Tag Archives: Google

iPhone-Encryption

Shhh… DOJ Uses 18th Century Law to Make Apple Unlock Encrypted iPhones

It’s time to raise the antenna again on smartphone encryption matters.

Law enforcement agencies, particularly the FBI, have been desperately pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption. And authorities are apparently giving in.

According to an exclusive report by Ars Technica (below) earlier this week, court documents from 2 federal criminal cases in New York and California show the US Department of Justice on October 31 this year went as far as exercising a 18th century law – the All Writs Act – to compel Apple and at least one other company to cooperate with law enforcement officials in investigations dealing with locked and encrypted smartphones.

The 225-year-old law gives the courts the right to issue whatever writs or orders in order to compel someone to do something.

To the extent that Apple has recently beefed up encryption in its latest iOS 8, the fact that the DOJ would go to such absurd lengths might set worrying precedence – recall a recent ludicrous DOJ assertion that the new encryption standards would kill a child.

A more disturbing question: What would you do if you were FBI director James Comey making his rounds to denounce smartphone encryption?

Make the DOJ use the All Writs Act to force manufacturers to install convenient backdoors. Why not?

—————————————-

Feds want Apple’s help to defeat encrypted phones, new legal case shows

Prosecutors invoke 18th-century All Writs Act to get around thorny problem.
by Cyrus Farivar – Dec 1 2014, 10:00pm CST

OAKLAND, CA—Newly discovered court documents from two federal criminal cases in New York and California that remain otherwise sealed suggest that the Department of Justice (DOJ) is pursuing an unusual legal strategy to compel cellphone makers to assist investigations.

In both cases, the seized phones—one of which is an iPhone 5S—are encrypted and cannot be cracked by federal authorities. Prosecutors have now invoked the All Writs Act, an 18th-century federal law that simply allows courts to issue a writ, or order, which compels a person or company to do something.

Some legal experts are concerned that these rarely made public examples of the lengths the government is willing to go in defeating encrypted phones raise new questions as to how far the government can compel a private company to aid a criminal investigation.

Two federal judges agree that the phone manufacturer in each case—one of which remains sealed, one of which is definitively Apple—should provide aid to the government.

Ars is publishing the documents in the California case for the first time in which a federal judge in Oakland specifically notes that “Apple is not required to attempt to decrypt, or otherwise enable law enforcement’s attempts to access any encrypted data.”

The two orders were both handed down on October 31, 2014, about six weeks after Apple announced that it would be expanding encryption under iOS 8, which aims to render such a data handover to law enforcement useless. Last month, The Wall Street Journal reported that DOJ officials told Apple that it was “marketing to criminals” and that “a child will die” because of Apple’s security design choices.

Apple did not immediately respond to Ars’ request for comment.

Meet the “All Writs Act”

Alex Abdo, an attorney with the American Civil Liberties Union, wondered if the government could invoke the All Writs Act to “compel Master Lock to come to your house and break [a physical lock] open.”

“That’s kind of like the question of could the government compel your laptop maker to unlock your disk encryption?” he said. “And I think those are very complicated questions, and if so, then that’s complicated constitutional questions whether the government can conscript them to be their agents. Then there’s one further question: can the government use the All Writs Act to compel the installation of backdoors?”

But, if Apple really can’t decrypt the phone as it claims, the point is moot.

“Then that’s pretty much the end of it,” Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, told Ars. “The writ doesn’t require Apple to do something that is impossible for it to do.”

Andrew Crocker, a legal fellow also at the Electronic Frontier Foundation, pointed out on Twitter on Tuesday that back in 2005, a different New York magistrate refused to accept the government’s invocation of the All Writs Act to obtain real-time cell site data.

As Magistrate Judge James Orenstein wrote at the time:

Thus, as far as I can tell, the government proposes that I use the All Writs Act in an entirely unprecedented way. To appreciate just how unprecedented the argument is, it is necessary to recognize that the government need only run this Hail Mary play if its arguments under the electronic surveillance and disclosure statutes fail.

The government thus asks me to read into the All Writs Act an empowerment of the judiciary to grant the executive branch authority to use investigative techniques either explicitly denied it by the legislative branch, or at a minimum omitted from a far-reaching and detailed statutory scheme that has received the legislature’s intensive and repeated consideration. Such a broad reading of the statute invites an exercise of judicial activism that is breathtaking in its scope and fundamentally inconsistent with my understanding of the extent of my authority.

“Any capabilities [Apple] may have to unlock the iPhone”

One of the new phone search cases was filed in federal court in Oakland, just across the bay from San Francisco, while another was filed in federal court in Manhattan.

In the Oakland case, prosecutors asked a federal judge in to “assist in the execution of a federal search warrant by facilitating the un-locking of an iPhone.”

Ars went in person to the Oakland courthouse on Wednesday to obtain the documents and is publishing both the government’s application and the judge’s order for the first time here. The All Writs Act application and order are not available via PACER, the online database for federal court records.

“This Court has the authority to order Apple, Inc., to use any capabilities it may have to unlock the iPhone,” Garth Hire, an assistant US attorney, wrote to the court and cited the All Writs Act.

“The government is aware, and can represent, that in other cases, courts have ordered the unlocking of an iPhone under this authority,” he wrote. “Additionally, Apple has routinely complied with such orders.”

“This court should issue the order because doing so would enable agents to comply with this Court’s warrant commanding that the iPhone be examined for evidence identified by the warrant,” he continued. “Examination of the iPhone without Apple’s assistance, if it is possible at all, would require significant resources and may harm the iPhone. Moreover, the order is not likely to place any unreasonable burden on Apple.”

In response, Magistrate Judge Kandis Westmore ordered that Apple “provide reasonable technical assistance to enable law enforcement agents to obtain access to unencrypted data.” She did not specifically mention the All Writs Act.

But she added:


It is further ordered that, to the extent that data on the iOS device is encrypted, Apple may provide a copy of the encrypted data to law enforcement but Apple is not required to attempt to decrypt, or otherwise enable law enforcement’s attempts to access any encrypted data.

Westmore’s language is a near-duplicate of a June 6, 2014 order issued by a different judge from the Northern California district, San Jose division, which is about 40 miles south of Oakland. There, Magistrate Judge Howard Lloyd ordered Apple to assist in the search of an iPad Mini, months before the release of iOS 8.

New spying tools afoot

On Tuesday, The Wall Street Journal reported on an order issued by a federal magistrate in New York in a case involving alleged credit card fraud.

In that Manhattan case, Magistrate Judge Gabriel Gorenstein granted the government’s proposed order on the same day as Westmore (October 31, 2014), also citing the All Writs Act, which compels the unnamed phone manufacturer to provide “reasonable technical assistance” in unlocking the device.

The mystery company could challenge the judge’s order, according to Brian Owsley, a former federal magistrate judge who now is a law professor at Indiana Tech.

“Unfortunately, we will probably not know because the issue will likely be sealed even though there should be more transparency in these issues,” he told Ars by e-mail, noting that during his tenure on the bench he could not remember a time when the government invoked the All Writs Act.

“It is only through greater transparency will we start to get the answers. If the provider simply complies we will know nothing. Here, Judge Gorenstein’s approach strikes me as very even-handed, but the inherent problem is that those who are concerned about privacy issues in general simply have to hope that the provider will speak up for us.”

But Orin Kerr, a law professor at George Washington University and a former federal prosecutor, does not believe that the seized phone in the New York case was an iOS 8 device.

“The government obtained a warrant on October 10 for a phone already in its possession,” he told Ars by e-mail. “Apple’s announcement was something like September 18. If it was an iPhone, it was probably an iPhone running [on] an earlier operating system.”

Still, Alex Abdo, the ACLU attorney, after reading a copy of the Oakland documents, concluded that the “government’s application raises troubling questions about the extent to which it can force companies to break the products they sell.”

“We are heartened, however, that the court recognized that possibility and stopped short of ordering Apple to come up with a way to decrypt its customers’ data,” he added.

“More broadly, it is disconcerting that the government is relying on a catch-all law to seek surveillance powers that it should be seeking from Congress and the public,” said Abdo. “If the government wants new spying tools, it should allow our democratic process to debate them openly first.”

UPDATE 1:50pm CT: Jonathan Mayer, a lecturer at Stanford Law, said that use of the All Writs Act is not as novel as it may seem. (He recommended his recent lecture on the subject!)

“The TL;DR is that there is nothing new about using the All Writs Act to compel assistance,” Mayer told Ars by e-mail. “And there is also nothing new about using it to compel assistance with unlocking a phone. That repeated language you saw? It’s provided by Apple itself!”

“As for the opinion discounting the All Writs Act, that had to do with surveillance under the Electronic Communications Privacy Act. Where ECPA applies, the All Writs Act doesn’t. (It’s just a default, as the court rightly noted.) Phone unlocking isn’t covered by ECPA, so the All Writs Act remains in play.”

Blackberry-Encryption

Shhh… Former NSA Attorney: Encryption Behind Blackberry’s Demise & Warning to Apple and Google

The authorities hate smartphone encryption and it shows. And they’re in concerted efforts to wage a war against it.

In echoing the recent messages from FBI director James Comey and GCHQ chief Robert Hannigan, former NSA general counsel Stewart Baker told the Web Summit audience in Dublin earlier this week that the moves by Google and Apple and others to encrypt user data was more hostile to western intelligence gathering than to surveillance by China or Russia.

In a conversation with Guardian special projects editor James Ball, Baker used Blackberry as an example:

Encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. “Blackberry pioneered the same business model that Google and Apple are doing now – that has not ended well for Blackberry,” said Baker.

He claimed that by encrypting user data Blackberry had limited its business in countries that demand oversight of communication data, such as India and the UAE and got a bad reception in China and Russia. “They restricted their own ability to sell. We have a tendency to think that once the cyberwar is won in the US that that is the end of it – but that is the easiest war to swim.”

Baker said the market for absolute encryption was very small, and that few companies wanted all their employees’ data to be completely protected. “There’s a very comfortable techno-libertarian culture where you think you’re doing the right thing,” said Baker.

“But I’ve worked with these companies and as soon as they get a law enforcement request no matter how liberal or enlightened they think they are, sooner to later they find some crime that is so loathsome they will do anything to find that person and identify them so they can be punished.

This latest anti-encryption blabbing drew quick defense from Blackberry COO Marty Beard, who found Baker’s remarks “don’t make any sense”.

“Security is a topic that’s increasing in importance,” Beard told the audience at FedScoop’s FedTalks event Thursday. “It’s the reason that all G7 countries and the G20 work with BlackBerry.

“We just see it growing in importance. The increasing cybersecurity threats are exploding, security across all [technology] layers is critical.”

Right2Bforgotten

Shhh… The BBC “Forgotten” List (& Forgotten Company Directors?)

The BBC plans to publish a regularly updated list of articles removed from the search engine Google following the controversial “right to be forgotten rule”.

Google has so far received some 153,000 requests which have involved about half a million different link and 40 percent of these links have been removed. However, according to associate professor David Glance, director of the Center for Software Practice at the University of Western Australia:

… there is a great deal of concern about the sorts of things that are being removed. So, for example, information about former company directors have been removed. So various people are now asking for that type of information to be restored because it’s part of the public record and important information when you are considering the effectiveness or the background of a company or the directors.”

Google-JapanDoraemon

Shhh… Japan’s “Forget” Ruling on Google

The Tokyo District Court ordered Google Japan last Thursday to follow Europe’s recent “right to be forgotten” ruling and remove the search results of a Japanese man’s past relations with a criminal organization following his complaint of violation into his privacy.

According to the judge preceding the case, some of the Google results “infringe personal rights” and had harmed the plaintiff.

The European Court of Justice ruled in May that anyone living in the European Union and Europeans living outside the region could ask search engines to remove links if they believed the online contents breached their right to privacy and are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed.”

But despite the uproar and headlines in the aftermath, the dirty little secret is that nothing has really changed. What Google has effectively done is to remove results from name search of those names approved to be deleted but only on its European websites. The same results remain on the Google US homepage and all its non-European sites.

Furthermore, Google is only removing the results but not the links. Its European sites may have deleted the results for a search on a specific name but a search for the same name accompanied by other key words may still churn out the same results.

In an earlier Shhh-cretly column, I explained with examples why there is a limit on the extent of privacy and any attempt to manually and selectively remove the Google search contents, successful or otherwise, is like playing God.

TimBerners-Lee

Shhh… Tim Berners-Lee on the Web & Privacy

Tim Berners-Lee, the inventor of the web 25 years ago and director of the World Wide Web Consortium, spoke at the Web We Want Festival last Saturday whereby he, according to The Guardian, also called on Saturday for a bill of rights that would guarantee the independence of the internet and ensure users’ privacy.

“If a company can control your access to the internet, if they can control which websites they go to, then they have tremendous control over your life,” the British computer scientist said. “If a government can block you going to, for example, the opposition’s political pages, then they can give you a blinkered view of reality to keep themselves in power.

“Suddenly the power to abuse the open internet has become so tempting both for government and big companies.”

Below is Tim Berners-Lee at a TED Talk earlier this year.

internet-undersea-cable

Shhh… NSA Ready for Google’s “Faster” Trans-Pacific Undersea Internet Cable

You can imagine the NSA getting impatient over free lunches following the announcement last month about Google’s proposed underseas fiber optic cable that will span the Pacific Ocean from the US west coast to Japan starting mid-2016.

The new cable dubbed “Faster” to transmit 60 terabits per second will be “easy to tap for sure”, according to a former NSA official quoted in a report by online news portal VentureBeat.

Google will cough out US$300 million to join hands with several parties – including China Mobile International, China Telecom Global, Global Transit, KDDI and SingTel – for the project which “could have big implications for Google on the public-cloud front and also for mobile needs”.

The involvement of some of these Google’s partners in this undertaking would blow the socks off many in the intelligence communities.

Intelligence agencies tapping into undersea cables have been well documented. The NSA’s British counterparts GCHQ, for example, have “Tempora” that could collect up to 21 million gigabytes of data every 24 hours as previously revealed by Edward Snowden, according to VentureBeat.

Apart from tapping communications, undersea cables are also left vulnerable exactly where they are.

scubaDivers-CutCables

Media reports had it that the Egyptian Armed Forces have arrested 3 scuba divers who tried to cut and sabotage an undersea internet cable in the Mediterranean.

Meanwhile lawyers representing the US government are in court hearings at the 2nd US Circuit Court of Appeals in Manhattan this week to defend the government’s bulk collection of telephone records from millions of Americans. Please stay tune.

ChinaOS

Shhh… (Another) New Chinese OS by October

A new homegrown Chinese operating system aimed to sweep aside foreign rivals like Microsoft, Google and Apple could be expected this coming October, according to a Xinhua news report Sunday.

The new OS would first target desktops with smartphones and other mobile devices to follow, according to Ni Guangnan who heads the development launched in March.

Now, it’s not that China has not attempted to create its very own OS. There was a Chinese Linux OS launched some years ago for mobile devices, dubbed the China Operating System (COS). It was developed as a joint effort by a company ‘Shanghai Liantong’, ISCAS (Institute of Software at the Chinese Academy of Sciences) and the Chinese Government. But it failed to take off and was later discontinued.

But the Chinese determination to have its very own system has risen a few bars recently, not least further sparked by the Snowden revelations that the American NSA planted “backdoor” surveillance tools on US-made hardware. Similarly the US have long been suspicious of China-made devices – Hmmm, is it still possible to get laptops with NO parts made in China? Check out my earlier column here if you are keen.

More recently, after the US made poster-boys of 5 Chinese military officers they accused of cyber-espionage in May, China swiftly banned government use of Windows 8. Just last month, it was also reported that as many as 10 Apple products were pulled out of a government procurement list as the spate of mistrusts continued.

China also lamented early last year that Google had too much control over its smartphone industry via its Android mobile operating system and has discriminated against some local firms.

Any bets on a fake Chinese OS any time soon – and sooner than October?

Shhh… What’s this Google’s “Project Zero”?

Several reports have surfaced the last 24 hours about Google’s “Project Zero”, essentially the online search giant’s very own in-house super-geeks team of security researchers and hackers now devoted to finding security flaws in non-Google, third-party software “across the internet”, especially zero-day flaws (newly discovered bugs) – also known as “zero-day” vulnerabilities, those hackable bugs that are exploited by criminals, state-sponsored hackers and intelligence agencies.

Now the question is, is this a Google PR stunt? Read this and that articles and decide for yourself.

Europe’s Ruling on Google: Much Ado About Nothing

Europe’s Ruling on Google: Much Ado About Nothing

Forget-me-not

“More than once, I’ve wished my real life had a delete key.” – Harlan Coben, American novelist.

If that sounds familiar, it has now become a reality but with reasons for concern – it has been two months since the controversial European “right to be forgotten” ruling. The irony is that nothing has actually changed fundamentally despite all the subsequent hoo-hah.

Let’s not forget the internet was originally designed to exchange raw data between researchers and scientists. Any attempt to manually and selectively remove the contents, successful or otherwise, is like playing God – much worse when Google decides what to delete.

I have listed an example to illustrate the lessons to be learned and price to be paid – of a somewhat similar attempt and the implications on the society at large.

You can find the entire column here.

Post-Snowden, the US Reaps a Security Whirlwind

Post-Snowden, the US Reaps a Security Whirlwind

From China with Love

It’s the one year anniversary of what is now known as the Snowden revelations, which appeared on June 5 and June 9 when The Guardian broke news of classified National Security Agency documents and Edward Snowden revealed himself in Hong Kong as the source of those leaks.

There is still much to decipher from the chronology of events in the aftermath and the sudden global awakening to the end of privacy. Among the impacts on the personal, business and political fronts, one interesting salient feature is the hypocritical rhetorical spats between the US and China in recent weeks, which could set the undertone for US-Sino relations for years to come.

Snowden said his biggest fear is that nothing would change following his bold decision a year ago.

You can find the entire column here.

Shhh… Microsoft, the NSA & You

End of Wins XP is No Dawn for Wins 8

Don’t be fooled into upgrading to Wins 8 after Microsoft recently ended support for the popular Wins XP OS. High time to switch to Linux instead – as I did 3 years ago.

Read this nicely written piece on those long held conspiracy theories about Microsoft and the NSA.

Do You Need the World’s Most Secure Email?

Do You Need the World’s Most Secure Email?

Or is Privacy Even Possible?

Is privacy and a secure email on your wish list? How does the “most secure email program” sound to you? Or rather, is that still possible in this post-Snowden era? How about a completely secure search engine?

Find out more from my latest column here and there.

Shhh… Heartbleed Check & Fix

The open source OpenSSL project revealed Monday a serious security vulnerability known as the “Heartbleed” bug that is used by two-third of the web to encrypt data, ie. to protect usernames, passwords and any sensitive information on secure websites. Yahoo is said to be the most exposed to Heartbleed but the company said it has fixed the core vulnerability on its main sites. There are several things you would need to do to check for Heartbleed bug and protect yourself from it, apart from changing your passwords. And according to the Tor project, staying away from the internet entirely for several days might be a good idea.

Check these YouTube video clips for more information – and find out how to fix it on Ubuntu Linux.

The Enemies of the US

Take your pick: Edward Snowden, Internet and phone service providers, or just everybody?

The furor over the past week about how US intelligence agencies like the National Security Agency and the Federal Bureau of Investigation have for years scooped up massive loads of private communications data raises one critical and distressing question.

Who, worldwide and in the US, are the general public supposed to trust now that it seems all forms of digital and cyber communications risk being read by the American authorities? The Americans, it seems, don’t believe it’s that big a deal. By 62-34, according to the latest poll by Pew Research and the Washington Post, they say it’s more important to investigate the threats than protect their privacy. But what about the rest of the world?

The immediate acknowledgement, rather than point blank denial, of the massive clandestine eavesdropping programs is no doubt alarming even for those long suspicious of such covert undertakings. But the more disturbing part is that the official response amounts to plain outright lies.

Please read this entire Opinion Column here.

Big Brother Meets Big Data

The Security Assault on Social Networks

Forget hacking. It works but it’s illegal.

Big data mining is the future of cyber espionage. It is not illegal as long as the data is open source and in the public domain. And all that data on “open” social networking Web sites are most vulnerable.

Two recent commercially developed software packages could soon be giving your government and employer and possibly anyone else who is interested – ways to spy on you like never before, including monitoring your words, your movements and even your plans now and into the future.

Please read the full column here and there.

Shhh… New Phones for Spies

Christmas comes early for spies this year.

The National Security Agency and Defense Information Systems Agency (the unit that manages all communications hardware needs for the Pentagon) are reportedly going to issue in December their newly developed smart phones and tablets based on commercially designed devices. Only a selected number of “customers” would get such a device as an early Christmas present, including spies and some high-level military and government officials.

These new phones and tablets are modified from commercial designs  - for good operational reasons - and thus mark a departure from the current use of special phones that stand out from the crowd and cost thousands of dollars. These ordinary looking devices will use some special Apps to optimize use of cloud computing and thus ease the risks of losing them and having sensitive data easily compromised.

And by the way, these modified devices run on Google’s Android operating system. Apple’s loyal worshippers will be left disappointed…

The Threat to Free Flow of Information

Looking back at 2010: A Very Social World
The world has changed. More than ever before, it is dominated by two opposing forces: the compulsion to share information and the need to control it. The year 2010 can claim to have a pivotal spot in the technological history of mankind, though not evidently for the better.
On the eve of the New Year, I began to wonder what some of the most significant world events were and which of these stood out. How could they further have an impact on a world already paranoid about privacy and national security on one hand, and obsessed with the advancement of techno-devices on the other?
The WikiLeaks headlines obviously top the list on a global scale, followed by the Google pullout from China, which left its mark on the world of corporate espionage. Third is the pressure exerted on the Canadian company Research In Motion (RIM) to hand over its Blackberry encryption to several governments.
These three events signify a paradigm shift in the gathering and sharing of information… (Read the entire column here and there).