UK warns of satellite and space program problems in case of Brexit ‘no deal’

The UK government says that access to satellites and space surveillance programs will suffer in the event of a “no deal” departure from the European Union .

Britain has less than six months to go before the country leaves the 28 member state bloc, after a little over half the country voted to withdraw membership from the European Union in a 2016 referendum. So far, the Brexit process has been a hot mess of political infighting and uncertainty, bureaucracy and backstabbing — amid threats of coups and leadership challenges. And the government isn’t even close to scoring a deal to keep trade ties open, immigration flowing, and airplanes taking off.

Now, the government has further said that services reliant on EU membership — like access to space programs — will be affected.

The reassuring news is that car and phone GPS maps won’t suddenly stop working.

But the government said that the UK will “no longer play any part” of the European’s GPS efforts, shutting out businesses, academics and researchers who will be shut out of future contracts, and “may face difficulty carrying out and completing existing contracts.”

“There should be no noticeable impact if the UK were to leave the EU with no agreement in place,” but the UK is investing £92 million ($120m) to fund its own UK-based GPS system. The notice also said that the UK’s military and intelligence agencies will no longer have access to the EU’s Public Regulated Service, a hardened GPS system that enhances protections against spoofing and jamming. But that system isn’t expected to go into place until 2020, so the government isn’t immediately concerned.

The UK will also no longer be part of the Copernicus program, a EU-based earth observation initiative that’s a critical asset to national security as it contributes to maritime surveillance, border control and understanding climate change. Although the program’s data is free and open, the UK government says that users will no longer have high-bandwidth access to data from the satellites and additional data, but admits that it’s “seeking to clarify” the terms.

Although this is the “worst case scenario” in case of no final agreement on the divorce settlement from Europe, with just months to go and a distance to reach, it’s looking like a “no deal” is increasingly likely.

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

Most modern computers, even devices with disk encryption, are vulnerable to a new attack that can steal sensitive data in a matter of minutes, new research says.

In new findings published Wednesday, F-Secure said that none of the existing firmware security measures in every laptop it tested “does a good enough job” of preventing data theft.

F-Secure principal security consultant Olle Segerdahl told TechCrunch that the vulnerabilities put “nearly all” laptops and desktops — both Windows and Mac users — at risk.

The new exploit is built on the foundations of a traditional cold boot attack, which hackers have long used to steal data from a shut-down computer. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But Segerdahl and his colleague Pasi Saarinen found a way to disable the overwriting process, making a cold boot attack possible again.

“It takes some extra steps,” said Segerdahl, but the flaw is “easy to exploit.” So much so, he said, that it would “very much surprise” him if this technique isn’t already known by some hacker groups.

“We are convinced that anybody tasked with stealing data off laptops would have already come to the same conclusions as us,” he said.

It’s no secret that if you have physical access to a computer, the chances of someone stealing your data is usually greater. That’s why so many use disk encryption — like BitLocker for Windows and FileVault for Macs — to scramble and protect data when a device is turned off.

But the researchers found that in nearly all cases they can still steal data protected by BitLocker and FileVault regardless.

After the researchers figured out how the memory overwriting process works, they said it took just a few hours to build a proof-of-concept tool that prevented the firmware from clearing secrets from memory. From there, the researchers scanned for disk encryption keys, which, when obtained, could be used to mount the protected volume.

It’s not just disk encryption keys at risk, Segerdahl said. A successful attacker can steal “anything that happens to be in memory,” like passwords and corporate network credentials, which can lead to a deeper compromise.

Their findings were shared with Microsoft, Apple, and Intel prior to release. According to the researchers, only a smattering of devices aren’t affected by the attack. Microsoft said in a recently updated article on BitLocker countermeasures that using a startup PIN can mitigate cold boot attacks, but Windows users with “Home” licenses are out of luck. And, any Apple Mac equipped with a T2 chip are not affected, but a firmware password would still improve protection.

Both Microsoft and Apple downplayed the risk.

Acknowledging that an attacker needs physical access to a device, Microsoft said it encourages customers to “practice good security habits, including preventing unauthorized physical access to their device.” Apple said it was looking into measures to protect Macs that don’t come with the T2 chip.

When reached, Intel would not to comment on the record.

In any case, the researchers say, there’s not much hope that affected computer makers can fix their fleet of existing devices.

“Unfortunately, there is nothing Microsoft can do, since we are using flaws in PC hardware vendors’ firmware,” said Segerdahl. “Intel can only do so much, their position in the ecosystem is providing a reference platform for the vendors to extend and build their new models on.”

Companies, and users, are “on their own,” said Segerdahl.

“Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case,” he said.

The best security and privacy features in iOS 12 and macOS Mojave

September is Apple hardware season, where we expect new iPhones, a new Apple Watch and more. But what makes the good stuff run is the software within.

First revealed earlier this year at the company’s annual WWDC developer event in June, iOS 12 and macOS Mojave focus on a running theme: security and privacy for the masses.

Ahead of Wednesday big reveal, here’s all the good stuff to look out for.

macOS Mojave

macOS Mojave will be the sixth iteration of the Mac operating system, named after a location in California where Apple is based. It comes with dark mode, file stacks, and group FaceTime calls.

Safari now prevents browser fingerprinting and cross-site tracking

What does it do? Safari will use a new “intelligent tracking prevention” feature to prevent advertisers from following you from site to site. Even social networks like Facebook know which sites you visit because so many embed Facebook’s tools — like the comments section or the “Like” button.

Why does it matter? Tracking prevention will prevent ad firms from building a unique “fingerprint” of your browser, making it difficult to serve you targeted ads — even when you’re in incognito mode or private browsing. That’s an automatic boost for personal privacy as these companies will find it more difficult to build up profiles on you.

Camera, microphone, backups now require permission

What does it do? Just like when an app asks you for access to your contacts and calendar, now Mojave will ask for permission before an app can access your FaceTime camera and microphone, as well as location data, backups and more.

Why does it matter? By expanding this feature, it’s much more difficult for apps to switch on your camera without warning or record from your microphone without you noticing. That’s going to prevent surreptitious ultrasonic ad tracking and surveillance by malware that hijack your camera. But also asking permission for access to your backups — often unencrypted — will prevent malware or hackers from quietly stealing your data.

iOS 12

iOS 12 lands on more recent iPhones and iPads, but will bring significant performance boosts to older supported devices, new Maps, smarter notifications and updated AIKit .

Password manager will warn of password reuse

What does it do? iOS 12’s in-built password manager, which stores all your passwords for easy access, will now tell if you’re using the same password across different sites and apps.

Why does it matter? Password reuse is a real problem. If you use the same password on every site, it only takes one site breach to grab your password for every other site you use. iOS 12 will let you know if you’re using a weak password or the same password on different sites. Your passwords are easily accessible with your fingerprint or your passcode.

Two-factor codes will be auto-filled

What does it do? When you are sent a two-factor code — such as a text message or a push notification — iOS 12 will take that code and automatically enter it into the login box.

Why does it matter? Two-factor authentication is good for security — it adds an extra layer of protection on top of your username and password. But adoption is low because two-factor is cumbersome and frustrating. This feature keeps the feature security intact while making it more seamless and less annoying.

USB Restricted Mode makes hacking more difficult

What does it do? This new security feature will lock any accessories out of your device — including USB cables and headphones — when your iPhone or iPad has been locked for more than an hour.

Why does it matter? This is an optional feature — first added to iOS 11.4.1 but likely to be widely adopted with iOS 12 — will make it more difficult for law enforcement (and hackers) to plug in your device and steal your sensitive data. Because your device is encrypted, not even Apple can get your data, but some devices — like GrayKeys — can brute-force your password. This feature will render these devices largely ineffective.

Apple’s event starts Wednesday at 10am PT (1pm ET).

more iPhone Event 2018 coverage

A year later, Equifax lost your data but faced little fallout

A lot can change in a year. Not when you’re Equifax.

The credit rating giant, one of the largest in the world, was trusted with some of the most sensitive data used by banks and financiers to determine who can be lent money. But the company failed to patch a web server it knew was vulnerable for months, which let hackers crash the servers and steal data on 147 million consumers. Names, addresses, Social Security numbers and more — and millions more driver license and credit card numbers were stolen in the breach. Millions of British and Canadian nationals were also affected, sparking a global response to the breach.

It was “one of the most egregious examples of corporate malfeasance since Enron,” said Senate Democratic leader Chuck Schumer at the time.

Yet, a year on from following the devastating hack that left the company reeling from a breach of almost every American adult, the company has faced little to no action or repercussions.

In the aftermath, the company’s response to the breach was chaotic, sending consumers scrambling to learn if they were affected but were instead led into a broken site that was vulnerable to hacking. And when consumers were looking for answers, Equifax’s own Twitter account sent concerned users to a site that easily could have been a phishing page had it not been for a good samaritan.

Yet, the company went unpunished. In the end, Equifax was in law as much a victim as the 147 million Americans.

“There was a failure of the company, but also of lawmakers,” said Mark Warner, a Democratic senator, in a call with TechCrunch. Warner, who serves Virginia, was one of the first lawmakers to file new legislation after the breach. Alongside his Democratic colleague, Sen. Elizabeth Warren, the two senators said their bill, if passed, would hold credit agencies accountable for data breaches.

“With Equifax, they knew for months before they reported, so at what point is that violating securities laws by not having that notice?,” said Warner.

“There was a failure of the company, but also of lawmakers.”
Sen. Mark Warner (D-VA)

“The message sent to the market is ‘if you can endure some media blowback, you can get through this without serious long-term ramifications’, and that’s totally unacceptable,” he said.

Lawmakers held hearings and grilled the company’s former chief executive, Richard Smith, who retired with his full $90 million retirement package, adding insult to injury. Equifax further shuffled its executive suite, including the hiring of a new chief information security officer Jamil Farshchi and former lawyer turned “chief transformation officer” Julia Houston to oversee “the company’s response to the cybersecurity incident.”

Equifax declined to make either executive available for interview or comment when reached by TechCrunch, but Equifax spokesperson Wyatt Jefferies said protecting customer data is the company’s “top priority.”

But there’s not much to show for it beyond superficial gestures of free credit monitoring — provided by Equifax, no less — and a credit locking app which, unsurprisingly, had its own flaws. In the year since, the company has spent more than $240 million — some $50 million was covered by cyber-insurance. That’s a drop in the ocean to more than $3 billion in revenue in the year since, according to quarterly earnings filings — or more than $500 million in profits. And although Equifax’s stock price initially collapsed in the weeks following, the price bounced back.

Financially, the company looks almost as healthy as it’s ever been. But that may change.

Former Equifax chief executive Richard Smith prepares to testify before the lawmakers. Smith later retired after hackers broke into the credit reporting agency and made off with the personal information of nearly 145 million Americans.

Earlier this year, the company asked a federal judge to reject claims from dozens of banks and credit unions for costs taken to prevent fraud following the data breach. The claims, if accepted, could force Equifax to shell out tens of millions of dollars — perhaps more. The hundreds of class action suits filed to date have yet to hit the courts, but historically even the largest class action cases have resulted in single dollar amounts for the individuals affected.

And when the credit agent giant isn’t fighting the courts, federal regulators have shown little interest in pursuit of legal action.

An investigation launched by a former head of the Consumer Financial Protection Bureau, responsible for protecting consumers from fraud, sputtered after the new director reportedly declined to pursue the company. And, although the company is under investigation by the Federal Trade Commission for the second time this decade, fines are likely to be limited — if levied at all.

Warren sent a letter Thursday to the heads of both agencies lamenting their lack of action.

“Companies like Equifax do not ask the American people before they collect their most sensitive information,” said Warren. “This information can determine their ability to access credit, obtain a job, secure a home loan, purchase a car, and make dozens of other transactions that are critical to their personal financial security.”

“The American people deserve an update on your investigations,” she said.

To date, only the Securities and Exchange Commission has brought charges — not for the breach itself, but against three former staffers for allegedly insider trading.

Escaping any local action, Equifax agreed with eight states, including New York and California, to take further cybersecurity steps and measures to prevent another breach, escaping any fines or financial penalties.

“The American people deserve an update on your investigations”
Sen. Elizabeth Warren (D-MA)

Warner blamed much of the inaction to the patchwork of data breach laws that vary by state.

“We’ve got different laws and you don’t have any standard, and part of the challenge around the data breach is that every industry wants to be exempted,” said Warner. It’s not a partisan issue, he said, but one where every industry — from telecoms to retail — wants to be exempt from the law.

“If we really want to improve our business cyber-hygiene, you have got to have consequences for failing to keep up those cyber-hygiene standards,” he said.

It’s a tough sell to posit Equifax, which fluffed almost every step of the breach process, before and after its disclosure, as a victim. While the millions affected can take solace in the beating Equifax got in the press, those demanding regulatory action might be in for a disappointingly long wait.

Dozens of popular iPhone apps caught sending user location data to monetization firms

A group of security researchers say dozens of popular iPhone apps are quietly sharing the location data of “tens of millions of mobile devices” with third-party data monetization firms.

Almost all require access to a user’s location data to work properly, like weather and fitness apps, but share that data often as a way to generate revenue for free-to-download apps.

In many cases, the apps send precise locations and other sensitive, identifiable data “at all times, constantly,” and often with “little to no mention” that location data will be shared with third-parties, say security researchers at the GuardianApp project.

“I believe people should be able to use any app they wish on their phone without fear that granting access to sensitive data may mean that this data will be quietly sent off to some entity who they do not know and do not have any desire to do business with,” said Will Strafach, one of the researchers.

Using tools to monitor network traffic, the researchers found 24 popular iPhone apps that were collecting location data — like Bluetooth beacons to Wi-Fi network names — to know where a person is and where they visit. These data monetization firms also collect other device data from the accelerometer, battery charge status and cell network names.

In exchange for data, often these data firms pay app developers to collect data and grow their databases and often to deliver ads based on a person’s location history.

But although many claim they don’t collect personally identifiable information, Strafach said that latitude and longitude coordinates can pin a person to a house or their work.

To name a few:

ASKfm, a teen-focused anonymous question-and-answer app, has 1,400 ratings on the Apple App Store and touts tens of millions of users. It asks for access to a user’s location that “won’t be shared with anyone.” But the app sends that location data to two data firms, AreaMetrics and Huq. When reached, the app maker said it believes its location collection practices “fit industry standards, and are therefore acceptable for our users.”

NOAA Weather Radar has more than 266,000 reviews and has millions of downloads. Access to your location “is used to provide weather info.” But an earlier version of the app from March was sending location data to three firms, Factual, Sense360 and Teemo. The code has since been removed. A spokesperson for Apalon, which built the app, said it “conducted a limited, brief test with a few of these providers” earlier this year.

Homes.com is a popular app that asks that you switch on your location to help “find nearby homes.” But the code, thought to be old code, still sends precise coordinates to AreaMetrics. The app maker said it used AreaMetrics “for a short period” last year but said the code was deactivated.

Perfect365, an augmented reality beauty app with more than 100 million users, asks for location to “customize your experience based on your location and more,” and refers users to the privacy policy for more — which does state that location data will be used for advertising. The app was briefly pulled after a BuzzFeed News story earlier this year outed the researchers, but returned to the app store days later. The current app version contains code for eight separate data monetization firms in the latest version of the app. The app maker did not return a request for comment.

And the list goes on — including more than a hundred Sinclair-owned local news and weather apps, which share location data with Reveal, a data tracking and monetization firm, which the company says will help the media giant bolster its sales by “providing advertisers with target audiences.”

That can quickly become a lucrative business for developers with popular apps and monetization firms alike, some of which collect billions of locations each day.

Most of the data monetization firms deny any wrongdoing and say that users can opt out at any time. Most said that they demand that app makers explicitly state that they require app developers to explicitly state that they are collecting and sending data to third-party firms.

The team’s research shows that those requirements are almost never verified.

Reveal said it requires customers “state the use cases for location data in their privacy policy” and that users can opt-out at any time. Huq, like Reveal, said it carries out “regular checks on our partner apps to ensure that they have implemented” measures that explain the company’s services. AreaMetrics, which collects primarily Bluetooth beacon data from public areas like coffee shops and retail stores, says it has “no interest” in receiving personal data from users.

Sense360 said the data it collects is anonymous and requires apps to get explicit consent from its users, but Strafach said few apps he’s seen contained text that sought assurances. But the company did not answer a specific question why it no longer works with certain apps. Wireless Registry said it also requires apps seek consent from users, but would not comment on the security measures it uses to ensure user privacy. And in remarks, inMarket said it follows advertising standards and guidelines.

Cuebiq claims to use an “advanced cryptography method” to store and transmit data, but Strafach said he found “no evidence” that any data was scrambled. It says it’s not a “tracker” but says while some app developers look to monetize users’ data, most are said to use it for insights. And, Factual said it uses location data for advertising and analytics, but must obtain in-app consent from users.

When reached, Teemo did not answer our questions. SafeGraph, Mobiquity and Fysical did not respond to requests for comment.

“None of these companies appear to be legally accountable for their claims and practices, instead there is some sort of self-regulation they claim to enforce,” said Strafach.

He said there isn’t much users can do, but limiting ad tracking in your iPhone’s privacy settings can make it more difficult for location trackers to identify users.

Apple’s crackdown on apps that don’t have privacy policies kicks in next month. But given how few people read them in the first place, don’t expect apps to change their behavior any time soon.

Sonatype raises $80 million to build out Nexus platform

Sonatype, a cybersecurity-focused open-source company, has raised $80 million from investment firm TPG.

The company said the financing will help extend its Nexus platform, which it touts as an enterprise ready repository manager and library, which among other things tracks code and helps to keep everything in the devops pipeline up-to-date and secure.

It’s that kind of technology that Sonatype says can prevent another Equifax -style breach of over 147 million consumers’ data. Earlier this year, the company found over dozens of Fortune Global 100 companies that downloaded outdated and vulnerable versions of Apache Struts, which Equifax failed to patch or update.

Sonatype’s chief executive Wayne Jackson his company can help prevent those type of breaches.

“We monitor literally millions of open source commits per day,” he told TechCrunch. “Last year hundreds of billions of components were downloaded by software developers, 12 percent of which had known security defects.”

The funding will go to extend the company’s Nexus platform, Jackson said.

The company said it’s had an 81 percent increase in year-over-year sales in the first-half of the year, and 1.5 million users added to its flagship Nexus platform since January. In all, the company has more than 10 million software developers and 1,000 enterprises on Nexus worldwide.

Sonatype’s last round of funding was in 2018, led by Goldman Sachs, snagging $30 million.

Justice Dept. says social media giants may be ‘intentionally stifling’ free speech

The Justice Department has confirmed that Attorney General Jeff Sessions has expressed a “growing concern” that social media giants may be “hurting competition” and “intentionally stifling” free speech and expression.

The comments come as Facebook chief operating officer Sheryl Sandberg and Twitter chief executive Jack Dorsey gave testimony to the Senate Intelligence Committee on Wednesday, as lawmakers investigate foreign influence campaigns on their platforms.

Social media companies have been under the spotlight in recent years after threat actors, believed to be working closely with the Russian and Iranian governments, used disinformation spreading tactics to try to influence the outcome of the election.

“The Attorney General has convened a meeting with a number of state attorneys general this month to discuss a growing concern that these companies may be hurting competition and intentionally stifling the free exchange of ideas on their platforms,” said Justice Department spokesman Devin O’Malley in an email.

It’s not clear exactly if the Justice Department is pushing for regulation or actively investigating the platforms for issues relating to competition — or antitrust. Social media companies aren’t covered under US free speech laws — like the First Amendment — but have long said they support free speech and expression across their platforms, including for users in parts of the world where freedom of speech is more restrictive.

Neither Facebook nor Twitter immediately responded to a request for comment.

AnchorFree, maker of Hotspot Shield, raises $295 million in new funding

AnchorFree, a maker of a popular virtual private networking app, has raised $275 million in a new round of funding, the company announced Wednesday.

The Redwood City, Calif.-based app maker’s flagship app Hotspot Shield ranks as one of the most popular VPN apps on the market. The app, based on a freemium model, allows users across the world tunnel their internet connections through AnchorFree’s servers, which masks users’ browsing histories from their internet providers and allows those under oppressive regimes evade state-level censorship.

The app has 650 million users in 190 countries, the company said, and also has a business-focused offering.

The funding was led by WndrCo, a holding company focusing on consumer tech businesses, in addition to Accel Partners, 8VC, SignalFire, and Green Bay Ventures, among others.

“The WndrCo team brings deep operational experience in launching and scaling global tech products, and we look forward to working closely with them in pursuit of our mission to provide secure access to the world’s information for every person on the planet,” said AnchorFree’s chief executive David Gorodyansky in remarks.

The news was first reported by The New York Times.

 

Facebook, Twitter: US intelligence could help us more in fighting election interference

Facebook’s chief operating officer Sheryl Sandberg has admitted that the social networking giant could have done more to prevent foreign interference on its platforms, but said that the government also needs to step up its intelligence sharing efforts.

The remarks are ahead of an open hearing at the Senate Intelligence Committee on Wednesday, where Sandberg and Twitter chief executive Jack Dorsey will testify on foreign interference and election meddling on social media platforms. Google’s Larry Page was invited, but declined to attend.

“We were too slow to spot this and too slow to act,” said Sandberg in prepared remarks. “That’s on us.”

The hearing comes in the aftermath of Russian interference in the 2016 presidential election. Social media companies have been increasingly under the spotlight after foreign actors, believed to be working for or closely to the Russian government, used disinformation spreading tactics to try to influence the outcome of the election, as well as in the run-up to the midterm elections later this year.

Both Facebook and Twitter have removed accounts and bots from their sites believed to be involved in spreading disinformation and false news. Google said last year that it found Russian meddling efforts on its platforms.

“We’re getting better at finding and combating our adversaries, from financially motivated troll farms to sophisticated military intelligence operations,” said Sandberg.

But Facebook’s second-in-command also said that the US government could do more to help companies understand the wider picture from Russian interference.

“We continue to monitor our service for abuse and share information with law enforcement and others in our industry about these threats,” she said. “Our understanding of overall Russian activity in 2016 is limited because we do not have access to the information or investigative tools that the U.S. government and this Committee have,” she said.

Later, Twitter’s Dorsey also said in his own statement: “The threat we face requires extensive partnership and collaboration with our government partners and industry peers,” adding: “We each possess information the other does not have, and the combined information is more powerful in combating these threats.”

Both Sandberg and Dorsey are subtly referring to classified information that the government has but private companies don’t get to see — information that is considered a state secret.

Tech companies have in recent years pushed for more access to knowledge that federal agencies have, not least to help protect against increasing cybersecurity threats and hostile nation state actors. The theory goes that the idea of sharing intelligence can help companies defend against the best resourced hackers. But efforts to introduce legislation has proven controversial because critics argue that in sharing threat information with the government private user data would also be collected and sent to US intelligence agencies for further investigation.

Instead, tech companies are now pushing for information from Homeland Security to better understand the threats they face — to independently fend off future attacks.

As reported, tech companies last month met in secret to discuss preparations to counter foreign manipulation on their platforms. But attendees, including Facebook, Twitter, and Google and Microsoft are said to have “left the meeting discouraged” that they received little insight from the government.

‘Five Eyes’ governments call on tech giants to build encryption backdoors — or else

A pact of five nation states dedicated to a global “collect it all” surveillance mission has issued a memo calling on their governments to demand tech companies build backdoor access to their users’ encrypted data — or face measures to force companies to comply.

The international pact — the US, UK, Canada, Australia and New Zealand, known as the so-called “Five Eyes” group of nations — quietly issued the memo last week demanding that providers “create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements.”

This kind of backdoor access would allow each government access to encrypted call and message data on their citizens. If the companies don’t voluntarily allow access, the nations threatened to push through new legislation that would compel their help.

“Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions,” read the memo, issued by the Australian government on behalf of the pact.

It’s the latest move in an ongoing aggression by the group of governments, which met in Australia last week.

The Five Eyes pact was born to collect and share intelligence across the five countries, using each nations’ diplomatic power and strategic locations as chokepoints to gather the rest of the world’s communications.

Since the Edward Snowden disclosures in 2013, tech companies have doubled down on their efforts to shut out government’s lawful access to data with encryption. By using end-to-end encryption — where the data is scrambled from one device to another — even the tech companies can’t read their users’ messages.

Without access, law enforcement has extensively lobbied against companies using end-to-end encryption, claiming it hinders criminal investigations.

Security researchers and other critics of encryption backdoors have long said there’s no mathematical or workable way to create a “secure backdoor” that isn’t also impervious to attack by hackers, and widely derided any backdoor effort.

In 2016, rhetoric turned to action when the FBI launched a lawsuit to force Apple to force the company to build a tool to bypass the encryption in an iPhone used by the San Bernardino shooter, who killed 14 people in a terrorist attack months earlier.

The FBI dropped the case after it found hackers able to break into the phone.

But last month, the US government renewed its effort to set legal precedent by targeting Facebook Messenger’s end-to-end encryption. The case, filed under sealed, aims to break the encryption on the messaging app to wiretap conversations on suspected criminals.

It’s not the first time the Five Eyes nations have called for encryption backdoors. An Australian government memo last year called for action against unbreakable encryption.

Although the UK’s more recent intelligence laws have been interpreted as allowing the government to compel companies to break their own encryption, wider legal efforts across the other member states have failed to pass.