Apple will make iPhone harder to hack

February 25, 2016 Astrid Countee Leave a comment Criminal Law, News, Security, Tech

Apple has plans to make their iPhone harder to hack amid the current controversy with the FBI.

The FBI wants Apple to create new firmware that would allow them to hack into encrypted data on an iPhone that belongs to a San Bernardino terrorist. Apple CEO Tim Cook is fighting the request citing the infringement on digital privacy. He also wrote an open letter to explain Apple’s position. Now the company is thinking of taking further steps and prevent passcode-free recovery mode in future iPhones.

The FBIs current request for backdoor access to the iPhone would require Apple to create software that would allow the FBI to bypass security features that prevent hacking. Specifically, the FBI has already looked at an online backup on iCloud of the phone, but they want Apple to disable a security feature that would allow them to have as many tries as possible to unlock the phone. In order to comply, Apple would have to change their operating system to no longer have this feature, which would make millions of iPhone users vulnerable.

As this issue has escalated, Apple is looking to prevent these types of request in the future. When it comes to iCloud security, Apple encrypts its data on its servers but still owns the decryption keys. So if the FBI asks Apple for iCloud data, Apple can decrypt iPhone backups and hand them to the FBI. Now the company is thinking of changing that.

Instead, Apply may give the private keys to the customer, which would remove Apple from being able to decrypt backups. This would mean that future government request for decrypted data would not be possible, but it also means that Apply would not be able to help customers either, since they would not be able to decrypt their backups.

In the Future Apple wants to find a way to limit or do away with DFU (device firmware update) mode. Apple created DFU mode for troubleshooting purposes, such as when your iPhone doesn’t work anymore because of a broken operating system.  If such a big crash happens, Apple lets you boot your iPhone into DFU mode, so that you can reinstall a fresh version of iOS without having to enter a passcode.

DFU mode is at the center of the debate because its current design makes the FBI requests possible, if Apple chooses to make the software changes. You can currently reinstall a new operating system without having to enter a passcode. In fact this is how many jailbreak the iPhone. But, if Apple requires that you enter your passcode to enter into DFU mode, that all changes. Apple would no longer have the ability to create software that lets the government hack into your phone.

In the wake of increasing government request of user data and the revelation of NSA breaches by Snowden, Apple has make it harder to hack iPhones. The tech giant looks to stay that course and increase security for the protection of its customers and their data.

Article via TechCrunch, 25 February 2016

Photo: Tim Cook explica su postura al FBI del caso San Bernardino by iphonedigital [Creative Commons Attribution-NonCommercial-NoDerivs]

 

Uber defends driver screening

February 24, 2016 Astrid Countee Leave a comment Criminal Law, Ethics, Tech

Uber is back in the news for yet another controversy concerning their drivers. The tech company recently settled a suit with customers who accused the company of less rigorous background checks than was advertised. Now their driver screening process is being scrutinized again as Jason Dalton, an Uber driver,  confessed to a Saturday shooting spree in Kalamazoo, Michigan while picking up customers.

Uber Chief Security Officer Joe Sullivan said that Mr. Dalton had no prior criminal background and no red flags that appeared during his background check that would have cause the company to be concerned. “No background check process would have flagged and anticipated this situation,” Sullivan said.

Until Saturday there were no complaints with Jason Dalton’s driving record with Uber. He had given more than 100 rides since starting with Uber at the end of January and had a rating of 4.73 out of 5. The only indications that he may be dangerous didn’t come until last Saturday, when several riders including one passenger complained of erratic driving. According to the Michigan police, Dalton then started a shooting rampage at 6pm where he wounded 9 people, killing 6. Michigan police state that Dalton started at 6pm by shooting a woman multiple times in a parking lot, and then drove around for hours randomly gunning down innocent bystanders. There have been no connections made between the driver and his victims.

One reason for the emphasis on Uber’s driver screenings is because they have missed criminals before, and they were able to use their job with the service to offend again. Houston is one of the few cities the requires Uber drivers to pass a FBI fingerprint check after an ex-con Uber driver allegedly raped one of his passengers. The city did not believe that Uber’s driver screenings and background checks were thorough enough, since the driver was able to pass Uber’s checks, although he had served 14 years in prison. Prosecutors in California have also questioned Uber’s driver screenings after a driver was found to have been convicted of murder, but Uber’s background check failed to reveal the criminal history.

Critics say that Uber would catch more of these criminals if they ran fingerprints in their background checks. The company currently runs the names of potential drivers through seven years of county and federal courthouse records, a multi-state criminal database, national sex offender registry, Social Security trace and motor vehicle records. Uber rejects anyone with a history of violent crimes, sexual offenses, gun-related violations or resisting arrest. But in light of the recent events, Uber seems to be leaning toward introducing fingerprint identification as part of their process.

Article via CNet, 22 February 2016

Photo via Newsday.com

Nation divided over Apple decision

February 20, 2016 Abby Shulman Leave a comment Citizen Justice, Government, Privacy, Security, Tech

Apple’s decision to refuse the FBI order requiring the company to unlock a phone used by Syed Farook, one of the terrorists in the San Bernardino shooting, has divided the nation into two camps. Those who support the company believe that the FBI order jeopardizes individual privacy. Others argue that Apple’s challenge threatens national security.

In order to unlock Syed Farook’s iPhone, Apple would have to design a new software that would provide a backdoor through the phone’s security features. That software does not yet exist, and Apple argues it should stay that way.

“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices,” states Tim Cook’s response posted on the Apple website.

The non-profit advocacy group Fight for the Future organized demonstrations across the nation following the Apple decision in order to show solidarity with the company. Evan Greer, the organization’s campaign director, spoke about the importance of encryption in protecting public facilities like hospitals and airports, as well as in assuring the safety of individuals.

“For myself as a member of the LGBT community, I know there are a lot of people that have heightened needs for security. A breach is not just inconvenient or embarrassing, but can put people in threat of physical violence,” Greer said.

Henry Nickel, a San Bernardino city councilman, has the opposing opinion that Apple’s decision is an obstruction of justice. He likens Apple’s refusal to access the contents of Farook’s phone to a landlord’s refusal to unlock a suspect’s door in the face of a search warrant.

“I do not feel that digital data is in any way subject to additional protection from search or seizure than any other aspects of our lives,” Nickel said. “Apple is simply wrong if it believes digital information is somehow more sacred than any other type of information.”

San Bernardino Mayor R. Carey Davis felt similarly. “The attacks on December 2nd was the deadliest terrorist attack in the US since 9/11, and law enforcement officials continue to follow up on leads related to the case… It is my hope that Apple cooperates given the circumstances of this investigation,” he said.

Article via: The Washington Post, 19 February, 2016

Photo: Laughing Squid iPhone Webclip Icon by Scott Beale [Creative Commons Attribution-NonCommercial-NoDerivs]

Tech For Justice: Migration Lab Lesbos

February 20, 2016 Joyce Varghese Leave a comment Tech for Justice

Tech For Justice: Migration Lab Lesbos had 4 teams and a total of 16 student developers from diverse backgrounds and skills working on the Tech For Justice problem of “Empowering Refugees in Complex Humanitarian Crises” at the IDHack.

CentRefuge won 2nd place with a $500 award out of nearly 100 students.

Complete problem statement: “Although there are many apps and tech solutions for the current refugee crises available – most of the platforms do not give refugees the ability to communicate their basic needs and also rate the aid organizations available on efficiency. We have access to a database of all of the apps and tech projects currently on the ground in Lesbos, Greece. First, we need to examine their methodology and see which tech solutions might apply. Next, we want to create a simple tool for refugees to request food, water, shelter and also rate local aid organizations, volunteers, and local businesses. We will pilot this system with Migration Lab in Lesbos.”

Team descriptions:

  1. RefugeeAidLesbos

Team members: Ricky Chen, Owen Martin, Jon Atkins, and Ariel Barbieri-Aghib (Tufts)

For more info visit Github

2. BASICS

Teams members: Caroline Caltagirone (Visiting scholar at Harvard University) and Octave Muhirwa (Wentworth Institute of Technology)

For more info visit Github and Presentation

3. Coordinaid

Team members: Adrianna Tan (Wellesley), Sam Chin (Wellesley), Lisa Truong (Wellesley), Shane Skikne, and Annie Ku

For more info visit Github and presentation

4. CentRefuge

Team members: Whitney Fahnbulleh (Wellesley), Ella Chao (Wellesley), Mayrui Sridhar (MIT), Darrien Glasser (UMass Lowell), Amin Manna (MIT)

For more info visit Github and website

Furthermore,

  • You can view the complete list of IDHack2016 project pitches here.
  • To contact the teams please email Danielle Kaidanow – Project Facilitator
  • Although Lesbos was the first region addressed, the solutions are customizable and scalable
  • Demos will take place from 11AM – 12PM on Saturday, February 20th at Tufts

Learn more about the Tech For Justice initiative by visiting their website.

Photo: Somali Refugees in Dolo Ado, Ethiopia via UNICEF Ethiopia [Creative Commons Attribution-NonCommercial-NoDerivs]

 

 

.

 

 

China to pass new decryption law

February 19, 2016 Abby Shulman Leave a comment Citizen Justice, Government, Security, Tech

Tech companies await the final version of a new Chinese law that targets terrorism by providing the government more powers to use decryption. According to experts, the current wording of the law is vague, and thus the actual implications of the legislation are unclear.

Owen D. Nee, a Greenberg Traurig attorney and lecturer at Columbia and NYU law schools, said that the law “creates a duty” but doesn’t specify how it will be “exercised.” He added, “When China writes a law like this, vagueness is an intended consequence.”

Nee said that the law could possibly require Internet service providers to aid the government in decryption. Pam Dixon, the executive director of the World Privacy Forum, said that it’s possible tech companies will pull out of China in order to protect user data, or the law could have virtually no effect on the tech industry in the country.

The law “gives even broader rights [to the government] which is troubling,” Dixon said. “There’s already a lot of censorship.”

Currently, telecommunication companies and Internet service providers are likely providing opinions on drafts as tech companies lobby to Chinese authorities. A report from the Xinhua news agency stated that Li Shouwei of the National People’s Congress (NPC) Standing Committee legislative affairs commission “admitted that a number of countries and enterprises had voice concerns about certain provisions of the law” at a recent press conference.

Chinese officials responded to criticisms by exposing the hypocrisy of the United States in regards to anti-terrorism initiatives. A commentary published by Xinhua said, “In short, the U.S. criticism against China’s anti-terrorism legislation is but yet another case of Washington’s application of double standards in dealing with issues of terrorism.”

Article via: LegalTech News, 29 December 2015

Photo: Chinese Warships Visit Portsmouth by Defence Images

[Creative Commons Attribution-NonCommercial-NoDerivs]

Apple refuses to hack into terrorist iPhone

February 18, 2016 Astrid Countee Leave a comment Business, Court, Ethics, Government, In the Law, Security, Tech

Apple is being criticized by a British solider’s family for refusing to hack into an iPhone linked to December’s terrorist attack in San Bernardino, California.

Apple Chief Executive Tim Cook spoke out against the court order on Wednesday, calling the demand “chilling” and saying that compliance would be a major setback for online privacy. Many digital rights groups agree.  The federal government’s attempts to capture data from tech companies has been met with apprehension and fear. Just a few months ago, several tech companies started standing up to government data requests. But not everyone agrees with Apple’s stance on this issue.

Major tech companies like Facebook, Google, and Apple all want to protect their customers’ data by securing it at the highest levels. But, federal governments like the US and the UK want these companies to find ways to hack into customer hardware and accounts, arguing that privacy should not come at the expense of national security. This ongoing battle over encryption puts tech giants on one side, and law enforcement and intelligence on the other.

Fusilier Lee Rigby was off duty and walking down the street near his barracks in Woolwich, England, in May 2013 when he was the victim of a brutal attack by two men who told witnesses they were avenging the killing of Muslims by British soldiers.  Ray McClure, Rigby’s uncle, believes that Apple is doing nothing more than “protecting a murderer’s privacy at the cost of public safety.”

“Valuable evidence is on that smartphone and Apple is denying the FBI access to that information,” McClure said, arguing that a warrant to search a smartphone should be no different than a warrant used to search a property.

In the court order handed to Apple, the company was told it must assist the FBI in unlocking the iPhone linked to San Bernardino gunman Syed Rizwan Farook. In addition to unlocking the phone, The FBI wants Apple to build a new version of its iOS mobile software that would be able to bypass the iPhone’s security so that the agency could hack any device remotely. In an open letter published on Apple’s website, Tim Cook stated that Apple has been working with the FBI, providing data and advice on how to move forward. But the creation of software that would allow the FBI to bypass Apple’s security simply doesn’t exist. “The US government has asked us for something we simply do not have, and something we consider too dangerous to create,” said Apple CEO Time Cook.

Article via Cnet, 18 February 2016

Photo: Apple CEO Tim Cook by Mike Deerkoski [Creative Commons Attribution-NonCommercial-NoDerivs]