We have a new wrinkle in the encryption fight between Apple and the FBI. In a drug case, a magistrate judge in New York’s Eastern District has ruled that Apple does not need to assist the feds in unlocking a person’s phone and that the All Writs Act does not extend to such a demand.
Reason.com: Federal Judge Takes Apple’s Side vs. Feds in New York »
National security whistleblower Edward Snowden talks to the Free State Project from an undisclosed location in Russia.
Apple is already thinking about ways to make it harder to hack iPhones, reports say. According to the New York Times, the company wants to prevent passcode-free recovery mode in future iPhones. According to the FT, Apple also wants to encrypt iPhone backups on iCloud.
Techcrunch: Apple Plans To Make iPhone And iCloud More Secure To Keep The Government Away »
The infotech war has begun, for real.
First we had the fight over illegal file sharing, creating a divide between Big Entertainment backed up by Big Government and a large portion of the general public. (Young people in particular.) Parallel we have had the fights between Big Telecom and activists campaigning for a free and open internet. And the struggle between Big Intelligence and civil rights / privacy advocates.
Then came Edward Snowden, providing actual proof of what our governments are up to. This created an even bigger splash, still causing ripples.
And with the San Bernardino iPhone backdoor/unlock case between the FBI and Apple the tech sector will have to choose between loyalty to its’ customers or abiding by overreaching anti-terrorism and anti-privacy legislation. That ought to be easy enough. The money is with staying loyal to customers and their right to privacy. But it’s not. Not even Silicon Valley might be able to stand up against the state monopoly on violence.
The stakes are sky high. The San Bernardino case is not just about that single case or even just about privacy. It’s about secure encryption – imperative for safe communications, online banking, medical records, confidential information, trade secrets and public affairs. Apple cannot back down on this one.
This might be what finally will unite all sorts of activists and the Valley. I rather hope so. Alone, it’s very difficult to stand up against the government (and related special interests). But if the Internet generation, net activists, civil rights defenders and tech companies stand together — we might stand a chance.
Unjust laws will stay unjust if no one stands up and fight them. Civil rights will be eroded if no one stands up to defend them. There are no limits to what governments will try to justify under the pretext of security — that, by the way, is an illusion.
The government will always try to “balance fundamental rights and security”, time and time again until there are no fundamental rights left.
Now is the time for activists (who know how to actually change politics) to team up with Silicon Valley (where the money needed to make campaigning effective is).
We can win this one — and at the same time establish a red line that governments will have to recognize.
But it will be dirty. It’s all about power and control.
/ HAX
Related: Apple’s FBI battle is just the beginning of a reality check for the tech sector »
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.
This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake. (…)
Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.
For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business. (…)
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable. (…)
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
Apple CEO Tim Cook: A Message to Our Customers »
A must read!
With a public consultation, the British government now is one step closer to demanding age verification at internet porn sites.
This is a bad idea in itself. But what makes it even worse is that it will make anonymous porn surfing impossible (at least for the not so tech-enlightened).
BBC: Government launches porn site age checks consultation »
First of all, is it at all wise to ban people under the age of 18 from watching porn online? After all, they are allowed to enjoy sexual activities from the age of 16. But they shouldn’t be allowed to see depictions of other people fucking? Really?
Second, there is a strong case for anonymous porn surfing: Many people might want to explore alternatives to heterosexual missionary position sex. But they might not want the government, the ISP:s, the credit card companies or the site owners to know about it. And rightly so. People have a right to sexual privacy.
My third objection is about security. One of the options in the consultation is that people should have to check in to porn sites (even free porn sites) by using their credit card. Thus exposing themselves to obvious risks. This way porn sites (real ones, that can be hacked and fake ones, set up for skimming) will become a very popular tool for credit card fraud.
The whole project will become a morass of unintended and unwanted consequences.
/ HAX
A little more than a week ago, I wrote a blog post on the EU-US Privacy Shield. This is supposed to replace the fallen “Safe Harbour” agreement, protecting European personal data when transferred to the US. (The latter didn’t, that’s why the European Court of Justice invalidated it.)
But, as I wrote, the EU-US Privacy Shield is just a framework agreement, not a deal. No substance. Nothing. Everyone is just stalling for time.
And I’m not the only one to be suspicious. Today the weekly EDRi-gram from Brussels-based NGO European Digital Rights turned up in my mailbox. And they do take a swing against the Privacy Shield illusion:
What’s behind the shield? Unspinning the “privacy shield” spin »
Some quotes…
• If there is a deal, why was nothing published?
It is standard practice from the European Commission. When an agreement is reached, the Commission launches a press release, but not the actual agreement. In this way, the Commission can control the amount of information available to journalists and the general public. It then launches the actual document once the press cycle is over and the details are no longer newsworthy.
I couldn’t agree more. Things like this happen all the time. And the EU Commission seems to get away with it all the time. In this case, let’s keep an eye on the ball for a change.
• Was there a deal?
Actually, there was no deal. The Commission had to announce something on 2 February in order to prevent regulators from starting enforcement action against companies that were (and, today, still are) transferring data illegally to the United States.
Bulls eye, again. What we see is the EU political system trying to dodge the EU judicial system. I won’t quote the entire text, but I must direct your attention to this showstopper…
• Is it strategically wise to announce a deal before discussions have been completed?
For the US, definitely, for the EU, it was strategically disastrous. As the EU has announced a deal, European negotiators have absolutely no leverage in the discussions around the detail of the agreement. Politically, it is impossible for the EU to reject anything that the US now proposes, because it is politically impossible for the Commission to abandon negotiations after it announced the completion of an agreement.
Is this just mind-bending incompetence? Or outright political sabotage?
And so it goes on. You really should read the whole piece.
The European Parliament (that has demanded a suspension of the Safe Harbour agreement for years) ought to be very upset. And the European Court of Justice should treat this as contempt of court, if there is such a thing in its’ regulatory framework.
We really shouldn’t let the European Commission get away with this. European citizens deserve decent data protection.
/ HAX
The only concern when data is collected about you should be how that data can be abused in a worst case scenario, for that exact scenario is more likely than not to materialize.
Rick Falkvinge: It doesn’t matter why data is collected: it only matters that it is »
Holger Steltzner in Frankfurter Allgemeine...
Beim Feldzug gegen das Bargeld geht es um mehr als das Bezahlen. Ginge es nur darum, könnte man die Leute einfach selbst entscheiden lassen, wie sie künftig zahlen wollen. Es geht um das Ende von Privatheit und selbstbestimmter Entscheidung, um Lenkung von Verhalten und um den Zugriff auf das Vermögen. Der Bevormundung des Bürgers wäre in einer solchen Welt keine Grenze gesetzt, Geld wäre kein privates Eigentum mehr. Der Übergewichtige könnte mit seiner Karte auf einmal die Kalorienbombe nicht mehr zahlen, der Alkoholiker sich die Weinflasche nicht mehr besorgen, und am „Veggie Day“ dürfte man mit seinem Smartphone kein Fleisch mehr kaufen. Der Zugriff des Fiskus auf das Konto des Bürgers wäre selbstverständlich. Und in totalitären Staaten gäbe es kein Entrinnen vor Überwachung und Unterdrückung. (…)
Andere Motive sind für den Krieg gegen Cash wichtiger, aber über sie wird weniger geredet. Hier kommen die Notenbanken ins Spiel, auch die Europäische Zentralbank, deren Präsident Draghi schon laut darüber nachdenkt, wie er am besten die Abschaffung der 500-Euro-Note kommuniziert, die der EZB-Rat noch gar nicht beschlossen hat. Ohne Bargeld wären die Bürger den Negativzinsen der Zentralbanken ausgeliefert. Davon träumen auch viele Finanzminister und keynesianische Ökonomen.
Bargeld ist Freiheit » | Google Translate »
Update: Translation to Swedish in the comments, thanks to Christian Engström.
Last October the EU-US “Safe Harbour” agreement was canceled by the European Court of Justice. This agreement was created to ensure that European personal data was to be treated with care when handled by US companies. But the ECJ found that the agreement did not meet the requirements of the Data Protection Directive, because of NSA access.
ArsTechnica then reported…
“The most significant repercussion of this ruling is that American companies, such as Facebook, Google, and Twitter, may not be allowed to send user data from Europe back to the US.”
Link: Europe’s highest court strikes down Safe Harbour data sharing between EU and US »
Today the media has reported that a new agreement has been reached: The EU-US Privacy Shield.
Such an agreement has been a top political priority for the EU as well as the US — as the respective administrations have not wanted data protection to get in the way of business as usual.
But is there a real agreement? Not really. All there is, is a “framework agreement”, basically saying that the EU and the US agree to agree at some point.
Today ArsTechnica writes…
“What that means in practice is that the Commission has negotiated some breathing space to strike a deal with the US.”
“The US has clarified that they do not carry out indiscriminate mass surveillance of European citizens,” EU Commissioner Andrus Ansip has declared. No further details on this, though…
Link: Last gasp Safe Harbour “political deal” struck between Europe and US »
Apparently the EU and the US have no such thing as an actual deal to show. But there is a lot of hot air coming out of Brussels and Washington.
Earlier today, before the news about an “framework agreement” from Brussels, ArsTechnica had an interview with Max Schrems, the Austrian law student who took this case to court to begin with.
“On the subject of any potential new agreement, he argues it would be no better, and that a sector-specific approach to EU-US data transfers would be preferable. “If this case goes back to the ECJ [European Court of Justice]—which it very likely will do, if there is a new safe harbour that does not meet the test of the court—then it will fail again, and nobody wants that,” he says.”
Link: Why Safe Harbor 2.0 will lose again »
Apart from the EU and the US having agreed to agree — everyone seems to be just as much in the dark as before. (There is also the hidden agenda of mass surveillance and intelligence cooperation that led to the end of “safe harbour” in the first place, to be taken into consideration.)
I suppose the new agreement, when it is finalized, will end up in the European Parliament for final approval. Then, if not before, we should know. And it is encouraging that the Parliament has been very vigilant concerning EU-US data protection issues in the past.
/ HAX
