Miranda – Page 11 – DoGoodSoft's Official Blog

Netherlands opposes backdoors, but encryption still under assault

The Dutch government has officially declared its opposition to any restrictions on the development or use of encryption products, even as Dutch lawmakers are weighing legislation that could mandate backdoor government access to encrypted communications.

In a 4 January 2016 letter to the Dutch parliament, the head of the Ministry of Security and Justice, Ard van der Steur, explained the government’s reasons for endorsing strong encryption, which sound quite similar to those cited by technologists such as Apple’s Tim Cook, the most high-profile critic of backdoors.

According to a translation of the letter, provided by Dutch cybersecurity consultant Matthijs R. Koot, van der Steur points to the uses of encryption for protecting the privacy of citizens, securing confidential communications by government and businesses, and ensuring the security of internet commerce and banking against cybercrime.

Privacy of communications is also a protected right under the Dutch constitution, and a fundamental right protected by the European Convention on Human Rights and the Charter of Fundamental Rights of the EU, van der Steur’s letter says.

The minister acknowledges that criminals and terrorists may also use encryption, making it difficult if not impossible for law enforcement and intelligence services to monitor their communications in defense of national security and public safety.

But van der Steur also observes that encryption is widely available and requires “little technical knowledge, because encryption is often [an] integral part of the internet services that they too can use.”

But because today’s communications products and services use unbreakable encryption, demands that technology companies hand over decrypted data would essentially require weakening encryption to provide backdoors.

Van der Steur notes that any “technical doorways” [backdoors] in encryption would undermine the security of digital systems, making them “vulnerable to criminals, terrorists and foreign intelligence services.”

As fellow Naked Security writer Paul Ducklin put it in a recent article we published about the risks of deliberately weakening cryptographic systems:

[M]andatory cryptographic backdoors will leave all of us at increased risk of data compromise, possibly on a massive scale, by crooks and terrorists…

…whose illegal activities we will be able to eavesdrop and investigate only if they too comply with the law by using backdoored encryption software themselves.

Van der Steur agrees very strongly:

[Backdoors] would have undesirable consequences for the security of communicated and stored information, and the integrity of IT systems, which are increasingly important to the functioning of society.

In his conclusion, van der Steur states:

The government endorses the importance of strong encryption for internet security, for supporting the protection of citizens’ privacy, for confidential communication by the government and companies, and for the Dutch economy.

Therefore, the government believes that it is currently not desirable to take restricting legal measures concerning the development, availability and use of encryption within the Netherlands.

A VICTORY IN THE CRYPTO WARS?

The debate over encryption backdoors goes back to the 1980s and 1990s, was revived in the past two years by law enforcement officials like FBI Director James Comey, and has intensified since the 13 November 2015 terrorist attacks in Paris.

While efforts to pass legislation in the US and UK mandating backdoors have so far been unsuccessful, some advocates fighting against backdoors are worried the Crypto Wars have gone global.

China recently passed an anti-terrorism law that compels technology companies to decrypt data upon request of the government; while in Pakistan, the government’s demand for backdoor access to BlackBerry customer data led the company to pull out of the country entirely.

Concerns over proposed surveillance legislation in the UK has led Apple to take unusually bold steps to oppose passage of the Investigatory Powers Bill.

Apple submitted a letter to the bill’s oversight committee saying language in the draft bill could force Apple to “weaken security for hundreds of millions of law-abiding customers,” in order to allow security services to eavesdrop on encrypted communications such as iMessage.

In the US, Republican Senator Richard Burr, chairman of the Senate Intelligence Committee, has indicated that he wants to propose legislation requiring companies to decrypt data at the government’s request.

Even in the Netherlands, the government’s recent pro-encryption stance is not a complete victory for opponents of backdoors.

As Koot noted on his blog, the pro-encryption policy isn’t guaranteed to remain policy in the future, and Dutch law already requires technology companies to decrypt data sought in targeted investigations.

Meanwhile, the Dutch parliament is considering updating a 2002 security and intelligence law to compel bulk decryption of communications, Koot reports.

The war over backdoors has yet to be lost or won, and it is far from over.

The Netherlands will not weaken encryption for security purposes

The Dutch government believes that confidence in secure communication and storage data is essential for the development of the Dutch economy.

The Netherlands will not follow the trend of weakening encryption for security purposes, according to a statement by the Dutch Minister of Security and Justice.

In contrast, with the United Kingdom where the Investigatory Powers Bill, will ban internet firms of holding client’s private communication information the Dutch government believes that strong encryption is key for the future growth of the Dutch economy.

Daily Dot website reported that Ard van der Steur, the Dutch minister of security and justice, wrote in a statement that the Dutch executive cabinet endorsed “the importance of strong encryption for Internet security to support the protection of privacy for citizens, companies, the government, and the entire Dutch economy”.

The statement continues saying: “Therefore, the government believes that it is currently not desirable to take legal measures against the development, availability and use of encryption within the Netherlands.”

Van der Steur added in the statement that “confidence in secure communication and storage data is essential for the future growth potential of the Dutch economy, which is mainly in the digital economy.”

The Dutch Minister also explained that weakening encryption will not lead to a safer world, as criminal organizations will have easier access to sensitive private information.

According to Daily Dot, the minister of security and justice described at length the virtues of encryption, from protecting laptops against theft to allowing the Dutch government itself to communicate online safely with its citizens about taxes and digital IDs. “Cryptography is key to security in the digital domain,” Van der Steur argued.

Microsoft may have your encryption key:here’s how to take it back

Microsoft may have your encryption key; here’s how to take it back

As happens from time to time, somebody hasspotted a feature in Windows 10 that isn’t actually new and has largely denounced it as a great privacy violation.

The Intercept has written that if you have bought a Windows PC recently then Microsoft probably has your encryption key. This is a reference to Windows’ device encryption feature. We wrote about this feature when it was new, back when Microsoft introduced it in Windows 8.1 in 2013 (and before that, in Windows RT.

Device encryption is a simplified version of the BitLocker drive encryption that made its debut in Windows Vista in 2006. The full BitLocker requires a Pro or Enterprise edition of Windows, and includes options such as integration with Active Directory, support for encrypting removable media, and the use of passwords or USB keys to unlock the encrypted disk. Device encryption is more restricted. It only supports internal system drives, and it requires the use of Secure Boot, Trusted Platform Module 2.0 (TPM), and Connected Standby-capable hardware. This is because Device encryption is designed to be automatic; it uses the TPM to store the password used to decrypt the disk, and it uses Secure Boot to ensure that nothing has tampered with the system to compromise that password.

The final constraint for Device encryption is that you must sign in to Windows with a Microsoft account or a Windows domain account to turn it on. This is because full disk encryption opens the door to all kinds of new data loss opportunities. If, for example, you have your system’s motherboard replaced due to a hardware problem, then you will lose access to the disk, because the decryption keys needed to read the disk are stored in the motherboard-mounted TPM. Some disk encryption users may feel that this is a price worth paying for security, but for an automatic feature such as device encryption, it’s an undesirable risk.

To combat that, device encryption stores a recovery key. For domain accounts, the recovery key is stored in Active Directory, but in the common consumer case, using a Microsoft account, it is instead stored in OneDrive. This recovery key can be used after, say, a motherboard replacement or when trying to recover data from a different Windows installation.

While device encryption is available in all versions of Windows 10, it has a particular significance in the Home version, where the full BitLocker isn’t available. Windows 10 Home also can’t use domain accounts. This means that if you enable device encryption (and on new systems that are set up to use Microsoft accounts, it may well be enabled by default) then the recovery key is necessarily stored on OneDrive.

Lawmakers push for commission on encryption

Congress should create a national commission to investigate the difficulties encryption has created for law enforcement, a bipartisan pair of lawmakers argued Monday in a Washington Post op-ed.

“Congress must be proactive and should officially convene a body of experts representing all of the interests at stake so we can evaluate and improve America’s security posture as technology — and our adversaries — evolve,” said House Homeland Security Committee Chairman Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.).

It’s an idea that McCaul first floated several weeks ago, after terrorist attacks in Paris and San Bernardino, Calif.
The deadly incidents have given new urgency to a long-running debate over encryption. Lawmakers and investigators said they believe the people behind those incidents used encrypted communication to hide their plans.

“This presents an extraordinary security challenge for the United States and our allies,” McCaul and Warner said. “Because extremists are ‘going dark,’ law enforcement officials warn that we are ‘going blind’ in our efforts to track them.”

Officials looking into the Paris attacks said they have definitive evidence the terrorists used the popular encrypted apps Telegram and WhatsApp to help plan the assault that killed 130 people.

“Frustratingly, there are no easy answers,” said McCaul and Warner. “The same tools that terrorists and criminals are using to hide their nefarious activities are those that everyday Americans rely on to safely shop online, communicate with friends and family, and run their businesses.”

For some, the answer is legislation. Senate Intelligence Committee Chairman Richard Burr (R-N.C.) has called for a law that would require companies to decrypt data upon government request. But the tech community is balking at that, arguing that such a mandate would defeat the purpose of encryption.

Major tech players including Apple have even refused to comply with court orders to turn over encrypted data, arguing that they can’t access information secured by their own products. Only this type of inaccessible encryption truly protects data from hackers, technologists insist.

McCaul and Warner agreed with this assessment.

“Encryption is a bedrock of global commerce, and it has helped enhance individual privacy immeasurably,” they said. “It is also integral to our cybersecurity efforts — protecting individuals, U.S. businesses, intellectual property and our nation’s critical infrastructure.”

Yet because this same uncrackable technology is also used to hide nefarious activities, “digital innovations present us with a paradox,” they added.

A bill that would require companies to maintain a guaranteed entry point into their encrypted data would backfire, McCaul and Warner cautioned.

“Such a law could weaken Internet privacy for everyone and could have the unintended consequence of making our information systems more vulnerable to attack,” the pair said. “Moreover, in our globalized world, a U.S.-only solution would likely have only a limited impact and could encourage offenders to simply use technology developed overseas instead.”

But Congress must act, they said, suggesting a national commission of all relevant parties is the right step forward.

“We are seeking the brightest minds from the technology sector, the legal world, computer science and cryptography, academia, civil liberties and privacy advocates, law enforcement and intelligence to collaboratively explore the intersection of technology and security,” the duo said.

McCaul and Warner explained the group would tasked with “generating much-needed data and developing a range of actionable recommendations that can protect privacy and public safety.”

The effort may have momentum in Congress. Several Capitol Hill leaders have appeared hesitant to back Burr’s legislative efforts. McCaul and Warner’s alternative may be more palatable to lawmakers and the tech community.

“We cannot wait for the next attack before we outline our options,” they said.

China Antiterror Law Doesn’t Require Encryption Code Handovers

BEIJING—China passed a new antiterrorism law that stepped back from previous language of concern to global technology firms, but which still raises questions about its scope and the potential impact on companies doing business there.

The law, passed Sunday by China’s rubber-stamp parliament, also authorized the armed forces and paramilitary police to take part in counterterrorism operations in foreign countries with the approval of those countries and Beijing’s military leadership.

Chinese authorities say the law is intended to help prevent terror attacks in China and better protect its citizens overseas, four of whom were killed by militants in Mali and Syria in November.

Beijing has blamed a series of recent attacks in China on jihadist separatists from the northwestern region of Xinjiang, where some of the mostly Muslim Uighur ethnic group have been resisting Chinese rule for decades.

The new law contains much of the language from a draft version released a year ago that U.S. officials, business groups and rights advocates criticized as having an overly broad definition of terrorism and onerous requirements for companies dealing with proprietary commercial information and private data in China.

The final version of the law requires telecom operators and Internet companies to help authorities with decryption of data and other counterterrorism efforts. Unlike the draft version, however, it leaves out some controversial language requiring tech companies to store their data locally and provide their encryption systems for review to be able to operate in China.

Still, the broad wording that tech companies must provide “technical means of support” to China’s government for counterterrorism has prompted concern among some U.S. tech firms, according to a person familiar with the matter.

“Telecommunications and Internet service providers should provide technical interfaces and technical support and assistance in terms of decryption and other techniques to the public and national security agencies in the lawful conduct of terrorism prevention and investigation,” says a final version of the law, published by the official Xinhua News Agency.

China’s law comes as data encryption has become a flash point globally between tech firms and law enforcement authorities. U.S. tech companies such as Apple Inc. and Google Inc. have been clashing with U.S. and European governments over new encryption technologies, which law-enforcement officials say hinder their ability to catch terrorists.

Apple criticized a U.K. proposal on Dec. 21 that would give national-security authorities more power to monitor communications. The proposal would require tech companies to retain “permanent interception capabilities” for communications, including “the ability to remove any encryption.”

U.S. President Barack Obama had spoken in support of the U.K. stance against encryption in January, but backed down from trying to change U.S. law in October.

U.S. Federal Bureau of Investigation Director James Comey said in November that the bureau had been stymied in tracking Islamic State’s recruiting efforts due to use of encrypted communication services.

Following Edward Snowden’s revelations that U.S. authorities inserted so-called backdoors in technology products to allow spying, U.S. tech companies have sought to distance themselves from government surveillance in order to regain the trust of consumers. Apple and Google have released software with encryption they say they are unable to unlock.

Chinese officials say they studied U.S. and European Union legislation while drawing up China’s counterterrorism law.

They have also stepped up efforts in recent months to persuade foreign governments that Uighurs resisting Chinese rule should be considered terrorists.

Beijing has long maintained that Uighur separatists have links to al Qaeda and Chinese officials have said in recent months that at least 300 ethnic Uighurs have joined Islamic State in Iraq and Syria.

Some recent attacks in China have borne the hallmarks of jihadist groups, but rights groups and Uighur activists say much of the violence is provoked by police abuses, excessive religious restrictions and a huge influx of non-Uighur migrants to Xinjiang.

The new law also restricts the right of media to report on details of terrorist attacks and the government’s response.

The counterterrorism law is part of a series of new pieces of legislation that many experts say are designed to tighten the Communist Party’s control over the economy and society, and promote a notion of rule of law that doesn’t undermine its monopoly on power.

President Obama has said he raised concerns about an early draft of the counterterrorism law directly with Chinese President Xi Jinping, saying technology companies would be unwilling to comply with its provisions.

U.S. officials and business groups have also expressed concern over a sweeping new national security law, passed in July, that the government says is needed to counter emerging threats but that critics say may be used to quash dissent and exclude foreign investment.

In May, China’s parliament also published a draft of a new law that seeks to tighten controls on foreign nongovernmental groups. Nearly four dozen U.S. business and professional groups signed a letter to the Chinese government in June urging it to modify that draft, which they said could hurt U.S.-China relations.

Senate Intel chair: “It’s time” for encryption legislation

Congress must enact a law that would require companies to decrypt data upon government request, Senate Intelligence Committee Chairman Richard Burr (R-N.C.) argued Thursday in a Wall Street Journal op-ed.

“Criminals in the U.S. have been using this technology for years to cover their tracks,” Burr said. “The time has come for Congress and technology companies to discuss how encryption — encoding messages to protect their content — is enabling murderers, pedophiles, drug dealers and, increasingly, terrorists.”

The recent terrorist attacks in Paris and San Bernardino, Calif., have reignited the debate over encryption. Lawmakers and investigators have said they believe the people behind those incidents likely used encrypted platforms to help hide their plans.
Burr has been one of Capitol Hill’s leading proponents of legislation that forces companies to crack their own encryption. But the tech community has pushed back, arguing that such a mandate would make encrypted data less secure.

Major tech players like Apple have even refused to comply with court orders for encrypted data, arguing that they can’t access their own secured information.

Burr said this has become a serious issue for law enforcement.

“Even when the government has shown probable cause under the Fourth Amendment, it cannot acquire the evidence it seeks,” he said, adding, “Technology has outpaced the law.”

Burr explained that the Communications Assistance for Law Enforcement Act of 1994 “requires telecommunications carriers — for instance, phone companies — to build into their equipment the capability for law enforcement to intercept communications in real time.”

“The problem is that it doesn’t apply to other providers of electronic communications, including those supporting encrypted applications,” he said.

It’s time for Congress to close that loophole with legislation, Burr insisted.

But it’s unclear if Burr would have the momentum to move his proposed bill. While Senate Intelligence Committee Ranking Member Dianne Feinstein (D-Calif.) has said she will work with him on his efforts, other congressional leaders seem more hesitant.

Many have suggested the government must simply do a better job of working with Silicon Valley to come up with a non-legislative solution.

House Homeland Security Committee Chairman Michael McCaul (R-Texas) recently proposed “a national commission on security and technology challenges in the digital age.” The commission, tasked with creating alternatives to legislation, would include tech companies, privacy advocates and law enforcement officials.

Burr countered that the tech community has almost forced Congress’s hand.

“I and other lawmakers in Washington would like to work with America’s leading tech companies to solve this problem, but we fear they may balk,” Burr said.

He noted that when Apple refused to comply with the court order seeking encrypted data, the company argued, “This is a matter for Congress to decide.”

“On that point, Apple and I agree,” he said. “It’s time to update the law.”

Best Disk Lock Has Been Updated to Version 2.62

The powerful data protection software-Best Disk Lock has been updated to version 2.62. There are many improvements in version 2.62, which are designed to make the program even easier to use. The latest version software not only improved the stability for disk elementary-lock, changed the Lock Log to Lock Record for easily unlocking, but also fixed the BUG that an error message occurred when the disk is opened after being unlocked in Windows XP.

Besides, six new features are introduced in this new version: added the feature to automatically open the disk when unlocking it, added the option for users that whether to recover the unlocked disk(s) to lock status, added the feature to automatically open the file or folder when unlocking it, added the option for users that whether to recover the unlocked file(s) or folder(s) to lock status, added Lock Record for easily unlocking, added the feature Forbid using the unassigned drive letters for more control on USB storage devices.

Change Log of Best Disk Lock 2.60:

File Name: Best Disk Lock

Version: 2.62

File Size: 3.43MB

Category: System Security Software

Language: English

License type: Trial Version

OS Support: Win2000/XP/VISTA/Win 7/Win 8

Released on: Dec.22, 2015

Download Address: http://www.dogoodsoft.com/best-disk-lock/free-download.html

What’s New in This Version:

* Changed the Lock Log to Lock Record for easily unlocking.

– Fixed a BUG that an error message occurred when the disk is opened after being unlocked in Windows XP.

Why Choose Best Disk Lock:

Best Disk Lock is a powerful utility that can not only completely hide disk partitions and CD-ROM drives on your PC, disable USB storage devices or set them as read-only, but also forbid using the unassigned drive letters . The partition with advanced-lock cannot be found in any environment by anyone else, so the security and confidentiality of your data on this partition can be ensured.

The feature Lock File is to change the access permissions of file, folder or disk in NTFS-formatted partitions, by which teh file/folder/disk will be prohibited or allowed to access. Besides, Best Disk Lock can configure the security of your computer system and optimize the system.

Apple CEO Tim Cook Mounts Defense of Encryption on “60 Minutes”

In a “60 Minutes” appearance Sunday, Apple CEO Tim Cook reiterated his support of encryption, in the face of renewed criticism from the U.S. intelligence community that these digital locks interfere with the ability to detect threats to national security.

Cook used an interview with CBS’s Charlie Rose to lay out his argument for why weakening encryption on consumer devices is a bad idea.

“If there’s a way to get in, then somebody will find the way in,” Cook said. “There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door’s for everybody, for good guys and bad guys.”

Following the mass murders in Paris and San Bernardino, Apple and other technology companies have come under mounting pressure to give U.S. law enforcement access to their consumers’ encrypted messages. FBI Director James Comey complained that potential attackers are using communications platforms that authorities can’t access — even through warrants and wiretaps.

“I don’t believe that the trade-off here is privacy versus national security,” Cook said in the interview. “I think that’s an overly simplistic view. We’re America. We should have both.”

Cook said modern smartphones such as the iPhone contain sensitive information: Personal health details, financial data, business secrets and intimate conversations with family, friends or co-workers. The only way to ensure this information is kept secure is to encrypt it, turning personal data into indecipherable garble that can only be read with the right key — a key that Apple doesn’t hold.

Apple will comply with warrants seeking specific information, Cook said, but there’s only so much it can provide.

Moving to other topics, Cook defended Apple’s tax strategy, which has drawn criticism from Congress. He described as “total political crap” charges that Apple is engaged in an elaborate scheme to pay little or no taxes on overseas income. He also discussed the company’s use of one million Chinese workers to manufacture most of its products, saying they possess the skills that American workers now lack.

“The U.S., over time, began to stop having as many vocational kind of skills,” Cook said in the interview. “I mean, you can take every tool and die maker in the United States and probably put them in the room that we’re currently sitting in. In China, you would have to have multiple football fields.”

The television news magazine also took viewers on a tour of Apple’s headquarters. Rose talked with design guru Jony Ive about the Apple Watch inside the secret design studio, where the wooden tables were draped with covers to shield future projects from the camera.

Apple CEO Tim Cook Mounts Defense of Encryption on "60 Minutes"

Retail chief Angela Ahrendts escorted Rose to a mock Apple Store in an unmarked warehouse off the main Cupertino campus.

And, armed with cameras and drones, Rose ascended a giant mound of earth to visit to the site of Apple’s future corporate headquarters, a building dubbed the “spaceship” by many. The $5 billion project, with 7,000 trees, fruit and vegetable gardens and natural ventilation system, is expected to one day house 13,000 employees.

Paris attack planners used encrypted apps, investigators believe

French counterterrorism investigators believe that the men suspected in last month’s Paris attacks used widely available encryption tools to communicate with each other, officials familiar with the investigation said, raising questions about whether the men used U.S.-made tools to hide the plot from authorities.

Investigators have previously said that messaging services WhatsApp and Telegram were found on some of the phones of the men suspected in the November attacks that claimed 130 victims. But they had not previously said that the services had been used by the men to communicate with each other in connection with the attacks. The two services are free, encrypted chat apps that can be downloaded onto smartphones. Both use encryption technology that makes it difficult for investigators to monitor conversations.

The findings of the investigation were confirmed by four officials, including one in France, who are familiar with the investigation. All spoke on the condition of anonymity because they were not authorized to speak publicly about the ongoing inquiry. A spokeswoman for the Paris prosecutor’s office, which is leading the investigation, declined to comment.

The investigators’ belief that WhatsApp and Telegram had been used in connection with the attacks was first reported by CNN.

The revelation is likely to add fuel to calls in Congress to force services such as WhatsApp, which is owned by Facebook, to add a back door that would enable investigators to monitor encrypted communications. Such demands have grown stronger in the wake of the Paris attacks and after other attacks in the United States in which the suspects are believed to have communicated securely with Islamic State plotters in Syria.

Already, security hawks in Congress, citing the likelihood that the Paris attackers used encrypted communications, have called for legislation to force companies to create ways to unlock encrypted content for law enforcement. Sen. Dianne Feinstein, D-California, vice-chairman of the Senate Intelligence Committee, has begun working on possible legislation. And Sen. John McCain, R-Arizona, chairman of the Senate Armed Services Committee, has promised hearings on the issue, saying, “We’re going to have legislation.”

FBI Director James B. Comey last week cited a May shooting in Garland, Texas, in which two people with assault rifles attempted to attack an exhibit of cartoons of the prophet Muhammad. Investigators believe they were motivated by the Islamic State. Comey told the Senate Judiciary Committee that encrypted technology had prevented investigators from learning the content of communications between the shooters and an alleged foreign plotter.

“That morning, before one of those terrorists left and tried to commit mass murder, he exchanged 109 messages with an overseas terrorist,” Comey told the committee. “We have no idea what he said, because those messages were encrypted.”

Tech firms such as Apple have opposed such calls, saying that such a requirement would render their services and devices less secure and simply send users elsewhere. Apple began placing end-to-end encryption on its chat and video call features several years ago. Then last year, in the wake of revelations by former National Security Agency contractor Edward Snowden about the scope of U.S. surveillance, Apple announced it was offering stronger encryption on its latest iPhones. And more tech firms began to question what had once been routine law enforcement requests to comply with court-ordered wiretaps.

A spokesman for Facebook declined to comment about whether the attackers used WhatsApp. A representative for Germany-based Telegram did not respond to a request for comment.

The officials familiar with the Paris investigation did not say when the services were used, how frequently or for what purpose. One of the officials said investigators believe that the attackers used Telegram’s encrypted chat function more frequently than they used WhatsApp. It was not clear whether authorities were able to obtain “metadata,” information indicating the times and dates of chat messages from either company’s servers. Nor was it clear whether authorities had been able to recover the messages from the phones themselves.

Not all encrypted apps are equal. WhatsApp offers end-to-end encryption between two users on some platforms, such as Android phones. That means the chat content is not visible to Facebook but only to the sender and receiver. WhatsApp is in the process a rollout for Apple’s iPhones. Telegram’s Secret Chat feature is end-to-end encrypted. However, a number of experts say that Telegram is not secure.

“It’s home-brew crypto style,” said Lance James, chief scientist at Flashpoint, a threat intelligence firm. The Telegram developers have “introduced unnecessary risk by making up their own cryptography rules.” He said he was “fairly certain” that advanced spy agencies could find ways around the encryption.

The group chat functions on the apps do not offer end-to-end encryption, which means anyone with access to WhatsApp or Telegram’s servers can read the chats.

European authorities have come under heavy criticism for failing to disrupt the Paris attacks, and it is unclear whether encrypted messaging played an important role in the plot’s success. Ringleader Abdelhamid Abaaoud, a Belgian citizen, was being monitored by European authorities but nevertheless managed to travel to Syria and back this year.

Another suspect, Salah Abdeslam, is still at large despite having been stopped by French police at the Belgian-French border hours after the attacks. He used his real identity documents, but he was not yet in a database, Belgian Interior Minister Jan Jambon told the Belgian VTM broadcaster in an interview aired this week.

“We were simply unlucky,” he said.

Then, investigators believe, Abdeslam went into hiding in a building in the Molenbeek district of Brussels, and Belgian Justice Minister Koen Geens said that a Belgian law banning police raids between 9 p.m. and 5 a.m. may have played a role in his subsequent escape.

FBI chief James Comey says Calif. killers used encrypted email, but not social media

The couple who killed 14 people and wounded nearly two dozen others this month in California chatted secretly of jihad long before they married or entered the United States, not on social media as politicians have claimed, FBI Director James Comey said Wednesday at a Manhattan law enforcement conference, where he urged the public to remain alert for signs someone close to them is being radicalized online.

Comey said those messages between Syed Rizwan Farook and Tashfeen Malik were direct, private messages well before their attack in San Bernardino, California.

“So far, in this investigation we have found no evidence of posting on social media by either of them at that period in time and thereafter reflecting their commitment to jihad or to martyrdom,” he said, referring to the reports suggesting that Malik had spoken openly on social media about jihad and that background checks had not detected those comments.

Comey made his statements at 1 Police Plaza, first at the NYPD Shield Conference, which included several hundred security personnel who work in the private sector and who collaborate with the NYPD, and again at a news conference.

“The threat comes from social media, which revolutionized terrorism,” Comey said.

Comey revealed for the first time that the shooting deaths last July of five people after attacks on two military installations in Chattanooga, Tenn., have now officially been classified as a terrorist attack. The assailant in that attack, Muhammad Youssef Abdulazeez, a naturalized U.S. citizen living in Hixson, Tenn., was killed by police gunfire after he shot and killed four Marines and a sailor and wounded three other people.

The White House on Wednesday said President Obama plans to visit San Bernardino on Friday and meet with the families of shooting victims there.

Comey said he understands Americans are jittery, but citizens should try to channel their awareness into vigilance, not panic. He said the threat from the Islamic State group, known as ISIS or ISIL, has not changed — but it’s vastly different from how terror cells operated around the time of the Sept. 11 attack. “Your parents’ al-Qaida is a very different model and was a very different threat that what we face today,” he said.

For example, he said, some Twitter messages cannot be “unlocked” by law enforcement, making it impossible for them to track communications between terrorists.

Comey said Farook and Malik communicated via encrypted email which investigators have not been able to crack.

“The bottleneck here is there are a lot people who have designed these products and they can’t access it themselves because that is what the market requires,” Comey said. He said he hoped further public debate on encryption will convince the public to accept that unlocking encryptions is needed by law enforcement to battle global terrorism.

Comey said the messages relayed from foreign terrorist groups are as succinct as “I will kill where I am.” Comey said such messages have inspired homegrown terrorists, who are receiving these messages on their phones daily.

Comey also urged the public not to “freak out” because they are anxious about another homegrown terrorist attack. Instead, he said, “We need the public to be aware and not to be fearful, but instead have a healthy awareness of their surroundings and report something if they see something. Tells us [law enforcement], because we need your help, and then live your life and let us do our job.”

NYPD Commissioner William Bratton echoed Comey’s comments. “To prevent crime, disorder and now terrorism we must go where it begins . . . in the minds of those who hate and feel victimized. People who see this are moms and dads.”

Bratton said the terrorists are “propagandizing messages that are slick and professional and are inspiring attacks.”