Encryption

Cambodian messaging app faces backlash over privacy fears

Cambodia recently launched its messaging app, CoolApp, which is supported by former Prime Minister Hun Sen. He has emphasised that the app is crucial for national security, aiming to protect Cambodian information from foreign interference. Hun Sen’s endorsement of CoolApp aligns with his long-standing approach of maintaining tight control over the country’s communication channels, especially in the face of external influences. He compared the app to other national messaging services like China’s WeChat and Russia’s Telegram, indicating a desire for Cambodia to have a secure, homegrown platform.

However, the introduction of CoolApp has raised significant concerns among critics and opposition leaders. They argue that the app could be a tool for government surveillance, potentially used to monitor and suppress political discourse. Mu Sochua, an exiled opposition leader, warned that CoolApp represents a new method for mass surveillance and control of public discourse, reminiscent of practices seen in China. Another opposition figure, Sam Rainsy, called for a boycott of the app, suggesting that its true purpose is to strengthen the repressive tools available to the Cambodian regime. These concerns are amplified by Cambodia’s recent history of internet censorship, media blackouts, and persecution of government critics.

CoolApp’s founder and CEO, Lim Cheavutha, claims the app uses end-to-end encryption to ensure user privacy and has reached 150,000 downloads, with expectations to reach up to 1 million. However, these assurances do little to alleviate fears of government surveillance, given Cambodia’s history of using technology to control dissent.

The app’s launch comes amid broader security challenges in Cambodia, including online scams by Chinese gangs and close ties with China’s surveillance-heavy regime. The following situation highlights the ongoing tension between Cambodia’s national security and civil liberties.

Google enhances Gmail with new AI features

Google is enhancing Gmail with new AI features designed to streamline email management. A new Gemini side panel is being introduced for the web, which is capable of summarising email threads and drafting new emails. Users will receive proactive prompts and can ask freeform questions, utilising Google’s advanced models like Gemini 1.5 Pro. The mobile Gmail app will also feature Gemini’s ability to summarise threads.

However, these upgrades will only be accessible to paid Gemini users. To benefit from these features, one must be a Google Workspace customer with a Gemini Business or Enterprise add-on, a Gemini Education or Education Premium subscriber, or a Google One AI Premium member. Despite their potential usefulness, it’s advised not to depend entirely on these AI tools for critical work, as AI can sometimes produce inaccurate information.

In addition to Gmail, Google is incorporating Gemini features into the side panels of Docs, Sheets, Slides, and Drive. The rollout follows Google’s earlier promises at the I/O conference. Further AI enhancements, including ‘Contextual Smart Reply,’ are expected to arrive for Gmail soon.

WhatsApp threatens shutdown over encryption demands in India

WhatsApp and Facebook are challenging India’s amended IT Rules, claiming they infringe on privacy rights and are unconstitutional. At a Delhi High Court hearing, WhatsApp argued that being forced to decrypt messages could shut down their service. A key issue is Rule 4(2), which mandates social media companies to trace the original source of messages under certain conditions. WhatsApp contends this would require them to store messages for years, a demand not made in any other country, including Brazil.

The Indian government argues that these companies, which profit from user data, don’t have a basis to claim they protect user privacy. The government insists these rules are vital for law enforcement to track false messages and uphold public order. The Ministry of Electronics and Information Technology supports the rules, stating they meet global standards and ensure accountability of digital platforms, keeping the internet secure and respecting citizen rights. The case has been adjourned to August 14 for further consideration.

Why does it matter?

Since adopting end-to-end encryption in 2016, WhatsApp has prioritised privacy and security. In India, where it is the leading messaging app with over 900 million users, it has become a key tool for government communications. Over the years, WhatsApp has expanded its reach to include various government bodies that use it to disseminate vital information. With such a vast user base and an important role in public communication, the outcome of this situation could have dramatic consequences for India’s informational ecosystem.

Fujitsu assesses vulnerability of RSA encryption to potential quantum computer threats

Japanese ICT company Fujitsu announced that it had conducted successful trials to evaluate the widely-used RSA encryption for possible vulnerability to code-cracking by quantum computers. Fujitsu conducted the trials in January 2023 using its 39 qubit quantum simulator to assess how difficult it would be for quantum computers to crack existing RSA cryptography. Fujitsu researchers discovered that a fault-tolerant quantum computer with a scale of approximately 10,000 qubits and 2.23 trillion quantum gates would be required to crack RSA, which is much higher than current quantum computing capacities.

New report and research highlight need for quantum-safe cryptography

A new IBM report titled Security in the quantum computing era highlights that quantum computing has the potential to affect encryption. Currently used data encryption mechanisms such as public-key cryptography (PKC) can become vulnerable: using quantum computing protocols, bad actors can easily decrypt data. The report suggests the need to plan for quantum-safe cryptography and crypto-agility.

Meanwhile, Chinese scientists have claimed they are capable of breaking encryption by using ‘a universal quantum algorithm for integer factorization that requires only sublinear quantum resources’. They argue that their method would break the RSA-2048 scheme – a public key cryptosystem used widely by governments, tech companies, the defence sector, and app developers for data security – with the use of a 372-qubit quantum computer. However, several encryption experts are sceptical about this claim.

DARPA announces new investment to protect systems from post-quantum cryptography

The Defense Advanced Research Projects Agency (DARPA) announced a multimillion-dollar contract with Duality Technologies, a firm specialising in homomorphic encryption designed to withstand quantum computing attacks. It does so through higher dimensions of security and more complex encryption keys compared to classical measures. In addition to being post-quantum, homomorphic encryption can be used to protect data when in use. This is critical because oftentimes, encryption is deployed to protect the material from a storage site to a user while in transit. By serving as an end-to-end encryption style, sensitive information is less vulnerable to attack.

Apple to encrypt iCloud backups

Apple announced that it would fully encrypt backups of photos, chat histories, and most other sensitive user data in its cloud storage system worldwide. The US Federal Bureau of Investigations (FBI) responded with concerns over end-to-end encryption hindering their investigative capabilities, requesting ‘lawful access by design’ in the age of ‘security by design’.

Apple also stated that it would make iPhones compatible with physical security keys connected to the phone, allowing consumers to require them for access to their accounts from new devices. This is envisaged to be rolled out worldwide next year.

German Fraunhofer Institute and partners present demonstrated for quantum-safe electronic passport

The German Fraunhofer Institute, the German Federal Printing Bureau, and Infineon Technologies AG have presented the first demonstrator for an electronic passport that meets the security requirements of the quantum computing era. 

The technology is based on a solution for contactless data transfer between the electronic passport and the border checkpoint terminal. The solution is based on a quantum computer-resistant version of the Extended Access Control (EAC) protocol and also secures biometric data during authentication.

The system was created under the joint research project ‘PoQuID’, funded by the German Federal Ministry for Economic Affairs and Climate Action (BMWK).