FBI hack to remain secret from Apple

The FBI has no plans to reveal how they hacked the San Bernardino shooter’s iPhone, not even to Apple.

In March, the FBI announced that they would be dropping their case with Apple after having purchased a hacking tool from a third party to aid in breaking into the phone. Apple had cooperated with the FBI, but would not create new firmware to break their own encryption. The high profile nature of this case brought the debate about privacy and security to the national stage. Although there was a judge assigned to rule on the case, the FBI’s purchasing of a hacking tool put the need for a ruling to bed.

Since then, the FBI has been mum on how this hacking tool was able to be successful and how it works. Prior to purchasing the tool, the FBI insisted that it needed Apple to update the firmware in order for them to do a hack on the shooter’s iPhone. The security on iPhone only allows 10 consecutive attempts to break the passcode before all data is erased on the phone.

Apple has a vested interest in understanding the hack, because the tech company would want to patch any vulnerabilities that allowed the FBI to use this tool to access the iPhone.  Hacking into this iPhone will make all iPhones vulnerable to the same sort of attack, which ultimately puts many iPhones around the world at risk.

An Apple attorney has stated that the company has no plans to sue the government to reveal how the San Bernardino iPhone was unlocked.

The government already has policies in place, called theVulnerabilities Equities Process, which governs disclosure of security problems to companies. This policy is notoriously shrouded in secrecy, but the government is generally supportive of vulnerability disclosure in order to ensure that vulnerabilities are not exploited by malicious hackers.

The FBI has found success with this tool, but it doesn’t mean that they are in a place to support vulnerability disclosure. The agency has already made plans to argue that it does not know enough about the hacking tool that it purchased to substantively explain how it works. FBI director James Comey has revealed that his agency spent more than $1 million to obtain the tool.

Article via TechCrunch, 26 April 2016

Photo El FBI no necesita a Apple para desbloquear un iPhone by iphonedigital [Creative Commons Attribution-NonCommercial-NoDerivs]

 


FBI hacks another iPhone, iPod

After all the stink made by the FBI about getting Apple to hack the iPhone, last week the FBI hacked the iPhone themselves. There are still no details on how the FBI was able to complete the hack. Their original request stated that they were in need of Apple’s help in order to avoid permanently erasing the phone. Now that there has been one successful attempt, the FBI is ready to hack again, this time for a murder case happening in Arkansas.

Cody Hiland, a prosecuting attorney in Faulkner County, told the Associated Press on Wednesday that the FBI had approved a request from his office and the Conway Police Department to crack an iPhone and an iPod. The devices belong to two teenagers that are being accused of murder. The day after the FBI announced that they had hacked the San Bernardino shooter’s iPhone without Apple’s assistance, an Arkansas judge agreed to postpone the trial of 18-year-old Hunter Drexler. Prosecutors in this case believe the devices may hold evidence related to the murders last July of Robert and Patricia Cogdell.

The actions of the government may be setting a dangerous precedent. Apple’s concern over hacking their own devices laid not only in their integrity as a company, but the privacy expected by their users. Now that the FBI has hacked the San Bernadino shooter’s iPhone, and helping to do the same for other cases, there will be an expectation that phones and devices will be unlocked for trials in the future. This Arkansas case is not the only request. A Justice Department request to unlock an iPhone linked to an accused drug dealer in New York was denied in February, but the department is appealing that decision.

All of this leaves Apple in a bad position. No company wants their devices hacked, even if it is the government doing so in the name of justice. Since we don’t know how the government unlocked the phone, it is likely that their method may end up being used by hackers and criminals. This would put all iPhones at risk and challenge Apple to continue to prevent decryption attempts in the future without all the knowledge of how these phones are being hacked.

Article via CNET, 30 March 2016

Photo: iPixel by Francis  [Creative Commons Attribution-NonCommercial-NoDerivs]


Obama bans slave products

Last Wednesday President Obama officially placed a ban on goods imported into the United States that are produced by slave labor. He signed a bill that includes a provision that bans imports of fish caught by slaves in Southeast Asia, gold mined by children in Africa and garments sewn by abused women in Bangladesh. This closes a loophole in an 85 year old tariff law that failed to keep slave produced products out of the U.S.

As long as domestic production couldn’t meet demand, the government has turned a blind eye to companies exporting these goods. The bill may be a game changer for U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement, the agencies responsible for preventing goods derived from slavery from entering the country. Last year, an exposé by the Associated Press found Thai companies were shipping seafood into the U.S. that was caught by enslaved workers. As a result of the reports, more than a dozen alleged traffickers were arrested, millions of dollars worth of seafood and vessels seized, and more than 2,000 trapped fishermen have been rescued.

“The old system that leaves the door open to child or slave labor if it’s used to make a product that isn’t made here in the U.S. — that system absolutely must end, and it will,” U.S. Senator Ron Wyden, an Oregon Democrat who spoke against the loophole on the Senate floor, said in a statement.

The legal gap has been in place for so long that politicians who pushed for the change aren’t exactly sure how it will affect businesses cited by human rights groups or the agencies responsible for blocking goods derived from slavery.

“Ending this provision gives those fighting forced labor the confidence they can challenge imports of these products without fear of being undermined by an archaic and outrageous provision of U.S. trade law,”  Keith Chu, a senator who voted for the bill,  said in an e-mail.

Sen. Sherrod Brown, D-Ohio said Wednesday that his office is already asking U.S. Customs and Border Protection to ensure they begin enforcing the new rules when the law takes effect in 15 days. “It’s embarrassing that for 85 years, the United States let products made with forced labor into this country, and closing this loophole gives the U.S. an important tool to fight global slavery”.

 

Article via Mashable, 25 February 2016; Mashable,12 February 2016

Photo: White House Maker Faire (201406180003HQ) by NASA HQ PHOTO  [Creative Commons Attribution-NonCommercial-NoDerivs]


Facebook exec arrested in WhatsApp case

Facebook is becoming the next tech giant to spar with law enforcement over privacy concerns.

Diego Dzodan, a Facebook executive, was arrested by Brazilian federal police on Tuesday for “repeated non-compliance with court orders”, according to a statement released by police. Brazilian police want information from a WhatsApp account that is linked to a drug trafficking investigation. WhatsApp is a messaging service that is used monthly by more than 1.5 billion people worldwide. Dzodan was taken into what the Brazilian police call preventative prison and could be held for a week or more.

Facebook wants to ensure that it maintains the privacy of its users from government intervention. In WhatsApp’s case, the company may not be able to help Brazilian authorities because it does not store users’ messages. In addition, WhatsApp is undergoing increased end to end encryption, which will make it even harder for the company to turn over user data. WhatsApp said in a statement that it disagreed with the Brazilian authorities on the case. “We are disappointed that law enforcement took this extreme step,” the messaging business said. “WhatsApp cannot provide information we do not have.”

Facebook, which bought WhatsApp in 2014 for $19 billion in 2014, condemned the Brazilian government’s move releasing this statement:

“We’re disappointed with the extreme and disproportionate measure of having a Facebook executive escorted to a police station in connection with a case involving WhatsApp, which operates separately from Facebook,” a spokesman said. “Facebook has always been and will be available to address any questions Brazilian authorities may have.”

This isn’t the first time Brazil has gone head to head with WhatsApp. In December, a judge ordered the shutdown of WhatsApp for the country for two days after not complying with a criminal investigation, but the ruling was overturned the next day.

 

Article via CNET, 1 March 2016; The New York Times, 2 March 2016

Photo: WhatsApp / iOS by Álvaro Ibáñez [Creative Commons Attribution-NonCommercial-NoDerivs]


Nation divided over Apple decision

Apple’s decision to refuse the FBI order requiring the company to unlock a phone used by Syed Farook, one of the terrorists in the San Bernardino shooting, has divided the nation into two camps. Those who support the company believe that the FBI order jeopardizes individual privacy. Others argue that Apple’s challenge threatens national security.

In order to unlock Syed Farook’s iPhone, Apple would have to design a new software that would provide a backdoor through the phone’s security features. That software does not yet exist, and Apple argues it should stay that way.

“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices,” states Tim Cook’s response posted on the Apple website.

The non-profit advocacy group Fight for the Future organized demonstrations across the nation following the Apple decision in order to show solidarity with the company. Evan Greer, the organization’s campaign director, spoke about the importance of encryption in protecting public facilities like hospitals and airports, as well as in assuring the safety of individuals.

“For myself as a member of the LGBT community, I know there are a lot of people that have heightened needs for security. A breach is not just inconvenient or embarrassing, but can put people in threat of physical violence,” Greer said.

Henry Nickel, a San Bernardino city councilman, has the opposing opinion that Apple’s decision is an obstruction of justice. He likens Apple’s refusal to access the contents of Farook’s phone to a landlord’s refusal to unlock a suspect’s door in the face of a search warrant.

“I do not feel that digital data is in any way subject to additional protection from search or seizure than any other aspects of our lives,” Nickel said. “Apple is simply wrong if it believes digital information is somehow more sacred than any other type of information.”

San Bernardino Mayor R. Carey Davis felt similarly. “The attacks on December 2nd was the deadliest terrorist attack in the US since 9/11, and law enforcement officials continue to follow up on leads related to the case… It is my hope that Apple cooperates given the circumstances of this investigation,” he said.

Article via: The Washington Post, 19 February, 2016

Photo: Laughing Squid iPhone Webclip Icon by Scott Beale [Creative Commons Attribution-NonCommercial-NoDerivs]


China to pass new decryption law

Tech companies await the final version of a new Chinese law that targets terrorism by providing the government more powers to use decryption. According to experts, the current wording of the law is vague, and thus the actual implications of the legislation are unclear.

Owen D. Nee, a Greenberg Traurig attorney and lecturer at Columbia and NYU law schools, said that the law “creates a duty” but doesn’t specify how it will be “exercised.” He added, “When China writes a law like this, vagueness is an intended consequence.”

Nee said that the law could possibly require Internet service providers to aid the government in decryption. Pam Dixon, the executive director of the World Privacy Forum, said that it’s possible tech companies will pull out of China in order to protect user data, or the law could have virtually no effect on the tech industry in the country.

The law “gives even broader rights [to the government] which is troubling,” Dixon said. “There’s already a lot of censorship.”

Currently, telecommunication companies and Internet service providers are likely providing opinions on drafts as tech companies lobby to Chinese authorities. A report from the Xinhua news agency stated that Li Shouwei of the National People’s Congress (NPC) Standing Committee legislative affairs commission “admitted that a number of countries and enterprises had voice concerns about certain provisions of the law” at a recent press conference.

Chinese officials responded to criticisms by exposing the hypocrisy of the United States in regards to anti-terrorism initiatives. A commentary published by Xinhua said, “In short, the U.S. criticism against China’s anti-terrorism legislation is but yet another case of Washington’s application of double standards in dealing with issues of terrorism.”

Article via: LegalTech News, 29 December 2015

Photo: Chinese Warships Visit Portsmouth by Defence Images

[Creative Commons Attribution-NonCommercial-NoDerivs]