Encryption

AI powers Microsoft’s latest security upgrade

Microsoft has launched a new set of AI agents as part of its Security Copilot platform, aiming to automate key cybersecurity tasks like phishing detection, data protection, and identity management. The release includes six in-house agents and five developed with partners.

Among the tools is a phishing triage agent that can autonomously process routine alerts, freeing analysts to focus on advanced incidents.

Microsoft said its new AI-driven approach goes beyond traditional security platforms, using generative AI to prioritise threats, correlate data, and even recommend or execute responses.

The rollout also brings new capabilities to Microsoft Defender, Entra, and Purview, enhancing organisations’ ability to manage and secure AI systems.

While analysts welcome the move as a step forward in proactive cybersecurity, some warn that full reliance on one platform carries strategic risks like vendor lock-in and reduced flexibility.

Experts suggest a balanced approach that combines Microsoft’s core capabilities with specialised solutions for areas such as threat intelligence and cloud protection, helping organisations stay agile in a fast-evolving threat landscape.

For more information on these topics, visit diplomacy.edu.

New HP printers designed to withstand quantum computing attacks

HP has introduced the 8000 Series printers, designed to protect against future cyber threats posed by quantum computing.

Announced at the Amplify 2025 event, the new models include the HP Color LaserJet Enterprise MFP 8801, Mono MFP 8601, and LaserJet Pro Mono SFP 8501. These printers are built to resist sophisticated attacks that could exploit vulnerabilities at the firmware level.

To enhance security, HP has integrated quantum-resistant cryptography within the printers’ ASIC chips. These chips provide digital signature verification, reducing the risk of unauthorised firmware modifications and potential data breaches.

HP emphasised that, without these safeguards, printers could be fully compromised by malicious firmware updates, allowing attackers to gain persistent control over the devices.

The new printers are also designed to integrate seamlessly with Zero Trust network architectures, reinforcing security within enterprise environments.

By incorporating advanced cryptographic measures, HP aims to future-proof its printing solutions against emerging cybersecurity threats.

For more information on these topics, visit diplomacy.edu.

London court holds secret hearing on Apple’s cloud encryption dispute

A London court has reportedly heard Apple’s appeal against a British government order requiring it to provide access to encrypted cloud storage.

The hearing, held at the Investigatory Powers Tribunal on Friday, took place behind closed doors, with no media or civil rights groups allowed to attend.

The case stems from a ‘technical capability notice’ issued to Apple, which allegedly compelled the company to create a backdoor into its encrypted services. In response, Apple removed its Advanced Data Protection feature for new users in Britain.

Neither Apple nor the UK government has confirmed the existence of the order, but reports suggest it has raised concerns among privacy advocates and foreign governments.

Civil rights groups, including Privacy International and Liberty, have condemned the secrecy of the proceedings, calling the order ‘unacceptable and disproportionate.’

Critics argue that allowing governments to bypass encryption undermines privacy and security for users worldwide. The issue has drawn international attention, with United States officials investigating whether Britain’s actions violated the CLOUD Act, which restricts demands for US citizens’ data.

Government officials have remained tight-lipped, with the Home Office refusing to comment and security ministers maintaining a policy of neither confirming nor denying such notices.

While authorities argue that encryption access is essential for tackling serious crimes, opponents warn that weakening security protections could have far-reaching consequences. The case highlights ongoing tensions between governments and tech companies over privacy, security, and law enforcement.

For more information on these topics, visit diplomacy.edu.

HQC announced as safeguard against future quantum attacks

The National Institute of Standards and Technology (NIST) has introduced HQC, a backup encryption algorithm designed to protect sensitive data from potential threats posed by future quantum computers.

As part of its ongoing efforts to strengthen cybersecurity, the agency selected HQC to complement the existing post-quantum cryptography (PQC) standard, ML-KEM, in case quantum advancements compromise current encryption methods.

HQC relies on error-correcting codes, a mathematical approach used in data protection for decades, including in NASA missions.

The algorithm is larger than ML-KEM and requires more computing power, but experts determined it to be a secure and reliable alternative. A draft standard for HQC is expected within a year, with final approval anticipated by 2027.

NIST has been working to prepare for the so-called ‘Q day,’ when quantum computers could break conventional encryption. Three PQC algorithms were finalized in 2024, including ML-KEM and two digital signature standards.

In addition to announcing HQC, NIST is preparing to release a draft standard for the FALCON algorithm, further strengthening protections against future cyber threats.

For more information on these topics, visit diplomacy.edu.

UK Government removes encryption guidance after calls for iCloud backdoor access

The UK government has removed encryption advice from its official web pages, shortly after requesting backdoor access to encrypted data stored on Apple’s iCloud service.

The change was noticed by security expert Alec Muffett, who highlighted in a blog post that the National Cyber Security Centre (NCSC) no longer recommends encryption for high-risk individuals.

Previously, the NCSC had advised the use of encryption tools such as Apple’s Advanced Data Protection (ADP) for secure iCloud backups, which provide end-to-end encryption to ensure only the user has access to their data.

However, the webpage now redirects to a different page with no mention of encryption, instead recommending Apple’s Lockdown Mode—a security feature designed to limit access to certain phone functions.

Muffett pointed out that the original advice is no longer available on government sites, though it can still be accessed via the Wayback Machine.

This development follows reports that the UK government requested Apple to build a backdoor to access encrypted iCloud data.

In response, Apple removed the ADP feature for new users in the UK and stated that existing users would eventually need to disable it. Apple is reportedly challenging the UK’s data access order in the Investigatory Powers Tribunal (IPT).

For more information on these topics, visit diplomacy.edu.

Italy debates Starlink for secure communications

Italy’s ruling League party is urging the government to choose Elon Musk’s Starlink over French-led Eutelsat for secure satellite communications, arguing that Starlink’s technology is more advanced.

Prime Minister Giorgia Meloni’s government is looking for an encrypted communication system for officials operating in high-risk areas, with both Starlink and Eutelsat in talks for the contract.

League leader Matteo Salvini, a strong supporter of former US President Donald Trump, has emphasised the need to prioritise US technology over a French alternative.

Meanwhile, Eutelsat’s CEO confirmed discussions with Italy as the country seeks an interim solution before the EU’s delayed IRIS² satellite system becomes operational.

Meloni’s office has stated that no formal negotiations have taken place and that any decision will be made transparently.

However, opposition parties have raised concerns over Starlink’s involvement, given recent speculation that Musk could cut off Ukraine from its service, potentially affecting national security interests.

Musk responded positively to the League’s endorsement, calling it ‘much appreciated’ on his social media platform X.

For more information on these topics, visit diplomacy.edu.

US investigates UK over alleged backdoor demand for Apple data

United States officials are reviewing whether the UK breached a bilateral agreement by reportedly pressuring Apple to create a ‘backdoor’ for government access to encrypted iCloud backups.

Apple recently withdrew an encrypted storage feature for UK users following reports that it had refused to comply with such demands, which could have affected users worldwide. The Washington Post reported that Apple rejected the UK government’s request.

The US director of national intelligence, Tulsi Gabbard, confirmed in a letter to lawmakers that a legal review is underway to determine if the UK violated the CLOUD Act.

Under the agreement, neither the US nor the United Kingdom can demand data access for citizens or residents of the other country. Initial legal assessments suggest the UK’s reported demands may have overstepped its authority under the agreement.

Apple has long defended its encryption policies, arguing that creating a backdoor for government access would weaken security and leave user data vulnerable to hackers. Cybersecurity experts warn that any such backdoor, once created, would inevitably be exploited.

The tech giant has clashed with regulators over encryption before, notably in 2016 when it resisted US government efforts to unlock a terrorism suspect’s iPhone.

For more information on these topics, visit diplomacy.edu.

Vodafone collaborates with IBM on quantum-safe cryptography

Vodafone UK has teamed up with IBM to explore quantum-safe cryptography as part of a new Proof of Concept (PoC) test for its mobile and broadband services, particularly for users of its ‘Secure Net’ anti-malware service. While quantum computers are still in the early stages of development, they could eventually break current internet encryption methods. In anticipation of this, Vodafone and IBM are testing how to integrate new post-quantum cryptographic standards into Vodafone’s existing Secure Net service, which already protects millions of users from threats like phishing and malware.

IBM’s cryptography experts have co-developed two algorithms now recognised in the US National Institute of Standards and Technology’s first post-quantum cryptography standards. This collaboration, supported by Akamai Technologies, aims to make Vodafone’s services more resilient against future quantum computing risks. Vodafone’s Head of R&D, Luke Ibbetson, stressed the importance of future-proofing digital security to ensure customers can continue enjoying safe internet experiences.

Although the PoC is still in its feasibility phase, Vodafone hopes to implement quantum-safe cryptography across its networks and products soon, ensuring stronger protection for both business and consumer users.

For more information on these topics, visit diplomacy.edu.

UK Home Office’s new vulnerability reporting policy creates legal risks for ethical researchers, experts warn

The UK Home Office has introduced a vulnerability reporting mechanism through the platform HackerOne, allowing cybersecurity researchers to report security issues in its systems. However, concerns have been raised that individuals who submit reports could still face legal risks under the UK’s Computer Misuse Act (CMA), even if they follow the department’s new guidance.

Unlike some private-sector initiatives, the Home Office program does not offer financial rewards for reporting vulnerabilities. The new guidelines prohibit researchers from disrupting systems or accessing and modifying data. However, they also caution that individuals must not ‘break any applicable law or regulations,’ a clause that some industry groups argue could discourage vulnerability disclosure due to the broad provisions of the CMA, which dates back to 1990.

The CyberUp Campaign, a coalition of industry professionals, academics, and cybersecurity experts, warns that the CMA’s definition of unauthorized access does not distinguish between malicious intent and ethical security research. While the Ministry of Defence has previously assured researchers they would not face prosecution, the Home Office provides no such assurances, leaving researchers uncertain about potential legal consequences.

A Home Office spokesperson declined to comment on the concerns.

The CyberUp Campaign acknowledged the growing adoption of vulnerability disclosure policies across the public and private sectors but highlighted the ongoing legal risks researchers face in the UK. The campaign noted that other countries, including Malta, Portugal, and Belgium, have updated their laws to provide legal protections for ethical security research, while the UK has yet to introduce similar reforms.

The Labour Party had previously proposed an amendment to the CMA that would introduce a public interest defense for cybersecurity researchers, but this was not passed. Last year, Labour’s security minister Dan Jarvis praised the contributions of cybersecurity professionals and stated that the government was considering CMA reforms, though no legislative changes have been introduced so far.

For more information on these topics, visit diplomacy.edu.

Sweden considers law requiring encrypted messaging backdoors, Signal threatens to exit

Swedish law enforcement and security agencies are advocating for legislation that would require encrypted messaging services such as Signal and WhatsApp to implement technical measures allowing authorities to access user communications, according to a report by SVT Nyheter.

If introduced, the bill would mandate that these platforms retain messages and provide law enforcement with access to the message history of criminal suspects. Minister of Justice Gunnar Strömmer stated that such measures are necessary for authorities to carry out investigations effectively.

Signal Foundation President Meredith Whittaker told SVT Nyheter that if the proposed legislation requires the company to introduce backdoors, Signal would withdraw from the Swedish market rather than comply. The Swedish Armed Forces have also expressed concerns, warning that implementing such access mechanisms could introduce security risks that might be exploited by unauthorised parties.

The bill could be considered by Sweden’s parliament, the Riksdag, next year if it moves forward in the legislative process.

Similar legislative efforts have been introduced in other countries. In the UK, Apple recently disabled end-to-end encryption for iCloud accounts in response to government demands for access to encrypted data.

For more information on these topics, visit diplomacy.edu.