Facebook exec arrested in WhatsApp case

Facebook is becoming the next tech giant to spar with law enforcement over privacy concerns.

Diego Dzodan, a Facebook executive, was arrested by Brazilian federal police on Tuesday for “repeated non-compliance with court orders”, according to a statement released by police. Brazilian police want information from a WhatsApp account that is linked to a drug trafficking investigation. WhatsApp is a messaging service that is used monthly by more than 1.5 billion people worldwide. Dzodan was taken into what the Brazilian police call preventative prison and could be held for a week or more.

Facebook wants to ensure that it maintains the privacy of its users from government intervention. In WhatsApp’s case, the company may not be able to help Brazilian authorities because it does not store users’ messages. In addition, WhatsApp is undergoing increased end to end encryption, which will make it even harder for the company to turn over user data. WhatsApp said in a statement that it disagreed with the Brazilian authorities on the case. “We are disappointed that law enforcement took this extreme step,” the messaging business said. “WhatsApp cannot provide information we do not have.”

Facebook, which bought WhatsApp in 2014 for $19 billion in 2014, condemned the Brazilian government’s move releasing this statement:

“We’re disappointed with the extreme and disproportionate measure of having a Facebook executive escorted to a police station in connection with a case involving WhatsApp, which operates separately from Facebook,” a spokesman said. “Facebook has always been and will be available to address any questions Brazilian authorities may have.”

This isn’t the first time Brazil has gone head to head with WhatsApp. In December, a judge ordered the shutdown of WhatsApp for the country for two days after not complying with a criminal investigation, but the ruling was overturned the next day.

 

Article via CNET, 1 March 2016; The New York Times, 2 March 2016

Photo: WhatsApp / iOS by Álvaro Ibáñez [Creative Commons Attribution-NonCommercial-NoDerivs]


Apple refuses to hack into terrorist iPhone

Apple is being criticized by a British solider’s family for refusing to hack into an iPhone linked to December’s terrorist attack in San Bernardino, California.

Apple Chief Executive Tim Cook spoke out against the court order on Wednesday, calling the demand “chilling” and saying that compliance would be a major setback for online privacy. Many digital rights groups agree.  The federal government’s attempts to capture data from tech companies has been met with apprehension and fear. Just a few months ago, several tech companies started standing up to government data requests. But not everyone agrees with Apple’s stance on this issue.

Major tech companies like Facebook, Google, and Apple all want to protect their customers’ data by securing it at the highest levels. But, federal governments like the US and the UK want these companies to find ways to hack into customer hardware and accounts, arguing that privacy should not come at the expense of national security. This ongoing battle over encryption puts tech giants on one side, and law enforcement and intelligence on the other.

Fusilier Lee Rigby was off duty and walking down the street near his barracks in Woolwich, England, in May 2013 when he was the victim of a brutal attack by two men who told witnesses they were avenging the killing of Muslims by British soldiers.  Ray McClure, Rigby’s uncle, believes that Apple is doing nothing more than “protecting a murderer’s privacy at the cost of public safety.”

“Valuable evidence is on that smartphone and Apple is denying the FBI access to that information,” McClure said, arguing that a warrant to search a smartphone should be no different than a warrant used to search a property.

In the court order handed to Apple, the company was told it must assist the FBI in unlocking the iPhone linked to San Bernardino gunman Syed Rizwan Farook. In addition to unlocking the phone, The FBI wants Apple to build a new version of its iOS mobile software that would be able to bypass the iPhone’s security so that the agency could hack any device remotely. In an open letter published on Apple’s website, Tim Cook stated that Apple has been working with the FBI, providing data and advice on how to move forward. But the creation of software that would allow the FBI to bypass Apple’s security simply doesn’t exist. “The US government has asked us for something we simply do not have, and something we consider too dangerous to create,” said Apple CEO Time Cook.

Article via Cnet, 18 February 2016

Photo: Apple CEO Tim Cook by Mike Deerkoski [Creative Commons Attribution-NonCommercial-NoDerivs]


NSA ceases bulk data collection

The National Security Agency has been collecting metadata, which is information such as phone numbers and duration of calls, since shortly after the attacks of September 11. The collection of this metadata has ceased as of November 28th. So what changed?

There is a new law in place, known as the USA Freedom Act of 2015. This law is being seen as a victory for privacy activists and tech companies looking to protect their user data. The USA Freedom Act of 2015 came about as a response to the revelations of Edward Snowden, a former NSA contractor that revealed the deep surveillance of the NSA on the American people. This new law prohibits the bulk collection of phone data previously done by the NSA. Although the agency won’t keep the bulk data, investigators will still have access to these types of records when they are investigating a particular person, or targeting specific groups. The existing metadata that has been captured during the last 5 years will be kept until next February 29th in order to ensure a smooth transition.

National Security Council spokesperson Ned Price stated that this new law, “struck a reasonable compromise which allows us to protect the country while implementing various reforms”.

Some have concerns, since the new law is going into effect so soon after the terrorist attacks in Paris. At a time when America is scaling back its surveillance, countries like England and France are considering new bills to enhance surveillance. Since American companies like Verizon would be involved, it may mean the creation of new treaties between Great Britain and the United States.  It is likely that this type of confounding circumstance will present itself more in the future due to the international nature of terrorism.

Article via ABAJournal, 30 November 2015

Photo: National Security Agency Seal via Donkey Hotey [Creative Commons Attribution-NonCommercial-NoDerivs]


Blackberry takes stand for protecting user privacy

Finding the balance between data surveillance and protecting user privacy is an ongoing process, but Blackberry has just chosen to take a stand for the latter. The company has decided to pull operations from Pakistan after demands from their Telecommunications Authority for unrestricted access to Blackberry Enterprise Services. The Pakistani government was basically asking for a “backdoor” to access encrypted message and emails sent or received within Pakistan. Blackberry not only refused to cooperate with the demands in Pakistan but has also stated that they will not submit to any demands for unrestricted “backdoor” access in any country.

While protecting user privacy is important, ensuring safety of citizens sometimes requires governments to conduct data surveillance. Blackberry has stated that these demands from Pakistani government do not fall under the realm of public safety. Rather, “Pakistan was essentially demanding unfettered access to all of our BES customers’ information,” explained Chief Operating Officer Marty Beard. In the blog post Beard released explaining Blackberry’s withdrawal from Pakistan, he stated that while Blackberry is more than willing to assist with law enforcement’s investigations when a crime has been committed, it won’t grant companies “backdoor” access. This shouldn’t come as a shock; Blackberry has displayed that security is a main priority in their interactions with other governments and businesses.

Blackberry has now shown how they will react to requests for access to their customers’ digital data, but they won’t be the only company having to decide how to protect user privacy. As governments decide how important access to encrypted data is to national security, other companies may be faced with tough decisions concerning their positions in the surveillance versus privacy debate.

 

Article via CNET, November 30, 2015

Photo: Blackberry Bold via johncatral [Creative Commons Attribution-NonCommercial-NoDerivs]


Data surveillance versus privacy: finding a balance

With the ISIS attack in Paris still fresh in everyone’s minds, many concerns are being raised about data surveillance laws. Even though there has not been any evidence that the terrorist attacks involved the use of encrypted data, some supporters of expanding data surveillance are citing the attacks as proof that wider-ranging laws are needed. This is nothing new; the ongoing battle between privacy proponents and lawmakers supporting more surveillance is thrust into the spotlight increasingly often. Disagreements over data encryption will likely only increase, with 75% of internet interactions expected to be encrypted in the next ten to fifteen years. And while supporters of internet and data privacy have no problem with this rise in data encryption, it will cause technical problems for government agencies and law officials who need to access information to bring criminals and terrorists to justice.

A compromise has been suggested: some officials have proposed instituting laws that require tech companies to develop methods for police to obtain access to encrypted information, although this may not even be possible. Some companies such as Apple and Google cannot even access data encrypted in their own devices and services. Even if it is possible, the White House has agreed to not move forward with any legislation that would require companies to make encrypted data available whenever the police needed.

Finding a balance between protecting users’ privacy online and surveillance in the name of preserving law and order is an ongoing process and should not be determined quickly in the wake of a crisis. While there should be legal limits on the seizure of encrypted data, there must also be limits on how and what is encrypted. Determining these limits will take time.

Article via The Washington PostNovember 18, 2015

Photo: Point Cloud Data via Daniel V [Creative Commons Attribution-NonCommercial-NoDerivs]