Encryption

The UK government has used the Investigatory Powers Act (IPA) to issue Apple with a “technical capability notice” requiring the company to create a backdoor into its encrypted cloud services. The Home Office is specifically interested in bypassing the encryption that secures Apple’s Advanced Data Protection (ADP) service.

This cloud service includes a wealth of user data and, thanks to the use of end-to-end encryption, cannot be accessed by anyone other than the account holder. The UK government demand is part of legislation that forces companies to help law enforcement with investigations, but creating a backdoor would allow a level of access that even Apple does not currently have -- and there are concerns about the potential for abuse.

Despite being an effective tool for safeguarding sensitive information, encryption remains underutilized by many organizations, leaving them vulnerable to cyber threats.

Many companies still rely on perimeter security measures, viewing encryption as optional rather than essential. Misconceptions about the complexity and cost of encryption further hinder its adoption, leading to a reactive approach that often waits for a data breach before taking action.

When it comes to protecting sensitive information like financial data, personal information, and intellectual property, encryption has become a must. By scrambling data through the use of algorithms, only those with access to decryption keys are able to read what's being secured.

Encrypted traffic has fulfilled its intended mission: to lock down data. But, could it simultaneously be helping bad actors slip by undetected? And could encrypted traffic actually make it harder for network defenders to spot threats before it's too late?

Quantum computing presents a substantial problem for securing systems because of its potential to crack existing encryption protocols.

However, the industry is beginning to gear up to face the threat. Tuta, the email provider with the world's first quantum-safe encryption for email, is now launching its new stand-alone encrypted calendar app.

One of the many challenges government and local authorities constantly face is that of keeping up with changes and innovations coming from the outside: conflicts and emergencies, environmental factors, inputs from industries and productions and, of course, evolving technologies. Whether these are developed in the private or public sector, or the academic community, it is unquestionable that tech innovations are tightly woven into everyday life.

These innovations frequently move forward at a speedy pace, spreading across different fields and inevitably reaching a level of integration that can no longer be left to the sole responsibility of the individuals. Thankfully, governments and organizations are increasingly wisening up when it comes to new and emerging technologies, whether this means creating ad hoc policies and regulations (the UK AI bill, the European AI act, the American Privacy Rights Act, or Chat Control) or taking targeted actions towards specific platforms or providers compromising users’ privacy like the TikTok ban for federal and state employees in the USA.

Web services company Proton has long been known for its privacy-centered products including Proton VPN and encrypted cloud storage in the form of Proton Drive.

Today the Swiss company is launching Docs in Proton Drive, a secure and end-to-end encrypted document creation, editing, and collaboration tool integrated with Proton's existing cloud storage product.

Over the last few months, there have been numerous complaints from users of Microsoft Outlook that they are unable to reply to encrypted emails. An error message that reads "Microsoft Outlook was not able to create a message with restricted permission" is displayed.

While Microsoft has acknowledged the issue in the desktop email client, the company is yet to fix it properly. There is, however, a temporary workaround that can be used to make it possible to reply to encrypted emails.

Today, Proton Mail has expanded its secure communication platform with the launch of a dedicated desktop app, which was previously released in beta. The new desktop app complements Proton Mail’s existing web and mobile applications, ensuring users can maintain their email privacy across all devices without being confined to a web browser.

Proton Mail aims to provide users with the ability to access their email in their preferred manner without compromising privacy. The new desktop app addresses the privacy concerns associated with using email services like Outlook, which shares data with numerous external partners, and the risks of accessing emails through browsers like Chrome, which can expose browsing history to advertisers or be exploited by malicious browser extensions.

New rules in Europe means that WhatsApp will have to offer interoperability with other messaging apps and platforms. This is something that Meta has already been talking about, having published its preference for third parties to use the Signal Protocol as the foundation for these E2EE communications.

Use of the Signal Protocol will not be a requirement for interoperability, but whatever protocol is used by a third-party messaging app or platform, it will need to show they offer "the same security guarantees as Signal". To communicate security to users, WhatsApp is introducing a new "end-to-end encrypted" label that will be added to secure chats.

Cybersecurity company Thales is launching a first-of-its-kind Post Quantum Cryptography (PQC) Starter Kit in collaboration with Quantinuum, aimed at supporting enterprises in their transition to a post-quantum era and helping them understand the implications that quantum computing will have on the security of their infrastructure.

While 73 percent of organizations recognize quantum computing poses a threat to traditional cryptography, 61 percent have yet to define a strategy for a post-quantum world.

In March this year, EU countries' interior ministers are due to vote on the introduction of mandatory client-side scanning for all providers in order to identify child abuse material.

But an open letter, published today, from a group of privacy-focused companies warns of the risk of opening up a backdoor and calls on ministers to defend citizen's right to privacy and strengthen the position of EU companies.

In total, 86 percent of all cyber threats, including malware, ransomware, and phishing attacks, are delivered over encrypted channels, according to a new report.

The study from Zscaler also shows threats over HTTPS grew by 24 percent from 2022, underscoring the sophisticated nature of cybercriminal tactics that target encrypted channels.

Today, encryption is a cornerstone of our cybersecurity practices. It protects everything from cell phones and SMS messages to financial transactions and intellectual property.

However, a new challenge in the complex landscape of encryption has recently emerged, thanks to the advancement of quantum computing. What challenges lay ahead? Here is the breakdown:

Today, Global Encryption Day 2023, marks the perfect opportunity to reflect on what has been a highly challenging year for the technology.

Encryption acts as a fundamental safeguard of data privacy, securing data both during transmission and while at rest. It often serves as a primary defense against hackers and is indispensable in preventing unauthorized access to sensitive information. With the risk of reputational damage and massive fines for those who are breached, it is essential for any organizations looking to ensure regulatory compliance.  

A new report goes some way to showing that the BitLocker security feature of Windows 11 could be massively reducing the performance of SSDs.

An investigation found that the data encryption tool, which is enabled by default in Windows 11 Pro, can slow solid state drives by as much as 45 percent. While it would be reasonable to expect a bit of a performance drop overall as the software works away encrypting and decrypting files, few people would expect the hit to be quite so significant.