White House Backs Off Encryption

In a victory for tech firms, the Obama administration will not force firms to breach the security of their products in order to provide information to law enforcement. The decision comes after a year after encryption introduced on iPhones and some Android phones sparked a debate between law enforcement and tech companies over access to phone data. With iOS 8, most data stored on the phone and communications over services like iMessage were encrypted in a way that only users could access it — not even Apple could.

FBI director James Comey then sounded the alarm that phone encryption would prevent law enforcement from accessing crucial information, warning “going dark” would derail crucial investigations. However technologists argued creating a so-called “back door” for law enforcement would create a security vulnerability that could be exploited by hackers and spies.

Comey signaled the administration was backing down in a Congressional hearing this week when he said the White House would not seek legislation to require companies to provide so-called “back doors” for law enforcement officials to access encrypted data. But on Saturday the New York Times reported the White House’s position goes even further. The White House will continue to require tech companies to cooperate with law enforcement, but the administration will not require them to exploit the security of their own products.

Intelligence agencies and law enforcement will now be reliant on work-arounds for encryption. They can seek data backed up to the cloud or unencrypted forms of communication through service providers, such as records of phone calls. They can also attempt to compel phone owners to turn over their passcodes.

The White House’s position represents a victory for privacy advocates in the wake of the disclosures of government contractor Edward Snowden about the surveillance practices of the National Security Agency. But the decision will likely draw anger from intelligence agencies as well as some lawmakers. Recently, Senate Judiciary Committee Chairman Chuck Grassley wrote a letter to the White House criticizing it for not taking a strong stance on encryption.

Still the New York Times report says tech firms do not think the administration has done enough. They are calling for the White House to release a clear statement it can bring to China and Europe, where government officials are threatening to ban encrypted devices or require companies to provide back door access.
Techcrunch: http://tcrn.ch/1PjwHno

 

« What is 'safe harbour' the EU Declared Invalid?
UK Crime Rate Soars as CyberCrime Included »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Tanium

Tanium

Tanium delivers Autonomous Endpoint Management (AEM) with the industry’s only true real-time platform for AI.

Cyberia Group

Cyberia Group

Cyberia is a leading Internet and Security services provider with operations in Saudi Arabia, Lebanon and Jordan.

Salient CRGT

Salient CRGT

Salient CRGT is a leading provider of health, data analytics, cloud, agile software development, mobility, cyber security, and infrastructure solutions.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Logsign

Logsign

Logsign is a Security Orchestration, Automation and Response (SOAR) platform with next-gen Security Information and Event Management (SIEM) solution.

Uniwan

Uniwan

Uniwan is an IT services company specializing in networking and security.

Sphonic

Sphonic

Sphonic provides regulated institutions of any size a powerful compliance & risk platform to quickly and securely onboard new customers and manage ongoing AML and Fraud & Risk trends.

e-End

e-End

e-End provides hard drive shredding, degaussing and data destruction solutions validated by the highest electronic certifcations to keep you compliant with GLB, SOX, FACTA, FISMA, HIPAA, COPPA, ITAR.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

SENTRIQS

SENTRIQS

SENTRIQS advanced encryption technology is engineered to defend against the most sophisticated cyber threats, keeping your operations efficient and secure.