Privacy, Government, and Business

This week there were two big moments for privacy. First, was a ruling by a court that Apple had to unlock in some manner, call it decrypt or creating a backdoor into this specific phone. Second, was the fact that Apple, and now Google, has given the state a big middle finger saying “No!” These are important because of the gravity of both of these. The FBI is using “The All Writs Act” something from the 18th century and definitely not written to support dealing with difficult technological issues on technology that would appear to be magic to the author’s of the act. This is definitely stretching this law to its limits and likely beyond what is realistic, but it sets a precedence which is dangerous. The second part is important as both of these companies have been working with the government to provide data to them in the past.

While both of these companies are standing up to the government is great, it’s not enough. With a limited number of powerful players, it’s only a matter of time before they lose to the government or be threatened in some way that will require them to play ball with the government. On the other hand, smaller companies won’t have the money to fight the government, so even if you want to support a smaller company with privacy as its core values, there is no guarantee that they will be able to follow through. Furthermore, if the government forces the company to re-write its operating system, like Apple effectively has to do, the company might go bankrupt. With a precedence set by the Apple decision, a small phone company like Silent Circle and their Blackphone, would be forced to capitulate unless they were able to show that this was unduly burdensome.

The other issues with this case is that businesses are only fighting for what is “right” here because it will help them improve their bottom line. Of course, they are also fighting for their own personal privacy as an employee of the company and consumer of its products, but the goal is to improve profitability. Across the world it has been shown that privacy and protection from agencies like the NSA (US) and GCHQ (UK) is something that people are willing to pay for. Apple learned this from Blackberry during the Arab Spring – they emulated the encryption of the Blackberry Messenger with their iMessage application. This help transition some of the last hold-outs to Apple and eventually spurred other similar apps.

I believe it is likely that the Electric Frontier Foundation will be a strong advocate for Apple, so if you want to support Apple in their battle with the government I recommend donating to the EFF, especially if you don’t support Apple for its other business practices. I know I will.

FBI double downing on encryption horrors

Last week I wrote about how the Washington Post was being irresponsible by arguing that phone encryption was a greater risk than a benefit for citizens. Because the BAD GUYS or evil people would take advantage of it. Only a few days ago the director of the FBI doubled down on these statements saying that “phone encryption will take us to a very dark place.” Furthermore, the scare mongering examples he provides, cell phone data provided no help nor would have encryption been any sort of hindrance in the investigation.

Phone encryption will more likely force governments and the police to actually get warrants to search phones. As with Passwords courts can order a suspect to hand over encryption keys, in cases where the police don’t have enough evidence to earn a court order they are expected to crack it on their own with their own computer experts. This will likely lead to something of an arms race between police and encryption writers, but that’s already been happening for years.

I think that this is about something bigger than phones though. Once your average computer user has been educated in encryption for phones and loses their fear of encryption, they will likely look into encrypting or expecting their computers to come encrypted. Since phones are fairly easy to hack it makes sense to start with those spaces. However, with the massive amounts of computer leaks at companies lately, it’s likely that Microsoft will begin to encrypt their operating system, eventually consumers will expect it on their personal computers. Laptops and tablets are extremely easy to steal. With encryption it makes the theft a lot less valuable as they have to completely wipe the computer and will be unable to extract any data that might be used for identity theft.

The final end effect might be that users will have true end to end encryption. Which will make it much more difficult for the FBI, CIA, and NSA to spy on ordinary Americans. The end result of phone encryption might actually be that overall Americans have dramatically improved privacy from other Americans, businesses, and governments (not just the American government).

This is why the FBI is terrified.

Phone Encryption

It’s been announced that both iOS and Android are going to have fully encryptable phones which will be a huge boon for our 4th amendment rights. As well as to protect us from more mundane things like theft or simply losing your phone. Our phones these days contain as much or more personal information as our computers do these days. The average person doesn’t have any sort of two step authentication on their personal accounts on their phones. In most case people do have some sort of password protection to get into the phone, but once in it’s fairly easy to get into many applications.

For end users there’s nothing better than having a stronger security measures as in many cases companies poorly manage their security. This can be highlighted from the past week of exploits and those celebrity pictures. Encrypting phones might not prevented the celebrity leak, but in many cases it could. It’s believed that some of the hacks of Paris Hilton years ago came from hacking her phone through a BlueTooth connection, so a fully encrypted phone may have protected her from that hack.

All these things are good, however, the Washington Post has decided that this encryption is a risk to public safety because it will help criminals. This is the exact same argument that people make against BitCoin and full disk encryption. BitCoin ended up spawning SilkRoad, which has been shut down and it’s more likely that more crime is committed with dollars rather than Bitcoin. Full Disk Encryption has been used by both criminals and the more technical savvy. With the recent changes where the government can simply take your laptop at boarder crossings without any sort of warrant. Which means anyone at anytime that could have been flagged by the NSA could have their computer searched at will.

It’s more likely that encryption will protect an average person from an arbitrary search than protect a criminal. It’s likely that without everyone being encrypted, having your computer or phone encrypted would have been a huge red flag, however, with these recent changes that can’t happen. Meaning the average person will be safer as well as the fully legal with nothing to hide security conscious individuals.

The Washington Post, FBI, and other agencies are wrong. Fully encryption on our phones protects our privacy, improves our fourth amendment, and give us more control over our own devices. If the FBI and the US government is successful in creating a backdoor the encryption will be worthless and the put us more at risk as we’ll have a false sense of security.

We know that NSA is hurting tech companies – that’s a good thing

Snowden leaked his documents a year ago. We’ve been getting a slow trickle ever since. However, some of these documents are getting date and surely the NSA is doing more stuff than they had in the past. That being said, they are continually being surprised by a new document that’s released or another. They clearly haven’t fully figured out the full list of documents that Snowden managed to take. Furthermore, they haven’t learned anything by not changing the techniques that they currently use. The NSA should have systematically shut down every program that could have been possibly leaked and moved onto something different. They haven’t, which means that they don’t really feel they need to change anything unless we force them to acknowledge that they’re doing something Americans (and the rest of the world) don’t want.

Today the guy that founded Netscape (a Silicon Valley Venture Capitalist) thinks that the fact the Edward Snowden released these documents hurt US technology companies. He thinks that because we now know that the US government does bad things with OUR tech company’s technology before it reaches a customer is hurting our companies. He blames Snowden. This is the most assinine thing I’ve ever heard. Marc Anderssen should be pissed off at the US government and praising Snowden because NOW US tech companies can DO something about it.

This is what a good manager or leader does. They support and acknowledge the fact that a person raise the attention of a problem, used them to address the root cause of the problem, and move on to the next problem. This is what Lean process improvement is all about. You NEVER shoot the messenger, you shoot the root cause of the problem eliminate it and make sure it never comes back. Saying that Snowden is a traitor because he highlighted the fact that the US government is taking good companies work (Cisco) and add malware is counter productive. We need to know when anyone government or otherwise is intentionally trying to break the internet. I do not believe that Mr. Netscape believes that the person who leaked the TransPacific Partnership is a traitor – when they essentially highlighted a similar problem.

I also believe, that labeling Snowden a traitor implicitly removes any blame from those companies that are being harmed by the US government. In many cases those companies have bee fully complicit with not just the US government, but “rogue” states (Iran, China, and other oppressive regimes) as well as companies (like Comcast, TWC, etc..) through enabling deep packet inspection (which allows anyone to snoop at anything you do. All of these have to have been enabled by a US technology company. These companies found a benefit to their benefit by doing this.

Now other companies, like Google, WordPress, and others are trying to get around both of these by encrypting their data. I actually suggested this as a tool to get around data caps or fast/slow lanes (if all data is encrypted you can’t slow or speed up traffic). This will inherently force a more net neutral internet (baffling deep packet inspection) and defeating much of the tools of the NSA.

All of these are good things. We know this because of Snowden. We know that tech companies need to address problems that the NSA and other government agencies have caused. This is a cause for celebration not condemnation. We need more people like him so that the internet can continue to thrive and be an economic driver. Don’t blame the messenger, if the US government is hurting US tech companies, we need to know so we can stop that from happening.

Sponsored data and YOU!

This could be your lucky day, your cellular provider is going to start offering packages where certain content doesn’t cost you anything in your data cap. This is awesome. You can start streaming more and more video/music/whatever it is that you stream from your favorite services. However, not all of your favorite services will be free of data charge! So make sure that you tell your favorite service that YOU want THEM to sign up and make their content data cap free to you! All those service providers have to do is pay your cellular provider money to stop the data caps! No, seriously, AT&T wants to do this.

Is this a problem? I think it depends on who you are. For a consumer in some cases this is pretty awesome. Let’s say you love to watch video games being streamed on Twitch.tv by your buddies over at KBMOD and Twitch decides to pay money to prevent your data from being charged against your data cap. But you’re also a huge fan of MLG and MLG just decided to start their own Twitch competitor but they can’t afford to pay those same fees. Well, guess you’ll be only watching MLG from your PC or on wifi. Too bad your favorite shows are on while you’re not able to use Wifi though! O well, Twitch is there for you though!

This is a niche market obviously. Not everyone cares about watching someone play streaming video games or even streaming video games to your phone so you can keep playing a game you were playing from home. A lot of people care about TV and movies though. We can look at this as something that’s really analogous to what Comcast was trying to do to Netflix close to two years ago. In April of 2012 Comcast announced that its Xfinity streaming service would not be charged against your Comcast data caps while Netflix streaming service would be. Netflix’s CEO argued that this violated Net Neutrality because it provided preferential treatment to one source of data over another.

What is Net Neutrality? Well, there are two different arguments, which I discuss in a blog here, where one is saying everything must be treated equally, while the other one argues that there are nuances and we can treat data differently because we need to “Groom” our networks. Internet and network purists believe that you shouldn’t even be able to determine what the data is or what the source of that data is if you’re a point along the network, just where it most recently was and where it needs to go next. The only application that can read the data in the package is the application that requested it.

AT&T’s plan, similar to Comcast’s, is in violation of Net Neutrality and the FCC will step in to regulate this type of “service” because it’s, in the end, bad for the consumer. Unfortunately, there are limitations to what the FCC can do and even potentially what AT&T can do.

There has been much more of a push for encryption and it’s likely that these pushes may actually enable more of a return to the true meaning of Net Neutrality. If all of our data is fully encrypted, deep packet inspection tools (which tell if the data you’re getting is video, music, or whatever), won’t work very well as that information will be encrypted. Furthermore, if your application’s data is all encrypted and AT&T won’t be able to tell if your data is your data then there’s no value in paying for “privileged” data status from AT&T.

It’s one of the reasons why I’ll likely support company’s like Wickr, an encrypted Snapchat competitor, which told the FBI to screw itself when they were asked to put a backdoor into their encryption. It’s important that we work to protect our data and support companies that do so in terms of Net Neutrality and encryption.

What companies do you support that encrypt and fight for net neutrality?

The NSA, FBI, and Internet Security

Over the past few months we’ve learned a lot about how the US government looks at its own citizens. We’ve learned this through the actions of Edward Snowden. He’s done us a great service by forcing a conversation that the NSA and FBI didn’t want us to have. The NSA lied to the Senate recently by claiming that it never tracked US citizens through Cell Phones. We would never have known about these activities if it wasn’t for Snowden.

Snowden was using email to send information back and forth between himself and Glenn Greenwald. Since email is in one of those fuzzy gray areas of the law around data retention and government access to it this has caused a bit of a problem. It make things more difficult Snowden used an encrypted email service called Lavabit. It’s encryption was at such a level that when the FBI requested data from it, they were confounded and essentially attempted to blackmail (legally of course) the owner into handing over the encryption key. This would have effectively rendered the service these people were paying for worthless. They were paying to have their email traffic be secured from both public and private entities.

As we hear and more about how the US government has been behaving towards internet security, the more we’re learning that the NSA and other US agencies are doing their best to thwart it. They have worked with the NIST and weakened the encryption key they developed. The problem with these backdoors is that if it’s there for the “good guys” (whoever that might be) it’s also there for the “bad guys” (whoever that might be). This isn’t just general encryption keys, it’s things that we use every day without using it. Whenever we are using any website that includes “https” we are using a basic encryption protocol called SSL. Think about when you’re banking, you see the https. Google now allows you to use this when you send information to and from them. This encryption has also been broken by the NSA. This is our personal stuff and if it’s broken by the NSA it can be broken by other people. Now does this mean we’re likely to have a rash of new fraud cases or theft cases? No, as it’s been compromised for some time. However, people do know about it now and this of course is a greater cause for concern.

What can we do about this? Well, first, look into more secure encryption methods. I wouldn’t be surprised if Google and applications like HTTPS everywhere will change their algorithm in result. Second, contact your representative and your senator. I’m lucky my senator in Oregon is very vocal (Ron Wyden) not everyone is so please help inform your leaders. Third, buy from companies that you know haven’t given up data to the NSA, don’t use Facebook and the like and basically try to follow the great writing that Sean did several months ago over on KBMOD. He nailed it then and it’s even more pressing than before to keep up with security.