The European Commission’s proposal to fight “child sexual abuse materials” has spurred controversy as it touches upon the issue of private interpersonal communications and might affect end-to-end encryption. This article discusses reactions to the proposal and the current state of play, its impact on end-to-end encryption, and the legislative process.
This web conference provides an overview of the threat landscape and how attackers use encryption to their benefit and why the inspection of network traffic is necessary for privacy compliance.
Husna Siddiqi and Dalia Khader explain how a cryptographic concept called “homomorphic encryption” may be able to help assuage privacy concerns around COVID-19 applications.
This piece covers why conversational AI solutions need to have a comprehensive security program in place to uphold privacy and maintain regulatory compliance, and why those AI providers cannot rely on encryption alone.
Additional News and Resources
The New York Times reports on the race to develop stronger encryption techniques as the field of quantum computing continues to advance. The technology could bring substantial change to the medicine and artificial intelligence fields by reducing the time and power needed to run complex simulations, but it poses a major risk to privacy and data security.Full story... Read More
Spain's data protection authority, the Agencia Española de Protección de Datos, released a browser app to assess the security of online encryption systems. The tool is meant to give guidance on what encryption standards to look for while processing personal data and does not transmit any information back to the authority.Full story... Read More
The U.K. Home Office released guidelines on the interplay between end-to-end encryption standards and children's safety as it relates to the recently passed U.K. Online Safety Bill. The office explained the overlap between the two topics, Meta's leading example on the matter, and current techniques and technological solutions being used. Notably, the guidance also lays out the application of the Online Safety Bill in the encryption-child safety context.Full story... Read More
Meta announced millions of Facebook Messenger accounts will be able to trial end-to-end encryption standards for individual and group chats. Meta is working to finalize default encryption standards by year's end and maintains it is on track to do so. The company said default encryption will "enhance the security we already provide and give people additional confidence that their personal messages will remain private."Full story... Read More
Apple announced Wednesday a suite of data security improvements it plans to roll out in the coming months that aim to protect consumer data and ward off hackers. The three data security features include iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud. In a company announcement, Apple Senior Vice President of Software Engineering Craig Federighi said the new features will provide users with "three powerful new tools to further protect their ... Read More
This article from Privacy Affairs serves as an in-depth guide on how consumers can encrypt their internet connection. Read More
The Center for Democracy & Technology issued a report on end-to-end encryption and how individual rights, including privacy, can be upheld when facing problematic content on encrypted platforms. Read More
Privacy-enhancing technologies like secure multiparty computation, homomorphic encryption, federated learning, differential privacy, secure enclaves, zero-knowledge proof or synthetic data are becoming increasingly relevant in practice and considered by regulators. Approaching the challenging trade-off between data privacy and data utility for a vast variety of use cases, privacy-enhancing technologies embed important privacy-by-design principles in the data life cycle. They aim at enabling inc... Read More
This article series from the Spanish DPA (AEPD) breaks down and provides insight on different topics of encryption and privacy. Read More
This guide, published by Internet Society, details how encryption can effectively serve as a tool for advocacy groups by protecting the integrity of personal information from hacking attempts and other vulnerabilities. Read More
This article, published by the Internet Society, analyzes the use and benefits of encryption technology, and how it fits into and supports the infrastructure of the internet, both present and future. Read More
The Future of Privacy Forum released “Strong Data Encryption Protects Everyone,” a visual guide to data encryption. The interactive tool outlines how encryption works, where it is used and potential risks. “The infographic illustrates how strong encryption protects individuals, enterprises, and the government. View Visual Guide View Infographic (PDF) ... Read More
In the last decade, California has suffered twice as many data breaches as any other state, with roughly 1,493 breaches affecting nearly 5.6 billion records. Where California’s privacy laws apply to an organization, encrypting customer data will provide immunity from the private right of action under the California Consumer Privacy Act and limit obligations of notification in the event of a data breach under California’s data breach notification law. Santa Clara University School of Law's Solima... Read More
In a piece for CMSWire, Securiti.ai Product Lead Anas Baig provides a breakdown of how encryption meshes with privacy regulations around the world. Baig goes into detail on what privacy laws in the U.S., EU, Canada, Brazil and others say about the deployment of encryption. Additionally, Baig lays out the fines associated with encryption while offering best practices for companies implementing it into their systems. "In this era of data privacy, encryption is no longer an option, but rather a nec... Read More
On Dec. 6, Australia passed a surprising law with a global impact on privacy. The new law requires any Australian company to build backdoors to encrypted data and communications when instructed to do so by the government, while also requiring secrecy about the existence of such surveillance capabilities from individuals and enterprise customers. This unverifiable question of compromised encryption presents many technical threats and introduces international regulatory compliance challenges as we... Read More
How familiar are you with the “encryption exception” in the EU General Data Protection Regulation and some U.S. state laws? It can be used to exempt a company from breach reporting and notification obligations if data was encrypted and the key had not also been compromised. The GDPR identifies the exception in Article 34(3)(a), stating that the breach notification of Article 34(1) is not required if “the controller has implemented appropriate technical and organisational protection measures, … ... Read More
This article by Peter Swire and Kenesa Ahmad offers a short history of wiretaps for phone and Internet data; highlights key lessons learned from the U.S. crypto wars of the 1990s; proposes reasons why effective encryption becomes even more important when the debate shifts from one country to a globalized setting, and synthesizes the key reasons supporting effective encryption in today’s globalized world. Read More