Last Thursday, the German parliament voted into law a bill that would allow the police and other government entities to hack into encrypted messaging services like Signal and WhatsApp during certain criminal investigations. The new law gives authorities broad access to users’ private communications, prompting increased concern over privacy issues.
[Note: This is a sponsored article.]
Under previous legislation, investigators could tap into a suspect’s SMS communications and regular phone conversations, providing that the alleged crime was severe enough. However, they were barred from surveilling communications sent through encrypted messaging services like WhatsApp, Signal, and Threema.
The new legislation allows investigators to use spyware – a “state trojan” – to monitor and intercept user communications in real-time before they are encrypted on the user’s device. Beyond real-time surveillance, however, the law also allows for remote searches of suspects’ devices in “particularly severe cases”. This includes not just messages but also images, videos, and other data.
Germany’s Minister of the Interior Thomas de Maizière was quoted by Rheinische Post, saying:
We often see that criminals communicate using encrypted ways […] Encryption protects the right to private communication. But it is not a carte blanche for criminals.
The government insists that the new law will make it easier to combat terrorism, however, the law goes beyond terrorism-related crimes to include tax evasion and sports betting.
CrypViser: Secure Communication in an Insecure World
Based in Dusseldorf, Germany, CrypViser is leveraging the transparent and decentralized nature of the blockchain to build a secure communications network that can be used by individuals and businesses alike. The network is fully encrypted, relying on an authentication model where users identify themselves and confirm each other’s identities through a series of blockchain transactions.
The network combines reliable, cutting-edge cryptographic protocols that have been approved at military levels by international and EU standards with blockchain based public-key authentication to create a communications platform designed to prevent identity theft as well as “man in the middle” (MiTM) attacks. In addition, the platform employs an intelligent intrusion detection system that detects and prevents the most dangerous interception attempts.
How Does CrypViser Thwart “State Trojans”?
At its most basic, a trojan a type of malware or spyware that is often disguised as legitimate software. Once installed on a person’s computer, tablet, or smartphone, the hacker can access the victim’s device remotely and, as is the case under Germany’s new law, monitor and intercept user communication as well as searching archived messages, images, videos, and other private data.
Bitcoinist spoke briefly with CrypViser founder and CEO / CTO Vadim Andryan to gain a better understanding of the platform’s security protocols and how it would be able to withstand intrusion attempts like those that the German government can now legally employ.
Although we do not have yet a detailed tech specification or algorithms how the “trojan” works, in Crypviser’s cryptographic and security models we have implemented disruptive and innovative encryption and authentication technologies to prevent and recognize all kind of “Man in the Middle” (MiTM attacks) and provide professional data protection on all levels, including local level (on user device), network and server side (service provider).
In other words, any attempts of malware software, including the “State Trojan”, to intercept users data before they are encrypted on their devices will be immediately eliminated by Crypviser using a decentralized model of encryption key distribution through Blockchain and new kind of client-server authorization powered by CrypID.
What is CrypID and How Does it Keep Data Safe?
CrypID is a new kind of client-server authorization technology in which each CrypViser user receives a unique cryptographic key generated solely on user’s local device and protected by user-related personal details, such as a passphrase, finger movement on screen or fingerprint recognition, depending on the device. Since it is generated based on multiple cryptographic hashes from different sources, and since only the first part of the CrypID is actually being submitted to the server, it maintains the strict anonymity of the user.
The second part of the CrypID is stored on the user’s local device. That same part of the CrypID is registered on the Blockchain and associated with the user’s authentication public key (open key), which is necessary for data encryption.
CrypID is also used for the session keys generation process during the Crypviser’s user authorization on the server. This method of validation on both user and server sides eliminates any possibility of manipulation with the users credential on the provider side.
Working in conjunction with one another, the blockchain and CrypID guarantee and provide genuine authentication of encryption keys so that any attempts by malware, including “state trojans” to attack users’ devices and “swap” the encryption keys will be detected by integrated “intelligent intrusion detection” system and timely notice given to the user.
Multiple Layers of Security
To guarantee the security of its users’ data, CrypViser employs not one but multiple layers of security. In addition to server-side security protocols, OS-independent encrypted local storage is deployed on the user’s local device. Access to the data stored there is protected by a symmetric encryption key that never leaves the local device.
In the event of the physical loss of the local encryption key or malware activity on the user’s device, the encryption key is protected by a user-defined password that is provided during the account registration process.
CrypViser’s communication platform uses the most advanced, secure, and reliable cryptographic protocols and encryption algorithms, such as the symmetric cipher Salsa20/20. This, in combination with CrypViser’s other security measures, eliminates any chance for malicious tools such as Germany’s “state trojan” to affect user’s data.
CVCoin and the CrypViser ICO
Since CrypViser is blockchain based, transactions are required in order to interact with the platform to authorize and identify users’ access to public encryption keys. To facilitate these transactions, CrypViser has developed its own token called CVCoin (CVC). A token crowdsale is currently underway to raise funds for the development and marketing of the CrypViser network.
The ICO (Initial Coin Offering) was launched on May 30, 2017, and will end on June 30, 2017. During this time, investors can purchase CVCoin using BTC, ETH, or USD. A total of 15 million CVCoins will be distributed, along with additional benefits such as free subscriptions, access to special features, free access to the CVPay system, and more.
Will other countries follow Germany in legalizing the “state-sponsored ” hacking of its’ citizens private communications? Can CrypViser keep private communications safe from prying government eyes? Let us know what you think in the comments below.
Images courtesy of CrypViser, AdobeStockShow comments