DoGoodSoft's Official Blog

Blackberry PGP Encrypted Phones With Latest BB12 Encryption Technology Released

Blackberry Encrypted Phones have Blackberry PGP email encrypted devices that offer safe and secure solutions for wireless communications.

Android and iPhones have proven to be unreliable when it comes to encryption and data protection. These popular devices have been relatively reduced to the status of toys when it comes to industrial or professional grade protection against espionage at any level. No one knows where the compromise begins and ends with these platforms whose very hardware was born with the idea of giving access to those who demanded it from certain levels.

The engineers at BBPGP.com have found that Blackberry PGP email encryption devices offer the highest level of security for wireless communications. This Blackberry PGP encryption technology allows for the highest encryption standards for email accounts. This encryption is done through BES servers.

The Blackberry PGP email encryption system is designed to be user friendly so that any level of user can conveniently protect their private information. This PGP encryption is available for private users or businesses who rely on security and privacy. It works by heavily encrypting all messages so that even if they were intercepted by a third party, it would be indecipherable.

Mark Spencer, Representative for BBPGP.com comments, “The Blackberry PGP email encryption devices is the most familiar way to communicate safely. This Blackberry PGP cryptofoons have been specially developed to communicate without the risk that the information sent by a third party, such as a government agency is intercepted safe. The Blackberry PGP encrypts the information, namely in such a way that even if this information is intercepted is nothing to do here.”

Because email is such an important communication system that is unfortunately an insecure way to transmit information, additional security measures are required to assure that privacy and sensitive information are protected. If messages are intercepted, without being automatically encrypted, personal information could become compromised. However, using technology such as the Blackberry PGP encryption from Blackberry Encrypted Phones assures that all messages are encrypted and only readable text for intended recipients. File attachments such as documents and images are also heavily encrypted for further privacy protection.

Email encryption is a process by where communications are completely scrambled to the point they are completely unreadable. The better the encryption, the less likely that a communication will be able to be deciphered. PGP email encryption offers a heavy level of this type of security.

Private users and businesses using wireless communication methods should make sure they have an additional layer of security due to how easy it is to breach the insecure wireless environment. PGP encryption acts like a high security envelope that shields communications from prying eyes of hackers, government institutions, competitors and others.

Cryptolocker virus: Australians forced to pay as latest encryption virus is ‘unbreakable’, security expert says

Australians are paying thousands of dollars to overseas hackers to rid their computers of an unbreakable virus known as Cryptolocker.

There has been a rise in the number of people falling victim to the latest version of an encryption virus which hijacks computer files and demands a ransom to restore them.

The “ransomware” infects computers through programs and credible-looking emails, taking computer files and photographs hostage.

Cryptolocker comes in a number of versions, the latest capitalising on the release of Windows 10.

It can arrive in an email disguised as an installer of the new operating system in a zip file.

IT technician Josh Lindsay said he had been repairing computers for 15 years but the current form of the virus was “unbreakable”.

“It’s definitely the worst I have come across,” he said.

The hackers offer computer owners a chance to retrieve data – but only if they pay a ransom using the electronic currency Bitcoin.

“If it’s on Bitcoin they can use it to purchase anything online from gold bullion, to shares, to property even and it’s virtually untraceable,” Mr Lindsay said.

Virus victim Renata Eugstar said she decided not to pay the ransom price.

“I just wouldn’t pay it out of principle, I suppose there are people out there that have to, you know, if it is a business,” she said.

Michael Bailey from the Tasmanian Chamber of Commerce and Industry said when his organisation was hit, a ransom equivalent to $US350 was paid to overseas hackers.

“It was cheaper for us to just pay rather than worry about trying to fix it,” he said.

“The advice from our IT people is – some of the best in Australia – was that it would take weeks for them to work out how to unencrypt the files, if they could at all.”

The deputy chairwoman of the Australian Competition and Consumer Commission, Delia Rickard, said over the past two months there had been a spike in the number of people falling victim to the scam.

The commission has received 2,500 complaints this year and estimates about $400,000 has been paid to the hackers.

“That’s the tip of the iceberg,” she said.

Thomas King, the general manager of the Australian Cyber Emergency Response Team (AusCERT) and part of the University of Queensland, said the number of computers infected by the virus was on the rise.

“Individuals, companies, not-for-profits, organisations of all kinds have paid and it’s a sad state of affairs that so many people do feel the need to pay because they don’t have good enough cyber security protections,” he said.

Mr King has urged people to take precautions when opening emails and to ensure good backups of any data is kept offline.

NSA-grade encryption for mobile over untrusted networks

The only term being thrown around government more than “2016 elections” these days is “cybersecurity,” particularly following a rash of damaging and high-profile data breaches. With that focus on protecting information top of mind in agencies, USMobile officials hope to find a ready market for their commercial app, which lets government workers use their personal smartphones for top-secret communications.

Called Scrambl3, the app creates a secure virtual-private network that connects bring-your-own devices to an agency server to send messages using end-to-end encryption. Irvine, Calif.- based USMobile developed the Scrambl3 technology when team members worked with the National Security Agency to create “Fishbowl,” a secure phone network available only to Defense Department users via the DOD Information Network.

“We’ve implemented Fishbowl in the form of a software-defined network, so all of those typical hardware components that you’d find in a mobile network — routers, VPNs, gateways, firewalls, proxy servers — all of those components are expressed or implemented in our system in the form of software,” said Jon Hanour, USMobile’s president and CEO. “We’ve made an affordable version of Fishbowl.”

When the turnkey solution comes to market in October, it will work with Android and Apple iOS devices. It uses the Security-Enhanced Linux operating system and a defense-in-depth approachThe layered approach uses a VPN connection with an encrypted VoIP call travelling within.When an agency deploys Scrambl3 Enterprise, administrators will set up what USMobile calls Black Books, or lists of contacts that each user can communicate with via the VPN.

“A lower-level person wouldn’t necessarily have the director of that particular agency listed,” Hanour said. “Conversely, the director of that particular agency would have [a] contact list populated with people that are at the higher levels of management.”

When a user logs into the app on a smartphone, it creates a VPN that connects to the agency’s server, whether it’s in the cloud or on premises. Currently, Scrambl3 Enterprise software is deployed only on IBM Power Systems Linux servers.

A two-rack server can handle up to 3,000 concurrent calls, Hanour said, a capacity “that would handle comfortably an agency of 50,000 people.”

Once connected, users can see who in their Black Book is also logged in, as indicated by a green dot next to the name, and then select the mode of communication: email, voice call or text. Both senders and recipients would need to have Scrambl3 installed.

“Once you establish this powerful VPN, you can run anything through it,” Hanour said. “Anything that you can put on a server, you can use Scrambl3 to communicate with.”

Calls are highly encrypted until they reach the recipient, where the app decrypts them. That communication happens at a top-secret-grade level as specified by NSA. Despite that encryption/decryption process, Hanour said, latency is unnoticeable.

For additional protection, nothing is recorded – users can’t even leave voicemail – unless an agency specifies otherwise. For instance, Hanour said, some law enforcement regulations require that all communication among officers be recorded.

The law enforcement community is a prime target customer for Scrambl3 because public cell phone networks don’t meet heightened police security standards, and photographic evidence requires a secure uploading process.

To use Scrambl3, agencies don’t need mobile device management systems, but it integrates with any that might exist.

“The advantage of this architecture is that the communication that the mobile device management software would typically have with the device, that communication can now run inside the VPN, so it makes that even more secure,” Hanour said. “It creates value for the mobile device management system as well because you can protect it inside the VPN.”

Licensing fees for Scrambl3 depend on the number of users, but typically start at $5 per user per month. The most it would cost, Hanour said, is about $10 per user per month.

Right now, Scrambl3 for Android is available in beta form in the Google Play Store for testing. Scramble3 for iOS will be available next month.

The beta version does not include all Scrambl3’s features, such as conference calling. When the release version is up and running in October, Scrambl3 will offer the only top-secret-grade conference call capability outside DOD’s network, Hanour said. Users will be able to initiate a conference call by touching a few people’s names and pressing the call button.

Besides law enforcement, Hanour sees potential customers in several types of government operations, including health care, the State Department when conducting diplomatic relations and even individual politicians, who might want to communicate in absolute privacy.

“The whole idea is to create trusted communications over untrusted networks (i.e., the Internet),” Hanour said.

Cloud encryption key management becomes table stakes

Encryption key management has become table stakes for cloud vendors, but bringing your own key isn’t always the right move.

The ability to bring your own encryption keys is fast becoming ubiquitous in public cloud, but that doesn’t mean IT pros should retain control.

Security concerns and data center oversight are two primary hang-ups for IT shops averse to adopting public cloud. Amazon became the first major infrastructure as a service (IaaS) vendor to offer bring your own key encryption in 2014 as an answer to some of those critiques. Over the past few weeks, Microsoft and Google have also advanced their cloud encryption key management capabilities.

Vendors at every layer of the cloud stack have added encryption capabilities, and, eventually, all cloud vendors will offer some form of encryption and key management, said Garrett Bekker, senior security analyst with 451 Research LLC, based in New York. Some vendors will opt to do it natively, while others will pass the control to customers so they can check off that box on their list of capabilities, Bekker said.

“It comes down to how important it is for customers to control the keys,” Bekker said. “My guess is a lot of customers will be OK with letting service providers control the keys, but it depends on what the data is, what you’re using it for, and what industry and regulatory compliance you face.”

And business considerations will affect vendor services, too, with a company such as Google that lags in the market offering key management for free. Other companies like Salesforce.com that need to generate new revenue streams offer native encryption as a premium service.

To key or not to key?

Encryption is considered central to data protection in the cloud, but who should retain its control?

SunGard Financial Systems, which partners with Google to build a big data processing prototype for the U.S. Securities and Exchange Commission, uses Customer-Supplied Encryption Keys for compute resources on Google Compute Engine. The free tool for bringing your own keys became available in beta last week, and it’s essential from a risk and regulatory control perspective for this project, said Neil Palmer, CTO at SunGard Consulting Services, based in Wayne, Pa.

All data in the cloud should be encrypted anyway, but the ability to bring your own keys is one of those additions that should help enterprise adoption and increase the ways those customers use public cloud, Palmer said. Still, SunGard doesn’t bring its own keys to every project, so it’s a matter of weighing if and when key management is the best fit.

“It’s just a question from a perspective of effort, time, integration, etc.,” Palmer said. “There’s a return on investment around key management required, so if you’re BuzzFeed or one of the big media Internet sites, maybe not so much. But if you’re healthcare or government work, you may need it.”

Microsoft Azure Key Vault, which became generally available last month, can be used as a standalone service and allows customers to import keys from their own hardware security modules (HSMs). Microsoft charges $0.03 per 10,000 operations for software-protected keys and an additional $1 per month per key for HSM protected keys.

Similarly, Amazon Web Services (AWS) Key Management Services charges $0.03 per 10,000 requests and $1 per month per each key that is created and active. Amazon also has CloudHSM, a dedicated HSM appliance that costs $5,000 for each instance, in addition to an hourly fee of $1.88 for as long as the instance is running.

Cloud encryption key management is difficult, and bringing your own keys to a service someone else owns is a non-trivial endeavor that goes against one of the cloud’s main advantages of not having to worry about these sorts of things, said Adrian Sanabria, senior security analyst at 451 Research.

“You’ve got to somehow own the keys and manage to inject them into workloads without exposing them to the cloud provider,” Sanabria said. “It is a compromise, where you can’t be 100% cloud if you want to manage your own keys.”

Public perception about cloud security and regulatory environments with antiquated requirements both play a role for the need for key management, but the point could be moot in five years’ time, as customers start to trust large public cloud providers as good stewards of keys, said Leonard Law, a product manager for Google Cloud Platform.

“As people are transitioning from on-premises to the cloud, there’s this notion of control. So by managing your own custom keys that gives customers a lot of peace of mind, but ultimately, it’s just less necessary,” Law said.

SafeChats aims to give messaging an encryption edge

THE revelations from former US National Security Agency (NSA) contractor Edward Snowden that the US Government has been tapping communications have created greater awareness on the need for secure communications, which in turn has given rise to secure messaging apps such as Telegram, Wickr and Threema.

Privacy should not be a concern for just individuals, but businesses also need to be aware of how tapped communications can affect them, according to Maxim Glazov (pic above), chief executive officer of Singapore-based SafeChats.

For example, customers’ VoIP (Voice-over-Internet Protocol) calls can be intercepted and sensitive information gathered for blackmail. Hackers can gain unauthorised access to a customer’s webmail account to forge emails, and issue payment instructions to send the money to the hackers’ accounts instead.

The scenario is made worse by the fact that many businesses use unsecured mass-market services because of their ease of use.

It was this realisation that catalysed Glaznov and his chief technology officer Nikita Osipov to build SafeChats, which they claim is a secure communications platform that protects collaboration as well.

The company was one of the finalists at the recent RSA Conference Asia Pacific and Japan (RSAC APJ) Innovation Sandbox startup competition in Singapore.

SafeChat began as an internal project for an undisclosed international logistics and finance company that Osipov and Glaznov were part of, looking into the problem of communicating sensitive information with customers more securely and efficiently than existing methods.

Glaznov’s initiative to build a secure communication platform got traction with his customers which were eager to use the platform for themselves

The market for secure communication, whether for consumers or enterprises, is gaining traction with the entry of companies like Silent Circle, Tigertext and ArmourText.

Osipov recognises the growing maturity of the market but remains undeterred. “We keep ourselves motivated by acquiring more use cases for what is essentially a red-ocean market, and the constant validation that there is a need for such a communications platform.”

The SafeChats platform aims to encompass the entire suite of communications, from email to messaging, and from file transfers to video and voice calls. It also gives the option of using the customer’s own server infrastructure instead of SafeChats’.

“SafeChats is the only secure communications platform that also integrates collaborative features and a full suite of privacy features,” Osipov claimed.

The SafeChats messaging volume has grown 10 times in the last six months, organically from initial customers, without an official release, the startup claimed.

When asked about its customers, Osipov cryptically replied, “As a company entrenched in security and privacy, we cannot reveal our current client list … and there are some users on board that we simply don’t know who they are.”

The company’s revenue model is set to be freemium Software-as-a-Service, with different tiers of control and fees being charged for white labeling and on-premises installation.

It also charges enterprise customers on a per-user if they “enforce a security policy on employees or create groups of more than 15 individuals,” Osipov said.

SafeChats is currently in public beta and will be officially launched at the end of August. It is currently available for the iOS and Android platforms. There are plans to make a desktop version for Mac OS X and Windows.

The challenges

Spinning off into its own startup has seen some challenges, with Osipov (pic above) saying that one main one was building the right team.

“Once you have a great team, everything becomes so much easier,” he said.

On the technical front, coming up with the right set of technologies to use was one of the biggest challenges.

“We evaluated multiple different software solutions, protocols and algorithms that we could use before we settled on the current architecture,” said Osipov.

“All that required extensive research work – thinking of the whole system from the technical side and possible technical challenges in the future … and how to solve them … [while making sure] it remains very easy to use,” he added.

Under the hood

SafeChats uses a variety of encryption algorithms, depending on the particular function.

“We use well-known end-to-end encryption algorithms trusted by security experts as the core of our platform, which means that your data stays safe in transit and only you and the intended recipient have access to it,” Osipov said. For instant messaging, it uses Off-the-Record messaging (OTR) and the socialist millionaire protocol. OTR messaging uses a combination of Advanced Encryption Standard (AES) algorithms with a 128-bit key strength, with a public key exchange protocol for authentication. The socialist millionaire protocol allows two parties to verify each other’s identity through a shared secret.

For voice calls and file transfers, SafeChats uses an AES 256-bit key, military-grade encryption to protect data and calls.

Future plans

SafeChats started as a bootstrapped startup, and is now on the lookout for investors who will be more than just people writing cheques.

“We are on the lookout for investors with the capacity to be strategic partners and who can provide channels for the product and its derivatives,” Osipov said.

SafeChats will be seeking pre-Series A round within the next six months, and is looking to raise over US$700,000, aiming for a valuation of US$6 million.

It intends to expand the team, especially on the marketing and technical fronts, the latter including 24/7 support.

And it will beef up its software development team “to work on enterprise features like integration with third-party services and advanced authentication options like two-factor authentication (2FA) using software and hardware tokens,” Osipov said.

Beyond expanding the platforms SafeChats works on, the company is also working on integrating the platform with other software and hardware solutions to utilise its end-to-end encryption. This will secure other software solutions as well as pave the way for Internet of Things (IoT) security.

“We won’t announce any names for now as there are many legal issues involved in this sort of integration, and with providing official software developer kits to everyone,” Osipov said.

“All we can say at the moment is that you can be sure that most popular software and hardware solutions will work with SafeChats,” he declared.

The company wants to open up its Application Program Interface (API) to others so that they can work on their own integrations as well, bringing the SafeChats level of security to other software.

“We also hope to form a community of developers to implement future integrations so everyone benefits,” Osipov claimed.

Researchers develop quantum-computing safe crypto

Practical implementation of secure key exchange for TLS.

A team of researchers claim to have developed secure, quantum computing-proof encryption that can be practically implemented today.

The paper, Post-quantum key exchange for the TLS protocol from the ring learning with errors problem [pdf] is written by Joppe Bos from NXP Semiconductors in Belgium, Craig Costello and Michael Naehrig at Microsoft Research, and mathematician Douglas Stebila from Queensland University of Technology.

Quantum computers have long been thought to be able to guess encryption keys much faster than traditional computers, which in turn would make it possible to unscramble the vast majority of internet-borne communications.

The researchers constructed ciphersuites for the Transport Layer Security protocol commonly used on the internet, providing digital key exchanges based on the ring learning with errors problem accompanied with traditional RSA and ellliptic curve cryptography signatures for authentication.

Using traditional RSA and EC signatures would speed the implementation of quantum-safe key exchanges among digital certificate authorities, the researchers believe.

There is a performance penalty of 21 percent compared to the non-quantum-safe key exchange, the researchers noted. However, that is is considered minimal, and demonstrates that provably secure post-quantum key exchanges are practical.

A theorem published by mathematician Peter Shor in 1994 and further work by other researchers has shown that quantum computers could break public-key cryptography, something which is not feasible with today’s binary devices.

As quantum computers are under development currently, the researchers believe it is important to strengthen today’s encryption protocols against future attacks using these far more powerful devices.

DA Hillar Moore: Cellphone encryption hurting murder investigation of woman, her baby; family holds onto hope the case will be solved

Cellphone encryption practices could be keeping investigators from solving the murder of Brittney Mills and her son, East Baton Rouge Parish District Attorney Hillar Moore III said Saturday, but family members remain hopeful the truth will surface.

“By no means have we forgotten them,” said Mills’ mother, Barbara Mills, on Sunday. “This will be in the forefront until it is solved.”

Brittney Mills, 29, who was eight months pregnant, was shot and killed April 24 at her Ship Drive apartment. Authorities believe Mills opened the door for someone who wanted to use her car and was shot multiple times when she refused. Doctors delivered her baby, but the baby boy,Brenton Mills, died May 1.

Three months later, the case is still unsolved.

Investigators said the shooter likely was someone Mills knew. They have looked to her cellphone for evidence, but her phone, like many others, uses software that is said to block anyone from accessing its data, including investigators.

While they have tried to crack the phone using possible pass codes suggested by family members, investigators have been unsuccessful.

“We don’t know her code number,” Mills’ mother said. “It may very well be a very important part of the investigation.”

Even Apple, the manufacturer, claims it cannot decrypt the phone.

“From what we’re told by the company that makes the encryption, the only way we can get into a phone is if the phone subscriber gives the password to us,” Moore said. “When you’re dead, it’s hard to give that to us.”

Apple’s most recent software upgrade is a response, Moore suspects, to Edward Snowden’s decision to leak U.S. National Security Agency information surrounding a national spy program. The iOS 8 software is fully encrypted, meaning the only way to access Mills’ phone data is to enter the pass code.

“If you attempt to use (too many) false passwords, though, it shuts it down for good,” Moore said. “We are cautious about that.”

While only a few cellphones previously used this technology, Moore said, this software is installed in more than 80 percent of cellphones now.

Moore recently wrote to the U.S. Senate Committee on the Judiciary to urge representatives to address this failure of balance between public safety and privacy, citing Mills’ unsolved case.

Mills’ “family indicated that she recorded all activity on her phone and join law enforcement in their frustration due to the inability to access this phone, that would in all likelihood provide information necessary to obtain justice and remove this murderer from the street,” Moore wrote.

Moore said Manhattan District Attorney Cyrus Vance is “leading the charge” for Congress to create legislation to address this problem, specifically in Apple’s and Google’s latest encryption technology. Moore said criminals, like most citizens, use their cellphones to communicate regularly and do business, which often makes their cellphones integral to many investigations. Even so, seizing someone’s phone requires a warrant, Moore said, to protect citizens’ privacy.

“I think the way Apple, the way that community has built their operating systems, they’re beyond the law,” Moore said Saturday. “It is the only way I know that you cannot court-order information. Without us being able to get into the phone itself through a subpoena, we are really at a disadvantage and at a loss to solve crimes.”

“It’s really frustrating for us and people like the Mills family,” Moore said. “There’s a darn good chance that there is info on the phone that could be extremely helpful for us.”

As the investigation continues, the family held a memorial Friday night in memory of Mills and her son for what would have been her 30th birthday. The estimated attendance was more than 150 people.

“It’s something we wanted to do because she talked a lot about turning 30,” Barbara Mills said.

She added that Mills and her son were “so special to us” and will not soon be forgotten.

Mills’ family has stayed involved with the case, encouraging investigators to do all they can to solve it, Barbara Mills said, because the family needs closure.

“We need to find out what happened,” Mills’ mother said. “We’re wanting results.”

Barbara Mills agreed with police that the killer must be someone her daughter knew because she would not have opened the door for a stranger.

Still, neither the family nor police have any leads as to the killer’s identity.

A few days after Mills was killed, the case received heavy attention when Baton Rouge police said they wanted to question former LSU star offensive lineman La’el Collins as part of the investigation into her death.

Collins was in Chicago for the NFL draft at the time, but once national media got wind that the police wanted to speak to Collins, the first-round prospect went undrafted.

Although he was never considered a suspect in the shooting, Collins was said to have had a relationship with Mills. After meeting with police, however, a paternity test ruled Collins out as the father of Mills’ son.

Barbara Mills said the family is leaving the details of the investigation up to the police but added that investigators could seek another paternity test sometime in the future.

After he was questioned and cleared by police, Collins signed as a guard with the Dallas Cowboys.

Apple could be held liable for supporting terrorism with strong iOS encryption, experts theorize

In the second installment of a thought piece about end-to-end encryption and its effect on national security, Lawfare editor-in-chief Benjamin Wittes and co-author Zoe Bedell hypothesize a situation in which Apple is called upon to provide decrypted communications data as part of a legal law enforcement process.

Since Apple does not, and on devices running iOS 8 cannot, readily hand over decrypted user data, a terrorist might leverage the company’s messaging products to hide their agenda from government security agencies. And to deadly effect.

As The Intercept reported, the hypotheticals just made the ongoing government surveillance versus consumer protection battle “uglier.”

Wittes and Bedell lay out a worst case scenario in which an American operative is recruited by ISIS via Twitter, then switches communication methods to Apple’s encrypted platform. The person might already be subject to constant monitoring from the FBI, for example, but would “go dark” once they committed to iOS. Certain information slips through, like location information and metadata, but surveillance is blind for all intents and purposes, the authors propose. The asset is subsequently activated and Americans die.

Under the civil remedies provision of the Antiterrorism Act (18 U.S. Code §2333), victims of international terrorism can sue, Lawfare explains, adding that an act violating criminal law is required to meet section definitions. Courts have found material support crimes satisfy this criteria. Because Apple was previously warned of potential threats to national security, specifically the danger of loss of life, it could be found to have provided material support to the theoretical terrorist.

The authors point out that Apple would most likely be open liability under §2333 for violating 18 USC §2339A, which makes it a crime to “provide[] material support or resources … knowing or intending that they are to be used in preparation for, or in carrying out” a terrorist attack or other listed criminal activity. Communications equipment is specifically mentioned in the statute.

Ultimately, it falls to the court to decide liability, willing or otherwise. Wittes and Bedell compare Apple’s theoretical contribution to that of Arab Bank’s monetary support of Hamas, a known terrorist organization. The judge in that case moved the question of criminality to Hamas, the group receiving assistance, not Arab Bank.

“The question for the jury was thus whether the bank was secondarily, rather than primarily, liable for the injuries,” Wittes and Bedell write. “The issue was not whether Arab Bank was trying to intimidate civilians or threaten governments. It was whether Hamas was trying to do this, and whether Arab Bank was knowingly helping Hamas.”

The post goes on to detail court precedent relating to Apple’s hypothetical case, as well as legal definitions of what constitutes criminal activity in such matters. Wittes and Bedell conclude, after a comprehensive rundown of possible defense scenarios, that Apple might, in some cases, be found in violation of the criminal prohibition against providing material support to a terrorist. They fall short of offering a viable solution to the potential problem. It’s also important to note that other companies, like Google and Android device makers, proffer similar safeguards and would likely be subject to the same theoretical — and arguably extreme — interpretations of national policy described above.

Apple has been an outspoken proponent of customer data privacy, openly touting strong iOS encryption and a general reluctance to handover information unless served with a warrant. The tack landed the company in the crosshairs of law enforcement agencies wanting open access to data deemed vital to criminal investigations.

In May, Apple was one of more than 140 signatories of a letter asking President Barack Obama to reject any proposals that would colorably change current policies relating to the protection of user data. For example, certain agencies want Apple and others to build software backdoors into their encrypted platforms, a move that would make an otherwise secure system inherently unsafe.

VeriFyle reveals Cellucrypt, a new multi-layer encryption key management technology

VeriFyle, the company headed by Hotmail inventor and co-founder Jack Smith, has a new encryption key management technology which it believes will “re-invent how the world thinks about secure sharing and messaging”. The major difference is that any object that is shared to the cloud using the system is encrypted for individual users rather than in bulk.

Cellucrypt offers such a high level of security that VeriFyle believes that it “makes illicit bulk-access to customer data virtually impossible.” It’s a bold claim, but Cellucrypt builds on the traditional a public-key system with the addition of password-derived keys.

The encryption technique will be used by VeriFyle’s messaging and file-sharing services when it launches later in the year. Cellucrypt has been patented by VeriFyle and will be made available to customers free of charge. Introducing the new encryption technique VeriFyle says

The patented Cellucrypt technology assigns each data object (e.g. document, note or conversation) a unique encryption key, which is itself encrypted uniquely each time a user shares that object. By encrypting each data object individually for users, Cellucrypt makes illicit bulk-access to customer data virtually impossible.

CEO Jack Smith has high hopes for his company’s new technology:

Key management should be invisible to the end-user and it should maximize users’ security and peace of mind without burdening them with extra steps and add-on products. VeriFyle is the first all-in-one product that combines advanced key management technology with cloud sharing and messaging. The result is a significantly more secure way to share data.

Silent scanners: Emergency communications encrypted across Nova Scotia

SYDNEY — Citizens who like listening in on police, fire department and ambulance calls are out of luck, now that most emergency services communications in Cape Breton are conducted on fully encrypted radios.

The scanners have gone silent, for the most part, with the introduction of the second generation of Trunk Mobile Radio (TMR2) communications.

Being unable to monitor police traffic can be dangerous for citizens, said one longtime listener who didn’t want to be named.

“You don’t know what’s going on in the city unless you have a scanner,” said the citizen, who lives in Sydney’s north end.

“No offence to radios or newspaper, but you don’t hear everything that goes on.”

Recently, police were looking for a man seen on Dolbin Street, who reportedly had a gun. Thankfully, people listening to scanners were able to alert neighbours to stay inside, the citizen said.

“Certain things cannot be aired over the scanner, of course. It’s common logic. But they shouldn’t be blocking everything out.

“I’ve asked the police several times, and they say it’s not illegal to have a scanner. It’s illegal to follow the police cars when you have a scanner, because that’s interfering.”

The citizen said no one has yet heard of a way to crack the new encryption.

“I was hoping you would have heard,” the listener said.

Cape Breton Regional Police spokeswoman Desiree Vassallo said police haven’t heard any complaints from citizens about the encryption system.

She said police need secure communications, especially during sensitive operations when police don’t want suspects or the public to know exactly where they are.

Listeners can still occasionally hear some fire department traffic, because the Cape Breton Regional Municipality’s volunteer fire departments only have four radios each, for now.

The municipality is considering buying more radios for volunteers, but for now, fire department commanders use the TMR2 radios to talk to the dispatch centre and other emergency personnel, such as the police and ambulance services.

The commanders then communicate with individual firefighters using the older very-high-frequency (VHF) radios, which scanners can pick up.

That means listeners may hear some radio traffic, but not necessarily the most critical information, such as the location or severity of a fire or emergency scene.

Fire Chief Bernie MacKinnon said encryption is not important for fire departments, in part because fires are usually obvious and people can phone their neighbours or put messages out on social media anyway.

“TMR2 encryption is a police animal,” he said.

“When we have a raging fire, it’s not a secret. Even if we didn’t use the radios, everybody in the world is going to know, especially with the emerging technology that’s out there today.”

However, he said, maintaining clear communications with other emergency services is important.

Whether the service outfits all volunteer firefighters with the new radios is still under discussion, said MacKinnon, but it’s likely both VHF and TMR2 radios will be used for some time to come.

“To the best of my knowledge, outside of Halifax, all the other departments are running a hybrid system of using VHF in combination with TMR,” he said.