In an 11-month period, the FBI failed to gain access to around 7, 000 encrypted mobile devices, BBC News reports , which is about half of those targeted by the agency according to FBI Director Christopher Wray. In a speech given at the Association of Chiefs of Police conference yesterday, he said that device encryption was “a huge, huge problem, ” for the agency. The FBI publicly went after Apple following the 2015 San Bernardino terror attack as it sought access to the shooter’s locked iPhone 5c — a request that Apple staunchly refused . It eventually got around the issue by paying an undisclosed vendor reportedly $900, 000 for software that gave the agency access to the phone. While that incident garnered a lot of attention, it certainly wasn’t the first time the FBI made it clear that encrypted smartphones were a headache for the agency. In 2014, then Director James Comey said that secure communications could lead to “a very dark place” and called on Congress to change the Communications Assistance for Law Enforcement Act accordingly. Further, while the FBI presented the San Bernardino attacker’s phone as a special case of national security, the Wall Street Journal reported that the Department of Justice was pursuing nine similar requests around the same time. Wray said at the conference, “I get it, there’s a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe.” But as cybersecurity expert Alan Woodward told BBC News , encryption is here to stay. “Encryption that frustrates forensic investigations will be a fact of life from now on for law enforcement agencies, ” he said. “Even if the equipment manufacturers didn’t build in such encryption it would be possible to obtain software that encrypted data in the same way.” Source: BBC News
View the original here:
FBI tried and failed to unlock 7,000 encrypted devices
knwny writes “The Times of India reports that ‘India has launched a wide-ranging surveillance program that will give its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls without oversight by courts or parliament, several sources said.'” Adds an anonymous reader: “What’s chilling is the comments from senior officials indicating that parts of the program are already live, without absolutely any discussion in public about it.” Read more of this story at Slashdot. 
kodiaktau writes “The ACLU has issued a FOIA request to determine whether the IRS gets warrants before reading taxpayers’ email. The request is based on the antiquated Electronic Communication Protection Act — federal agencies can and do request and read email that is over 180 days old. The IRS response can be found at the ACLU’s website. The IRS asserts that it can and will continue to make warrantless requests to ISPs to track down tax evasion. Quoting: ‘The documents the ACLU obtained make clear that, before Warshak, it was the policy of the IRS to read people’s email without getting a warrant. Not only that, but the IRS believed that the Fourth Amendment did not apply to email at all. A 2009 “Search Warrant Handbook” from the IRS Criminal Tax Division’s Office of Chief Counsel baldly asserts that “the Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications.” Again in 2010, a presentation by the IRS Office of Chief Counsel asserts that the “4th Amendment Does Not Protect Emails Stored on Server” and there is “No Privacy Expectation” in those emails.'” Read more of this story at Slashdot. 
First time accepted submitter Bitsy Boffin writes “Xtra, the largest ISP in New Zealand, which outsources email provision to Yahoo, has in the last two days been subject to a widespread email compromise, causing potentially thousands of accounts to send spam messages to every address in their webmail address books. Discussion at Geekzone centers around this potentially being a continuation of the Yahoo XSS exploit. While Telecom NZ, the owners of Xtra internet service provider indicate that the problem was “resolved”, reports of spam from its members continue unabated. Telecom NZ are advising those affected to change their passwords.” Read more of this story at Slashdot. 
An anonymous reader writes “Chris Testa recently presented at TAPR Digital Communications Conference and annouced his development work on a hand-held software defined radio. Running uClinux on an ARM Corex-M3 coupled to a Flash-based FPGA, it will be capable of receiving and transmitting from 100MHz to 1GHz. Designed to be low power, Chris has designed the radio primarily with the Amateur 2m and 70cm bands in mind. Currently in early prototyping stage, Chris intends to release the design under the TAPR Open Hardware License.” Read more of this story at Slashdot.