X

Connect (X)

Search Results for: apple vs the fbi

Apple Versus the FBI — Round 2

By Ernest Worthman, AWT Exec. Editor, IEEE Sr. Member

Ern’s Perspective

Worthman

— Back when the first battle between Apple and the FBI emerged on the subject of data unlocking occurred, I had written several missives around this issue.

My opinion was then, as it is now, that Apple should have cooperated with the FBI and assisted them to retrieve the requested data to see if there is any incriminating evidence. Apple refused, citing 1) they do not have the ability to unlock the phone (which I thought was nonsense), 2) if they could, they would not because it would be a violation of privacy policies, and 3) it would compromise their OS integrity across the board.

I am not going to rehash the issue here because my position has not changed. Basically, my argument was, and is, that any such data should be treated as any other potential evidence (video, recorded conversations, wiretaps, etc.). Just because it is contained in a mobile device does not alter the basic premise that evidence should be accessible under legitimate conditions. Data is regularly retrieved from other types of computers, is it not? And, there is as much private data on these devices as a phone, on any given day.

We have many safeguards in place when it comes to evidence gathering and it makes no sense that digital data has any more, or less, special privileges than any other potential evidence. Privacy is a big thing, nowadays. However, it seems the arguments over privacy morph to suit the particular case. That, however, is a discussion for another day.

Back in 2015 when the San Bernardino, California, incident occurred, it brought to the center of the radar screen, the central issue of privacy versus evidence. That was in the days of the Obama administration. I do not recall that administration getting into the fray. Conversely, this administration has seen fit to tell Apple what to do.

I find this objectionable. This president has shown us, over and over, what a busybody he is when it comes to issues that are not really significant enough to warrant Presidential concern. The nuances of privacy vs. evidence are way over the head of the current administration and it should be left to the powers that understand its complexity. Trump, and now his attorney general, William Barr, hear something and suddenly, they are experts in what everybody is supposed to do.

What makes this even worse is the implication that Apple owes this administration, and it is “demanding” that Apple salute smartly and say “yes sir, happy to pay back the favor!” Hmmm… seems we have come to a place in this political environment where it is not about what is right, but about favors and payback – the kind where we have treated you special so now you must return the favor. And if you do not, it will affect how we treat you in the future – my, what an upstanding and moral compass this administration has.

I guess since Trump can blackmail the Ukrainian government by threatening to withhold aid, he believes the same tactic will work with U.S. companies. He implied that since he is helping Apple and giving them dispensation (although so far what I have seen is not all that impressive) on trade and so many other issues, they are supposed to roll over and obey his every whim.

What continues to bother me (and I am not alone) is how woefully ignorant Trump and Barr (and most other legislators) are when it comes to technology. Rather than pass the baton to those that understand this, they believe it is as simple as saying it and it will come to pass.

In the end, I must side with the government on this one, empirically, but not without reservation of methodology – not the approach, but the principle. On the other hand, I understand the implications of giving the government, especially this administration, ANY capabilities to access private data, especially what it is asking Apple to do concerning back doors.

The administration’s demand is that Apple create a “back door” that “authorized” agencies have access to – bad idea (see my article on back doors in fall 2019 issue of Applied Wireless Technology; www.aglmediagroup.com/?s=backdoors).

I must agree with Apple that such a solution would weaken the code and allow for all kinds of other bad actors to get into the game.

It is time to revisit how such data plays in the criminal and legal arenas. Some say that this data is no different than any other type of evidence and comes under present evidence gathering rules and regulations. Others say that such data, and the way it is collected requires new policies since it is more tightly bound to private and critical data than typical evidence vectors (video surveillance and phone taps, for example).

No matter how this evolves, however, it is NOT a good idea to open any doors to governmental access directly (i.e. allowing them to access the data versus a third party extracting it) – especially this administration. I think it is time for data repositories to revisit ways to unpack data so that if there is data that becomes critical evidence in nefarious activities, it can be provided without compromising other private and secure data within the data pack.

FBI v. Apple – Let the Hackathon Begin!

Opinion

By Ernest Worthman

February 25, 2016 — I doubt anyone hasn’t heard of the chest bumping by both Apple and the FBI over the San Bernardino shooter whose cell phone is believed to contain evidence in the shooting there several months ago.

The fate of the first amendment is at stake; every phone will all of a sudden be able to be hacked; the Pandora’s box of big brother invading every nook and cranny of our lives will be realized – and all of this will happen if Apple helps the government hack a cell phone. This is what Apple’s Tim Cook, or Apple’s lawyer about what will happen if Apple does what the FBI wants. Never mind it is the cell phone of a terrorist – err, excuse me, a suspected terrorist, who committed one of the most heinous acts of terrorism in years.

But here is what is ironic about this. All of a sudden Apple is the champion in protecting your privacy. How come Apple, and for that matter the rest of the players in that game (Google, Microsoft, Yahoo, Facebook, the cable companies, MNOs and countless others) is taking such a staunch position to protect data privacy? After all, isn’t this exactly what they have been doing to us for years? Following everything we do. Catching our locations 24/7 and analyzing what we buy, where we buy it, how often we buy it, where we eat, what we eat…need I go on? Even our smart TV’s are spying on us!

The truth is that there isn’t a piece of silicon, an app, code, networks or system that can’t be hacked, given enough resources (read, money). In a recent conversation with a contemporary in the hardware security business he presented the case that the government can easily hack that phone, but the price tag is about a million dollars. Heck the government wastes that much money on all kinds of ridiculous and frivolous actions. For example, the NASA spends close to $1 million per year developing a menu of food for a manned mission to Mars even though it is being projected that a manned mission to Mars is still decades away. Another one is that the federal government spent $750,000 on a new soccer field for detainees held at Guantanamo Bay. We all know that list is endless. So what is the big deal about the FBI spending the million dollars and telling Apple to pound sand?

And Apple’s position is about the slippery slope that such government overreach would establish for the future, and that the 2014 change in its OS makes it so Apple can’t get into your phone via a backdoor…well, I’m not buying either of those, either.

I guess if I were Tim Cook, I’d be a bit miffed that the FBI wants Apple to create a special program to create forensics for the FBI, without any compensation. But c’mon Apple, you have more money than God…are you forgetting about the real issue?

If this were the terrorist’s bank account, they would have the data in a minute. Same with phone records, or any other data, with the full cooperation of the any entity that has it. Corporate data is subpoenaed all the time. I just don’t believe that Apple and the FBI can’t, rather easily, just hack this one phone without jeopardizing the entire device infrastructure.

So what is it? is this one of those quintessential situations of government vs. corporate. Is Apple using the guise of privacy to see if they can beat the government; to see who is the more powerful? And is the government feeling its manhood is being challenged because Apple refuses to obey a legitimate subpoena? Seems there is something going on here we really aren’t privy to.
Bottom line…my position is that I want Apple to cooperate. Why, what if it were one of your loved ones that died that day. Wouldn’t you want the law to find every piece of evidence to bring such an evil person to justice? I know I would.

In the end, I think there will be a behind the scenes agreement between the parties that will give the FBI the ability to unlock the phone and no security will be compromised. Heck FBI, just give Apple the million dollars…that should make Tim happy, you get to unlock the phone and all that extra testosterone can be mopped up.

Let me know what you think.

Warrantless Searches are not Okay

By Ernest Worthman, Executive Editor, AWT magazine, Senior Member, IEEE

Ern’s Perspective

Worthman

History has a way of repeating itself. Indulge me for a moment in this missive. I want to build a case for what I am about to pen.

Back in ancient times (the 1930’s), in Germany, an economic situation existed like what we are experiencing amid the current COVID-19 crisis. Their situation was the result of the Great Depression, brought on by the Wall Street market crash of 1929.

Unemployment was soaring (as high as 30 percent), inflation was ramping up, food was scarce, Germany’s industry was working at 50 percent of its capacity, and unemployment funds were mired in politics. And the German people were getting restless and looking for a change. On top of that, the general populous was unhappy with what they saw as a weak government run by a weak leader (Heinrich Brüning, a conservative German statesman who was chancellor and foreign minister at the time).

Such conditions set the stage for change. For Germany, it was the ideal time for a charismatic leader, a powerful and spellbinding speaker, to emerge. That leader was Adolph Hitler, who became the new Chancellor in 1933. While this, in and of itself, did not give him absolute power. It was the beginning and following were several dramatic events that brought him to full power. Eventually, he passed what was called the “Enabling Act, which made him the dictator of the country and allowed him to ignore the constitution and to give his decrees the power of law (sound familiar)?

And, as much as the world despised him, he was shrewd and capable individual, able to understand what was going on amongst the people and capitalize on it. He gained popularity by touring the country making promises of employment, prosperity, order and a return to “glory” (again, sound familiar)? Because he was such a riveting orator, his speeches were mesmerizing and easily swallowed by the general populous who followed him, regardless of what others were pointing out as false promises and undeliverable. (again, sound familiar)?

He implemented policies to bring prosperity back. Some of them included public works projects funded by deficit spending (another sound familiar), redistribution of wealth, and finding a scapegoat for the country’s ills (the Jewish population then, vs. the Democrats now). There was curtailing of civil rights (this government’s reticence to protecting privacy). Police powers were amped up to where searches and seizures were no long illegal, and arrest could be made without warrants (hopefully, that will never occur here). And, his primary goal was to rebuild the country’s military might (a goal of Trump’s, as well).

This does have some eerie overtones of the present administration. And, I do not want to drone on with comparisons. But the fervor with which this president issues executive orders that trample legislative directives and overturn bipartisan policies and our constitutional rights are raising the hairs on the back of my neck. His interpretation of emergency powers extends far beyond what they are intended to do. And, the endless means he is willing to go to under the guise of “making America great again” is frightening.

As well, Trump considers some of the more nefarious world leaders today (Russian Premier Vladimir Putin and North Korea’s Kim Jong Un) as friends, as did Hitler with his allies, Fascist Italy, and Imperial Japan.

Ok, so much for the history lesson. Of course, times are quite different today, as are circumstances and conditions. However, there are certainly some alarming similarities between the two leaders.

The motivation behind this missive is that I recently received a feed with information along the lines that the Republican Senate has voted to extend the powers of intelligence authorities to search browser history without a court warrant. It still has to wrangle its way through the rest of Congress but, that the Senate would authorize it in the first place is my point.

While this warrantless search authorization may seem like a small blow for citizen privacy, couple this with some of the other actions taken by this president, and his henchmen in the Senate, and some alarming trends are emerging.

The years have seen myriad legislation passed in the name of national security – most of it warranted, such as the Patriot Act. However, it was passed with a much kinder and gentler group of individuals in charge with a much better respect for individual rights. Something that this administration and the Senate seem to think is no longer necessary – shades of Chinese and Russian governments!

Drilling down a bit, the original warrantless powers were part of what was called the Foreign Intelligence Surveillance Act (FISA). That act expired a couple of months ago and was supplanted by the USA Freedom Reauthorization Act. It is a renewed effort by this administration to allow government spying capabilities on U.S. citizens, among other rights-eroding languages, and implement, what are looking like, more and more imperialist government actions (looks like the National Security Agency (NSA) is back in the homeland surveillance business). The unconstitutional surveillance program at issue is called PRISM, under which the NSA, FBI, and CIA gather and search through Americans’ international emails, internet calls, and chats without obtaining a warrant).

We should worry. There have been many attempts in the last couple of years to erode citizen privacy. For example, back in 2017, the Senate voted 50-48 to kill off consumer broadband privacy protections using the Congressional Review Act. There are others. This was just a handy example. However, the extremely slow progress of Congress to move on privacy legislation, which by all common sense is a long overdue no-brainer, is an overarching concern.

I do agree that authorities should not have to spend time trying to justify a warrant for every trivial, slightly suspicious pittance of data of which they become aware.

I disagreed with the position Apple took, and agreed with the position the government took, over the data stored in a suspected terrorist’s smartphone in 2015.

In this day and age, threats are everywhere, and we need to be able to vet them with speed and efficiency. Obtaining warrants for every little blip makes that difficult.

The qualifier that is necessary for this, however, is a degree of anonymity. That too should be a no-brainer.  Data can be perused by authorities, but it needs to remain anonymous unless there is strong evidence that it is harmful. If suspicious data is encountered, and further investigation is warranted, it must first be vetted as valid. If there is then further reasonable suspicion, warrants must be obtained first. An exception would be if irrefutable evidence indicates an immediate threat and taking the time to obtain a warrant will increase the significance of the damage.

The rest of the data not deemed suspicious (which is the bulk of it) should be purged immediately and not housed in some obscure government vault beneath the North Pole. To me, that is a reasonable compromise. That protects individual privacy and still allows for a sensible measure of security.

However, what this administration and the Senate are up to frighten me. It is beyond the bounds of our democratic government’s acceptable behavior. It has slowly, and deliberately, worked on eroding privacy that we have worked so hard to insure. All I can hope for is that soon, cooler heads will be in charge and we can return to having respect for individual’s rights and privacy and find the modern age sweet spot between oligarchy and chaos.

With Great Technology Comes Great Responsibility

By Ernest Worthman, AWT Executive Editor and IEEE Senior Member

While I am not a fan of the kind of tech reporting pubs like the New York Times does, once in a while they actually produce a story worth reading. Such was the case, recently, when they penned a piece about Australia enacting a law that empowers the authorities to compel tech giants to create ways around the encryption built into their products.

This has been a touchy subject for some time. We all know that the issue of privacy versus individual rights has been around since the beginning of modern civilization and has been run though all kinds of trials and tribulations. We think we have a handle on it, when, all of a sudden, a new scenario emerges.

Perhaps what made a big mark on this was the issue, a couple of years ago between Apple and the FBI, around potential evidence in a suspect’s locked phone. I will not go into the details because there was a plethora of coverage around this. Just search on Apple vs. the FBI if you want to know more.

Since then, we have seen a widening of the debate as to, exactly, who should be able to access private data, and under what circumstances. And, if phone manufacturers can, or should, be compelled to use their “backdoor” access capabilities to assist legal and proper recovery of such data.

There are two distinct camps here. One says that law enforcement, with adequate safeguards, should have the right to access private data that can have a bearing on criminal investigations. The other side says that this should never be allowed because of the potential for abuse.

In the Apple/FBI case, Apple claimed that they did not have the ability to access a user’s phone data. Even if they could, Apple noted that such a move had the potential to compromise millions of other users’ phones.

I called nonsense on that then, and I still do today. I do not know of any chip or device manufacturers who do not build some type of OEM access port or system into hardware for backdoor access (even Intel does this with processors). It is a valid design criterion that serves multiple purposes, from patching to upgrading. And, it will (and should) continue. But that is not the issue. The issue is, who has a right to use it and when.

Things change in the progression of the human race. To wit, the many translations of the original constitutional amendments. A classic case is the second amendment. It was NEVER intended to enable citizens to own 50 caliber machines guns mounted on jeeps. There are those who would argue that the amendments should be translated, periodically, to take into account advances in civilization and be interpreted to fit those advances. That is one of the most used arguments for the expansion of firearm ownership for better, or worse.

OK, back to technology. If that argument is considered valid, it should support that the march of technology has presented many new issues never envisioned even a couple of decades, certainly centuries, ago. One of those revolves around privacy and its effect on safety and security. Hence, the argument over the right to access private data in today’s environment.

Before I go on, I am of the position that, with adequate safeguards, law enforcement, and bona fide security agencies, should have the right to retrieve potential evidence or other critical data from electronic devices deemed related to security issues. Now, before everybody goes off on me, I reiterate, the adequate safeguards. What that means to me is that there has to be indisputable justification for such actions.

Therefore, I am glad to see a country move in that direction. The Australian government has just enacted a law that allows law enforcement authorities to compel tech-industry giants to develop methodologies to circumvent the encryption built into their products. While this applies only to Australia it has the potential to set a precedent with global impact.

Now the battle begins. Tech companies have argued for decades that unbreakable encryption is an imperative part of protecting the private communications of their customers. There is no doubt that such safeguards are necessary and warranted. But the extent to which these tech companies argue the issue is too broad.

This is no longer the era of only physical evidence. Much evidence is virtual — computers, phones, digital assistants, digital video/audio, etc. And having to struggle to obtain such evidence or data makes it difficult, or even impossible, for them to gain access to things such as online discussions of crime suspects, particularly in time-sensitive or terror investigations.

There are protections within the Australian law. For example, authorities cannot demand universal decryption capabilities or introduce system-wide weaknesses. Apple replied that it is impossible, for example, to create a workaround for one iPhone’s encryption without potentially introducing something that could work for all of them.

That is nonsense. My experts tell me it is not that difficult to develop a back door that, if properly implemented, can be unique to individual devices. Compromising one device will not create a system-wide breach potential.

Immediately, of course, the hand-wringers weighed in. Apple officials called the law “dangerously ambiguous” and “alarming.” Mike Cannon-Brookes, one of the founders of Atlassian, a business software company that is among Australia’s biggest tech companies said, “All of Australian technology is tarnished by it.” And Sarah Moran, whose Girl Geek Academy teaches young women to code in Australia  said, “Why would I tell young girls to go build tech here if there’s not going to be any tech industry.” Huh? How does this law instantly dissolve the tech industry?

Australia is not the first to do this. Great Britain has something similar, but it is not as comprehensive.

For a long time now, tech companies, fearing something like this was on the horizon, argued that they cannot be compelled to create tools for breaking the encryption in their products. Their argument is based in their belief that code should be considered a form of “free speech” and protected under the First Amendment – seriously?

There are some far-reaching implications here and lots of unknowns such as to whom it will apply. For example, will it apply to anyone in the chain who touches the data such as communication providers, websites, any service that supplies or forwards data to an end user?

Initially, the thought was to target smartphones, digital assistants and social media. But the implications go much wider when one drills down.

The law has teeth, as well. Non-compliance can result in asset seizure as well as the possibility of executives being jailed for contempt if they refuse to comply.

There are myriad lower tier issues, as well.  For example, what would be the bounds for disclosure with unwitting individuals around subversive or other criminal data outside of the intended participants?

While this is a slippery slope for all to tread, it is a step in the right direction. It is not fair to the innocent to tip the scales so far in the name of privacy that the nefarious elements are allowed to conduct illicit and criminal behavior knowing what they do and say cannot be uncovered. Privacy is not all inclusive! We have a right to protect the innocent by using any and all legal means to do so. Sometimes laws just have to change to keep up with the times.

Opinion: The Hubris of Ignoring Hacks

October 4, 2016 — 

Ernest Worthman

Executive Editor
AGL Small Cell Magazine

 Remember back a few months ago when all the hoopla about the privacy case chest thumping going on between Apple and the FBI, and a few other federal entities over that locked terrorist’s iPhone? While that wasn’t over any security breaches, it did bring up an interesting enigma.

There has been an uptake in high-profile security breaches lately –  hacking the political parties, Facebook, Myspace, now Yahoo. And there is talk that elections may be hacked. The list goes on and will continue to go on. But how come, when that Apple-FBI spat was going on, Apple, Microsoft, Google, Yahoo, Facebook, and countless others all came out in support of Apple’s right to protect privacy.

That conflict brought to the surface the hypocrisy of these companies and how they often have a double standard. After all, isn’t compromising our privacy exactly what they have been doing to us for years? Following everything we do. Catching our locations 24/7 and analyzing what we buy, where we buy it, how often we buy it, where we eat, what we eat…need I go on?

Originally, Apple claimed unlocking the phone will put millions of devices at risk for hacking. Yet for years Apple, and the rest of these hypocritical entities have been snooping around our computers, phones, tablets etc. And not once did they tell me they were doing, because the permission I “gave” them to do so deep in the EULA where no human could possibly stay awake long enough to find it.

And, behind the scenes they are developing the ability to capture even more data – Big Data. These same privacy advocates will take this Big Data and analyze it a million different ways. Next, they sell it to any number of retailers who can now send us every conceivable item, offer, discount, vacation, food, restaurants…yada yada at exactly the right time.

Yet, at their convenience, they have all seemed to reverse their philosophies over that one incident. And no one called them on it. And, not that the government is blameless, either. But at least they admit it when they get caught (most of the time, anyway).

Every one of my professional contacts, in the silicon business, have told me the same thing, and more than once. There isn’t a piece of silicon, an app, code, networks, or systems that can’t be hacked, given enough resources (read, time and money). When that occurred, a security expert told me that the government could easily have hacked that phone, before the failsafe 10 tries is exceeded and the phone wipes the critical data. But the price tag was about a million dollars, using zero-day vulnerabilities, but I can’t see it being about the money.

Another one of my close sources, who designs cryptography chips, says that every chip manufacturer keeps a doomsday hack that can be used to access their chips if it becomes absolutely necessary, no matter what they say.

But, this was a special case. The FBI didn’t want this data because it was bored. Wasn’t that data potential evidence in a criminal case – and an especially heinous case at that?

So was that epic government vs. corporate battle? Is Apple testing the water, under the guise of privacy, to see if a company has finally become more powerful than a government? And is the government looking to assert its power and rights to breach security at any cost? An interesting paradox, in any event, no matter what the reasons were at the time.

One of my sources says that it is about the government bullying Apple. Had they ask nice, Apple would have been more than happy to help. Personally, I doubt that. Apple is an arrogant company that has a highly overrated, fabricated, and elevated opinion about themselves (unless you’re an Apple groupie). I know I worked with them for years until the turn of the century. They aren’t going to change their snooping spots no matter how much attention is paid to them (nor are any of the other organizations for that matter).

I revisited this because there has been no change in anything. TV’s that are capable of listening in on your conversations and watching what you do on your personal electronics, without you knowing it, for example, are still legal. Your personal data isn’t any more secure today than it was last year. In fact, it may even be less secure. As wireless devices get more and more sophisticated, as vehicles become another link in the wireless chain, as everything from socks to cities become smart, every wireless device will broadcast everything you do in the name of preemptive convenience. And Big Data will be able to make sense out of all the superficial data.

So here’s the thing. That incident could have brought a lot of security issues to the surface. It could have brought security to the center of the radar screen. But somehow, once the phone got unlocked, all of that went away. Why? Because security is expensive – from phones to vehicles, to the cloud and the internet of anything/everything (IoX). And, the wireless industry is still way behind when it comes to security.

How many high-level security breaches is it going to take before wireless finally takes security seriously?