Miranda – Page 20 – DoGoodSoft's Official Blog

In The Debate Over Strong Encryption, Security And Liberty Must Win

When Sen. Chuck Grassley (R-Iowa) gaveled a Senate Judiciary Committee hearing into session on Wednesday, he called it the “start” of a conversation about privacy, security and encryption. Frankly, it was just the latest forum for a much older discussion.

While it may have been the beginning of a long day on Capitol Hill for FBI Director James Comey, the national conversation about law enforcement and strong encryption has been ongoing since the 1990s and the so-called “Crypto Wars.” While the debate now has a charged geopolitical context, includes the biggest tech companies on the planet and involves smartphone encryption, it’s not a new one.

No crytographers testified at Wednesday’s hearing. If one had been present, he or she might have told the representatives of the Federal Bureau of Investigation and the Justice Department that what they were asking Silicon Valley to develop — retaining the capacity to respond to lawful orders by providing data from computer systems with end-to-end encryption — wasn’t technically feasible in a way that didn’t fundamentally compromise the security of those systems.

If any of the 15 experts in cryptography that authored a new white paper on encryption had been called to testify, they likely would have made that case:

In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse forward secrecy design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.

The FBI and Justice Department may want the tech industry to “try harder” and give a “full, honest effort” to provide a technological way to provide access to encrypted information, but the tech industry isn’t biting.

“Proposals to mandate weakened encryption would undermine security and end user confidence in the Internet without any clear national security benefits,” said Abigail Slater, the vice president of legal and regulatory policy at the Internet Association.

“Strong encryption protects billions of global end users from countless privacy threats ranging from financial fraud to repressive governments stifling speech and democracy. Instead of forcing

companies to lower their security standards, policymakers should promote and protect the wide adoption of strong encryption technology.”

In his spoken testimony, Comey said, “There is no such thing as secure: There’s only more secure and less secure.”

Of that, there is no doubt. “Split key encryption,” where digital master keys to unlock encrypted data or systems are held in escrow, is less secure, just as it was when government officials proposed it nearly two decades ago.

The Justice Department and FBI may want to have a debate on encryption, but they’ve been dealt a losing hand at this table.

As law professor Peter Swire testified later in the Senate hearing, the review group on intelligence and communications technologies that President Barack Obama convened in August 2013 unequivocally recommended supporting strong encryption in its report on liberty and security later that year:

The US Government should take additional steps to promote security, by (1) fully supporting and not undermining efforts to create encryption standards; (2) making clear that it will not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption; and (3) supporting efforts to encourage the greater use of encryption technology for data in transit, at rest, in the cloud, and in storage.

That conclusion is anything but isolated, as Kevin Bankston, the director of the Open Technology Institute at the New America Foundation, pointed out in an essay Tuesday:

…the broad consensus outside of the FBI is that the societal costs of such surveillance backdoors — or “front doors,” as Comey prefers to call them — far outweigh the benefits to law enforcement, and that strong encryption will ultimately prevent more crimes than it obscures.

Tech companies, privacy advocates, security experts, policy experts, all five members of President Obama’s handpicked Review Group on Intelligence and Communications Technologies, UN human rights experts, and a majority of the House of Representatives all agree: Government-mandated backdoors are a bad idea. There are countless reasonswhy this is true, including: They would unavoidably weaken the security of our digital data, devices, and communications even as we are in the midst of a cybersecurity crisis; they would cost the US tech industry billions as foreign customers — including many of the criminals Comey hopes to catch — turn to more secure alternatives; and they would encourage oppressive regimes that abuse human rights to demand backdoors of their own.

Bankston is no zealot, nor has he impugned the honor, intentions or distinguished public service record of Comey, who has notably stood on the side of civil liberties in his career.
What Bankston and many others are saying, and have been saying for years, however, is that protecting the privacy of citizens from those who would do them harm or steal from them is now intrinsically bound to encrypting devices, communications and data.

That’s true whether for cellphones, email, health records, tax transcripts or the of tens of millions of public servants.

This isn’t a competition between privacy and security or a choice between opposing value systems: it’s security and security, and on the line is the capacity of democratic societies to do investigative journalism, engage in digital commerce or securely make transactions with government.

It’s fair to acknowledge that the FBI may have a diminished capacity to conduct some investigations as a result, but in striking an appropriate balance between safety and liberty, that is sometimes the outcome.

FBI chief wants ‘backdoor access’ to encrypted communications to fight Isis

The director of the Federal Bureau of Investigation has warned US senators that the threat from the Islamic State merits a “debate” about limiting commercial encryption – the linchpin of digital security – despite a growing chorus of technical experts who say that undermining encryption would prove an enormous boon for hackers, cybercriminals, foreign spies and terrorists.

In a twin pair of appearances before the Senate’s judiciary and intelligence committees on Wednesday, James Comey testified that Isis’s use of end-to-end encryption, whereby the messaging service being used to send information does not have access to the decryption keys of those who receive it, helped the group place a “devil” on the shoulders of potential recruits “saying kill, kill, kill, kill”.

Comey said that while the FBI is thus far disrupting Isis plots, “I cannot see me stopping these indefinitely”. He added: “I am not trying to scare folks.”

Since October, following Apple’s decision to bolster its mobile-device security, Comey has called for a “debate” about inserting “back doors” – or “front doors”, as he prefers to call them – into encryption software, warning that “encryption threatens to lead us all to a very, very dark place.”

But Comey and deputy attorney general Sally Quillian Yates testified that they do not at the moment envision proposing legislation to mandate surreptitious or backdoor access to law enforcement. Both said they did not wish the government to itself hold user encryption keys and preferred to “engage” communications providers for access, though technicians have stated that what Comey and Yates seek is fundamentally incompatible with end-to-end encryption.

Comey, who is not a software engineer, said his response to that was: “Really?” He framed himself as an advocate of commercial encryption to protect personal data who believed that the finest minds of Silicon Valley can invent new modes of encryption that can work for US law enforcement and intelligence agencies without inevitably introducing security flaws.

While the FBI director did not specifically cite which encrypted messaging apps Isis uses, the Guardian reported in December that its grand mufti used WhatsAppto communicate with his former mentor. WhatsApp adopted end-to-end encryption last year.

“I think we need to provide a court-ordered process for obtaining that data,” said Dianne Feinstein, the California Democrat and former intelligence committee chair who represents Silicon Valley.
But Comey’s campaign against encryption has run into a wall of opposition from digital security experts and engineers. Their response is that there is no technical way to insert a back door into security systems for governments that does not leave the door ajar for anyone – hackers, criminals, foreign intelligence services – to exploit and gain access to enormous treasure troves of user data, including medical records, financial information and much more.

The cybersecurity expert Susan Landau, writing on the prominent blog Lawfare, called Comey’s vision of a security flaw only the US government could exploit “magical thinking”.

Comey is aided in his fight against encryption by two allies, one natural and the other accidental. The natural ally is the National Security Agency director, Michael Rogers, who in February sparred with Yahoo’s chief of information security when the Yahoo official likened the anti-crypto push to “drilling a hole in the windshield”, saying: “I just believe that this is achievable. We’ll have to work our way through it.” The Guardian, thanks to Edward Snowden’s disclosures, revealed in September 2013 that the NSA already undermines encryption.

The less obvious ally is China, whom the FBI blamed last month for stealing a massive hoard of federal personnel data.

In May, China unveiled a national security law calling for “secure and controllable” technologies, something US and foreign companies fear is a prelude to a demand for backdoor entry into companies’ encryption software or outright provision of encryption keys.

Without ever mentioning his own FBI director’s and NSA director’s similar demands, Barack Obama castigated China’s anti-encryption push in March. Obama has also declined to criticize efforts in the UK, the US’s premier foreign ally, to undermine encryption. Prime minister David Cameron is proposing to introduce legislation in the autumn to force companies such as Apple, Google and Microsoft to provide access to encrypted data.

Under questioning from some skeptical senators, Comey made a number of concessions. When Ron Wyden, an Oregon Democrat, asked if foreign countries would attempt to mandate similar access, Comey replied, “I think they might.” The director acknowledged that foreign companies, exempt from any hypothetical US mandate, would be free to market encryption software.
In advance of Comey’s testimony, several of the world’s leading cryptographers, alarmed by the return of a battle they thought won during the 1990s “Crypto Wars”, rejected the effort as pernicious from a security perspective and technologically illiterate.

A paper they released on Tuesday, called “Keys Under Doormats”, said the transatlantic effort to insert backdoors into encryption was “unworkable in practice, raise[s] enormous legal and ethical questions, and would undo progress on security at a time when internet vulnerabilities are causing extreme economic harm”.

Asked by Feinstein if the experts had a point, Comey said: “Maybe. If that’s the case, I guess we’re stuck.”

Kevin Bankston of the New America Foundation called into question the necessity of Comey’s warnings that encryption would lead to law enforcement “going dark” against threats. Bankston, in a Tuesday blogpost, noted that the government’s latest wiretap disclosure found that state and federal governments could not access four encrypted conversations out of 3,554 wiretapped in 2014.

Yet Yates said both that the Justice Department was “increasingly” facing the encryption challenge and that she lacked the data quantifying how serious the challenge was. Yates told the Senate judiciary committee that law enforcement declined to seek warrants in cases of encrypted communications and did not say how often it made such a decision.

OpenSSL to Patch Critical Mystery Bug on Thursday

The OpenSSL project team has sent a rather cryptic alert that it will be patching a high severity bug this Thursday, July 9.

The announcement is terse: “The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as “high” severity. This defect does not affect the 1.0.0 or 0.9.8 releases.”

Unfortunately, the mystery bug is likely to be a big deal. OpenSSL is a security standard encrypting communications between users and the servers provided by a majority of online services. As such, it’s a basic component of a wide swath of the web, affecting various applications and systems, and even embedded devices. That’s one of the reasons why the Heartbleed flaw took months and months to patch even after an update was released.

Heartbleed, a mistake written into OpenSSL, made it viable for hackers to extract data from massive databases containing user names, passwords, private data and so on.

According to OpenSSL’s security policy, “high-severity” flaws are those that affect common configurations and are likely to be exploitable. These can range from server denial-of-service to significant leak of server memory to remote code execution.

“This type of a pre-announcement is intended to give organizations a chance to prepare,” Tim Erlin, director of IT security and risk strategy at Tripwire, said via email. “A huge part of the heartburn with Heartbleed came from the scramble to identify where organizations were vulnerable and how to apply patches. In this case, a little organization can go a long way to a smoother patching cycle. Software vendors who use OpenSSL can be prepared to patch their code and ship new versions faster, and end-users can inventory where they have OpenSSL and set up appropriate testing environments ahead of time.”

FBI director James Comey calls for ‘robust debate’ to limit digital encryption to combat terror groups

FBI director James Comey has called for public debate on the use of encrypted communications, claiming Americans may not realise how radical groups and criminals are using the technology.

Mr Comey’s comments in a blog post appeared to seek further public support for his view — first expressed last year — that improved encryption being developed for digital devices could hinder the efforts of US law enforcement and intelligence operations.

While the FBI chief’s comments sparked criticism in the tech community and among civil liberties activists, Mr Comey said US citizens may not realise how Islamic State (IS) militants used encryption to avoid detection.

“When the government’s ability… to see an individual’s stuff goes away, it will affect public safety,” he wrote on the Lawfare blog. “That tension is vividly illustrated by the current ISIL threat, which involves ISIL operators in Syria recruiting and tasking dozens of troubled Americans to kill people,” he wrote using another acronym to refer to the militant group.

“It is a process that increasingly takes part through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment.”

He added that criminal probes may also be affected because “there is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption”.

The FBI chief and other US officials began expressing concern last year after Google and Apple announced plans to lock communications, leaving keys only in users’ hands, in a way that would prevent access by law enforcement even with a warrant.

Those moves came after an outcry over revelations from former intelligence contractor Edward Snowden exposing vast electronic surveillance programs by the US and its allies.

Mr Comey said in his blog post that “the logic of encryption will bring us, in the not too distant future, to a place where devices and data in motion are protected by universal strong encryption… in such a way that permits access only by participants to a conversation or the owner of the device holding the data”.

He noted that “there are many benefits” to encryption, saying it can protect “our innovation, our private thoughts, and so many other things of value, from thieves of all kinds”. But he added that the public should consider the trade-offs of allowing access to the government under certain conditions.

“Democracies resolve such tensions through robust debate,” Mr Comey said. “It may be that, as a people, we decide the benefits here outweigh the costs and that there is no sensible, technically feasible way to optimise privacy and safety in this particular context.”

“Those are decisions Americans should make, but I think part of my job is make sure the debate is informed by a reasonable understanding of the costs.”

Folder Encryption Software – Ace Secret Folder Has Been Updated to Version 6.66

Ace Secret Folder, a professional folder encyption software, has been updated to version 6.66 recently. In this new version, we have made great improvements, such as fixed some major and minor bugs. Besides, we enhanced the password hint, the encryption efficiency and strength, and the user interface.

Change Log of Ace Secret Folder 6.66:

File Name: Ace Secret Folder

Version: 6.66

File Size: 2.96MB

Language: English

License: Trial Version

OS Support: Win2000/XP/VISTA/Win 7/Win 8

Released on: Jun.26, 2015

Download Address: http://www.dogoodsoft.com/ace-secret-folder/free-download.html

What’s New in This Version:

– Fixed bug unable to change the software skin promptly;

– Fixed bug that software ID exception in specific systems;

– Fixed 5 minor bugs;

* Improved password hint;

* Improved efficiency and strength for Password Protection and Hiding Protection;

* Enhanced software interface for XP.

Why Choose Ace Secret Folder:

Ace Secret Folder is a folder encryption application that makes your folder “secret” and invisible, providing a strong shield to protect your important documents and privacy. It has four main features.

(1) Invisible and without any trace after installation

Ace Secret Folder becomes unseen and without any trace after installation; no one can perceive its existence.

(2) Simple Hotkey Invocation

After Ace Secret Folder is installed, use the shortcut key “Ctrl +Alt + H” to quickly invoke the folder encryption software, so as to encrypt or decrypt a folder. You can set your own software hotkey to hide your secret even deeper.

(3) Folders disappear after encryption

A folder encrypted with Ace Secret Folder becomes completely invisible and disappears from your computer. It can only be opened or decrypted with this folder encryption software.

(4) Fast encryption and decryption

All encryption and decryption in Ace Secret Folder are done in just seconds regardless of the number and size of folders.

Professional Folder Encryption Software – Easy Folder Guard Updated to Version 9.01 Recently

Easy Folder Guard is an excellent folder encryption software that protects your personal folders from prying eyes. You can choose to password-protect, disguise or hide your folders, or protect computer drives t suit you needs.

Change Log of Easy Folder Guard 9.01:

File Size: 2.62MB

Version: 9.01

Released on: July 2, 2015

Category: Encryption Software

Language: English

License: Trial version

Download Address: http://www.dogoodsoft.com/easy-folder-guard/free-download.html

What’s New in This Version:

– Fixed bug error showing password hint;
– Fixed bug unable to auto-close the skin change menu;
– Fixed two minor bugs.

Why Choose Easy Folder Guard:

Easy Folder Guard protects folder with three methods: Password-protect, Hide and Disguise.

For password protection, the password is required to open a password-protected folder, and the password works in any environment. A password-protected folder will be restored to protected status after use and you don’t have to protect it agian. Besides, the password-protected folder is delete-proof, copy-proof and remove-proof.

For a hidden folder, it cannot be found in any environment except in Easy Folder Guard, and the hidden folder will be restored to hidden status automatically after use.

A disguised folder is invisible and you cannot see the original contents in the folder when it is disguised. Besides, a disguised folder will be disguised automatically after use.

In addition, Easy Folder Guard allows you to protect a disk (such as a floppy disk, a hard disk or a CD-ROM) as you wish. It also can disable USB storage devices or set them as read-only.

File Encryption Software Best Encryption Expert Has Been Updated to Version 12.05

The professional file and folder encryption software – Best Folder Encryptor, has been updated to the version 12.05. In this new version, we fixed some minor bugs.

Change Log of Best Encryption Expert 12.03:

File Name: Best Encrypiton Expert

Version: 12.05

File Size: 3.96MB

Category: File/Folder Encryption Software

Language: English

License: Trial version

System Requirements: Win2000/XP/VISTA/Win 7/8

Released on: Jun.15, 2015

Download Address: http://www.dogoodsoft.com/best-encryption-expert/free-download.html

What’s New in This Version:

– Fixed two minor bugs.

Why Choose Best Encryption Expert:

Best Encryption Expert is a powerful file and folder encryption utility mainly for users who often encrypt important files and folders. Best Encryption Expert features super fast and most powerful file and folder encryption. With advanced encryption algorithms, its encryption on your files and folders can be super strong and is faultless. Encrypted files and folders cannot be decrypted without the password, and can be prevented from deletion, copying and removal!

DoGoodSoft Recently Updated Best Disk Lock to Version 2.59

Best Disk Lock is a powerful utility that can completely hide hard disk partitions and CD-ROM drives on your PC, and disable USB storage devices or set them as read-only. In this new version, we have fixed three bugs and made minor enhancements for Best Disk Lock.

Change Log of Best Disk Lock:

File Size: 3.55MB

Version: 2.59

Released on: Jun.23, 2015

Category: System Security Software

Language: English

License: Trial version

Download Address: http://www.dogoodsoft.com/best-disk-lock/free-download.html

What’s New in This Version:

* Enhanced software interface for XP;

– Fixed three minor bugs.

Why Choose Best Disk Lock:

Best Disk Lock is a powerful utility with which you can completely hide disk partitions and CD-ROM drives on your PC, and disable USB storage devices or use them in read-only mode. A partition hidden by Best Disk Lock cannot be found in any environment by anyone except you, so the security and confidentiality of the data stored in your partition can be ensured. It can also be used to configure the security of your computer system and optimize the system. Besides, it allows you to run tools that come with the system conveniently without entering various commands.

Encryption Software Best Folder Encryptor Updated to Version 16.81

The professinal file and folder encryption software – Best Folder Encryptor has been updated to version 16.81 recently. In this new version, we fixed some bugs and enhanced the efficiency and strength for flash encryption and hiding encryption.

Change Log of Best Folder Encryptor:

File Name: Best Folder Encryptor

Version: 16.81

File Size: 3.42MB

Category: Folder Encryption, File Encryption

Language: English

License: Trial version

System Requirements: Win xp/vista/Win 7/Win 8

Released on: Jun.27, 2015

Download Address: http://www.dogoodsoft.com/best-folder-encryptor/free-download.html

What’s New in This Version:

– Fixed bug occurs when encrypting a file;

– Fixed bug in password hint;

* Improved the prompt message shown in software activation window.

Why Choose Best Folder Encryptor:

Best Folder Encryptor is a professional file and folder encryption software. This software features superfast with high security and confidentiality. With the internationally advanced encryption algorithms, encryption methods and file system drivers, the encrypted files and folders cannot be decrypted without the correct password, and are prevented from copy, deletion or removal.

It is convenient to open and edit the encrypted folder or file with the Open feature, and you don’t have to re-encrypt the folder or file after use.

Besides, it supports many powerful features such as data shredding (file/folder shredding), completely hiding hard drive partition, disabling USB storage devices or set them as read-only, etc. All these make Best Folder Encryptor undoubtedly a flawless encryption software and the best helper.

How to recover a saved Wi-Fi password on Android within minutes?

Every now and then you end up with a blanked face when a friend visits your place and tries to connect to your Wi-Fi, while you cannot seem to recall the password, since most default passwords are a combination of letter and numbers.

While you feel rather helpless, you need to know that there are certain ways thanks to which you can retrieve the password within minutes, accessible via PC and rooted Android devices.

First up, let’s take a look at how it is done via PC.

1. On the desktop, look up the Wi-Fi signal present in the bottom-right corner of your screen, next to the time and date. Click on the icon, and a pop-up should appear where you ought to click “Open Network and Sharing Center.”

2. The center should open and under your active networks, you should see the Wi-Fi you are connected to. Click, and a new window, named Wi-Fi Status would open.

3. In the window, click on the Wirless Properties button, and you should land at another window, the last one.

4. A new window, named TitanGate Wirless Network Properties would open, featuring two tabs; connection, and security. Choose the latter, and you should land on the screen from where you can retrieve your password.

5. The network security key holds your password, although it is hidden, showing asterisks. Check the show characters box, and you are done.

In case you happen to have the Wi-Fi saved on your Android device only, and not your PC, you could still retrieve it without having to worry much. However, you need to have a rooted device to be able to retrieve your password. If you happen to have one, follow these simple steps, and you should be able to get the job done with ease.

1. Make your way to the Google Play Store, and get your hands on any root explorer. If you wish to go by our word, we suggest you download Root Browser which is available for free.

2. Once the installation completes, open the app and you should be exposed to a list of folders.

3. Head to data > misc. > Wi-Fi.

4. In the Wi-Fi folder, look up, and open the file named “wpa_supplicant.conf”

5. When prompted, choose the RB Text Editor to view the file.

6. In the following screen, you would be exposed to cryptic codes, where you ought to look out for the Wi-Fi.

7. It should be under “network={“ with the ssid signifying the Wi-Fi you are connected to, and the psk being the password.