Some on social media speculated the resolution would be binding or that legislation was imminent. Neither are true. But it’s another signal that encryption isn’t settled policy in even the privacy-protective EU.
China announced a comprehensive global data security program Tuesday, proposing many of the same international norms agreed upon by Western nations already, while protecting China’s interest in balkanizing the internet. State Councilor and Foreign Minister Wang Yi proposed the “Global Data Security Initiative” in a statement translated here by the New America think tank. According…
Proponents of the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARNIT) might tout its tough stance on online child sexual abuse material but privacy and digital rights advocates contend the bill, just passed by the Senate Judiciary Committee, will erode end-to-end encryption. EARN IT revokes Section 230 protection for internet intermediaries for what…
Zoom said Wednesday that it would extend end-to-end encryption to users of its free service. The popular conferencing platform had drawn criticism for its plans to provide E2EE only to its paid customers but after consulting with civil liberties groups, encryption experts, child safety advocates and others, released an updated and inclusive E2EE design on…
Beginning today, Let’s Encrypt is revoking more than 3 million of its Transport Layer Security (TLS) certificates, following the discovery of a bug that affects the way it rechecks CAA (Certificate Authority Authorization) records. “Most subscribers issue a certificate immediately after domain control validation, but we consider a validation good for 30 days,” explained Jacob Hoffman-Andrew,…
The security firm Keyfactor recently presented information proving that about 250,000 RSA keys are vulnerable to compromise. The report was based on the examination of 175 million RSA certificates and keys. Researchers mined active and publicly available RSA keys to identity any common factors. Keyfactor said Any keys sharing one of their prime factors with…
Nearly a decade after Hillary Clinton began using personal devices and a private email server while Secretary of State – a practice that sparked a heated debate and congressional investigations during the 2016 presidential election cycle – an early impeachment probe into President Trump revealed that diplomats in the administration used WhatsApp and their personal…
Israeli data extraction firm Cellebrite announced the ability to break into any iPhone or Android device for law enforcement agencies near the same time Trump administration officials weighed the pros and cons of banning encryption law enforcement can’t break. Senior Trump officials met Wednesday to discuss whether to seek legislation that would crack down on…
Google’s Project Zero vulnerability hunting team has publicly disclosed an unpatched bug in the SymCrypt cryptography library for Windows, which could create a denial of service condition when the user initiates any function that requires cryptography. Project Zero researcher Tavis Ormandy said in a June 11 tweet that even though the problem is of “relatively…
Australia’s parliament on Thursday passed groundbreaking legislation that instructs tech developers to help law enforcement investigations by intercepting the encrypted communications of suspects’ devices. Known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, the law contains language requiring companies in some cases to build new capabilities to decrypt protected communications if…
