Reuters reports: The company that helped the FBI unlock a San Bernardino shooter’s iPhone to get data has sole legal ownership of the method, making it highly unlikely the technique will be disclosed by the government to Apple or any other entity, Obama administration sources said this week.
The White House has a procedure for reviewing technology security flaws and deciding which ones should be made public. But it is not set up to handle or reveal flaws that are discovered and owned by private companies, the sources said, raising questions about the effectiveness of the so-called Vulnerabilities Equities Process.
The secretive process was created to let various government interests debate about what should be done with a given technology flaw, rather than leaving it to agencies like the National Security Agency, which generally prefers to keep vulnerabilities secret so they can use them. [Continue reading…]
Category Archives: privacy
Intelligence community olive branch on data sharing greeted with skepticism
The Intercept reports: Top intelligence community lawyer Robert Litt has offered a rare olive branch to privacy advocates, in the form of information.
In a post on one of the intelligence community’s favorite blogs on Wednesday, Litt, general counsel for the Office of the Director of National Intelligence, outlined new intelligence data-sharing guidelines that he said will be released soon.
The post, on Just Security, was essentially a response to reporting last month from the New York Times’s Charlie Savage that the NSA would soon be sharing with other government agencies the raw, unfiltered intelligence from the depths of its massive overseas spying programs.
“There has been a lot of speculation about the content of proposed procedures that are being drafted to authorize the sharing of unevaluated signals intelligence,” Litt wrote.
The New York Times story raised concerns that the data, which inevitably includes information about Americans, would become too easily accessible by intelligence agencies including the FBI, potentially leading to fishing expeditions. [Continue reading…]
BuzzFeed reports: Just days after breaking into a terrorist’s iPhone using a mysterious third-party technique, FBI officials on Friday told local law enforcement agencies it will assist them with unlocking phones and other electronic devices.
The advisory, obtained by BuzzFeed News, was sent in response to law enforcement inquiries about its new method of unlocking devices — a technique the FBI said was successful at gaining access to the iPhone 5C belonging to one of the shooters in the deadly San Bernardino, California, attack.
“In mid-March, an outside party demonstrated to the FBI a possible method for unlocking the iPhone,” the message said. “That method for unlocking that specific iPhone proved successful.” [Continue reading…]
British authorities demand encryption keys in case with ‘huge implications’
The Intercept reports: British authorities are attempting to force a man accused of hacking the U.S. government to hand over his encryption keys in a case that campaigners believe could have ramifications for journalists and activists.
England-based Lauri Love was arrested in October 2013 by the U.K.’s equivalent of the FBI, the National Crime Agency, over allegations that he hacked a range of U.S. government systems between 2012 and 2013, including those of the Department of Defense, the Environmental Protection Agency, the Department of Energy, and NASA.
The U.S. Justice Department is seeking the extradition of Love, claiming that he and a group of conspirators breached “thousands of networks” in total and caused millions of dollars in damages. But Love has been fighting the extradition attempt in British courts, insisting that he should be tried for the alleged offenses within the U.K. The 31-year-old, who has been diagnosed with Asperger’s syndrome, has argued that he would not get a fair trial in the U.S., where his legal team says he could face a sentence of up to 99 years in jail. [Continue reading…]
Mass surveillance silences minority opinions, according to study
Karen Turner reports: A new study shows that knowledge of government surveillance causes people to self-censor their dissenting opinions online. The research offers a sobering look at the oft-touted “democratizing” effect of social media and Internet access that bolsters minority opinion.
The study, published in Journalism and Mass Communication Quarterly, studied the effects of subtle reminders of mass surveillance on its subjects. The majority of participants reacted by suppressing opinions that they perceived to be in the minority. This research illustrates the silencing effect of participants’ dissenting opinions in the wake of widespread knowledge of government surveillance, as revealed by whistleblower Edward Snowden in 2013.
The “spiral of silence” is a well-researched phenomenon in which people suppress unpopular opinions to fit in and avoid social isolation. It has been looked at in the context of social media and the echo-chamber effect, in which we tailor our opinions to fit the online activity of our Facebook and Twitter friends. But this study adds a new layer by explicitly examining how government surveillance affects self-censorship. [Continue reading…]
UK setting bad example on surveillance, says UN privacy chief
The Guardian reports: The UK is setting a bad example to the rest of the world with proposed changes to the law on surveillance, the United Nations special rapporteur on privacy has said.
The criticism by rapporteur Joseph Cannataci is made in a report presented to the UN Human Rights Council. The report deals with privacy concerns worldwide but Cannataci, concerned about developments in the UK, has devoted a section to the British bill.
He says the British government has failed to recognise the consequences of legitimising bulk data collection or mass surveillance. Instead of legitimising it, the government should be outlawing it, he says. [Continue reading…]
Is access to our phones a step toward the police wanting access to our minds?
By Nathan Emmerich, Queen’s University Belfast
We use our smartphones so much these days, it almost feels like they have become extensions of ourselves, boosting our capacity to calculate and remember. What might come of this closer union of human and technological device? If police can serve a warrant to search your phone, and we see these devices as extensions of ourselves, how long until investigators one day serve a warrant to search your mind?
This line of thinking was roused by the FBI’s legal efforts to force Apple to help them access an iPhone that belonged to a suspected terrorist – something Apple says would undermine the security of its products. This is one of several similar cases, and part of a larger effort by the FBI and intelligence agencies, to ensure they can access a variety of now common devices.
UN rights chief says unlocking gunman’s iPhone could open ‘Pandora’s box’
The New York Times reports: The top human rights official at the United Nations warned the United States authorities on Friday that their efforts to force Apple to unlock an iPhone belonging to a gunman risked helping authoritarian governments and jeopardizing the security of millions around the world.
The remarks by Zeid Ra’ad al-Hussein, the United Nations high commissioner for human rights, came as American investigators continued to press Apple to write software to help them gain access to an iPhone used by one of the gunmen in a shooting in San Bernardino, Calif., in December. Though the F.B.I. says it is a one-time request, Apple and others have raised concerns that the case could set a precedent and could force technology firms to install so-called back doors in devices, potentially invading customer privacy.
Mr. al-Hussein said that American law enforcement agencies, in seeking trying to break the encryption protecting one phone, “risk unlocking a Pandora’s box,” and that there were “extremely damaging implications” for the rights of many millions of people, with possible effects on their physical and financial security. [Continue reading…]
U.S. defense secretary takes position against a data ‘back door’
The New York Times reports: Defense Secretary Ashton B. Carter assured an audience of computer security experts Wednesday that he was not in favor of a “back door” that would give the government access to data that is protected by encryption.
Speaking at the annual RSA Conference, Secretary Carter sought common ground with companies worried by Apple’s fight with the Federal Bureau of Investigation over access to an iPhone.
“Just to cut to the chase, I’m not a believer in back doors or a single technical approach,” Secretary Carter said to loud applause during a panel discussion at the conference. “I don’t think it’s realistic. I don’t think that’s technically accurate.” [Continue reading…]
Apple wins ruling in New York iPhone hacking order
The New York Times reports: A federal magistrate judge on Monday denied the United States government’s request that Apple extract data from an iPhone in a drug case in New York, giving the company’s pro-privacy stance a boost as it battles law enforcement officials over opening up the device in other cases.
The ruling, from Judge James Orenstein in New York’s Eastern District, is the first time that the government’s legal argument for opening up devices like the iPhone has been put to the test. The denial could influence other cases where law enforcement officials are trying to compel Apple to help unlock iPhones, including the standoff between Apple and the F.B.I. over the iPhone used by one of the attackers in a mass shooting in San Bernardino, Calif., last year.
Judge Orenstein, in his 50-page ruling on Monday, took particular aim at a 1789 statute called the All Writs Act that underlies many government requests for extracting data from tech companies. The All Writs Act broadly says that courts can require actions to comply with their orders when not covered by existing law. Judge Orenstein said the government was inflating its authority by using the All Writs Act to force Apple to extract data from an iPhone seized in connection with a drug case.
The government’s view of the All Writs Act is so expansive as to cast doubt on its constitutionality if adopted, Judge Orenstein wrote. [Continue reading…]
Apple and FBI look to Congress to settle battle over iPhone encryption
The Guardian reports: The war of words between Apple and US law enforcement escalated again on Monday as their fight over personal versus national security prepared to move beyond the courthouse and into the halls of Congress.
In testimony released ahead of a hotly anticipated congressional hearing, Apple’s chief attorney argued that helping unlock an iPhone used by a terrorist in San Bernardino will ultimately create more crime. New York’s chief prosecutor said the company’s devices were beyond the law and urged Congress to pass new legislation keeping encryption keys to user data in the hands of the tech giants.
Both sides have called on Congress to settle the dispute, although lawmakers and the Obama administration have thus far balked at either setting encryption standards by legislation or permanently ceding the territory to mathematicians. Technologists and privacy advocates spent much of 2015 in a highly visible public push to prevent Congress from mandating so-called backdoors into company-held data. [Continue reading…]
If the FBI concerns us, Apple should concern us even more
Ned O’Gorman writes: whatever privacy is, it has to be in Apple’s eye primarily an engineering problem. Apple’s privacy is an engineer’s construct, even conceit. Many everyday senses of privacy follow this very limited idea of “data on my device.” Though I’ve entered vital data online numerous times, I would be more likely to feel a violation of privacy at an “unauthorized” family member thumbing through the pictures on my phone than a stranger using my date of birth and social security number to secure fraudulent credit. There’s something about Apple’s sense of “personal data” that gels very well with our sense that the gadgets we carry with us are “personal devices” rather than nodes in a massive economic and technological system.
But what about privacy’s co-dependents, especially the “public”? Apple’s narrow and problematic sense of privacy, if Apple sticks to it and if it were made the rule among tech companies, could have major public consequences, reshaping our experience of public life. First of all, Apple is explicitly pitting a forensic good, a good having to do with public justice, against the protection of privacy, and it is doing so in an absolutist fashion that undermines the delicate balance between certain rights and justice so vital to public life (just as the NSA did, but in reverse fashion).
In the case of Syed Rizwan Farook’s iPhone, we are talking about a specific and targeted forensic investigation — exactly what critics of the NSA call for. It is quite plausible that the data on Farook’s phone may be critical in helping to forensically reconstruct the networks (if any) of which Farook was a part. The knowledge that would come out of such an investigation may not end up preventing another similar attack. Nevertheless, it represents an immediate public good both with respect to our sense of justice and to making sense of indiscriminate acts of political violence that are, in their very performance, meant to cripple or otherwise alarm the citizenry. My point here is simply that legally sanctioned and legitimate forensic police work represents a public good, and Apple is now pitting that good against the good of privacy — and privacy as Apple defines it. [Continue reading…]
Ex-NSA chief opposes government effort to require ‘back doors’ in all devices
USA Today reports: Retired four-star general Michael Hayden, who as director of the NSA installed and still defends the controversial surveillance program to collect telephone metadata on millions of Americans, says he opposes proposals to force Apple and other tech companies to install “back doors” in digital devices to help law enforcement.
In an emerging court battle over access to information on the iPhone owned by one of the San Bernardino attackers, Hayden says “the burden of proof is on Apple” to show that limited cooperation with investigators would open the door to broader privacy invasions. Apple is being asked not to decrypt information on the smartphone but rather to override the operating system so investigators could try an endless series of passwords to unlock it.
“In this specific case, I’m trending toward the government, but I’ve got to tell you in general I oppose the government’s effort, personified by FBI Director Jim Comey,” Hayden told Capital Download in an interview about his memoir, Playing to the Edge: American Intelligence in the Age of Terror. “Jim would like a back door available to American law enforcement in all devices globally. And, frankly, I think on balance that actually harms American safety and security, even though it might make Jim’s job a bit easier in some specific circumstances.”[Continue reading…]
The archaic All Writs Act the government is using to try and unlock a terrorist’s iPhone
The Washington Post reports: The U.S. government and Apple are locked in a legal battle over unlocking an iPhone used by one of the San Bernardino shooters. But a new court order is throwing a law that dates to the days of the founding fathers into a high-tech debate over digital security.
On Tuesday, a U.S. magistrate judge in California ordered Apple to provide “reasonable technical assistance” to the government as it tries to bypass security features built into its products based on an interpretation of the “All Writs Act.”
The original form of that statute dates to the Judiciary Act of 1789, centuries before the iPhone was a twinkle in Steve Jobs’s eye. In its current form, the law gives federal courts the power to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”
Basically, it’s “a very short, cryptic statute” that gives the courts “all sorts of incidental powers” to require things not specifically covered by other laws, according to Stephen Vladeck, a law professor at American University.
In the past, the act has been used to compel non-parties — like service providers of tech companies — to help in criminal investigations, Vladeck said. But that help has typically been limited to straightforward requests, like activating or turning off particular features and using systems that are already in place, he said.
The new order is different: It tells Apple to help the government by creating an entirely new software to help investigators bypasses security features. “That requires Apple to go much further than any company has ever been required to go in one of these cases,” said Vladeck. [Continue reading…]
Last October, Jennifer Granick and Riana Pfefferkorn wrote: Under the government’s interpretation of the All Writs Act, anyone who makes software could be dragooned into assisting the government in investigating users of the software. If the court adopts this view, it would give investigators immense power. The quotidian aspects of our lives increasingly involve software (from our cars to our TVs to our health to our home appliances), and most of that software is arguably licensed, not bought. Conscripting software makers to collect information on us would afford the government access to the most intimate information about us, on the strength of some words in some license agreements that people never read. (And no wonder: The iPhone’s EULA came to over 300 pages when the government filed it as an exhibit to its brief.)
The government’s brief does not acknowledge the sweeping implications of its arguments. It tries to portray its requested unlocking order as narrow and modest, because it “would not require Apple to make any changes to its software or hardware, … [or] to introduce any new ability to access data on its phones. It would simply require Apple to use its existing capability to bypass the passcode on a passcode-locked iOS 7 phone[.]” But that undersells the implications of the legal argument the government is making: that anything a company already can do, it could be compelled to do under the All Writs Act in order to assist law enforcement. [Continue reading…]
How a New York judge inspired Apple’s encryption fight
Reuters reports: Last October, prosecutors from the Justice Department asked a federal magistrate judge in Brooklyn to issue an order directing Apple to help the Drug Enforcement Administration bust security on an iPhone 5 seized from the home of Jun Feng, a suspected meth dealer.
The government had previously obtained many such orders against Apple and other companies under the All Writs Act, a 1789 statute that grants federal courts broad power to issue “necessary or appropriate” writs.
The act has been a powerful tool for prosecutors since 1977, when the U.S. Supreme Court ruled in U.S. v. New York Telephone that the All Writs Act extends, under certain conditions, to private companies in a position to assist “the proper administration of justice.”
Apple has a long history of compliance with All Writs Act orders. The company helped New York investigators extract data from a suspected child sex abuser’s iPhone in 2008; rushed a data extraction in 2013 from the phone of an alleged child pornographer in Washington; and in 2015 provided federal agents in Florida with data the company extracted from a drug suspect’s phone.
According to a Justice Department brief filed last fall, Apple never objected to All Writs Act orders in those cases – nor, for that matter, to any All Writs Act order directing the company to help federal investigators break into iPhones.
Apple’s policy of acquiescence abruptly changed in the Jun Feng case last year. And for all of the attention now focused on Apple’s announced opposition to a newly issued All Writs Act order directing the company to help Justice Department investigators break the passcode on an iPhone belonging to San Bernardino shooter Syed Farook, the Feng case is quite likely to produce a ruling before the Farook case.
The impending showdown over Farook’s phone is an irresistibly stark depiction of the competing interests of individual privacy and national security. But keep your eye on precedent from Feng. [Continue reading…]
FBI’s push to ‘fix a typo’ would really expand its surveillance authority
Robyn Greene writes: At last week’s Senate Intelligence Committee hearing on Worldwide Threats, FBI Director James Comey reiterated his call for a major expansion of the FBI’s surveillance authorities, but disingenuously downplayed it as fixing a “typo” in the law. In fact, Comey’s proposed fix, which he calls one of the FBI’s top legislative priorities, would be a major expansion of surveillance authority, and a major hit to Americans’ privacy and civil liberties. It would grant the FBI access to a range of revealing and personal details about Americans’ online communications — what are called Electronic Communications Transactional Records (ECTR), in legalese — without court approval.
Through Comey’s “ECTR fix,” the FBI would have the unilateral authority to obtain information from phone and Internet companies about your online communications such as logs of emails you send and receive, cell site data (including your location information), and lists of websites you visit. The FBI wants to get this information using National Security Letters (NSLs), which are demands for information issued directly by local FBI offices without any court approval or supervision.
Under current law, the FBI can only use NSLs to get information pertaining to a customer’s “name, address, length of service, and local and long distance toll billing records of a person or entity.” By contrast, if the FBI wants to compel a company to hand over the much more revealing private information that is included in ECTRs, they currently can’t use NSLs — instead, they have to get a court order after convincing a judge that they have a factual basis for demanding those records. Therefore, the FBI’s proposal that Congress add ECTRs to the NSL statute is far from a typo fix, and would instead be a major expansion of FBI’s authority to conduct surveillance with virtually no oversight and no accountability. [Continue reading…]
Apple’s stance highlights a more confrontational tech industry
Farhad Manjoo writes: The battle between Apple and law enforcement officials over unlocking a terrorist’s smartphone is the culmination of a slow turning of the tables between the technology industry and the United States government.
After revelations by the former National Security Agency contractor Edward J. Snowden in 2013 that the government both cozied up to certain tech companies and hacked into others to gain access to private data on an enormous scale, tech giants began to recognize the United States government as a hostile actor.
But if the confrontation has crystallized in this latest battle, it may already be heading toward a predictable conclusion: In the long run, the tech companies are destined to emerge victorious.
It may not seem that way at the moment. On the one side, you have the United States government’s mighty legal and security apparatus fighting for data of the most sympathetic sort: the secrets buried in a dead mass murderer’s phone. The action stems from a federal court order issued on Tuesday requiring Apple to help the F.B.I. unlock an iPhone used by one of the two attackers who killed 14 people in San Bernardino, Calif., in December.
In the other corner is the world’s most valuable company, whose chief executive, Timothy D. Cook, has said he will appeal the court’s order. Apple argues that it is fighting to preserve a principle that most of us who are addicted to our smartphones can defend: Weaken a single iPhone so that its contents can be viewed by the American government and you risk weakening all iPhones for any government intruder, anywhere.
There will probably be months of legal tussling, and it is not at all clear which side will prevail in court, nor in the battle for public opinion and legislative favor.
Yet underlying all of this is a simple dynamic: Apple, Google, Facebook and other companies hold most of the cards in this confrontation. They have our data, and their businesses depend on the global public’s collective belief that they will do everything they can to protect that data. [Continue reading…]
Apple encryption case risks influencing Russia and China, privacy experts say
The Guardian reports: Authoritarian governments including Russia and China will demand greater access to mobile data should Apple lose a watershed encryption case brought by the FBI, leading technology analysts, privacy experts and legislators have warned.
Apple’s decision to resist a court order to unlock a password-protected iPhone belonging to one of the San Bernardino killers has created a worldwide privacy shockwave, with campaigners around the world expecting the struggle to carry major implications for the future of mobile and internet security. They warned that Barack Obama’s criticism of a similar Chinese measure last year now risked ringing hollow.
Senator Ron Wyden of Oregon, a leading legislator on privacy and tech issues, warned the FBI to step back from the brink or risk setting a precedent for authoritarian countries.
“This move by the FBI could snowball around the world. Why in the world would our government want to give repressive regimes in Russia and China a blueprint for forcing American companies to create a backdoor?” Wyden told the Guardian.
“Companies should comply with warrants to the extent they are able to do so, but no company should be forced to deliberately weaken its products. In the long run, the real losers will be Americans’ online safety and security.” [Continue reading…]
A private company has captured 2.2 billion photos of license plates in cities across the U.S.
Conor Friedersdorf writes: Throughout the United States — outside private houses, apartment complexes, shopping centers, and businesses with large employee parking lots — a private corporation, Vigilant Solutions, is taking photos of cars and trucks with its vast network of unobtrusive cameras. It retains location data on each of those pictures, and sells it.
It’s happening right now in nearly every major American city.
The company has taken roughly 2.2 billion license-plate photos to date. Each month, it captures and permanently stores about 80 million additional geotagged images. They may well have photographed your license plate. As a result, your whereabouts at given moments in the past are permanently stored. Vigilant Solutions profits by selling access to this data (and tries to safeguard it against hackers). Your diminished privacy is their product. And the police are their customers.
The company counts 3,000 law-enforcement agencies among its clients. Thirty thousand police officers have access to its database. Do your local cops participate?
If you’re not sure, that’s typical.
To install a GPS tracking device on your car, your local police department must present a judge with a rationale that meets a Fourth Amendment test and obtain a warrant. But if it wants to query a database to see years of data on where your car was photographed at specific times, it doesn’t need a warrant — just a willingness to send some of your tax dollars to Vigilant Solutions, which insists that license plate readers are “unlike GPS devices, RFID, or other technologies that may be used to track.” Its website states that “LPR is not ubiquitous, and only captures point in time information. And the point in time information is on a vehicle, not an individual.” [Continue reading…]