Navigation

Archive | US

The real issue with the San Bernardino shooters iPhone

By on March 10, 2016 in Apple, Big Brother, Cryptography, Data Protection, IT security, Privacy, US

The trench war over the San Bernardino shooters iPhone continues. The FBI demands that Apple should create a special OS to circumvent the “auto erase” function that, if activated, would make the phones contents unavailable after ten failed attempts to unlock it. And Apple is fighting the request.

However, it turns out that all of this might be unnecessary. There are other ways to access the content, as demonstrated by the ACLU.

It is unlikely that FBI didn’t know about this possibility — as it is a commonly used technique in the industry.

ACLU:s Technology Fellow Daniel Kahn Gillmor explains…

“All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely, because it can restore the NAND flash memory from its backup copy.”

So, what is going on here?

“If this generally useful security feature is actually no threat to the FBI, why is it painting it in such a scary light that some commentators have even called it a “doomsday mechanism”? The FBI wants us to think that this case is about a single phone, used by a terrorist. But it’s a power grab: law enforcement has dozens of other cases where they would love to be able to compel software and hardware providers to build, provide, and vouch for deliberately weakened code. The FBI wants to weaken the ecosystem we all depend on for maintenance of our all-too-vulnerable devices. If they win, future software updates will present users with a troubling dilemma. When we’re asked to install a software update, we won’t know whether it was compelled by a government agency (foreign or domestic), or whether it truly represents the best engineering our chosen platform has to offer.”

Of course, it might just be about government incompetence. But never the less, the result would be the same: A judicial trojan horse for weakening device security all over the line.

Having seen what US government agencies have been up to — it is more likely than not that this is all about Big Brother deceptiveness.

• ACLU: One of the FBI’s Major Claims in the iPhone Case Is Fraudulent »
• Security Affairs: Snowden accuses the FBI of lying about his ability to unlock the iphone of the San Bernardino terrorist. “that’s horse sh*t.” he said. »

/ HAX

0

The EU-US Privacy Shield: EU presents a pointless proposal

By on March 3, 2016 in Big Brother, Big Data, Data Protection, EU, Privacy, US

Finally, the European Commission has presented a proposal for the EU-US Privacy Shield conserning data protection, to replace the fallen “Safe Harbour” agreement. Sorry to say, it’s rather pointless.

The background is that the European Court of Justice invalidated the “Safe Harbour” agreement that was supposed to provide adequate data protection when Europeans personal data is being transfered to the US. The reason was that US companies didn’t really care about the agreement — and that US authorities (e.g. the NSA) in many cases had access to the data.

Then followed some confusion as the EU and the US tried to negotiate a new agreement, the EU-US Privacy Shield. Here are some previous blog posts:

• An EU-US Privacy Shield? »
• The EU-US Privacy Shield Illusion »

Now we have a proposal. Some EU links:

• European Commission presents EU-U.S. Privacy Shield »
• Restoring trust in transatlantic data flows through strong safeguards: European Commission presents EU-U.S. Privacy Shield »
• EU-U.S. Privacy Shield: Frequently Asked Questions »

This new proposal is rather similar to the old, fallen agreement. So much so, that it might very well be invalidated by the ECJ once again.

The main news seems to be “adequacy decisions”. In simple terms this means that things will be deemed OK if the European Commission says so. And that is hardly a solid judicial principle.

The Austrian student Max Schrems — who took the old agreement to the ECJ in the first place — says that he is considering taking the new agreement back to court, if adopted.

In a comment the NGO EDRi:s Executive Director Joe McNamee says..

The European Commission has given Europe a lesson on how not to negotiate. This isn’t a good deal, it hardly deserves to be called a ‘deal’ of any kind.

The EDRi press release also states that the documents published “confirm that no meaningful reforms have been made and that none are planned”.

EDRi Press Release: Privacy Shield is the same unsafe harbour »

The European Commission simply does not seems to be very concerned about protecting European personal data being transfered to the US.

/ HAX

0

The FBI vs. Apple case is about unlocking your life

By on March 2, 2016 in Apple, Big Brother, Cryptography, Data Protection, Privacy, US

Here is some food for thought, on the FBI vs. Apple case about unlocking the San Bernardino shooters iPhone: It’s not only about your phone calls and text messages, it’s about your entire life.

An iPhone contains apps, surf history and search history that would crack open your private life completely in front of Big Brother.

In a text, Rick Falkvinge lists a few examples…

  • What news articles you read, for how long, and in what order
  • Your travel plans
  • Your dating habits
  • What you’re buying
  • What you’re thinking of buying but didn’t
  • Whom you’re in touch with but didn’t talk to
  • What you were looking for more information about, and when
  • What link(s) you follow, given a selection
  • Your physical movement through cities, and within a city
  • …the list goes on.

Is this really information that should be in government hands?

Falkvinge: Using legacy phonecall wiretapping laws to justify Internet wiretapping is obscene: immense expansion of surveillance »
Slate: An iPhone Is an Extension of the Mind »

0

This Is the Real Reason Apple Is Fighting the FBI

By on February 24, 2016 in Apple, Big Brother, Civil liberties, Cryptography, Data Protection, surveillance, US

Julian Sanchez: This Is the Real Reason Apple Is Fighting the FBI »

1. This offers the government a way to make tech companies help with investigations.

2. This public fight could affect private orders from the government.

3. The consequences of a precedent permitting this sort of coding conscription are likely to be enormous in scope.

4. Most ominously, the effects of a win for the FBI in this case almost certainly won’t be limited to smartphones.

0

Encryption: Apple vs. FBI

By on February 18, 2016 in Apple, Big Brother, Cryptography, Data Protection, Privacy, US

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake. (…)

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business. (…)

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable. (…)

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Apple CEO Tim Cook: A Message to Our Customers »

A must read!

0

The EU-US Privacy Shield Illusion

By on February 11, 2016 in Big Data, Data Protection, EU, Privacy, US

A little more than a week ago, I wrote a blog post on the EU-US Privacy Shield. This is supposed to replace the fallen “Safe Harbour” agreement, protecting European personal data when transferred to the US. (The latter didn’t, that’s why the European Court of Justice invalidated it.)

But, as I wrote, the EU-US Privacy Shield is just a framework agreement, not a deal. No substance. Nothing. Everyone is just stalling for time.

And I’m not the only one to be suspicious. Today the weekly EDRi-gram from Brussels-based NGO European Digital Rights turned up in my mailbox. And they do take a swing against the Privacy Shield illusion:

What’s behind the shield? Unspinning the “privacy shield” spin »

Some quotes…

• If there is a deal, why was nothing published?

It is standard practice from the European Commission. When an agreement is reached, the Commission launches a press release, but not the actual agreement. In this way, the Commission can control the amount of information available to journalists and the general public. It then launches the actual document once the press cycle is over and the details are no longer newsworthy.

I couldn’t agree more. Things like this happen all the time. And the EU Commission seems to get away with it all the time. In this case, let’s keep an eye on the ball for a change.

• Was there a deal?

Actually, there was no deal. The Commission had to announce something on 2 February in order to prevent regulators from starting enforcement action against companies that were (and, today, still are) transferring data illegally to the United States.

Bulls eye, again. What we see is the EU political system trying to dodge the EU judicial system. I won’t quote the entire text, but I must direct your attention to this showstopper…

• Is it strategically wise to announce a deal before discussions have been completed?

For the US, definitely, for the EU, it was strategically disastrous. As the EU has announced a deal, European negotiators have absolutely no leverage in the discussions around the detail of the agreement. Politically, it is impossible for the EU to reject anything that the US now proposes, because it is politically impossible for the Commission to abandon negotiations after it announced the completion of an agreement.

Is this just mind-bending incompetence? Or outright political sabotage?

And so it goes on. You really should read the whole piece.

The European Parliament (that has demanded a suspension of the Safe Harbour agreement for years) ought to be very upset. And the European Court of Justice should treat this as contempt of court, if there is such a thing in its’ regulatory framework.

We really shouldn’t let the European Commission get away with this. European citizens deserve decent data protection.

/ HAX

0

The Assange dilemma

By on February 7, 2016 in Assange, Human rights, Sweden, UK, UN, US, Wikileaks

I stand with Julian Assange. But I think his case took a turn for the worse this week.

First, to recapitulate: Julian Assange has not been charged with any crime in Sweden. This ridiculous situation is the result of a Swedish prosecutor refusing to interview him about alleged sexual misconduct, in a case that is very thin. Assange has reasons to fear that Sweden might surrender him to the US, where a Grand Jury is preparing his case. Sweden has handed over people to the CIA without prior judicial process on an earlier occasion. And the Wikileaks whistleblower Chelsea Manning has been sentenced to 35 years in prison.

The situation for Julian Assange looks very much like that of a political dissident kept under house arrest.

Article 9 in The UN Universal Declaration of Human Rights reads “No one shall be subjected to arbitrary arrest, detention or exile.”

This declaration has been signed by Sweden as well as the United Kingdom. Now a UN panel under the Human Rights Commissioner has ruled that the way Assange is treated is in breach of this central principle. It is the same panel that e.g. took on the case of Aung San Suu Kyi. Usually, these rulings are held in high. But this time, the shoe seems to be on the other foot. Clearly the UK and Sweden only honor the UN panel when they are not the culprits.

Never the less, this has been lost on most people. It’s all too complicated and sublime.

The British and Swedish governments, on the other hand, only had to deliver simple one-liners. The UK foreign secretary Philip Hammond brands the UN panel’s ruling “ridiculous”. The Swedish government’s line is that this will not change anything.

Also, some media has deemed the UN approach as nonsensical. Remember, it’s simply not enough to be right — if this cannot be communicated in a way that makes an impact.

In practice, very little has changed. And the case against Assange will stay open until August 2020.

Somehow, I have a feeling that the UK, Sweden and the US feel rather content having Julian Assange in limbo at the Ecuadorean embassy in London. There his actions will be limited. And with an open investigation on alleged sex crimes, his reputation will stay tarnished. All of this having a negative impact on Wikileaks possibilities to expose wrongdoings and the dirty little secrets of the power elites.

That is exactly why the UN panel’s report is relevant.

/ HAX

Affidavit of Julian Paul Assange »

 

1