“[The FBI] is not as interested in solving the problem as they are in getting a legal precedent,” Clarke said. “Every expert I know believes the NSA could crack this phone. They want the precedent that government could compel a device manufacturer to let the government in.”
Archive | March, 2016
The Goovernment
You know the saying that Google will know if you are gay before you do?
Almost the same, but a little different, can be said about the government.
The government knows who you have been talking to on the phone and who your friends are – and who their friends are. The government knows where you have been and who else might have been in the same place at the same time. The government knows when you connected to the internet, who you sent an email and the people that have emailed you. Data is stored about your every text message, and in some countries that go for the content of the messages as well.
In the UK Big Brother will even keep an eye on your web searches, if the government gets it its way.
The government knows who your friends are and what people you are trying to avoid. It can tell who you do business with and what people you sleep with. It can figure out your hobbies and your whereabouts. And it can flag you if a friend of your friend is someone the people in power do not approve of.
With Google – at least, it’s about selling you stuff, to expose you to “relevant” ads and to make a buck. (But World Domination, really?)
But with the Goovernment – it’s all about control. And power. Over you. For real.
Put one on top of the other, and it gets even more scary. (The government doesn’t need Google to cooperate in this. Much of the data is out on the market.)
All of this while government doings are getting more opaque, more secretive and more dubious.
This is not the way to do things in an open, democratic society.
/ HAX
WhatsApp vs. the FBI
In Saturday’s edition of the New York Times, Matt Apuzzo reports that the Department of Justice is locked in a “prolonged standoff” with WhatsApp. The government is frustrated by its lack of real-time access to messages protected by the company’s end-to-end encryption. The story may represent a disturbing preview of the next front in the FBI’s war against encryption.
Back to the future
Rick Falkvinge: Obama repeats 600-year-old argument against printing press at SXSW, only directed at the Internet »
No Mr President, that is not a problem
If in fact you can’t crack that all, if the government can’t get in, then everybody is walking around with a Swiss Bank account in their pocket.
US President Barack Obama on encryption at the SXSW.
That is the perspective from a politician who thinks that people cannot be entrusted with their own money.
The real issue with the San Bernardino shooters iPhone
The trench war over the San Bernardino shooters iPhone continues. The FBI demands that Apple should create a special OS to circumvent the “auto erase” function that, if activated, would make the phones contents unavailable after ten failed attempts to unlock it. And Apple is fighting the request.
However, it turns out that all of this might be unnecessary. There are other ways to access the content, as demonstrated by the ACLU.
It is unlikely that FBI didn’t know about this possibility — as it is a commonly used technique in the industry.
ACLU:s Technology Fellow Daniel Kahn Gillmor explains…
“All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely, because it can restore the NAND flash memory from its backup copy.”
So, what is going on here?
“If this generally useful security feature is actually no threat to the FBI, why is it painting it in such a scary light that some commentators have even called it a “doomsday mechanism”? The FBI wants us to think that this case is about a single phone, used by a terrorist. But it’s a power grab: law enforcement has dozens of other cases where they would love to be able to compel software and hardware providers to build, provide, and vouch for deliberately weakened code. The FBI wants to weaken the ecosystem we all depend on for maintenance of our all-too-vulnerable devices. If they win, future software updates will present users with a troubling dilemma. When we’re asked to install a software update, we won’t know whether it was compelled by a government agency (foreign or domestic), or whether it truly represents the best engineering our chosen platform has to offer.”
Of course, it might just be about government incompetence. But never the less, the result would be the same: A judicial trojan horse for weakening device security all over the line.
Having seen what US government agencies have been up to — it is more likely than not that this is all about Big Brother deceptiveness.
• ACLU: One of the FBI’s Major Claims in the iPhone Case Is Fraudulent »
• Security Affairs: Snowden accuses the FBI of lying about his ability to unlock the iphone of the San Bernardino terrorist. “that’s horse sh*t.” he said. »
/ HAX
Meanwhile, in France…
Amendment 90 to France’s penal reform bill provides for five year prison sentences and €350,000 fines for companies that refuse to accede to law enforcement demands to decrypt devices.
BoingBoing: French Parliament votes to imprison tech execs for refusal to decrypt »
EU and the crypto war
So, where does the EU stand on politicians, law enforcements and intelligence organisations war on encryption?
It is still an open question, to be decided in the e-Privacy Directive.
What is this — and didn’t the EU just set out the framework for data protection? Diego Naranjo at EDRi explains…
“Did you think the data protection reform was finished? Think again. Once the agreement on the texts of the General Data Protection Regulation (GDPR) and the Data Protection Directive for Law Enforcement Agencies (LEDP) was reached, the e-Privacy Directive took its place as the next piece of European Union (EU) law that will be reviewed. The e-Privacy Directive (Directive 2002/58/EC on privacy and electronic communications) contains specific rules on data protection in the area of telecommunication in public electronic networks.”
Here issues such as cookies, government trojans and encryption back doors should be addressed.
So far, this process has attracted very little attention from the public, the media, the industry and internet activists. Nevertheless, these issues are essential when it comes to citizens right to privacy.
While the Apple vs. FBI case in the US is all over the media — what’s going on in the same field in the EU is more or less ignored.
While most EU politicians have held a low profile about encryption backdoors so far, the matter of government trojans already is an existing and very real cause for worry.
The French have since long been suspected to use malware (e.g. Babar, Bunny, Casper, Dino, NBot and Tafacalou) and will most certainly move ahead in its’ new cyber-security strategy. In Germany the government just approved the usage of trojans by federal agencies. And countries like Sweden are fast-tracking legislation in this field.
It is important to remember that this is not “only” about phone calls, text messages and e-mails. With trojans on your phone, tablet or computer — the government can access everything you do. What you write. What you google. Your online banking. Your social media activities. Dating apps that you might use. Your contacts. Your private pictures. Your business plans. Your health apps. You name it…
So we better get busy while it’s still possible to influence the political process.
Don’t let the EU get away with keeping this dossier under the radar. Please.
/ HAX
EDRi: Data Protection Reform – Next stop: e-Privacy Directive »
“Bitcoin’s nightmare scenario has come to pass”
This week the dire predictions came to pass, as the network reached its capacity, causing transactions around the world to be massively delayed, and in some cases to fail completely. The average time to confirm a transaction has ballooned from 10 minutes to 43 minutes. Users are left confused and shops that once accepted Bitcoin are dropping out.
The EU-US Privacy Shield: EU presents a pointless proposal
Finally, the European Commission has presented a proposal for the EU-US Privacy Shield conserning data protection, to replace the fallen “Safe Harbour” agreement. Sorry to say, it’s rather pointless.
The background is that the European Court of Justice invalidated the “Safe Harbour” agreement that was supposed to provide adequate data protection when Europeans personal data is being transfered to the US. The reason was that US companies didn’t really care about the agreement — and that US authorities (e.g. the NSA) in many cases had access to the data.
Then followed some confusion as the EU and the US tried to negotiate a new agreement, the EU-US Privacy Shield. Here are some previous blog posts:
• An EU-US Privacy Shield? »
• The EU-US Privacy Shield Illusion »
Now we have a proposal. Some EU links:
• European Commission presents EU-U.S. Privacy Shield »
• Restoring trust in transatlantic data flows through strong safeguards: European Commission presents EU-U.S. Privacy Shield »
• EU-U.S. Privacy Shield: Frequently Asked Questions »
This new proposal is rather similar to the old, fallen agreement. So much so, that it might very well be invalidated by the ECJ once again.
The main news seems to be “adequacy decisions”. In simple terms this means that things will be deemed OK if the European Commission says so. And that is hardly a solid judicial principle.
The Austrian student Max Schrems — who took the old agreement to the ECJ in the first place — says that he is considering taking the new agreement back to court, if adopted.
In a comment the NGO EDRi:s Executive Director Joe McNamee says..
The European Commission has given Europe a lesson on how not to negotiate. This isn’t a good deal, it hardly deserves to be called a ‘deal’ of any kind.
The EDRi press release also states that the documents published “confirm that no meaningful reforms have been made and that none are planned”.
EDRi Press Release: Privacy Shield is the same unsafe harbour »
The European Commission simply does not seems to be very concerned about protecting European personal data being transfered to the US.
/ HAX