Apple v FBI – What supporters are saying

I’m a big fan of Techdirt, I think that they do some really great work in digging into the shit going on around technology, policy, and laws. They put together a nice read through of the amicus briefs supporting Apple in the case against the FBI. They read through the 20 briefs and pulled out some really interesting gems, such as the fact that this software the FBI is trying to force Apple to produce will likely be flawed and insecure because it won’t go through all the proper QA processes that normal software will go through. They will likely try to just break the part that the FBI is requesting without changing much else, which means they won’t really thoroughly test the impacts on other parts of the OS.

Techdirt also has looked through the briefs supporting the FBI. These ones actually undermine the FBI in a few ways. First, other law enforcement groups essentially throw out the illusion of one phone. In fact the Manhattan DA is planning on using the compromised iOS to get into something like 120 iPhones. They will likely use this precedent to force Apple to write comparable versions of the OS for the newer versions of iPhones that this break isn’t expected to work on.

The last brief is from the DA in San Bernardino which really shows that this truly is a fishing expedition. They are worried about a “cyber pathogen” which is pretty crazy, because there is no reason to really believe anything like that would even exist. The DA also raises the specter of a third shooter even though there no evidence of it and there’s clearly never been a third shooter. Simply speculating that these things are there and making up more reasons to break the encryption of the phone when there is no evidence to support any of these speculations doesn’t provide more weight to the argument. In fact, it likely casts further doubt on the likelihood of finding anything useful on the phone. Truly showing that this is a waste of time and effort.


Privacy, Government, and Business

This week there were two big moments for privacy. First, was a ruling by a court that Apple had to unlock in some manner, call it decrypt or creating a backdoor into this specific phone. Second, was the fact that Apple, and now Google, has given the state a big middle finger saying “No!” These are important because of the gravity of both of these. The FBI is using “The All Writs Act” something from the 18th century and definitely not written to support dealing with difficult technological issues on technology that would appear to be magic to the author’s of the act. This is definitely stretching this law to its limits and likely beyond what is realistic, but it sets a precedence which is dangerous. The second part is important as both of these companies have been working with the government to provide data to them in the past.

While both of these companies are standing up to the government is great, it’s not enough. With a limited number of powerful players, it’s only a matter of time before they lose to the government or be threatened in some way that will require them to play ball with the government. On the other hand, smaller companies won’t have the money to fight the government, so even if you want to support a smaller company with privacy as its core values, there is no guarantee that they will be able to follow through. Furthermore, if the government forces the company to re-write its operating system, like Apple effectively has to do, the company might go bankrupt. With a precedence set by the Apple decision, a small phone company like Silent Circle and their Blackphone, would be forced to capitulate unless they were able to show that this was unduly burdensome.

The other issues with this case is that businesses are only fighting for what is “right” here because it will help them improve their bottom line. Of course, they are also fighting for their own personal privacy as an employee of the company and consumer of its products, but the goal is to improve profitability. Across the world it has been shown that privacy and protection from agencies like the NSA (US) and GCHQ (UK) is something that people are willing to pay for. Apple learned this from Blackberry during the Arab Spring – they emulated the encryption of the Blackberry Messenger with their iMessage application. This help transition some of the last hold-outs to Apple and eventually spurred other similar apps.

I believe it is likely that the Electric Frontier Foundation will be a strong advocate for Apple, so if you want to support Apple in their battle with the government I recommend donating to the EFF, especially if you don’t support Apple for its other business practices. I know I will.

Privacy and Public Places

Privacy is a tricky thing, there’s privacy of your home, expectations of privacy around mail, privacy related to digital devices, privacy in your car, and privacy in even more public places – each one of them we have different understood or assumed levels of privacy. These maybe different from person to person, but generally we assume in certain places that we’re pretty safe from being eavesdropped on. Furthermore, even though we often talk or talk on our phones in public we expect them to be relatively safe from being overheard, because most people simply don’t care about what we’re saying.

In the public there are some clear rules about what is free for police to inspect and what is not public. For example a police officer can listen to your conversations if they have the right equipment. It is possible for the police to photograph you as well whenever you’re walking around in public. Another place that is mostly a public place is actually your car. If anything is clearly visible on the seats through the windows it’s considered public. However, if something would be in your trunk or glove box the police officer cannot search it unless you give them permission, they have probable cause, or they have some sort of a warrant.

Recently the police and FBI have been using something called a “sting ray” which is effectively a middle man attack between your cell phone and the cell phone provider. The FBI believe, according to recent filings, that a stingray is something that they should be able to use in public without requiring a warrant. They argue that since the person on the cell phone is speaking in public they should have no expectation of privacy.

I think that this raises a lot of concerns. First, even if the sting ray is deployed in a “public” place there are definitely places that you can expect privacy. For instance if you live above a series of bars the bulk of the people that would be hit by the sting ray would likely be in a public place. Even areas that are mostly park still have areas that are private or might even be residential. For this to be even close to realistic the FBI would have to 100% certain that ever person possibly impacted this is in a public place.

Personally, I don’t think that this argument will fly. I believe that this is very similar in terms of technology used and methodology as GPS trackers on cars or more similarly is the GPS information from cell phones. Even if you are using a third party application or technology you still have the expectation of privacy. I believe that this should hold in this instance as well. You’re expecting your communication to be secure between your phone and the cell phone provider without anyone listening in.

I seriously hope that the FBI loses this, because I find the fact that using a technology like this to intercept my cell phone calls from going to the cell provider to be terrifying and if a similar technology was used by any one other than the authorities, they would be on charges for computer fraud and likely put in jail for a very very long time.

FBI double downing on encryption horrors

Last week I wrote about how the Washington Post was being irresponsible by arguing that phone encryption was a greater risk than a benefit for citizens. Because the BAD GUYS or evil people would take advantage of it. Only a few days ago the director of the FBI doubled down on these statements saying that “phone encryption will take us to a very dark place.” Furthermore, the scare mongering examples he provides, cell phone data provided no help nor would have encryption been any sort of hindrance in the investigation.

Phone encryption will more likely force governments and the police to actually get warrants to search phones. As with Passwords courts can order a suspect to hand over encryption keys, in cases where the police don’t have enough evidence to earn a court order they are expected to crack it on their own with their own computer experts. This will likely lead to something of an arms race between police and encryption writers, but that’s already been happening for years.

I think that this is about something bigger than phones though. Once your average computer user has been educated in encryption for phones and loses their fear of encryption, they will likely look into encrypting or expecting their computers to come encrypted. Since phones are fairly easy to hack it makes sense to start with those spaces. However, with the massive amounts of computer leaks at companies lately, it’s likely that Microsoft will begin to encrypt their operating system, eventually consumers will expect it on their personal computers. Laptops and tablets are extremely easy to steal. With encryption it makes the theft a lot less valuable as they have to completely wipe the computer and will be unable to extract any data that might be used for identity theft.

The final end effect might be that users will have true end to end encryption. Which will make it much more difficult for the FBI, CIA, and NSA to spy on ordinary Americans. The end result of phone encryption might actually be that overall Americans have dramatically improved privacy from other Americans, businesses, and governments (not just the American government).

This is why the FBI is terrified.

Phone Encryption

It’s been announced that both iOS and Android are going to have fully encryptable phones which will be a huge boon for our 4th amendment rights. As well as to protect us from more mundane things like theft or simply losing your phone. Our phones these days contain as much or more personal information as our computers do these days. The average person doesn’t have any sort of two step authentication on their personal accounts on their phones. In most case people do have some sort of password protection to get into the phone, but once in it’s fairly easy to get into many applications.

For end users there’s nothing better than having a stronger security measures as in many cases companies poorly manage their security. This can be highlighted from the past week of exploits and those celebrity pictures. Encrypting phones might not prevented the celebrity leak, but in many cases it could. It’s believed that some of the hacks of Paris Hilton years ago came from hacking her phone through a BlueTooth connection, so a fully encrypted phone may have protected her from that hack.

All these things are good, however, the Washington Post has decided that this encryption is a risk to public safety because it will help criminals. This is the exact same argument that people make against BitCoin and full disk encryption. BitCoin ended up spawning SilkRoad, which has been shut down and it’s more likely that more crime is committed with dollars rather than Bitcoin. Full Disk Encryption has been used by both criminals and the more technical savvy. With the recent changes where the government can simply take your laptop at boarder crossings without any sort of warrant. Which means anyone at anytime that could have been flagged by the NSA could have their computer searched at will.

It’s more likely that encryption will protect an average person from an arbitrary search than protect a criminal. It’s likely that without everyone being encrypted, having your computer or phone encrypted would have been a huge red flag, however, with these recent changes that can’t happen. Meaning the average person will be safer as well as the fully legal with nothing to hide security conscious individuals.

The Washington Post, FBI, and other agencies are wrong. Fully encryption on our phones protects our privacy, improves our fourth amendment, and give us more control over our own devices. If the FBI and the US government is successful in creating a backdoor the encryption will be worthless and the put us more at risk as we’ll have a false sense of security.