US Senate accused of attacking free speech and security

The Electronic Frontier Foundation (EFF) has suggested a new bill designed to protect children online is a nothing but a thin veil to undermine free speech and security.

The EARN IT Act, championed by Senators Lindsey Graham and Richard Blumenthal, would create a new agency tasked with developing best practices to tackle online exploitation. Some of these elements would be directed towards the owners of internet platforms, though the EFF argues there are few benefits to the headline objective but serious consequences to free speech and online security.

“While we applaud Congress’ desire to address the sexual exploitation of children online, a more effective way to address that crisis would be to better equip law enforcement agencies to investigate it by adding staffing and funding to more effectively use their current lawful investigative tools,” the EFF said in an open letter to Congress.

Firstly, the EFF has suggested the bill would not benefit the case against online child exploitation. With vague and nuanced language, the EFF suggests there are no meaningful steps forward, and it would not result in aiding organizations that support victims or equipping law enforcement agencies with resources to investigate claims of child exploitation.

Secondly, the EFF claims the bill would seek to regulate how platforms manage online speech. As editorial activities of internet platforms are protected from government interference by the First Amendment, this would be in violation of the US Constitution.

Finally, the EFF believes the bill is another attack on the industry standard security systems which is end-to-end encryption. Numerous governments around the world have attempted to legislate against end-to-end encryption, despite the fact it is a very effective security feature for the consumer, and this is allegedly another attempt to do so.

Progress does need to be made to ensure the internet is a safe place for everyone and anyone, but such attempts to legislate need to be considered and measured. The EFF has a way of exaggerating the potential impact, but it does not necessarily mean it is wrong.

UK, US and Australia demand security delay from Facebook

Politicians from the UK, the US and Australia have penned an open letter to Facebook CEO Mark Zuckerberg requesting the team delay end-to-end encryption plans.

Signed by UK Secretary of State Priti Patel, US Attorney General William Barr, Acting-Secretary of Homeland Security Kevin McAleenan, and Australian Minister for Home Affairs Peter Dutton, the letter requests that before any encryption technologies are applied to messaging services Facebook includes a means for enforcement agencies to access the content transmitted across the platforms.

Once again, politicians are defying logic by requesting the creation of a backdoor to by-pass the security and privacy features which are being implemented on messaging platforms and services.

“We are committed to working with you to focus on reasonable proposals that will allow Facebook and our governments to protect your users and the public, while protecting their privacy,” the letter states. “Our technical experts are confident that we can do so while defending cyber security and supporting technological innovation.”

It is as if the politicians do not live in the real world. We understand governments have a duty to protect society, and part of this will include monitoring the communications and activities of nefarious individuals, but this is not the right way to go about doing it.

Using the argument of security to undermine security and make citizens less secure is a preposterous idea, almost laughable. The ‘technical experts’ might be confident a backdoor can be built, but how do you protect it? This letter is requesting the construction of a vulnerability into security features, and once a vulnerability is there, it is only a matter of time before it is exposed by the suspect individuals in the rotting corners of society.

What is being suggested here is similar to building a high-security facility in the real world, with 15-foot, electrified walls, guards and watch-dogs, helicopters patrolling overhead, but then asking to leave the backdoor unlocked. It doesn’t matter how good defences are, eventually someone will find their way to the backdoor, open it and then let all his/her friends know how it was done. Chaos would eventually find a way.

This is of course a theoretical situation, the hackers might never find a way to or through the backdoor, but why tempt fate? No-one leaves their home believing they might be burgled that night, but they lock the door in any case. Why create a situation where the prospect of chaos is a possibility, irrelevant as to how faint? This seems like nothing more than simple logic.

As mentioned before, police forces and intelligence agencies are being tasked with keeping society safe. This is a very difficult job, especially with the progress of technology. Facebook, and others in the technology industry, should assist wherever possible (and legal), though this is not the right way to go about the situation.

This does put Facebook in a difficult position. The company is currently attempting to repair the damage to its reputation, as well as re-gain trust from both governments and wider society. However, it is increasingly looking like an impossible situation to satisfy both parties.

In March, Facebook CEO Mark Zuckerberg outlined a new focus for the company; it would hold the concept of privacy dear, and all new services will be built with privacy at the forefront of demands. Thanks to the Cambridge Analytica scandal, Facebook’s reputation as a guardian of personal information has been severely damaged, thus this new approach is critical to regaining credibility in the eyes of its users.

However, end-to-end encryption is a key element of this privacy strategy. Facebook cannot fulfil its promise to the user and satisfy the demands being laid out in this letter. If it was to build in a vulnerability, it could not tell the user in all honesty it has done everything possible to ensure security and privacy.

As the letter states, Facebook is doing more to clean-up its platform.

“In 2018, Facebook made 16.8 million reports to the US National Center for Missing & Exploited Children (NCMEC) – more than 90% of the 18.4 million total reports that year,” the letter states. “As well as child abuse imagery, these referrals include more than 8,000 reports related to attempts by offenders to meet children online and groom or entice them into sharing indecent imagery or meeting in real life.”

This is the situation which Facebook is in. It is never going to be able to remove all the hideous conversations and activity on its platform, but governments will demand it does. Something will always slip through the net, and the sharp stick of the law will be there to punish the company. Facebook will never be able to do enough to satisfy the demands of governments, and therefore will always be a defensive position.

However, you should not be distracted by the rhetoric which is being put forward in this letter. Yes, there are some horrendous activities which occur on the platform. Yes, Facebook should, and probably could, do more to assist police forces and intelligence services. Yes, the digital economy has largely shirked responsibility in the years leading to today. But no, building vulnerabilities in the system is not the right way forward.

These politicians are saying the right things to gain public support. These actions are in the pursuit of catching child molesters and terrorists; who wouldn’t want to help? But you have to look at the collateral damage. Users would be left open to identify theft, fraud and blackmail. These messaging platforms are used to have private conversations, exchange bank account details and discuss holiday plans. The number of criminals which could be caught is nothing compared to the billions who would be exposed to hackers on the web.

The idea which is presented here does have good intentions, but it pays no consideration to the collateral damage. The negatives of introducing a backdoor vastly outweigh the positives.

Quite frankly, we are still surprised to be having this conversation. Undermining security is no way to improve security. Governments need to understand this is not a viable option.

If the spooks can’t hack it, the US might ban it – report

A worrying report emerging from the US concerns the future of end-to-end encryption and the on-going security of consumers; if the intelligence community can’t break it, tech firms won’t be allowed to use it.

Hypocrisy and contradiction seem to be languages on the syllabus for every politician in today’s society. This might have been the case for decades, but it seems to be very prevalent in the legislative halls around the globe currently. Today’s example concerns cybersecurity.

According to Politico, there has recently been a secret meeting with all the no.2’s from US intelligence agencies to discuss the possibility of banning end-to-end encryption. The logic is relatively simple; removing the end-to-end encryption barrier would help these agencies catch more terrorists. But then again, the contradiction is also glaringly obvious.

In the pursuit of increased security, the intelligence agencies are suggesting less security. The removal of end-to-end encryption might help these agencies catch more terrorists, but it would also expose the consumer to considerable risks such as fraud or blackmail, while also making it easier for foreign states or criminals to spy on anyone and everyone, including governments.

Fixing one problem by making several problems should not be considered a sensible or logical approach to managing national security. It’s incredibly ill-advised and quite frankly we are surprised this debate rages on.

What is worth noting is this is not a dispute which is limited to the shores of the US; there are short-sighted and dim-witted politicians trying to kill end-to-end encryption all around the world.

Australia passed a law in December to compel technology companies into creating backdoors for security services to make use of, while in the UK, GCHQ directors suggested a similar mechanism called ‘Ghost Protocol’ which received a scathing reception. During 2017, then Home Secretary Amber Rudd attempted to rid the UK of encryption, while the infamous ‘Snoopers Charter’ was a disaster waiting to happen. In France, Article L.871-1 of the Internal Security Code requires technology companies to provide access to data within 72 hours of a request.

There are other approaches as well, which pay a much-needed nod to the importance of end-to-end encryption. In Finland for example, Section 23 of Chapter 8 of the Law on Coercive Measures Act compels persons/companies other than suspects/accused persons to hand over passwords and decryption keys if it is necessary to conduct a search of data contained in a device. This approach is not perfect, but it maintains the integrity of security protocols and the resilience of end-to-end encryption.

Although these agencies might think creating backdoors and the accountability mechanisms to use them is a sensible strategy, it clearly isn’t. If there is a vulnerability created in the security perimeter, the dark web will find out about it and will go searching for it. It will only be a matter of time before someone finds it, either through perseverance or accident, and it will be monetized by nefarious characters.

What is an important factor of the digital economy is the desire and requirements of technology providers to build security into products and services. This desire to build in backdoors undermines any work which is being done. Governments are pressing for increased security, but then insisting it must be weakened. The technology industry is caught between a rock and a hard place.

Why encryption is still impacting mobile video quality of experience periodically invites third parties to share their views on the industry’s most pressing issues. In this article Santiago Bouzas, Director, Product Management at Openwave Mobility looks at some of the underlying issues surrounding video encryption.

At a time when data breaches occur on an almost daily basis, undermining consumer confidence in enterprise IT’s ability to secure and protect private data, it might seem like the best solution is to increase efforts to encrypt data.

While encryption is an important part of securing data, it’s easy to underestimate the amount of complexity it adds to any service or device, especially in terms of the processing power required. On a surface level, encryption transforms one block of data reversibly into another. However, below the surface, encryption requires mathematical computation on data that needs to be read, reread, rewritten, confirmed and hashed.

Encrypting a text message is relatively simple. Encrypting video, however, is quite complicated, as computations occur on massive megabytes of data that’s constantly stored and retrieved. Moreover, video traffic is growing, especially as operators begin deploying 5G networks.

For instance, by the end of 2019, streaming services are expected from Apple, WarnerMedia and Disney+. In fact, video is predicted to account for nearly four-fifths of mobile network traffic by 2022 and almost 90% of 5G traffic according to the Mobile Video Industry Council, underscoring the need for mobile operators to build networks that can effectively handle the massive increase of encrypted traffic their networks are expected to carry.

The growth of video encryption

The increase of encrypted traffic isn’t a new challenge for operators. 4G networks brought about a seismic shift in connectivity and mobility, spurring the launch of millions of disruptive application-based businesses, including Spotify, Uber and Waze. But the unbridled freedom these new players enjoyed was short lived.

In 2013, whistleblower Edward Snowden revealed how global intelligence agencies were accessing mobile data, often in collaboration with technology companies. Quick to react, Facebook, Google and others began encrypting data with secure protocols, and that encryption has remained in place ever since.

By the end of 2018, about 90 percent of mobile internet traffic was encrypted, and there was no single standard followed for encrypting that data. For instance, Google uses QUIC, an encryption protocol based on the user datagram protocol (UDP). By contrast, Facebook and Instagram use zero round trip time resumption (0-RTT).

The QUIC protocol already accounts for between 30 and 35 percent of the market, and it is considered one of the most popular and efficient delivery mechanisms for video streaming. However, both protocols make it extremely difficult for operators to profile or optimize data with conventional traffic management tools, hindering their ability to deliver consistent quality of experience (QoE).

Without question, dedicated streaming services like Netflix and Amazon Prime are contributing to the increase in encrypted video traffic. However, Facebook is quickly becoming the primary channel for sharing video content. Facebook’s strategy is based around sharing video and merging its platforms, including Instagram, WhatsApp and Messenger. And that strategy is clearly paying off.

While Facebook has been sharing video from its vast content delivery network (CDN) for some time, the volume of video data shared across its different properties is 10 percent higher than that shared across all of Google’s entities combined. This is especially true on mobile, where there is a strong demand for social media, for which Facebook and Instagram are the dominant platforms.

Additional advertising investment is further cementing Facebook’s position, so much so that Facebook could soon overtake Google as the key driver of both video consumption and encryption protocols. Interestingly, Facebook is moving away from using the 0-RTT protocol and is also beginning to embrace QUIC.

In time, Facebook is expected to change protocols again, likely to Transport Layer Security (TLS) 1.3, a more robust and secure cryptographic protocol. Those plans have significant implications for mobile operators looking to deliver the best possible QoE.

Additional complications for video

Not only must operators contend with different encryption protocols, they also face challenges from the quality (resolution) of video that traverses the network. For instance, more than half of video traffic is expected to be high definition (HD) by the end of 2019. HD video consumes three times the amount of data as standard definition (SD) and requires three times the bandwidth.

As we near deployment of 5G networks, operators likely will have to contend with ultra-high definition (UHD) video, which will consume three or four times the data as HD video. Moreover, operators won’t just grapple with the need to monitor and manage video data. They’ll need new and different capabilities to detect and manage demand created by the obfuscation of encrypted video traffic.

The deep packet inspection (DPI) method that operators employ to analyze and optimize network usage will need to be sufficiently agile to handle the change in encryption protocols. Heuristic evaluation models and reporting structures will need to adapt, as well. Without these improved capabilities, operators will find it increasingly challenging to deliver the QoE expected for video content.

Failure to adequately address the increasing complexity of video traffic will result in increased buffering times, which is the death knell for consumers of mobile video. In an increasingly competitive ecosystem, customers that aren’t happy with network quality for video will have a myriad of competitors to churn to.


SantiagoBouzasSantiago Bouzas is the Director of Product Management at Openwave Mobility and is an expert on mobile internet connectivity. Santiago has over 12+ years of experience in telecoms, holding product management, sales/pre-sales and professional services roles in both global and start-ups.

Tech giants hit back against GCHQ’s ‘Ghost Protocol’

GCHQ’s new proposal to supposedly increase the security and police force’s ability to keep us safe has been slammed by the technology industry, suggesting the argument contradicts itself.

In an article for Lawfare, GCHQ’s Technical Director Ian Levy and Head of Cryptanalysis Crispin Robinson presented six principles to guide ethical and transparent eavesdropping, while also suggesting intelligence officers can be ‘cc’d’ into group chats without compromising security or violating the privacy rights of the individuals involved.

The ‘Exceptional Access Debate’ is one way in which GCHQ is attempting to undermine the security and privacy rights offered to consumers by some of the world’s most popular messaging services.

Responding in an open letter, the likes of the Electronic Frontier Foundation, the Center for Democracy & Technology, the Government Accountability Project, Privacy International, Apple, Google, Microsoft and WhatsApp have condemned the proposal.

“We welcome Levy and Robinson’s invitation for an open discussion, and we support the six principles outlined in the piece,” the letter states. “However, we write to express our shared concerns that this particular proposal poses serious threats to cybersecurity and fundamental human rights including privacy and free expression.”

Levy and Robinson suggest that instead of breaking the encryption software which is placed on some of these messaging platforms, the likes of Signal and WhatsApp should place virtual “crocodile clips” onto the conversation, effectively adding a ‘ghost’ spook into the loop. The encryption protections would remain intact and the users would not be made aware of the slippery eavesdropper.

In justifying this proposal, Levy and Robinson claim this is effectively the same practice undertaken by the telco industry for years. During the early days, physical crocodile clips were placed on telephone wires to intercept conversations, which later evolved to simply copying call data. As this is an accepted practice, Levy and Robinson see no issue with the encrypted messaging platforms offer a similar service to the spooks.

However, the coalition of signatories argue there are numerous faults to the argument. Firstly, technical and secondly, from an ethical perspective.

On the technical side, the way in which keys are delivered to authenticate the security of a conversation would have to be altered. As it stands, public and private keys are delivered to the initiator and recipients of the conversation. Both of these keys match, are assigned to specific individuals and only change when new participants are added to the conversation. To add a government snooper into the conversation covertly, all the keys would have to be changed without notifying the participants.

Not only would this require changes to the way encryption technologies are designed and implemented, but also it would undermine the trust users place in the messaging platform. Levy and Robinson are asking the messaging platforms to suppress any notifications to the participants of the conversation, effectively breaking the trust between the user and the brand.

While GCHQ can think it is presenting a logical and transparent case, prioritising responsible and ethical use of technology, the coalition also argues it is contradicting its own principles laid out in its initial article. Those principles are as follows:

  1. Privacy and security protections are critical to public confidence, therefore authorities would only request access to data in exceptional cases
  2. Law enforcement and intelligence agencies should evolve with technologies and the technology industry should offer these agencies greater insight into product development to help aid this evolution
  3. Law enforcement and intelligence agencies should not expect to be able to gain access to sensitive data every time a request is made
  4. Targeted exceptional access capabilities should not give governments unfettered access to user data
  5. Any exceptional access solution should not fundamentally change the trust relationship between a service provider and its users
  6. Transparency is essential

Although the coalition of signatories are taking issue with all six points, for us, it’s the last two which are the most difficult to grasp.

Firstly, if ‘Ghost Protocol’ is accepted by the industry and implemented, there is no way not to undermine or fundamentally change the trust relationship between the platform and the user. The platform promises a private conversation, without exception, and the GCHQ proposal requires data interception without knowledge of the participants. These are two contradictory ideas.

“…if users were to learn that their encrypted messaging service intentionally built a functionality to allow for third-party surveillance of their communications, that loss of trust would understandably be widespread and permanent,” the letter states.

The sixth principle is another one which is difficult to stomach, as there is absolutely nothing transparent about this proposal. In fact, the open letter points out that under the Investigatory Powers Act, passed in 2016, the UK Government can force technology service providers to hold their tongue through non-disclosure agreements (NDA). These NDAs could bury any intrusion or interception for decades.

It’s all very cloak and dagger.

Another big issue for the coalition is that of creating intentional vulnerabilities in the encryption software. To meet these demands, providers would have to rewrite software to create the opportunity for snooping. This creates two problems.

Firstly, there are nefarious individuals everywhere. Not only in the deep, dark corners of the internet, but also working for law enforcement and intelligence agencies. Introducing such a vulnerability into the software opens the door for abuse. Secondly, there individuals who are capable of hacking into the platforms that developed said vulnerability.

At the moment, encryption techniques are incredibly secure because not even those who designed the encryption software them can crack them. If you create a vulnerability, the platforms themselves become a hacker target because of said vulnerability. Finding the backdoor would be the biggest prize in the criminal community, the Holy Grail of the dark web, and considerable rewards would be offered to those who find it. The encryption messaging platforms could potentially become the biggest hacking target on the planet. No-one or no organization is 100% secure, therefore this is a very real risk.

After all these considerations to security vulnerabilities and breach of user trust, another massive consideration which cannot be ignored is the human right to privacy and freedom of expression.

Will these rights be infringed if users are worried there might be someone snooping on their conversation? The idea creates the fear of a surveillance state, though we will leave it up to the readers as to whether GCHQ has satisfied the requirements to protect user security, freedom of expression and privacy.

For us, if any communications provider is to add law enforcement and intelligence agencies in such an intrusive manner, there need to be deep and comprehensive obligations that these principles will be maintained. Here, we do not think they have.

Aussies determined to undermine security with anti-encryption law

Ten of the world’s largest tech brands have banded together to denounce a recent law passed by the Australian government which could be viewed as the first step towards a Big Brother government.

With the world turning against China and Chinese companies due to the threat of espionage, you have to question whether the Australian’s have a leg to stand on anymore, as personal privacy takes a heavy blow with this legislation.

The signs have certainly been worrying over the last 18 months. Australia might well be one of the first to pass such controversial legislation, but it is certainly not alone. France, Germany, the UK and the US have all made it clear they all have ambitions to make our world less secure and less private with their own attempts. The privacy damn was set to burst, and the Aussies caved. Privacy has taken a backwards step down-under.

The statement below, signed by Apple, Evernote, Dropbox, Facebook, Google, LinkedIn, Microsoft, Oath, Snap and Twitter, signals the opposition from the technology industry.

“One of the core principles of the Reform Government Surveillance coalition (RGS) is that strong encryption of devices and services protects the privacy and data security of our users, while also promoting free expression and the free flow of information around the world,” a joint statement declares.

“RGS has consistently opposed any government action that would undermine the cybersecurity, human rights, or the right to privacy of our users – unfortunately, the Assistance and Access Bill that was just passed through the Australian Parliament will do just that. The new Australian law is deeply flawed, overly broad, and lacking in adequate independent oversight over the new authorities. RGS urges the Australian Parliament to promptly address these flaws when it reconvenes.”

The law itself will allow the Australian police to issue technical notices, compelling technology companies to assist the government to hack, implant malware, undermine encryption and even insert backdoors into security software. Those who resist would face financial penalties. The justified concerns with the legislation are two-fold.

Firstly, the idea of a backdoor or writing algorithms which allow encryption software to be undermined completely defeats the purpose. The presence of such features should be seen as nothing more than a weakness in the software, a weak link in the chain. Whenever there is a vulnerability, nefarious individuals always expose it. It is just a matter of time before cyber criminals identify these vulnerabilities and it doesn’t matter how well they are hidden. It might happen after months of searching, or it might happen by accident.

Secondly, the law is flawed in that it is full of loop-holes and contradictions which leave it open to abuse and mission creep.

The initial remit of the technical notices will be for serious crimes, such as sex offenders, terrorists, homicide and drug offenses, though critics have pointed towards weak and vague language which opens the door for mission creep. And when there is an opportunity to push the boundaries of acceptable, there are people who will do this.

Another example of the problematic rules is the difference between Technical Capability Notices (TCNs) and Technical Assistance Notices (TANs). Both are used to compel technology companies into assistance for pretty much the same exercises and violations of privacy, though TCNs require approval by the Attorney-General, a consultation period and can only be used by the agency which submitted the request. TANs do not but can wield almost exactly the same amount of power.

“As Government and Labor MPs work today to craft amendments to the Assistance and Access Bill, it appears that one of the biggest flaws in the proposed legislation will not be addressed,” said Communications Alliance CEO, John Stanton on the differences between TCNs and TANs.

These are only a couple of examples of the criticism which the bill has faced over the last couple of weeks, though even after public consultation (which attracted 15,000 comments) few amendments were made to the original draft before being passed into law.

“The Australian government has ignored the expertise of researchers, developers, major tech companies, and civil liberties organizations by charging forward with a disastrous proposal to undermine trust and security for technology users around the world,” the Electronic Frontier Foundation said it a statement.

“The issue isn’t whether the Australian government read the 15,000 comments and ignored them or refused to read them altogether. The issue is that the Australian government couldn’t have read the 15,000 comments in such a short time period. Indeed, the bill’s few revisions reflect this—no security recommendations are included.”

In the pursuit of making life easier for the Australian police force, the government has betrayed the consumer and made the digital landscape a haven for hackers. We are unable to think of any examples of genuine encryption software being hacked or compromised to date, but the Australian government has just made life a lot easier for nefarious actors by voluntarily introducing vulnerabilities.

And this is without addressing the opportunity for abuse and violation of individuals human right to privacy.

There have been countless examples from around the world of individuals, either in private organizations or government agencies, being able to respect privacy rights when given the opportunity. Uber employees used the location tracking features of the app to stalk ex’s and celebrities, while Edward Snowden exposed how the CIA illegally undermined the privacy of thousands of its own citizens.

The Australian government has not done anywhere near enough to ensure the rights of citizens will be maintained, or that actions will be entirely justified. This is a very worrying sign for the world, especially with the likes of the US and UK watching very carefully.

Australia is part of the Five Eyes intelligence fraternity, which traces its origins back to the 50s. This intelligence alliance, comprising of Australia, Canada, New Zealand, the UK and the US, generally work hand-in-hand when it comes to intelligence and security, and tend to implement very similar legislation. With Australia setting the pace of making the world a less safe place, it would not be a surprise to see other nations follow suit.

International politics is generally like a dominoes set. All ‘Western’ governments have similar laws, and when one breaks rank usually it back-tracks or the rest get in line. In this case with governments around the world all showing Big Brother ambitions, we suspect it might not be too long before more of these bills are being discussed elsewhere.

Netflix dominates the internet, but keep an eye on gaming geeks – Sandvine

Netflix currently accounts for an incredible proportion of global internet traffic, though the gaming segment is starting to throw its weight around.

According to research unveiled by Sandvine, The Global Internet Phenomena Report, Netflix now accounts for 15% of the total downstream volume of traffic across the entire internet. This is an astronomical number when you consider the service only has 130 million subscribers, a large number but some would perhaps has thought higher, while there are roughly 1.7 billion websites on the internet. Video on the whole accounted for 58% of the traffic meandering along the digital pavements.

Netflix, and video on the whole, dominating trends is not a new idea. This is something the telcos have been preparing for, though the gaming segment has been rarely discussed. Gaming has traditionally been reserved for very niche demographics, though with more content providers targeting mobile applications, the target audience has been increasing substantially, as has the depth and scale of the games themselves.

Looking at the contributions to the bottleneck, in Europe two of the top ten owners of downstream traffic volume are relating to gaming; PlayStation and Steam (focused on PC-based gaming). PC games can be as much as 100 GB in size, owning to consumer demands to make more larger and more immersive environments, though telcos would be wary of the continuing momentum for mobile games. With data becoming cheaper for the consumer and devices becoming more powerful, content developers are being encouraged to introduce mobile games which are more on par with those on other platforms. The sheer breadth, depth and variety of these titles on the app stores is quite staggering.

This of course will stress networks, especially considering many users of these games will use them when out and about, not connected to home broadband or public wifi. Ensuring these mobile games meet the demands of the consumer will be critical, as it may well soon become another stick to hit connectivity providers with.

Another interesting statistic to emerge from the data is the level of encryption. Sandvine estimates 50% of internet traffic is now encrypted, though this might be a conservative guess. The estimate only accounts for sources which are encrypted consistently, the number might well be higher, and it is certainly increasing. For consumers, this is a promising trend set against a backdrop of data privacy scandals and breaches, though it is an added complication for the telcos.

Encryption of course protects the consumer from wandering eyes with nefarious intentions, but it also prevents the telcos from keeping an eye on what is going on. Without visibility into what type of traffic is traversing the algorithmic piste, the telcos cannot tailor the delivery and enhance the experience for the consumer. The blame of poor experience might be thrown towards the telcos, but with encryption trends heading northwards, they are relatively helpless.

Limies, Yanks, Kiwis, Ozzies and Mounties have another crack at killing encryption

In a carefully worded statement, the governments of the US, UK, Canada, Australia and New Zealand have reiterated their desire to crack encryption and snoop on citizens.

The cryptic message to the technology industry seems to be a relatively familiar one; our spies can’t crack your encryption software, so we are going to legally force you to grant us access. What you can expect to see over the next couple of months are various statements in the press, PR campaigns and op-ed pieces building a picture as to why the technology giants are undermining the judiciary system of democratic nations, and how they are toying with the safety of your life, your partners and of your children. It’s a tactic we’ve seen before, and we suspect it is on the horizon once again.

This appears to be the important aspect of the statement:

“Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute.  It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards.  The same principles have long permitted government authorities to search homes, vehicles, and personal effects with valid legal authority.

“The increasing gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is a pressing international concern that requires urgent, sustained attention and informed discussion on the complexity of the issues and interests at stake. Otherwise, court decisions about legitimate access to data are increasingly rendered meaningless, threatening to undermine the systems of justice established in our democratic nations.”

In short, governments want to force technology companies to open up their security features because they are not able to crack though themselves. The encryption software is not only good enough to protect users from the nefarious characters on the dark web, but it is resilient enough to keep the spooks at bay as well.

Of course there are scenarios when privacy and freedom of expression should be sacrificed, in an instance of war or genuine threat to national security. And there are cases where homes or offices could be searched in years gone because of a warrant signed by a judge. These warrants were critical in the pursuit of and prosecution of criminals. The digital world does make it difficult to make these pursuits a reality, but that does not warrant the introduction of backdoors in the software.

If a police force entered your home in years gone to seize information, they would enter through your front door. This is a barrier to protect your home and personal belongings, but allowing a backdoor in security features for intelligence agencies or police forces is also a welcome mat for hackers. The man on the street cannot protect themselves from this threat, therefore these governments are compromising the safety of the vast majority to further their own ambitions.

As it stands, these governments have offered no explanations as to how intelligence agencies would be able to access the information, but securities would remain robust against nefarious individuals on the dark web.

We contacted the UK Home Office which did not respond to our questions.

The Home Office did not respond to how it could justify weakening security in the name of security, or how it would actually work. Neither how it would prevent abuses of any preferential treatment for intelligence agencies or police forces. Finally, it did not offer any explanation for the process of accountability or justification.

Whenever there is progress in the technology world, the government and its agencies are left behind. Industry is lightyears ahead of intelligence agencies and police forces, and the government is attempting to scare the population into agreeing it is necessary to weaken encryption in pursuit of national security. It is a game of PR to justify legally strong-arming the technology companies into compliance.

This statement from the government is simple; we don’t like encryption services. That much is clear. There are circumstances where the government has a right to suspend privacy, assuming there is enough justification, but we are yet to see any evidence the government can ensure the ongoing protections of users whilst also fulfilling its ambitions.

Destroying safety in the name of safety is a complete contradiction; such actions are not a service to citizens.

Tech giant reaffirm stance against government snooping

Reform Government Surveillance, a coalition of some of the world’s largest tech companies, has agreed on a sixth core principle to guide its advocacy efforts going forward.

The sixth principle reaffirms the groups position on encryption and the worrying trend of short-sighted government official’s efforts to force build-on vulnerabilities into software. This is not a new argument, though governments are still standing firm on ignorant foundations, arguing the ridiculous idea that reducing the effectiveness of security features is a good idea.

The principle is as follows:

“Strong encryption of devices and services protects the sensitive data of our users – including individuals, corporations, and governments. Strong encryption also promotes free expression and the free flow of information around the world. Requiring technology companies to engineer vulnerabilities into their products and services would undermine the security and privacy of our users, as well as the world’s information technology infrastructure. Governments should avoid any action that would require companies to create any security vulnerabilities in their products and services.”

While it is an argument which has died down in recent months, it is still bubbling away in the background as other scandals offer politicians the opportunity to get their superficial grins on the front pages. In the UK the tech giants might be glad to see the back of the forgetful former Home Secretary Amber Rudd, who has led a campaign against encryption, though her successor has not revealed his stance just yet; Sajid Javid might prove to be just as idiotic.

At we appreciate there is a balance to strike between the physical protection of a nation and online security. Governments should be granted access to information when justified, however building vulnerabilities into security features is not the right answer. Should backdoors be built, it would only be a matter of time before hackers and other nefarious actors gain unrestricted access to personal information. The idea is quite frankly ridiculous.

The other principles are as follows:

  1. Limiting Governments’ Authority to Collect Users’ Information
  2. Oversight and Accountability
  3. Transparency About Government Demands
  4. Respecting the Free Flow of Information
  5. Avoiding Conflicts Among Governments

The group features some of the biggest names in the technology world, including Apple, Dropbox, Google, Facebook and Microsoft. Such resistance to ill-advised and ridiculous government ideas such as the weakening of encryption software should be encouraged. It is reassuring to see the tech companies are retaining their firm position against the foolhardy governments and intelligence agencies who have not proved they should be trusted.

WhatsApp boss exits, possibly over privacy concerns, but we’re not convinced

WhatsApp founder Jan Koum is exiting the Facebook family under the guise of privacy concerns, but he might just have gotten all of his bonus.

Using the social media platform to convey his message, Koum did not give any details, though sources close to the matter claim there was a disagreement with executives at parent-company Facebook over privacy, the use of personal information and the potential weakening of encryption software. This might be the reason, or it might just be a good way to justify exiting while maintaining an anti-capitalist image.

“I’m leaving at a time when people are using WhatsApp in more ways than I could have imagined,” said Koum. “The team is stronger than ever and it’ll continue to do amazing things. I’m taking some time off to do things I enjoy outside of technology, such as collecting rare air-cooled Porsches, working on my cars and playing ultimate frisbee. And I’ll still be cheering WhatsApp on – just from the outside. Thanks to everyone who has made this journey possible.”

The Facebook post followed a report in The Washington Post detailing the clash between executives and misaligned values between the two parties. The protection of the users personal information is a core value at WhatsApp, and part of the reason so many have flocked to the service. Back in 2014 when Facebook bought the service, WhatsApp posted a blog promising nothing would change following the acquisition, though the WhatsApp values have certainly been eroded over the years.

Initially it was promised security would be maintained, personal information would not be used and advertising would not appear on the platform. In attempting to change terms and conditions in 2016, and introducing new opportunities for business to connect with customers in January, two of these promises have been compromised. Should the rumours about efforts to weaken encryption be true, all three values have been walked out the door.

As you can imagine, under-fire Facebook CEO Mark Zuckerberg has done his best to calm the waters in replying to the post:

Zuckerberg post

In complementing the WhatsApp encryption advances, Zuckerberg is seemingly attempting to play-down any concerns the protections might be diluted. Zuckerberg has not denied Facebook is weakening the encryption software, but simply calming any potential euphoria. Right now is not a good time for news to leak to the press about weakening privacy protections at Facebook considering the scrutiny the platform is facing in light of the Cambridge Analytica scandal.

While it is very chivalrous for Koum to stand-down over compromises and erosion of WhatsApp principles and core beliefs, we can’t believe he is that naïve. Facebook is an information business and will constantly searching for new ways to improve the advertising platform. When the social media platform bought WhatsApp for a monstrous $19 billion, did Koum honestly believe it was as a philanthropic exercise? Of course Facebook wanted to access the user data.

We are not 100% convinced by these reports. Generally when a company is acquired, especially on this scale, the former management team are incentivised to stay to manage the transition and integration. These incentives are usually spread over a couple of years. Considering it has been 3.5 years since the acquisition was completed, we wonder whether Koum has realised all of his transition bonuses and now just wants out. Jumping on the ‘Facebook is a privacy monster’ train might just be a way to save face. He’s doing it for moral reasons, not because he’s got as much money as possible out of the situation.

In martyring himself, Koum has likely removed one of the final hurdles the Facebook advertising machine had in harvesting the personal information vaults of WhatsApp. Some might argue Facebook has destroyed the principles of the brand, but Koum and co-founder Brian Acton told us how much their values are worth; $19 billion. Considering the reasons for creating WhatsApp in the first place, privacy and a disdain for ads, Koum and Acton effectively did a deal with the devil.

Reports might claim he is making a moral stance against the company, but the high-horse is simply trotting Koum away from any responsibility while dragging the loot over the principles of WhatsApp which now lay tattered and tarnished in the dirt.