• How Secure Are 4- and 6-Digit Mobile Phone PINs

    Apple and Android implement a number of measures to protect their users’ devices. An international team of IT security experts has investigated how useful they are. They found that six-digit PINs actually provide little more security than four-digit ones. They also showed that the blacklist used by Apple to prevent particularly frequent PINs could be optimized and that it would make even greater sense to implement one on Android devices.

  • If We Build It (They Will Break In)

    Attorney General William Barr has staked his ground in the long-running debate over law enforcement access to encrypted communications. Last fall, Barr criticized end-to-end encryption as “enabling dangerous criminals to cloak their communications and activities behind an essentially impenetrable digital shield.” As the debate continues, commentators and policymakers often overlook a historical example of the problems with law enforcement access.

  • A First: All-Optical Stealth Encryption Technology

    Researchers have unveiled the first all-optical “stealth” encryption technology that will be significantly more secure and private for highly sensitive cloud-computing and data center network transmission.

  • Encryption “Backdoors” Would Weaken Election Security: Election Protection Coalition

    A coalition working on improving elections security sent a letter to Attorney General William Barr Wednesday, criticizing the AG for recent comments he made in he called on tech companies to create a “backdoor” in their devices. The backdoor would allow law enforcement to examine the communications of individuals arrested on suspicion of committing crimes or engaging in terrorism.

  • Homomorphic Encryption Improves Cloud Security

    A new approach to encryption — homomorphic encryption system — could improve user perception of cloud computing services where the users are concerned about private or personal data being exposed to third parties.

  • An Open Source Effort to Encrypt the Internet of Things

    End-to-end encryption is a staple of secure messaging apps like WhatsApp and Signal. Such encryption ensures that no one—even the app developer or the device manufacturer—can access the user’s data as it travels the web. “But what if you could bring some version of that protection to increasingly ubiquitous—and notoriously insecure—Internet of Things devices?” asks Lili Hay Newman.

  • Setting New Record for Cracking Encryption Keys

    An international team of computer scientists had set a new record for two of the most important computational problems which are the basis for nearly all of the public-key cryptography which is currently used in the real world.

  • Secure Data Transmission with Ultrasound

    Due to the Internet of Things (IoT), an increasing number of devices have learned to communicate with each other. Ultrasound communication is an entirely new method for data exchange between IoT devices and mobile phones. Researchers have now developed a first open communication protocol including an open-source development kit for ultrasound communication which makes near-field communication safer.

  • Don’t Rush Quantum-Proof Encryption, Warns NSA Research Director

    In 1994, Peter Shor, a mathematician, discovered a way to crack the codes that banks, e-commerce platforms, and intelligence agencies use to secure their digital information. “Shor’s algorithm” drastically shortened the time it took to find the prime numbers that underlie public-key cryptography, making codes that typically take thousands of years to break solvable in a matter of months. Jack Corrigan writes that there was a catch: Shor’s algorithm could run only on quantum computers, and they did not exist twenty-five years ago. They are much closer today, and this has many security experts worried.

  • Why Adding Client-Side Scanning Breaks End-To-End Encryption

    Recent attacks on encryption have diverged. On the one hand, we’ve seen Attorney General William Barr call for “lawful access” to encrypted communications, using arguments that have barely changed since the 1990’s. Erica Portnoy writes that we’ve also seen suggestions from a different set of actors for more purportedly “reasonable” interventions, particularly the use of client-side scanning to stop the transmission of contraband files, most often child exploitation imagery (CEI).

  • Rethinking Encryption

    In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities—including law enforcement—to embrace encryption because it is one of the few mechanisms that the United States and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly from China. This is true even though encryption will impose costs on society, especially victims of other types of crime.

  • Will Canada Weaken Encryption with Backdoors?

    Imagine you wake up one morning and discover that the federal government is requiring everyone to keep their back doors unlocked. First responders need access your house in an emergency, they say, and locked doors are a significant barrier to urgent care. For the good of the nation, public health concerns outweigh the risk to your privacy and security. Sounds crazy, right? Byron Holland writes that, unfortunately, a number of governments are considering a policy just like this for the internet, and there’s growing concern that the Canadian government could soon follow suit.

  • Cryptography without Using Secret Keys

    Most security applications, for instance access to buildings or digital signatures, use cryptographic keys that must at all costs be kept secret. That also is the weak link: who will guarantee that the key doesn’t get stolen or hacked? Researchers, using a physical unclonable key (PUK) and the quantum properties of light, researchers present a new type of data security that does away with secret keys.

  • U.S., U.K. and Australia to Call on Facebook to Create Backdoor to Encrypted Messages

    The United States, United Kingdom, and Australia will pressure Facebook to create a backdoor into its encrypted messaging apps which would allow governments to access the content of private communications, according to an open letter from top government officials to Mark Zuckerberg. The letter is expected to be released Friday. Law enforcement agencies have long argues that encrypted communications, while protecting privacy, also shields criminals and terrorists, making investigations of crimes and acts of terror much more difficult.

  • Child Exploitation and the Future of Encryption

    On Sept. 28, the New York Times published a harrowing, in-depth investigative story on the prevalence of child pornography on the internet. The piece describes a staggering increase in the number of reports flagging child sexual abuse imagery online from an already-high one million in 2014 to an almost unfathomable 18.4 million in 2018—an increase of almost 1,750 percent in just four years. a full 12 million came from just one service, Facebook Messenger. But this vital stream of evidence may soon come to an end. The Times notes that, as part of a controversial effort to become more “privacy-focused.”