texts)