Cloud Hosting

Lawmakers will markup legislation next week that would hold tech companies accountable for child sexual abuse materials and images distributed on their platforms, part of a growing push in Washington, across the U.S. and abroad to crack down on activity online related to harming minors.

This marks the third time Sens. Lindsey Graham, R-S.C., and Richard Blumenthal, D-Conn., have put the bill the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act forward. The bill previously failed to see a floor vote, instead drawing backlash from security experts and privacy advocates over its potential to weaken the availability of end-to-end encryption.

Those concerns are even more heightened today amid growing concerns about the privacy of people seeking abortions after the Supreme Court overturned Row v. Wade and state laws eroding LGBTQ+ civil rights. Additionally, the FBI and Interpol both recently spoke out against encrypted chat apps and lawmakers in the U.K. and European Union are considering laws like the EARN IT Act that could also decrease the availability of encryption.

All these developments could open the next front in the war over encryption that has flared up over the past decade, often pitting law enforcement against civil liberties groups in the U.S. and abroad.

Whats different this time is a growing public awareness about the benefits of encryption. In the wake of the Supreme Courts abortion ruling, for instance, California, New York and D.C. attorneys generals all issued warnings to residents to avoid unencrypted messaging technology when discussing sensitive information. And the return of the EARN IT Act is already sparking public pushback. An online petition from the group Fight for The Future asking Congress to oppose the bill has more than 500,000 signatures.

The EARN IT Act is probably one of our biggest encryption-threatening bills worldwide, said Natalie Campbell, senior director of North American government and regulatory affairs for the Internet Society, a founding member of the Global Encryption Coalition.

The bill would make two significant changes to current laws. First, the legislation strips companies of liability protections outlined in Section 230 of the Communications Decency Act in cases involving child exploitation, opening the door for more state and private plaintiff cases. Second, it removes the federal knowledge standard for child sexual abuse materials, making it easier for courts to make the argument that a tech company was negligent in offering encryption because it knew it could be used to transmit child sexual abuse materials.

They are opening the courthouse door and lowering the threshold to get through that door and successfully bring a claim, said Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory. And so all of that will operate to disincentivize providers or allow the punishment of providers of offering encryption.

Furthermore, privacy advocates say, the EARN IT Act would make it easier for law enforcement to claim that a company acted negligently or recklessly by offering encryption, bolstering a years-long argument law enforcement has made against encrypted services. While in previous years those complaints have centered around terrorism and drug trafficking, increasingly law enforcement has pointed to child abuse in its concerns about end-to-end encryption.

Earlier this month, the FBI joined with Interpol and the U.K. National Crime Agency to blast Metas expansion of encryption, saying it blindfolds them to abuse and is a purposeful design choice that degrades safety systems. Former AttorneyGeneral William Barr used concerns about child exploitation when sparring with Meta over its plans to roll out full end-to-end encryption across its messaging products in 2019, arguing that going dark impeded the Justice Department from investigating child predators.

The EARN IT Act, introduced the same year Meta announced its encryption plans, got its name from an original plan to allow companies to earn liability protections by following guidance from a law enforcement-led national commission, has become synonymous with concerns that weakening encryption hurts everyone, not just criminals. So much so that lawmakers tried to address encryption concerns in 2020 by clarifying in the bills text that the use of full end-to-end encryption cannot serve as an independent basis for liability. Experts criticized the fix, which does not prohibit encryption from being used as evidence of negligence, as insufficient.

Now, critics say that the Supreme Courts Dobbs decision and the rise of laws targeting LGBQT+ rights make the stakes of the bill even higher than during previous reintroductions. You cant be pro-choice and anti-encryption, said Pfefferkorn.

Moreover, experts worry that the broad definitions in the EARN IT Act could give states the ability to pressure service providers to not just weaken encryption, but to remove lawful content entirely under the pretext of concerns about child exploitation.

Emma Llans, director of the Center for Democracy and Technologys Free Expression Project, said the EARN IT Act would be a gift to those state prosecutors seeking to censor large parts of the web and criminalize information about reproductive health care and LGBTQ+ content.

Llans pointed to the purge of content related to sex and nudity after the passage of FOSTA-SESTA, a bill aimed at eliminating sex trafficking, as an example of what tech companies do when their liability protections are threatened.

Some advocates expressed surprise to CyberScoop that lawmakers reintroduced the EARN IT Act with virtually no changes, given previous opposition. In fact, one of the only notable changes to the bill is the removal of the term grooming, according to a copy of the bill. Blumenthals office told CyberScoop the term was removed to more precisely reflect the conduct in the U.S. criminal code that the bill covers.

Technology companies are already legally required to report known child sexual abuse materials to the National Center for Missing and Exploited Children, which then forwards those reports to law enforcement. Many have taken an additional voluntary step by using hash matching, a technology that allows systems to flag abusive images that has already been reported and assigned a digital signature.

Proponents of EARN IT and other online safety bills say that this kind of voluntary system leads to underreporting and that not enough firms are using hashing. When you start looking at the reports coming in from these companies, theyre often missing a lot of information or are just unhelpful, said Alexander Delgado, director of public affairs for ECPAT-USA, an anti-trafficking policy organization.

Because hashing is based on known material, it has limitations in what it can detect. Other automated tools may produce false results or incorrectly flag child abuse. For instance, The New York Times reported two instances in which parents were accused by Google of uploading child sexual abuse materials after taking sensitive images of their children to share with doctors. In both cases, the men were investigated and cleared by law enforcement, but Google permanently suspended their accounts.

Despite these limitations, some lawmakers in the U.S. and abroad have pressured companies to go a step further by scanning users messages for abusive material before they are sent, using a process called client-side scanning. Efforts to do so, like a ditched attempt by Apple in 2021, have been met with swift criticism by encryption experts.

Electronic Frontier Foundation senior analyst Joe Mullin compared the technology to having someone read your messages over your shoulder. Even if the technology doesnt technically break the encryption, it breaks the values of what end-to-end encryption promises, he said. Theres no way to look at all the messages for this one bad crime and also have end-to-end encryption, said Mullin. Its actually incompatible.

Since the EARN IT Acts initial introduction in 2020 childrens online safety has taken center stage in Congress. Other proposals include the recently introduced STOP CSAM Act, which includes measures such as enforcing new child exploitation reporting obligations for tech companies. There is also the Kids Online Safety Act, which would require platforms used by kids 16 and under to prevent the promotion of content encouraging harmful behaviors. A boom in state-level childrens safety laws also add pressure on federal lawmakers to act.

Theres definitely a lot of momentum for some of these bills, which kind of heightens our concerned that something is gonna pass through, said Campbell of the Internet Society.

The EARN IT Act isnt the only sign of a new front in the war on encryption worrying encryption experts. The European Union has introduced its own CSAM regulations and the United Kingdoms Online Safety Act, which would promote client-side scanning, is making its way through parliament much to the protest of global tech firms.

Its like this kind of global onslaught, said Mullin.

Every expert CyberScoop spoke with agreed that tech companies need to do more to protect children online. However, critics of EARN IT say that there are less controversial changes that wouldnt interfere with encryption that Congress could explore first. For instance, Congress could extend CyberTip hotline preservation times, Pfefferkorn suggested.

If we could have more of a thoughtful and sustained discussion about that and put these civil liberties violating ideas off the table that could be a really positive approach, CDTs Llans said. Im not sure EARN IT can do that.

Proponents of the legislation say, however, that time is of the essence. I think we need to at least do something instead of just trying to find the perfect answer, said Delgado, whose organization supports both EARN IT and STOP CSAM. So, if we see something that doesnt work thats when we should be making changes.

Delgado acknowledged that there are valid critiques of the bills but said that there are costs and benefits to all legislation.

Encryption experts worry those costs could hurt the very children the legislation is trying to prevent. Absolutely nobody wants to prevent efforts to fight child abuse online, said Campbell, who is a parent. But you cannot undermine encryption without introducing a significant threat to every single internet user.

Corrected April 26, 2024: An earlier version of this article misstated that the EARN IT Act had not been formally reintroduced.

Go here to read the rest:
Return of the EARN IT Act rekindles encryption debate at critical moment for privacy-protecting apps - CyberScoop

Although cryptocurrencies have experienced a significant decline from their market cap of over $2 trillion in 2021, they are gaining momentum once again, with Bitcoin up over 75% YTD as of this writing. The crypto industry is rapidly integrating its way into mainstream monetary systems, offering unique solutions to numerous sectors, including finance and gaming.

Born from the ashes of the 2008 financial crisis, the cryptocurrency industry, led by Bitcoin, emerged in response to what was perceived by many as a corrupt, inefficient and centralized financial landscape. It sought to establish decentralized financial alternatives to overcome these challenges, striving to achieve an intricate equilibrium between security, scalability and decentralization.

However, despite the robust nature of the blockchain, the security of cryptocurrencies is threatened by the advent of quantum computers, as they will compromise existing cryptographic algorithms without a viable replacement.

Enter your email and you'll also get Benzinga's ultimate morning update AND a free $30 gift card and more!

The Quantum Resistant Ledger, or the QRL blockchain, offers an innovative and future-proof solution that addresses the significant quantum risk of existing blockchain technology with its own quantum-safe blockchain technology and digital asset. The following discussion will explore the quantum risk landscape for cryptocurrency and evaluate QRL's potential to seize this market opportunity as a post-quantum secure hedge for investors.

Options 101: The Beginner's Guide

Want to become an options master? In his free report, options expert Nic Chahine will give you access to thefour bulletproof tips for beginners, the secret to scoring 511% gainswith options, and his time-tested"plan" for success. Grab your free copy of Options 101: The Beginner's Guide ASAP.

To understand the quantum risk landscape, it's first important to take a step back and understand how cryptocurrencies operate. The primary objective of crypto is to facilitate value exchange without intermediaries, achieved via cryptographic algorithms that enable consensus, process transactions, and ensure data integrity in a permissionless, automated way.

Cryptocurrency security currently relies on mathematical processes, called hashing algorithms, and digital keys, specifically public-key cryptography. Together, these systems discourage tampering by making it extremely expensive and challenging for malicious users to exploit the system.

This implies that, unlike traditional banks, cryptographic algorithms and blockchain technology confirm ownership through probabilistic trustlessness rather than absolute certainty. While todays major blockchains like Bitcoin and Ethereum are considered extremely secure, quantum computing promises new capabilities in processing power, which is likely to have grave impacts on the security of these cryptocurrencies.

According to a recent report by Deloitte, about 65% of all Ether are vulnerable to a quantum attack, and this number has been continuously increasing. This is a significantly larger percentage than the 25% Deloitte found for the Bitcoin blockchain in a previous analysis.

The Quantum Resistant Ledger (QRL) stands as the pioneering post-quantum value store and secure communication layer, designed to shield against the looming quantum computer threat.

QRL employs a cryptographic method called the eXtended Merkle Signature Scheme (XMSS), to ensure that the blockchain remains secure even in the face of powerful quantum computers, providing a long-term solution for safeguarding digital assets.

In addition to protecting transactions, QRLs unique blockchain technology also secures communications. QRL brings together two advanced techniques, on-chain lattice key storage and layer-to-internode communication, to create a highly secured messaging system that is protected from the threats of super-powerful quantum computers.

Lastly, QRL is extremely adaptable and tightly integrated with several world-leading hardware digital asset storage solutions and open development architecture. This, coupled with a rich API and user interface, makes QRL a seamless and robust enterprise solution.

As a prudent investor, evaluating long-term risks associated with blue-chip assets like Bitcoin and Ethereum is essential. While they may be safe at the moment, current trends in post-quantum computing pose grave risks to the security of these platforms.

QRL could be poised to be a market leader in the quantum-safe space, potentially offering a low-risk and lucrative opportunity for investors to gain exposure to a growing niche. With the increasing divergence between the physical and digital worlds, it is more crucial than ever to assess and safeguard against the escalating risks in the digital era.

Featured photo by FLY:D on Unsplash

This post contains sponsored advertising content. This content is for informational purposes only and is not intended to be investing advice

2023 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

See the original post:
Beyond Encryption: How QRL's Quantum-Safe Blockchain Technology Offers A Long-Term Solution To Quantum Ri - Benzinga

Six out of the eight products are Recommended with one in Neutral and the other in Caution.Firewalls will not see attacks delivered via HTTPS unless configured to do so.

AUSTIN, Texas, April 25, 2023 /PRNewswire/ -- RSAC 2023 --CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has completed an independent test of eight market leading security vendors in its Enterprise Firewall comparative evaluation. Six products received Recommended ratings with high security effectiveness scores ranging from 94.05% to 99.94%.

Security Effectiveness tests measured how well the enterprise firewall controlled network access/applications and prevented exploits/evasions, all while remaining resistant to false positives. Products were subjected to thorough testing to determine their support for TLS/SSL 1.2 and 1.3 cipher suites, how they defended against 1,724 exploits, whether protection could be bypassed by any of 1,482 evasions, and if the devices would remain stable under adverse conditions.

Six products received Recommended ratings with high security effectiveness scores ranging from 94.05% to 99.94%.

Performance was measured using both clear text and encrypted traffic in order to provide more realistic ratings that are based on modern network traffic. Performance was measured with security enabled, and security effectiveness was measured while under moderate performance load. This was to ensure vendors did not take security shortcuts to improve performance nor enable overly aggressive security protections that would adversely impact performance. Connection rates and throughput of TLS 1.2 and TLS 1.3 encrypted traffic were significantly lower. Average connection rates of encrypted traffic were between 65% to 86.5% lower than unencrypted traffic.

Evasions were measured by taking several previously blocked attacks and then applying evasion techniques to those baseline samples. This ensured that any misses were due to the evasions, not the baseline samples. Several vendors missed evasions, with one vendor missing 72 evasions.

Key Findings:

"Firewalls are the keystone of most network security programs," said Vikram Phatak, CEO of CyberRatings.org. "It is concerning that some market share leaders are falling behind. CISOs should put pressure on those vendors to improve and look at alternatives in case they don't."

The following products were evaluated:

To read the CyberRatings reports go to CyberRatings.org.

Additional Resources

About CyberRatings.org

CyberRatings.org is a 501(c)6 non-profit organization dedicated to providing confidence in cybersecurity products and services through our research and testing programs. We provide enterprises with independent, objective ratings of security product efficacy. To become a member,visit http://www.cyberratings.org

SOURCE CyberRatings.org

Read more from the original source:
Enterprise Firewall Comparative Test Results Show That Encryption ... - PR Newswire