FBI is now pushing encryption

1,047 Views | 4 Replies | Last: 36 min ago by AggieBarstool
eric76
How long do you want to ignore this user?
AG
There is a very interesting article about current hazards of unencrypted texting and calling at https://www.forbes.com/sites/zakdoffman/2024/12/03/fbi-warns-iphone-and-android-users-stop-sending-texts/

From the article:
Quote:

Now even the FBI and CISA, the US cyber defense agency, are warning Americans to use fully encrypted messaging and phone calls where they can. The backdrop is the Chinese hacking of US networks that is reportedly "ongoing and likely larger in scale than previously understood." Fully encrypted comms is the best defense against this compromise, and Americans are being urged to use that wherever possible.

I wonder why they aren't also pushing encrypted e-mail. Properly encrypted and digitally signed e-mail would be a real help, I think.

Quote:

The network cyberattacks, attributed to Salt Typhoon, a group associated with China's Ministry of Public Security, has generated heightened concern as to the vulnerabilities within critical US communication networks. The reality is different. Without fully end-to-end encrypted messaging and calls, there has always been a potential for content to be intercepted. That's the entire reason the likes of Apple, Google and Meta advise its use, highlighting the fact that even they can't see content.

...

As reported by Politico, advice given by CISA's Jeff Greene and an unnamed FBI senior official included "strongly urging Americans to 'use your encrypted communications where you have it… we definitely need to do that, kind of look at what it means long-term, how we secure our networks'."

The two officials briefing the media went as far as to suggest "that Americans should use encrypted apps for all their communications," according to other reports (1,2).

...

Greene added that "our suggestion, what we have told folks internally, is not new here: encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible."

...

The lack of end-to-end encryption to protect cross-platform RCS, the successor to SMS, is a glaring omission. It was highlighted in Samsung's recent celebratory PR release on the success of RCS, which included the caveat that only Android to Android messaging is secured.

...

There are other fully encrypted platforms as wellnotably Signal, the best of the bunch, albeit with a much smaller install base.
I have signal on my cell phone and signal extensions to use signal from my desktops.

I only know of two people on my lists who use signal - one nephew and one niece. We use it more and more.

There is one thing that I dislike about signal. When you add signal to a new device, you only get new messages from people you correspond with -- the old messages are gone. In contrast, when you use something insecure like Telegram, you get the entire set of messages.

Quote:

Signal and WhatsApp also enable fully encrypted voice and video calls cross platform, and so they should also be your default choices given this FBI/CISA warning.
When someone calls me on signal, it takes me so long to determine whether the incoming call is to the regular cell phone number, my Google Voice cell phone number, or signal, that whenever someone calls, they went to voicemail before I could get to them and I have to call them back.
ef857002-e9da-4375-b80a-869a3518bb00@8shield.net
Pinochet
How long do you want to ignore this user?
eric76 said:


There is one thing that I dislike about signal. When you add signal to a new device, you only get new messages from people you correspond with -- the old messages are gone. In contrast, when you use something insecure like Telegram, you get the entire set of messages.



My bigger problem with Telegram is that it is not default end to end encrypted. It doesn't even offer E2E encryption for group chats. It's hard to use it as an encrypted messaging service, especially for someone who isn't well versed in it.
eric76
How long do you want to ignore this user?
AG
I completely agree. My sister and I use Telegram, but most of it is somewhat like Rocky's Sunday Funnies.

We did try out the encrypted messaging, but it was a pain in the neck. I have since then forgotten how to even activate it.

One nice thing about Telegram is the ability to post a message to be delivered at a later date and time. Last year on both Thanksgiving Day and Christmas, I had it sending my sister a funny message for the day about every half hour all day long. I set it up several days in advance, but I'm not sure she appreciated the effort.
ef857002-e9da-4375-b80a-869a3518bb00@8shield.net
eric76
How long do you want to ignore this user?
AG
There is an update to the story at https://www.forbes.com/sites/zakdoffman/2024/12/07/apples-surprising-iphone-update-green-bubbles-end-next-week/ in which the FBI thinks that responsible encryption means making sure that they can have access to the text if they wish.

From the story:
Quote:

Encrypting content is certainly the answer, and the FBI's advice to citizens seemed clear-cut, "use a cell phone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant MFA for email, social media and collaboration tool accounts."

What was missed in almost all the reports covering Salt Typhoon was the FBI's precise warning. "Responsibly managed" encryption is a game-changer. None of the messaging platforms which cyber experts and the media urged SMS/RCS users to switch to are "responsibly managed" under this definition.


...

The dilemma is that if Google or Meta or even Apple does have the keys, as used to be the case, then the end-to-end encryption enclave falls away. How would users feel if Google could access their currently encrypted content if required/wanted. This is as much about distrust of big tech as trust or otherwise of law enforcement. And, as ever, while the argument runs one way in the U.S. and Europe, the same technical back doors would exist in the Middle East, Africa, China, Russia, South East Asia, countries with a different view on privacy and state monitoring activities.
ef857002-e9da-4375-b80a-869a3518bb00@8shield.net
AggieBarstool
How long do you want to ignore this user?
eric76 said:

I wonder why they aren't also pushing encrypted e-mail. Properly encrypted and digitally signed e-mail would be a real help, I think.


The major players in this arena (Google & Microsoft) are already using TLS to encrypt data in transit and AES 128/256 when at rest.
The concern is what folks are doing to get to the email -- if you POP it off to an aggregator, that changes things. If you're using the native apps, you should be good.
Worth noting it's not fully end-to-end encrypted (E2EE) because, as a cost of doing business, Google and Microsoft need access to email headers and other metadata for spam blocking and targeted ads.
Refresh
Page 1 of 1
 
×
subscribe Verify your student status
See Subscription Benefits
Trial only available to users who have never subscribed or participated in a previous trial.