Facebook exec arrested in WhatsApp case

Facebook is becoming the next tech giant to spar with law enforcement over privacy concerns.

Diego Dzodan, a Facebook executive, was arrested by Brazilian federal police on Tuesday for “repeated non-compliance with court orders”, according to a statement released by police. Brazilian police want information from a WhatsApp account that is linked to a drug trafficking investigation. WhatsApp is a messaging service that is used monthly by more than 1.5 billion people worldwide. Dzodan was taken into what the Brazilian police call preventative prison and could be held for a week or more.

Facebook wants to ensure that it maintains the privacy of its users from government intervention. In WhatsApp’s case, the company may not be able to help Brazilian authorities because it does not store users’ messages. In addition, WhatsApp is undergoing increased end to end encryption, which will make it even harder for the company to turn over user data. WhatsApp said in a statement that it disagreed with the Brazilian authorities on the case. “We are disappointed that law enforcement took this extreme step,” the messaging business said. “WhatsApp cannot provide information we do not have.”

Facebook, which bought WhatsApp in 2014 for $19 billion in 2014, condemned the Brazilian government’s move releasing this statement:

“We’re disappointed with the extreme and disproportionate measure of having a Facebook executive escorted to a police station in connection with a case involving WhatsApp, which operates separately from Facebook,” a spokesman said. “Facebook has always been and will be available to address any questions Brazilian authorities may have.”

This isn’t the first time Brazil has gone head to head with WhatsApp. In December, a judge ordered the shutdown of WhatsApp for the country for two days after not complying with a criminal investigation, but the ruling was overturned the next day.

 

Article via CNET, 1 March 2016; The New York Times, 2 March 2016

Photo: WhatsApp / iOS by Álvaro Ibáñez [Creative Commons Attribution-NonCommercial-NoDerivs]


Apple will make iPhone harder to hack

Apple has plans to make their iPhone harder to hack amid the current controversy with the FBI.

The FBI wants Apple to create new firmware that would allow them to hack into encrypted data on an iPhone that belongs to a San Bernardino terrorist. Apple CEO Tim Cook is fighting the request citing the infringement on digital privacy. He also wrote an open letter to explain Apple’s position. Now the company is thinking of taking further steps and prevent passcode-free recovery mode in future iPhones.

The FBIs current request for backdoor access to the iPhone would require Apple to create software that would allow the FBI to bypass security features that prevent hacking. Specifically, the FBI has already looked at an online backup on iCloud of the phone, but they want Apple to disable a security feature that would allow them to have as many tries as possible to unlock the phone. In order to comply, Apple would have to change their operating system to no longer have this feature, which would make millions of iPhone users vulnerable.

As this issue has escalated, Apple is looking to prevent these types of request in the future. When it comes to iCloud security, Apple encrypts its data on its servers but still owns the decryption keys. So if the FBI asks Apple for iCloud data, Apple can decrypt iPhone backups and hand them to the FBI. Now the company is thinking of changing that.

Instead, Apply may give the private keys to the customer, which would remove Apple from being able to decrypt backups. This would mean that future government request for decrypted data would not be possible, but it also means that Apply would not be able to help customers either, since they would not be able to decrypt their backups.

In the Future Apple wants to find a way to limit or do away with DFU (device firmware update) mode. Apple created DFU mode for troubleshooting purposes, such as when your iPhone doesn’t work anymore because of a broken operating system.  If such a big crash happens, Apple lets you boot your iPhone into DFU mode, so that you can reinstall a fresh version of iOS without having to enter a passcode.

DFU mode is at the center of the debate because its current design makes the FBI requests possible, if Apple chooses to make the software changes. You can currently reinstall a new operating system without having to enter a passcode. In fact this is how many jailbreak the iPhone. But, if Apple requires that you enter your passcode to enter into DFU mode, that all changes. Apple would no longer have the ability to create software that lets the government hack into your phone.

In the wake of increasing government request of user data and the revelation of NSA breaches by Snowden, Apple has make it harder to hack iPhones. The tech giant looks to stay that course and increase security for the protection of its customers and their data.

Article via TechCrunch, 25 February 2016

Photo: Tim Cook explica su postura al FBI del caso San Bernardino by iphonedigital [Creative Commons Attribution-NonCommercial-NoDerivs]

 


Apple refuses to hack into terrorist iPhone

Apple is being criticized by a British solider’s family for refusing to hack into an iPhone linked to December’s terrorist attack in San Bernardino, California.

Apple Chief Executive Tim Cook spoke out against the court order on Wednesday, calling the demand “chilling” and saying that compliance would be a major setback for online privacy. Many digital rights groups agree.  The federal government’s attempts to capture data from tech companies has been met with apprehension and fear. Just a few months ago, several tech companies started standing up to government data requests. But not everyone agrees with Apple’s stance on this issue.

Major tech companies like Facebook, Google, and Apple all want to protect their customers’ data by securing it at the highest levels. But, federal governments like the US and the UK want these companies to find ways to hack into customer hardware and accounts, arguing that privacy should not come at the expense of national security. This ongoing battle over encryption puts tech giants on one side, and law enforcement and intelligence on the other.

Fusilier Lee Rigby was off duty and walking down the street near his barracks in Woolwich, England, in May 2013 when he was the victim of a brutal attack by two men who told witnesses they were avenging the killing of Muslims by British soldiers.  Ray McClure, Rigby’s uncle, believes that Apple is doing nothing more than “protecting a murderer’s privacy at the cost of public safety.”

“Valuable evidence is on that smartphone and Apple is denying the FBI access to that information,” McClure said, arguing that a warrant to search a smartphone should be no different than a warrant used to search a property.

In the court order handed to Apple, the company was told it must assist the FBI in unlocking the iPhone linked to San Bernardino gunman Syed Rizwan Farook. In addition to unlocking the phone, The FBI wants Apple to build a new version of its iOS mobile software that would be able to bypass the iPhone’s security so that the agency could hack any device remotely. In an open letter published on Apple’s website, Tim Cook stated that Apple has been working with the FBI, providing data and advice on how to move forward. But the creation of software that would allow the FBI to bypass Apple’s security simply doesn’t exist. “The US government has asked us for something we simply do not have, and something we consider too dangerous to create,” said Apple CEO Time Cook.

Article via Cnet, 18 February 2016

Photo: Apple CEO Tim Cook by Mike Deerkoski [Creative Commons Attribution-NonCommercial-NoDerivs]


NSA ceases bulk data collection

The National Security Agency has been collecting metadata, which is information such as phone numbers and duration of calls, since shortly after the attacks of September 11. The collection of this metadata has ceased as of November 28th. So what changed?

There is a new law in place, known as the USA Freedom Act of 2015. This law is being seen as a victory for privacy activists and tech companies looking to protect their user data. The USA Freedom Act of 2015 came about as a response to the revelations of Edward Snowden, a former NSA contractor that revealed the deep surveillance of the NSA on the American people. This new law prohibits the bulk collection of phone data previously done by the NSA. Although the agency won’t keep the bulk data, investigators will still have access to these types of records when they are investigating a particular person, or targeting specific groups. The existing metadata that has been captured during the last 5 years will be kept until next February 29th in order to ensure a smooth transition.

National Security Council spokesperson Ned Price stated that this new law, “struck a reasonable compromise which allows us to protect the country while implementing various reforms”.

Some have concerns, since the new law is going into effect so soon after the terrorist attacks in Paris. At a time when America is scaling back its surveillance, countries like England and France are considering new bills to enhance surveillance. Since American companies like Verizon would be involved, it may mean the creation of new treaties between Great Britain and the United States.  It is likely that this type of confounding circumstance will present itself more in the future due to the international nature of terrorism.

Article via ABAJournal, 30 November 2015

Photo: National Security Agency Seal via Donkey Hotey [Creative Commons Attribution-NonCommercial-NoDerivs]


Facebook’s new report on government data requests

Government requests for data about Facebook users increased 18 percent to 17,577 compared to the latter half of 2014, according to Facebook’s most recent transparency report. Beyond requests for information, governments insisted that the company restrict content that violated local laws. The amount of restricted content grew 112 percent to 20,568 pieces; a little over 15,000 of these were restricted by India. No other country limited over 1,000 pieces of data.

Facebook reported that it restricted content in India that was considered by the nation’s government to be “anti-religious and hate speech that could cause unrest and disharmony within India.”

Facebook publishes global government data request reports biannually, including the percentage of requests the company agrees to. Eighty percent of U.S. government data requests are granted.

Chris Sonderby, Facebook’s deputy general, introduced the report with a blog post: “As we have emphasized before, Facebook does not provide any government ‘back doors’ or direct access to people’s data. If a request appears to be deficient or overly broad, we push back hard and will fight in court, if necessary.”

Data on intelligence agency requests is released with less specificity, only in ranges of 1,000. According to the most recent report, the number of intelligence agency requests numbered somewhere between 0 and 999 for the first half of 2015.

Article via CNET, November 10, 2015

Photo: Mark Zuckerberg Keynote – SXSW 2008 via kris krüg

[Creative Commons Attribution-NonCommercial-NoDerivs]


International cyberwar policy to be updated

International law experts are on track to publish a manual amending the current Geneva convention for cyberwar in late 2016. The Tallin Manual 2.0 – an update of the original Tallinn Manual on the International Law Applicable to Cyber Warfare—is backed by a NATO-run military think tank based in Estonia.

Military strategists deem cyberspace the fifth dimension of warfare, the others being land, air, sea and space. An example of an “armed attack” in cyberspace is the Stuxnet worm, an Israeli-U.S. programmed computer virus that caused severe disruptions to Iran’s nuclear plants. By the original manual, similar attacks in the future would legally validate proportional retaliation, considered in this case to be self-defense.

The Tallinn Manual 2.0 will discuss peacetime international law, including human rights law in regards to cyberspace. The current question begin argued is whether international human rights norms apply to different widely practiced cyber activities, such as the collection of metadata by national governments.

“If the answer is yes, we then have to examine whether the state has actually violated the individual’s rights. For instance, assuming the collection of metadata implicates human rights norms, under what circumstances is a state authorized to engage in such activities?” asks Liis Vihul, managing editor of the Tallinn Manual and legal researcher at the NATO Cooperative Cyber Defence Centre of Excellence.

Additionally, the updated manual will include sections on diplomatic law, the responsibilities of international organizations, global telecommunications law, and peace operations.

Article via The Register, October 12, 2015

Photo: Satsop Nuclear Plant via Michael B. [Creative Commons Attribution-NonCommercial-NoDerivs]