WebProNews

Tag: Bruce Schneier

  • Facebook Will Not Give Authorities a Backdoor to Access Encrypted Messages

    Facebook Will Not Give Authorities a Backdoor to Access Encrypted Messages

    Two months ago we reported on an open letter by Attorney General William Barr and his counterparts in Australia and the United Kingdom, calling on Facebook to create encryption backdoors in its messaging apps. This was followed by the FBI urging Interpol to condemn the use of strong encryption.

    Facebook has officially responded to the Attorney General’s request, via an open letter of their own. In the letter, Will Cathcart, Head of WhatsApp, and Stan Chudnovsky, Head of Messenger, highlight the inherent risks of making encryption weaker, or creating backdoors for authorities to access.

    “We believe that people have a right to expect this level of security, wherever they live. As a company that supports 2.7 billion users around the world, it is our responsibility to use the very best technology available to protect their privacy. Encrypted messaging is the leading form of online communication and the vast majority of the billions of online messages that are sent daily, including on WhatsApp, iMessage, and Signal, are already protected with end-to-end encryption.

    “Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere. The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm. It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it. People’s private

    “And we are not alone. In response to your open letter asking that Facebook break encryption, over 100 organizations, including the Center for Democracy and Technology and Privacy International, shared their strong views on why creating backdoors jeopardize people’s safety. Cryptography Professor Bruce Schneier said earlier this year: ‘You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can’t have ‘We get to spy, you don’t.’ That’s not the way the tech works.’ And Amnesty International commented: ‘There is no middle ground: if law enforcement is allowed to circumvent encryption, then anybody can.’”

    The two executives argued that law enforcement already has viable ways of getting the information they need in cases that demand it.

    “That doesn’t mean that we cannot help law enforcement. We can and we do, as long as it is consistent with the law and does not undermine the safety of our users…. We deeply respect and support the work these officials do to keep us safe and we want to assure you that we will continue to respond to valid legal requests for the information we have available. We will also continue to prioritize emergencies, such as terrorism and child safety, and proactively refer to law enforcement matters involving credible threats.”

    Our initial report on the Attorney General’s open letter highlighted the dangers of weakening encryption or creating backdoors. As Amnesty International said, “there is no middle ground.” Encryption is about basic math. It’s no more possible to have strong encryption with backdoors than it is to break the laws of physics. Hopefully, Facebook’s questionable history with privacy and security will not cloud the very valid argument they are making about the importance of encryption.

  • What Are the Security Risks of the Internet of Things?

    What Are the Security Risks of the Internet of Things?

    IBM Resilient CTO and security guru Bruce Schneier takes a look at the security risks of the Internet of Things in his latest video. He brings up an interesting and rather disconcerting point, IoT devices tend to do critical things like turn on and off power or drive your car, so preventing hacking is even more critical with IoT than typical computers.

    During the writing of this article, I noticed that Bruce Schneier and other cybersecurity experts at IBM are offering a free webinar today on the overall subject of cyber security that you might also be interested in:

    December 6, 2018, at 12:00 PM: The Resilient End of Year Review: The Top Cyber Security Trends in 2018 and Predictions for the Year Ahead

    Bruce Schneier, CTO at IBM Resilient and Special Advisor at IBM Security, provided an overview of the IoT security threat in a recent IBM video:

    What Are the Security Risks of the Internet of Things?

    IoT devices are just computers so all the threats that we’re used to from the computer world get transferred into any IoT device. In addition, they tend to be low cost, not well designed, built offshore, so they have more vulnerabilities. They tend to be deeply embedded in networks and organizations so they have a lot of access. They often control physical processes.

    They turn on and off the power, they drive your car, they’re medical devices, which means the effects of a hack can be much more dangerous. On the one hand, they’re exactly the same as computers. On the other hand, because of how they’re made and what they can do, they’re very different than computers.

    How Will IoT Security Evolve in the Coming Years?

    These are low-cost consumer devices in many cases and there’s not a lot of money or even market demand for security. I think two things will happen. I think there will be more security in some of the more expensive devices.

    Of the cheaper devices, there will be other things that you could purchase to go on your network that will monitor them. We don’t really have them yet but I think that’s where the future is going. We have to assume there’ll be lots of cheaply made insecure IoT devices in every network. How do we get security on top of that? 

    Click Here to Kill Everybody

    Schneier has a brand new book out that goes into the security risks of IoT in depth called, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World.

    Here’s how Bruce Schneier describes the IoT threat: 

    Everything is a computer. Ovens are computers that make things hot; refrigerators are computers that keep things cold. These computers—from home thermostats to chemical plants—are all online. The Internet, once a virtual abstraction, can now sense and touch the physical world.

    As we open our lives to this future, often called the Internet of Things, we are beginning to see its enormous potential in ideas like driverless cars, smart cities, and personal agents equipped with their own behavioral algorithms. But every knife cuts two ways.

    All computers can be hacked. And Internet-connected computers are the most vulnerable. Forget data theft: cutting-edge digital attackers can now crash your car, your pacemaker, and the nation’s power grid.

  • Bruce Schneier Calls Facebook Worst Privacy Offender

    A high-profile and widely respected security expert is not pleased with Facebook.  Indeed, Bruce Schneier said earlier today at the RSA Security Europe Conference that he believes Facebook is the worst social network when it comes to respecting individuals’ privacy.

    Some people have chalked Facebook’s privacy problems up to naivete.  Others seem to have interpreted them as a personal insult from Mark Zuckerberg.  Schneier took what might be considered the middle ground.

    According to John Leyden, the security guru just reasoned, "Less privacy makes a better market for social networks.  Facebook is the worst offender – not because it’s evil but because its market is selling user data to its commercial partners."

    Schneier also said, "Don’t fool yourself that use are the user of social networks – you are the product."

    Then he got tougher on Facebook and social networks in general, adding, "Individuals should have the rights to see, challenge, delete and control their private information."  Plus, "Legislation without enforcement, at an effective level, may as well not exist."

    If it helps, Facebook at least introduced some new security features this afternoon, although they address different issues than the ones Schneier raised.