Filling up at the pump is often painful in California, where drivers tend to pay more for gasoline than in most other states.
Gasoline sold in California costs more than in the rest of the U.S. – sometimes dramatically so. That’s because the Golden State’s market is isolated from outside fuel suppliers that might moderate prices. The fuel market here is an economic island, an…
A highly respected cryptographer and security expert is warning that David Cameron’s proposed ban on strong encryption threatens to “destroy the internet.”
Last week, the British Prime Minister told Parliament that he wants to “ensure that terrorists do not have a safe space in which to communicate.”
Strong encryption refers to the act of scrambling data in such a way that it cannot be understood by anyone without the correct key or password — even law enforcement with a warrant, or the software manufacturer itself. It’s used in some of the most popular tech products in the world, including the iPhone, WhatsApp messenger, and Facebook.
But amid heightened terror fears, Cameron says “we must look at all the new media being produced and ensure that, in every case, we are able, in extremis and on the signature of a warrant, to get to the bottom of what is going on.”
The Prime Minister first indicated that he would try and clamp down on secure communications that could not be decrypted by law enforcement even with a warrant back in January, in the aftermath of the Charlie Hebdo shootings in Paris. His comments sparked an immediate flurry of condemnation from privacy and security activists, but his recent statements show he’s not backing down. (Number 10 has not responded to requests for clarification about Cameron’s comments.)
Business Insider reached out to Bruce Schneier to discuss the feasibility of Cameron’ proposed ban on “safe spaces” online. Schneier didn’t hold back.
BUSINESS INSIDER: What was your immediate reaction to Cameron’s proposals?
Bruce Schneier: My immediate reaction was disbelief, followed by confusion and despair. When I first read about Cameron’s remarks, I was convinced he had no idea what he was really proposing. The idea is so preposterous that it was hard to imagine it being seriously suggested. But while Cameron might not understand what he’s saying, surely he has advisers that do. Maybe he didn’t listen to them. Maybe they aren’t capable of telling him that what he’s saying doesn’t make sense. I don’t understand UK politics sufficiently well to know what was going on in the background. I don’t know anything about Cameron’s tech background. But the only possibly explanation is that he didn’t realize the full extent of what he was saying.
Then I wondered why he would even wish for such a thing? Does he realize that this is the sort of thing that only authoritarian governments do? Again, my knowledge of the UK is limited, but I assume they are a free country that champions liberty.
BI: Do you think they are even possible?
BS: Of course not. No one does. Sure, he can keep law-abiding non-technical people from using strong encryption. He can ensure that UK businesses are vulnerable to attack. But he cannot hope to prevent bad actors from using encryption to hide themselves from the police.
It’s simply not possible to ban strong encryption within a country and software that uses strong encryption from crossing its borders. It’s simply not possible to prevent people from installing the software they want on the computing devices they own. Countries like Iran, Syria, Pakistan, Russia, Kazakhstan, and Belarus have tried it and failed. China has tried before and is trying again. I wonder if Cameron is aware of the kind of company he is associating himself with.
BI: Let’s say the UK government was determined to try and implement an encryption ban — how would it go about trying to do this?
BS: It gets draconian pretty fast. UK citizens would be banned from using secure software, and UK companies be banned from producing secure software. The government would have to enforce Internet censorship: people couldn’t download secure software, search engines couldn’t answer queries about secure software, and every packet would be inspected to ensure it isn’t being encrypted with secure systems. Closed computing systems like iPhone would ban their users from installing secure software, and open computing systems like Microsoft Windows would be redesigned to prohibit users from installing secure software. Free software would be banned. Anyone entering the UK with a phone or computer would have them conform to UK standards, and border control would seize any devices that fail to do so. UK researchers would be prohibited from researching secure systems.
Pretty horrible and totally infeasible. And even if Cameron turned the UK into the police state required to even attempt this sort of thing, he still wouldn’t get what he claims he wants. That’s the worst of it: it wouldn’t work, and trying would destroy the Internet.
BI: What sort of effect would this have on the UK economy and businesses?
BS: My guess is that it would be a disaster. When the US tried to ban strong cryptography in the 1990s, hundreds of foreign companies sprang up to fill the gap in what the market demanded. And that was before so much of our day-to-day lives relied on the Internet. Today, security is vitally important in everything we do online, and this law would put UK businesses and citizens under an enormous disadvantage. UK citizens would be screwed, of course, and most wouldn’t be able to do anything about it. But foreign customers would avoid UK products if possible, and foreign users would avoid entrusting their data and communications to UK systems.
This isn’t entirely speculative. Already security companies are moving out of the UK to avoid draconian surveillance laws, and more are talking about it. (Yahoo is the big company that comes to mind.) Cameron’s proposal would only make things worse.
BI: Are American and other foreign businesses likely to comply with such a ban, if it were enforced?
BS: If the UK government starts throwing people who violate the ban in jail, businesses will either 1) comply, or 2) put themselves in a position where the UK government cannot throw their people in jail. I expect some of each would occur. Certainly many companies would pull out of the UK market rather than compromise the security of their global customers and users.
BI: Is there really no way to keep users’ data secure while providing backdoors to law enforcement?
BS: Yes, there really is no way.
Think of it like this. Technically, there is no such thing as a “backdoor to law enforcement.” Backdoor access is a technical requirement, and limiting access to law enforcement is a policy requirement. As an engineer, I cannot design a system that works differently in the presence of a particular badge or a signed piece of paper. I have two options. I can design a secure system that has no backdoor access, meaning neither criminals nor foreign intelligence agencies nor domestic police can get at the data. Or I can design a system that has backdoor access, meaning they all can. Once I have designed this less-secure system with backdoor access, I have to install some sort of policy overlay to try to ensure that only the police can get at the backdoor and only when they are authorized. I can design and build procedures and other measures intended to prevent those bad guys from getting access, but anyone who has followed all of the high-profile hacking over the past few years knows how futile that would be.
There is an important principle here: we have one world and one Internet. Protecting communications means protecting them from everybody. Making communications vulnerable to one group means making them vulnerable to all. There just isn’t any way around that.
BI: Won’t the proliferation of encryption help terrorists?
BS: No. It’s the exact opposite: encryption is one of the things that protects us from terrorists, criminals, foreign intelligence, and every other threat on the Internet, and against our data and communications. Encryption protects our trade secrets, our financial transactions, our medical records, and our conversations. In a world where cyberattacks are becoming more common and more catastrophic, encryption is one of our most important defenses.
In 2010, the US Deputy Secretary of Defense William Lynn wrote: “Although the threat to intellectual property is less dramatic than the threat to critical national infrastructure, it may be the most significant cyberthreat that the United States will face over the long term.” Encryption protects against intellectual property theft, and it also protects critical national infrastructure.
What you’re asking is much more narrow: won’t terrorists be able to use encryption to protect their secrets? Of course they will. Like so many other aspects of our society, the benefits of encryption are general and can be enjoyed by both the good guys and the bad guys. Automobiles benefit both long-distance travelers and bank robbers. Telephones benefit both distant relatives and kidnappers. Late-night all-you-can-eat buffets benefit both hungry students and terrorists plotting their next moves.
This is simply reality. And there are two reasons it’s okay. One, good people far outnumber bad people in society, so we manage to thrive nonetheless. And two, the bad guys trip themselves up in so many other ways that allowing them access to automobiles, telephones, late-night restaurants, and encryption isn’t enough to make them successful.
Most of the time we recognize that harming the overwhelming number of honest people in society to try to harm the few bad people is a dumb trade-off. Consider an analogy: Cameron is unlikely to demand that cars redesign their engines so as to limit their speeds to 60 kph so bank robbers can’t get away so fast. But he doesn’t understand the comparable trade-offs in his proposed legislation.
BI: Are there any less obvious ways in which encryption helps people on a day-to-day basis?
BS: Encryption secures everything we do on the Internet. It secures our commerce. It secures our communications. It secures our critical infrastructure. It secures our persons from criminal attack, and it secures our countries from nation-state attack. In many countries, it helps journalists, dissidents, and human rights workers stay alive. In a world of pretty bad computer security, it is the one thing that works well.
BI: What encryption products would you recommend our readers to protect their communications online?
BS: I am a fan of Off-the-Record for encrypting IM conversations on your computer, and Signal for encrypting both text and voice conversations on your smart phone. The encryption built in to the iPhone for both iMessage and FaceTime is also very good.
I strongly recommend turning disk encryption on wherever you can: on your computer, on your smart phone, everywhere. When you browse the Internet, use TLS on the web whenever you can. Download the plug-in HTTPS Everywhere. GPG is the best e-mail encryption program, but my advice is to stick to text and voice.
Bruce Schneier is a security technologist, and CTO of Resilient Systems, Inc. His latest New York Times best-seller is “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.” He blogs, and tweets at @schneierblog.
While European attention is focused on Greece, China is having a serious market meltdown. After exploding earlier in the year due to deregulation, China’s benchmark Shanghai Composite has collapsed a crazy 29% since the highs of early June. China’s other stock markets have had similarly steep falls. Bloomberg notes that the current crisis is closely […]
Gilead Sciences, Inc. (NASDAQ:GILD) has secured approval for its blockbuster HCV drug, Harvoni, from the Japanese Ministry of Health, Labor, and Welfare (MHLW), according to the press release issued by the company on Friday. Following the approval, the drug is now the first once-daily single tablet regimen for the treatment of HCV genotype 1 infection […]
Every time a new set of statistics on abortion is released, a debate ensues about what the numbers mean and how they should be used. The latest example came in June, when The Associated Press released a survey showing that the U.S. abortion rate declined by about 12 percent from 2010 to 2014. The study […]
SHANGHAI (Reuters) – Chinese stocks rose on Monday, as an unprecedented series of support measures unleashed by Beijing brought some relief to a market whose headlong slide over the past three weeks had raised fears about the stability of the world’s second-biggest economy.
Everyone is on tenterhooks after Greece’s finance minister Yanis Varoufakis shocked everyone by announcing his resignation on Monday July 6 — only a day after the nation voted “No” in the bailout referendum. There are four people that are potentially up for replacing Varoufakis, but one of them — Euclid Tsakalotos, Greece’s deputy foreign minister and an Oxford-educated economist — […]
Apple’s web browser Safari risks becoming an outdated program that developers and customers don’t use, Ars Technica argues.
Ars Technica makes a convincing case: Apple isn’t updating its web browser enough, so it’s not supporting tools like certain APIs that web developers use to make sites.
It might not seem like a big problem if Apple doesn’t support every new API and developer tool in use, but it could mean that developers decide not to test their sites for Safari, which could mean it eventually becomes an outdated and unsupported browser like Microsoft’s Internet Explorer.
It’s not just Ars Technica’s Nolan Lawson who feels concerned about Safari. Apple writer Ben Thompson said in his daily email on Monday that “Safari is slower to adopt standards if it adopts them at all, Apple doesn’t really attend conferences (although folks working on Safari are active on web standards mailing lists), and iOS does not allow other rendering engines on iOS.”
Apple hasn’t shown many signs of publicly supporting developers working on its Safari platform. It doesn’t attend developer conferences, and the development community is left in the dark about major updates until Apple reveals the news during its keynotes. That’s not an ideal situation for developers who rely on relationships with tech companies to make sure their sites keep working.
So what’s the solution to Apple’s web browser problem? Well, Apple would probably argue that developers should simply release native apps instead of trying to cram their site into a web browser. But that’s not an ideal situation for anyone. Another solution Ars Technica considers is that Apple starts contributing to open source web standards, helping the whole internet, as well as Safari. That doesn’t sound like Apple’s way of thinking, but it could help developers get back onto Safari.
– Risk-off tone was observed overnight with US equity futures slumping 1.5% while T-notes gapped higher by over 1 point, however subsequent reports that Greek finance minister Varoufakis is to step down prompted a recovery in riskier assets amid a glimmer of hope that a deal will be easier to reach.
– EU’s Juncker is to hold a conference with Tusk, ECB’s President Draghi and Eurogroup Dijsselbloem on Greece. Furthermore, an EU summit will take place on Tuesday at 1700BST.
– Going forward, market participants will get to digest the release of the latest US ISM-Non-Manufacturing report, Canadian Ivey PMI and also await any further developments surrounding Greece.
Asian equities mostly fell after Greece rejected the bailout conditions from its creditors at the referendum, with a resounding ‘No’ vote. Consequently, Nikkei 225 (-2.1%) fell to within close proximity to the 20,000 level while JPY strength further weighed on the index. ASX 200 (-1.3%) was dragged lower by weakness in the commodities complex. However, the Shanghai Comp (+2.42%) bucked the trend, having opened higher by as much as 7.8%, which comes after participants’ digested the latest measures by Chinese authorities to support stock markets over the weekend.
As to be expected, the price action was dominated by the Greek ‘No’ vote victory, in turn prompting a risk-off tone which was observed overnight with US equity futures slumping 1.5% while T-notes gapping higher by over 1 point. However, subsequent reports that the current Greek finance minister is to step down, citing preference of some Eurogroup participants, resulted in EUR and equity markets recovering off the worst levels. According to the latest reports, Greece’s chief negotiator Tsakalotos is the favourite to replace Varoufakis as the Greek Finance Minister.
In terms of stocks specific news stories, Rolls Royce (-9.3%) shares slumped at the open after the company cut guidance on underlying pretax profit for 2015, however reports that the company may now become a takeover target saw shares come off the worst levels.
EUR/USD has staged an impressive recovery overnight but remains in negative territory, largely supported by the resignation of the Greek finance minister and the upside in EUR/CHF, which is speculated to have been supported by the SNB. Of note, good size EUR/USD option strikes (1.0900, 1.1015 and 1.1100) are due to expire at NY cut.
Gold failed to hold onto early gains and trended lower overnight, before consolidating in negative territory in early European trade, amid the ongoing concerns over growth prospects in China. At the same time, the risk averse sentiment weighed on the energy complex, with WTI and Brent Crude futures trading lower.
Notable energy stories:
Saudi Arabia has cut the OSP for Arab light crude to Asia in August by USD 0.10 per barrel, while increasing the price to European customers by USD 0.25 per barrel. (RTRS)
Iranian Oil Minister Bijan Zanganeh will release a template for international oil contracts in the near future, as companies wait for deal that will open up one of the world’s premier oil markets to foreign investment. (RTRS)
FCC (36.9k bpd ) has been shut down at the CVR – Coffeyville refinery (155.7k bpd) having been recently restarted. (Genscape)
The CDU (64k bpd ) and VDU (30k bpd) have been restarted at the Phillips 66 – Wood River refinery (306k bpd). (Genscape)
The FCC (80k bpd) was shut down at the Valero – Port Arthur Refinery (292k bpd) (Genscape)
BEIJING (Reuters) – General Motors Co vehicle sales in China were roughly flat for June as broad price cuts introduced earlier in the year failed to boost demand.
An unknown group managed to steal and publish online over 400GB worth of data from the Italian “Hacking Team,” the firm behind one of the most commonly used surveillance tools in the world.
The stolen data appeared on BitTorrent over the weekend and includes a wealth of information, including the source code of some of Hacking Team’s products, email messages, audio recordings, and client details.
The unknown attackers added insult to injury by hijacking control of Hacking Team’s Twitter account and using it to tweet screenshots of stolen emails.
Hacking Team is responsible for several tools used in government surveillance, including the DaVinci software. The software is commonly viewed as “legal malware” by security experts and is a key reason Hacking Team is listed as an “enemy of the Internet” by activist group Reporters Without Borders.
“Hacking Team’s ‘DaVinci’ Remote Control System is able to break encryption and allow law enforcement agencies to monitor encrypted files and emails, Skype and other Voice over IP or chat communication,” according to the Reporters Without Borders advisory on DaVinci.
“It allows identification of the target’s location and relationships. It can also remotely activate microphones and cameras on a computer and works worldwide.”
DaVinci’s infamy rose in 2013 when security company Kaspersky published evidence hackers, believed to be state-sponsored, were using the software to spy on political activists from the Middle East.
At the time of publishing, the hackers were still leaking information online. The hackers have already leaked information regarding requests and payment information from customers in a variety of locations.
Key locations include the United States, Russia, Germany, Australia, Italy, Poland, Spain, Switzerland, South Korea, Singapore, Thailand, Ethiopia, Morocco, Nigeria, Sudan, Mexico, Panama, Chile, Colombia, Ecuador, Oman, Bahrain, Saudi Arabia and Egypt.
Privacy activist Christopher Soghoian has reported finding a more comprehensive leaked file containing a spreadsheet detailing all Hacker Team’s existing government customers.
Holy smokes, the HT dump includes an .xls spreadsheet listing every government client, when they first bought HT, and revenue to date.
— Christopher Soghoian (@csoghoian) July 6, 2015
Business Insider was working to confirm this claim at the time of publishing and will update this article as new information appears.