From rforno at infowarrior.org Tue Mar 1 05:58:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Mar 2016 06:58:59 -0500 Subject: [Infowarrior] - US House members mull court filing arguing Congress should decide Apple-FBI encryption fight Message-ID: <8D51C8C9-434F-42B8-824C-F9B96EB19779@infowarrior.org> US House members mull court filing arguing Congress should decide Apple-FBI encryption fight By Mikey Campbell Monday, February 29, 2016, 05:04 pm PT (08:04 pm ET) http://appleinsider.com/articles/16/02/29/us-house-members-mull-court-filing-arguing-congress-should-decide-apple-fbi-encryption-fight A report on Monday claims members of the House Judiciary Committee are mulling an amicus curiae brief filing in the Apple-FBI encryption debate, arguing the dispute should be settled by Congress, not the courts. Citing multiple sources familiar with the committee's plans, Reuters reports the "friend of the court" filing, if it is lodged, would argue that the government's motion to compel Apple's assistance in unlocking an iPhone involved in last year's San Bernardino shooting threatens the constitutional separation of powers. The publication said the filing is unlikely to come from the committee itself, but rather individual members on both sides of the aisle. A concrete timeline has yet to be fleshed out, though sources say any potential filing would likely be lodged after Tuesday's Judiciary Committee hearing on encryption. Apple general counsel Bruce Sewell and FBI Director James Comey are scheduled to be in attendance. Word of prospective congressional pressure comes just hours after a U.S. federal magistrate judge in New York raised similar concerns regarding the separation judicial and legislative powers in a ruling that denied a government motion to compel Apple's assistance in a separate iPhone unlocking case. "It is also clear that the government has made the considered decision that it is better off securing such crypto-legislative authority from the courts (in proceedings that had always been, at the time it filed the instant Application, shielded from public scrutiny) rather than taking the chance that open legislative debate might produce a result less to its liking," Magistrate Judge James Orenstein wrote in his ruling. Commenting on the issue last week, Apple CEO Tim Cook suggested the government withdraw its demands and form a commission to discuss the broader implications of forcing tech firms to break their own security. Cook later reiterated his stance in an ABC News interview. The idea is already being explored by House Homeland Security Chairman Michael McCaul (R-Texas) and Senate Intelligence Committee member Sen. Mark Warner (D-Va.), who are working toward the creation of a bipartisan commission on encryption. In a related development, Reuters on Monday pointed to a Fox News interview in which U.S. Attorney General Loretta Lynch said she hopes Apple ultimately decides to comply with the federal court order handed down in California. "It is still our hope that they will see their way clear to complying with that order as thousands of other companies do every day," Lynch said. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 1 06:00:07 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Mar 2016 07:00:07 -0500 Subject: [Infowarrior] - UK fast-tracks Snoopers' Charter (ala Patriot Act, 2001) Message-ID: <38F473B3-CFCC-48B2-A3D7-3E3361B396A6@infowarrior.org> (Because ZMGTERRORISMEVERYWHERE. --rick) Tory government set to fast-track Snoopers? Charter through parliament by Kelly Fiveash - Feb 29, 2016 7:10am EST Theresa May gives MPs only short time to debate draft Investigatory Powers Bill. http://arstechnica.co.uk/tech-policy/2016/02/tory-government-set-to-fast-track-snoopers-charter-through-parliament/ Home Secretary Theresa May looks set to imminently introduce her draft Investigatory Powers Bill to MPs, just weeks after a lukewarm parliamentary report recommended a raft of modifications to the proposed law but?significantly?stopped far short of demanding that the Tory government must rip it up and start again. Ars understands that the Home Office will reveal more about its plans later on Monday, after it was reported over the weekend that May would attempt to fast-track the bill by laying it before parliament on March 1. According to the Independent on Sunday, which appeared to have been tipped off by Labour MPs, parliament will have a very short window to debate the IPB?colloquially dubbed a Snoopers' Charter?with a second reading chalked up for March 14, before reaching committee stage on March 22. If the report is accurate, then a final parliamentary vote on the proposed legislation to massively ramp up surveillance of the online activity of British citizens?which, time and time again, has failed to worm its way on to the statute books?will take place at the end of April. The Home Office declined to comment on this story when quizzed by Ars. Labour's shadow home secretary Andy Burnham?who has previously fawned over May's proposals?indicated that his party would oppose any attempt by May to rush the bill through parliament. Since the start of this year, three different parliamentarian reports have been published in which shortfalls in May's planned law have been flagged up. However, while concerns have been raised on topics as wide-ranging as bulk equipment interference (read: hacking) warrants, the potential costs to the tech industry in the UK, and judicial oversight, none of the reports have demanded a complete rewrite of the draft bill. All of which has given May enough wiggle room to now move to quickly push the legislation through parliament. The Home Secretary told MPs only last week: "We are looking at all three of the reports from the science and technology committee, the intelligence and security committee, and the joint committee, and we will make revised bill proposals in due course." Update Late on Monday afternoon, the home office confirmed to Ars that the IP Bill will be published around lunchtime on Tuesday, March 1. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 1 07:47:01 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Mar 2016 08:47:01 -0500 Subject: [Infowarrior] - Monster lost IP case to college kids. Boo-hoo-hoo Message-ID: These college students took on one of America?s top trademark bullies ? and won In 2012, Li Chih, the Silver Spring owner and overseer of a niche online forum called MonsterFishKeepers, filed for a trademark so he could sell logo T-shirts to other aquarium-owning hobbyists who enjoy chatting about very large fish. It was a typical move by any small-business owner until, a few months later, Monster Beverage, the $28 billion energy-drink conglomerate partially owned by Coca-Cola, warned that he was infringing on their trademark and threatened a legal fight that could end up costing him more than $100,000 to defend. < - > https://www.washingtonpost.com/news/business/wp/2016/02/29/these-college-students-took-on-one-of-americas-top-trademark-bullies-and-won/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 1 12:08:25 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Mar 2016 13:08:25 -0500 Subject: [Infowarrior] - Livestream of House hearing on FBI-Apple Message-ID: <85894811-D009-49B8-98CE-A770D2CDBB22@infowarrior.org> FYI .... http://judiciary.house.gov/index.cfm/hearings?ID=89431275-E911-4D5C-BD70-BFE3EF91AD86 -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 1 14:05:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Mar 2016 15:05:31 -0500 Subject: [Infowarrior] - Cryptography Pioneers Win Turing Award Message-ID: Cryptography Pioneers Win Turing Award John Markoff http://www.nytimes.com/2016/03/02/technology/cryptography-pioneers-to-win-turing-award.html SAN FRANCISCO ? In 1970, a Stanford artificial intelligence researcher named John McCarthy returned from a conference in Bordeaux, France, where he had presented a paper on the possibility of a ?Home Information Terminal.? He predicted the terminal would be connected via the telephone network to a shared computer, which in turn would store files that would contain all books, magazines, newspapers, catalogs, airline schedules, public information and personal files. Whitfield Diffie, then a young programmer at the Stanford Artificial Intelligence Laboratory, read Mr. McCarthy?s paper and began to think about the question of what would take the place of an individual signature in a paperless world. Mr. Diffie would spend the next several years pursuing that challenge and in 1976, with Martin E. Hellman, an electrical engineer at Stanford, invented ?public-key cryptography,? a technique that would two decades later make possible the commercial World Wide Web. On Tuesday, the Association for Computing Machinery announced that the two men have won this year?s Turing Award. The award is frequently described as the Nobel Prize for the computing world and since 2014, it has included a $1 million cash award, after Google quadrupled its size. This year, it was announced during the RSA Conference, a security technology symposium held here this week. Named for Alan Turing, the British mathematician and computer scientist, the award is particularly noteworthy because it comes at a time that the Federal Bureau of Investigation is locked in a bitter feud with Apple over the agency?s inability to unlock the cryptographic system that protects digital information stored in the company?s iPhones. While private information can be protected with a so-called ?symmetric? key, or a single digital code, that is used to mathematically scramble the data, the problem becomes much more difficult when two parties who have not met physically wish to have a secret interaction. The privacy protection technology that is now used extensively to protect modern electronic communications is based on Mr. Diffie?s and Mr. Hellman?s original research that led to the creation of ?public-key cryptography? technology. Public-key cryptography is a method for scrambling data in which each party has a pair of keys, one which can be publicly shared and the other which is known only to the intended recipient of a message. It is possible for anyone to encrypt a message using the individual?s public key. However, the message can only be unscrambled with the aid of the private key held securely by the recipient of the message. In the United States and elsewhere, cryptography was once a highly classified military and intelligence agency technology. But in the 1970s academic researchers began delving into the field, which led to clashes with law enforcement and spy agencies. In 2013, documents released by Edward J. Snowden, the former government contractor, revealed widespread government surveillance of Internet traffic, leading companies like Apple and Google to modify the security in their products and to the current fight between Apple and the F.B.I. Mr. Diffie and Mr. Hellman have long been political activists. Mr. Hellman has focused on the threat that nuclear weapons pose to humanity, and he said in an interview he would use his share of the prize money to pursue work related to the nuclear threat. He said he also planned to write a new book with his wife on peace and sustainability. Mr. Diffie, who has spent his career working on computer security at telecommunications firms and at the Silicon Valley pioneer Sun Microsystems, has been an outspoken advocate for the protection of personal privacy in the digital age. He said in an interview that he plans to do more to document the history of the field he helped to create. ?This will free me to spend more of my time on cryptographic history, which is urgent because the people are quickly dying off,? Mr. Diffie said. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 2 06:51:13 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Mar 2016 07:51:13 -0500 Subject: [Infowarrior] - U.S. military invites vetted experts to 'Hack the Pentagon' Message-ID: <089B6D77-44C0-4E68-98EF-606C3589D873@infowarrior.org> U.S. military invites vetted experts to 'Hack the Pentagon' By Andrea Shalal http://www.reuters.com/article/us-usa-cyber-pentagon-idUSKCN0W40H8 SAN FRANCISCO The Pentagon said on Wednesday it would invite vetted outside hackers to test the cybersecurity of some public U.S. Defense Department websites as part of a pilot project next month, in the first-ever such program offered by the federal government. "Hack the Pentagon" is modeled after similar competitions known as "bug bounties" that are conducted by big U.S. companies, including United Continental Holdings Inc to discover gaps in the security of their networks. Such programs allow cyber experts to find and identify problems before malicious hackers can exploit them, saving money and time in the event of damaging network breaches. "I am confident that this innovative initiative will strengthen our digital defenses and ultimately enhance our national security," Defense Secretary Ash Carter said in a statement unveiling the pilot program. One senior defense official said thousands of qualified participants were expected to join the initiative. Details and rules were still being worked out but the competition could involve monetary awards, the Pentagon said. The Pentagon has long tested its own networks using internal so-called "red teams," but this initiative would open at least some of the department's vast network of computer systems to cyber challenges from across industry and academia. Participants must be U.S. citizens and will have to register and submit to a background check before being turned loose on a predetermined public-facing computer system, the Pentagon said. It said other more sensitive networks or key weapons programs would not be included, at least initially. "The goal is not to comprise any aspect of our critical systems, but to still challenge our cybersecurity in a new and innovative way," said the official. The initiative is being led by the Pentagon's Defense Digital Service (DDS), which was set up last November to bring experts from the U.S. technology industry into the military for short stints. "Bringing in the best talent, technology and processes from the private sector ... helps us deliver comprehensive, more secure solutions to the DOD," said Chris Lynch, a former Microsoft executive and technology entrepreneur who heads DDS. Carter introduced Lynch during a speech to the Commonwealth Club on Tuesday and said he had already recruited coders from companies like Google and Shopify for a Pentagon "tour of duty." (Reporting by Andrea Shalal; Editing by Paul Tait) -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 2 07:19:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Mar 2016 08:19:14 -0500 Subject: [Infowarrior] - Kanye caught on Pirate Bay while his album streams on Pornhub Message-ID: <5AD837AA-9933-442D-9767-0AB5408F062B@infowarrior.org> Kanye caught on Pirate Bay while his album streams on Pornhub http://www.engadget.com/2016/03/02/kanye-pirate-bay-pornhub/ In the picture above, you'll spot Joel Zimmerman's alter ego, Deadmau5, standing side by side with Kanye West. Last night, the rodent-headed musician was putting a little distance between him and his Tidal buddy, for apparently using Pirate Bay to download a software synthesiser called Xfer Serum (a $190 purchase). Deadmau5 was responding to a tweet from West that simply read "Day 3," along with a screen shot of what he was listening to (Sufjan Stevens' "Death with Dignity"). Zimmerman noticed West's other browser tabs in view, which included one for Xfer Records' Serum, one for "Pirate Bay Torrent Xfe..." and another for "The 50 best VSTs" (software instruments). Oh, and the surest giveaway you're browsing something dodgy: MacKeeper. Sure, Kanye may claim to be in debt. But after making such a fuss about The Life of Pablo being a Tidal exclusive (a site he has a stake in), the irony of pirating software to make music is apparently lost on him. Of course, simply having tabs open doesn't prove anything. After all, perhaps he's writing an essay on how easy it is to pirate music software. Or, he's popped open Kim's laptop, and she's looking at getting into wavetable synthesis -- both very plausible situations. Regardless, you can always count on the internet to deliver either instant Karma, or opinion. It looks like we're getting dose of both. Not only did Zimmerman suggest launching a Kickstarter to help West get his copy of Serum legitimately (along with the #prayforyeezy hashtag), but The Life of Pablo popped up on another, very unlikely, streaming site: (warning, very NSFW!) PornHub. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 2 08:04:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Mar 2016 09:04:22 -0500 Subject: [Infowarrior] - Fed law says you can't protest @ Secret Service events Message-ID: <679E7C62-BA93-440D-BC5F-15F4020F86BC@infowarrior.org> (via TL) I did not know this... Federal Law Criminalizes Protesting Trump Now That He?s Guarded by the Secret Service Robert Mackey https://theintercept.com/2016/03/01/now-hes-guarded-secret-service-federal-law-criminalizes-protesting-trump/ < - > The school?s president added that ?current federal law (H.R. 347) does not allow for protesting of any type in an area under protection by the Secret Service.? As journalist Dahlia Lithwick and First Amendment lawyer Raymond Vasvari observed in 2012, when the federal law on trespass was quietly amended by H.R. 347 ? to make it a crime, punishable by up to 10 years in prison, ?to impede or disrupt the orderly conduct of Government business or official functions? in locations guarded by the Secret Service, including places where individuals under Secret Service protection are temporarily located ? the new statute made it ?easier for the government to criminalize protest.? What that means in practice is that campaign rallies for Donald Trump, who was granted Secret Service protection in November, and Hillary Clinton, who will be guarded for life as a former first lady, are the very opposite of free speech zones under federal law. (The restrictions also apply to all appearances by former presidents and first ladies, as well as those of two other candidates, Bernie Sanders and Ben Carson, who are currently protected by the service.) Another problem, as Gabe Rottman, a policy adviser for the ACLU, explained in 2012, is that the amended law ?could be misused as part of a larger move by the Secret Service and others to suppress lawful protest by relegating it to particular locations at a public event.? ?These ?free speech zones,'? Mr. Rottman wrote, ?are frequently used to target certain viewpoints or to keep protesters away from the cameras.? That seems to be exactly what happened in Georgia on Monday. After the students were led out of the Trump rally, local police officers informed them that they were also banned from protesting outside the building ? and directed them to ?free speech zones? in a field shielded from the venue by a set of tennis courts, or outside a church about a quarter of a mile away. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 2 14:52:46 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Mar 2016 15:52:46 -0500 Subject: [Infowarrior] - The irony in the FBI's request to unlock the iPhone Message-ID: The irony in the FBI's request to unlock the iPhone Lucas Mearian http://www.computerworld.com/article/3040355/data-privacy/the-irony-in-the-fbis-request-to-unlock-the-iphone.html Computerworld | Mar 2, 2016 11:55 AM PT If the FBI wins its court battle to force Apple to unlock an iPhone used by one of the assailants in the San Bernardino terrorist attacks, the result could be a massive security hole that would affect many federal agencies. Apple continues to oppose a California judge's order to unlock security features on the iPhone used by Syed Rizwan Farook. The FBI has argued that it only wants the data from one iPhone. Apple contends that it would have to write software that could potentially unlock any iPhone, thereby threatening the privacy of anyone who owns the smartphone. What has largely gone unreported in the controversy, however, is that the federal government over the past four years has largely shifted its use of mobile devices from Blackberry to iPhones. The reason? The iPhone's strong, native passcode security. If Apple were to create a security skeleton key, it would represent a valuable prize for hackers seeking to break the work phones of federal employees. Apple this week formally appealed a California judge's order requiring it to help the FBI defeat the password protection on Farook's iPhone. Digital privacy advocates are supporting Apple in its bid to keep its iPhone encryption algorithm safe. In another ironic twist, in its rush to gather information, the FBI blew its chance to retrieve data from the iPhone when it ordered that Farook's password to Apple's online storage service, iCloud, be reset shortly after the attacks. The FBI believed that by resetting the iCloud password, it could gain access to the iPhone. Instead, the password change did the opposite by locking agents out and eliminating other means of gaining access to any information on the device. "If the FBI hadn't instructed San Bernardino County to change the password to the iCloud account, all this would have been unnecessary, and you would have had that information," Rep. Jerrold Nadler, (D-NY), said during a House Judiciary Committee hearing on Tuesday. If the FBI was rash in its attempt to initially break into Farook's iPhone, why should anyone assume its being any less rash in demanding that Apple make a defeat mechanism? Sure, Apple might be able to keep that software under wraps, but once it has created it, nothing will un-create it. And the consequences of exposing iPhones to security breaches go well beyond U.S. citizens and the federal government. For example, a member of France?s Socialist Party today submitted an amendment to a bill aimed at strengthening the government?s ability to fight terrorism that would impose a $1 million fine on Apple each time the company refused to unlock an iPhone in France. So the snowball effect that Apple has been so concerned with, and that the FBI has so arbitrarily swept aside in its arguments, is real. Once the precedent is set and once the genie is out of the bottle, there will be no putting it back. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 3 06:54:13 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Mar 2016 07:54:13 -0500 Subject: [Infowarrior] - OT: GOP hawks open letter on Trump (good read) Message-ID: <37D07C20-2691-4F18-AC22-E7B5DD2C4982@infowarrior.org> I've kept (and plan to keep) the insane, idiotic, pathetic antics of this election season off the list, but this letter, penned by many folks I have disagreed with in the past, is 90% spot-on in its assessment of the leading GOP presidential candidate's foreign policy ideas. Putting aside this group's own one-sided sentiment/actions following 911 and the run-up to Iraq II, it is cogently written and says what many (sane) people, Dem, Rep, and Ind, are thinking these days, and I believe warrants wider distribution here. -- rick Open Letter on Donald Trump from GOP National Security Leaders WOTR Staff March 2, 2016 http://warontherocks.com/2016/03/open-letter-on-donald-trump-from-gop-national-security-leaders/ We the undersigned, members of the Republican national security community, represent a broad spectrum of opinion on America?s role in the world and what is necessary to keep us safe and prosperous. We have disagreed with one another on many issues, including the Iraq war and intervention in Syria. But we are united in our opposition to a Donald Trump presidency. Recognizing as we do, the conditions in American politics that have contributed to his popularity, we nonetheless are obligated to state our core objections clearly: His vision of American influence and power in the world is wildly inconsistent and unmoored in principle. He swings from isolationism to military adventurism within the space of one sentence. His advocacy for aggressively waging trade wars is a recipe for economic disaster in a globally connected world. His embrace of the expansive use of torture is inexcusable. His hateful, anti-Muslim rhetoric undercuts the seriousness of combatting Islamic radicalism by alienating partners in the Islamic world making significant contributions to the effort. Furthermore, it endangers the safety and Constitutionally guaranteed freedoms of American Muslims. Controlling our border and preventing illegal immigration is a serious issue, but his insistence that Mexico will fund a wall on the southern border inflames unhelpful passions, and rests on an utter misreading of, and contempt for, our southern neighbor. Similarly, his insistence that close allies such as Japan must pay vast sums for protection is the sentiment of a racketeer, not the leader of the alliances that have served us so well since World War II. His admiration for foreign dictators such as Vladimir Putin is unacceptable for the leader of the world?s greatest democracy. He is fundamentally dishonest. Evidence of this includes his attempts to deny positions he has unquestionably taken in the past, including on the 2003 Iraq war and the 2011 Libyan conflict. We accept that views evolve over time, but this is simply misrepresentation. His equation of business acumen with foreign policy experience is false. Not all lethal conflicts can be resolved as a real estate deal might, and there is no recourse to bankruptcy court in international affairs. Mr. Trump?s own statements lead us to conclude that as president, he would use the authority of his office to act in ways that make America less safe, and which would diminish our standing in the world. Furthermore, his expansive view of how presidential power should be wielded against his detractors poses a distinct threat to civil liberty in the United States. Therefore, as committed and loyal Republicans, we are unable to support a Party ticket with Mr. Trump at its head. We commit ourselves to working energetically to prevent the election of someone so utterly unfitted to the office. David Adesnik Michael Auslin Robert D. Blackwill Daniel A. Blumenthal Max Boot Michael Chertoff Patrick Chovanec Eliot A. Cohen Carrie Cordero Michael Coulter Patrick M. Cronin Seth Cropsey Tom Donnelly Daniel Drezner Colin Dueck Eric Edelman Richard A. Falkenrath Peter D. Feaver Aaron Friedberg Jeffrey Gedmin Christopher J. Griffin Mary R. Habeck Rebeccah Heinrichs William C. Inboden Jamil N. Jaffer Robert G. Joseph Kate Kidder Robert Kagan David Kramer Matthew Kroenig Frank Lavin Philip I. Levy Mary Beth Long Matthew McCabe Bryan McGrath Paul D. Miller Charles Morrison Lester Munson Andrew S. Natsios Michael Noonan John Noonan Roger F. Noriega Robert T. Osterhaler Everett Pyatt Martha T. Rainville Stephen Rodriguez Daniel F. Runde Richard L. Russell Kori Schake Randy Scheunemann Gary J. Schmitt Kalev I. Sepp David R. Shedd Kristen Silverberg Michael Singh Ray Takeyh William H. Tobey Frances F. Townsend Jan Van Tol Julie Wood Dov S. Zakheim Roger Zakheim Philip Zelikow Robert B. Zoellick The statement above was coordinated by Dr. Eliot A. Cohen, former Counselor of the Department of State (2007?8) and Bryan McGrath, Managing Director of The FerryBridge Group, a defense consultancy. They encourage other members of the Republican foreign policy and national security communities wishing to sign the declaration to contact them. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 3 13:29:58 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Mar 2016 14:29:58 -0500 Subject: [Infowarrior] - FREAK, Logjam, DROWN All a Result of Weaknesses Demanded By US Gov't Message-ID: Somebody needs to inform Comey and Gowdy about this. If you can catch them in-between sensational hand-wringing (Comey) and shrill cluelessness (Gowdy) that is. --rick FREAK, Logjam, DROWN All a Result of Weaknesses Demanded By US Gov't http://it.slashdot.org/story/16/03/03/1545236/freak-logjam-drown-all-a-result-of-weaknesses-demanded-by-us-govt -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 3 15:55:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Mar 2016 16:55:18 -0500 Subject: [Infowarrior] - NSA Is Mysteriously Absent From FBI-Apple Fight Message-ID: <20683E33-F53C-49FB-B166-694C6ABEDBD2@infowarrior.org> NSA Is Mysteriously Absent From FBI-Apple Fight Jenna McLaughlin Mar. 3 2016, 4:00 p.m. https://theintercept.com/2016/03/03/nsa-is-mysteriously-absent-from-fbi-apple-fight/ The Federal Bureau of Investigation insisted that it was helpless. The bureau told a judge in February that Apple has the ?exclusive technical means? to try and unlock the contents of San Bernardino shooter Syed Rizwan Farook?s iPhone?and that?s why it should be forced to do so. But notably missing from the FBI?s argument was any mention of whether it had consulted spies and sleuths from the government?s intelligence community ? particularly the National Security Agency. The Twitterverse exploded with questions. Couldn?t the NSA break open the phone? If it could, why didn?t it? Apple itself raised those questions in a court filing. ?The government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks,? the company?s attorneys wrote. The NSA, after all, has long targeted digital encryption systems for exploitation and, as The Intercept revealed in 2015, the CIA and NSA have been working for nearly a decade specifically to find ways to hack into Apple devices. Those agencies could presumably help the FBI do what it wants to do to Farook?s iPhone: place a modified version of Apple?s iOS operating system on the device that allows rapid, unlimited attempts to guess Farook?s encryption passcode. Peter Thomson, a former federal prosecutor who worked on special assignment at the NSA, told The Intercept that ?I know of no case law that would put the burden on the FBI to go to the intelligence community? and that ?I don?t think the NSA has to share what it can and can?t do.? He added: ?Apple is being quite creative with its argument. Assuming first that the NSA can get into the phone?then [asking it to help] is pushing the envelope into the classified world.? FBI Director James Comey, when asked directly during a House Judiciary Committee hearing on Tuesday if the bureau had tried to get help from ?agencies such as the NSA,? replied: ?Yes is the answer. We?ve talked to anybody who will talk to us about it.? He later said: ?We don?t have the capabilities that people sometimes on TV imagine us to have. If we could have done this quietly and privately, we would have done it.? But his lack of specificity ? what did the NSA say when the FBI talked to them? Who is ?we?? ? did not really clear things up. So why didn?t the NSA help? Here are a few possibilities: 1. The NSA tried to help but it couldn?t. This seems unlikely, but it?s possible. For instance, it?s conceivable the agency isn?t able to forge Apple?s cryptographic signature, which is required to install a modified operating system on an iPhone. Dan Guido, CEO of security research firm Trail of Bits, explained in a blog post: ?Before any firmware image is loaded by an iPhone, the device first checks whether the firmware has a valid signature from Apple. This signature check is why the FBI cannot load new software onto an iPhone on their own ? the FBI does not have the secret keys that Apple uses to sign firmware.? 2. The NSA could help, but doesn?t want to. ?They don?t want to acknowledge they have the capability at all,? said Chris Soghoian, principal technologist at the American Civil Liberties Union. ?It?s giving the NSA?s adversaries false confidence. If you?re Angela Merkel and you have an iPhone, you?re feeling pretty good right now.? Similarly, if Apple knew the NSA had found a vulnerability, it would presumably try to fix it. Austin Berglas, a former FBI agent now at K2 Intelligence, told BuzzFeed the NSA might fear their help could end up being exposed in court. ?There are capabilities that the U.S. government has, that are used for intelligence collecting only and that wouldn?t be used for a criminal matter because they would have to come up in open court.? But Farook?s phone is unlikely to yield any useful evidence ? and particularly unlikely to spark new legal proceedings. And even in that case, courts have affirmed NSA?s legal right to keep its investigative methods secret ? if ?acknowledging the existence or nonexistence of the requested material would reveal a function or an activity of the NSA.? 3. The NSA isn?t allowed to help. The NSA?s mandate is to gather foreign intelligence while protecting U.S. secrets in the interests of national security. But Liza Goietein, co-director of the Liberty and National Security Program at the Brennan Center for Justice, said that?s never stopped the NSA from investigating at home before. ?The NSA? has a very broad interpretation of what?s foreign intelligence?broad enough to collect American phone records,? she said. And Thomson, the former prosecutor, told The Intercept: ?I?m not aware of any law that would prohibit the NSA from providing technical assistance.? In fact, the NSA has already helped with the San Bernardino case. Admiral Mike Rogers, the NSA?s chief, told Yahoo News that his agency successfully gathered metadata records for Farook?s phone?but not content. Indeed, the separation between outward-facing and inward-facing intelligence agencies has blurred considerably over the past 15 years. Less than three years after 9/11, then-FBI Director Robert S. Mueller said the bureau was in a much better position to prevent terrorist attacks ?because we coordinate much more closely and regularly with the CIA and NSA?because the legal wall between intelligence and law enforcement information has been eliminated.? 4. The FBI doesn?t want the NSA?s help. The most cynical explanation for why the NSA hasn?t helped is that the FBI hasn?t really tried to get it to. ?If they ask the NSA for help,? said Soghoian of the ACLU, ?they don?t get the precedent they want.? Though Comey told Congress that the FBI has ?talked to anybody who will talk to us about it,? there?s little question that the FBI would rather force technology companies to develop these kinds of tools so that law enforcers across the country can use them, rather than have to ask the NSA for help on a case-by-case basis. And while the FBI insists that the San Bernardino case isn?t about ?sending a message? or establishing a legal precedent, law enforcers across the country have said this case could fundamentally change the way they investigate crime. Apple is currently fighting 12 other court cases where it?s resisting orders to unlock a phone?some of them very early generations of iPhones with much less secure operating systems. The House Judiciary Committee?s ranking Democrat, Rep. John Conyers, expressed concerns earlier this week that the government is exploiting the tragedy in San Bernardino to push its agenda on encryption while sidestepping Congressional debate. ?I would be deeply disappointed if it turns out that the government is found to be exploiting a national tragedy to pursue a change in the law,? he said during a hearing on Tuesday. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 3 15:56:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Mar 2016 16:56:22 -0500 Subject: [Infowarrior] - Amazon Removes Encryption Support, Just As Its CTO Says 'Encryption Is Mandatory' Message-ID: <77CE3AF0-B359-425F-AE80-6419D0A18DED@infowarrior.org> Amazon Removes Encryption Support, Just As Its CTO Says 'Encryption Is Mandatory' https://www.techdirt.com/articles/20160303/11254333796/amazon-removes-encryption-support-just-as-cto-says-encryption-is-mandatory.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 3 16:05:15 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Mar 2016 17:05:15 -0500 Subject: [Infowarrior] - iPhone judge focused on 'burden' on Apple Message-ID: <918707C6-D448-4C70-8CE2-858B731AC660@infowarrior.org> iPhone judge focused on 'burden' on Apple By Josh Gerstein 03/03/16 02:44 PM EST http://www.politico.com/blogs/under-the-radar/2016/03/iphone-judge-focused-on-burden-on-apple-220180 The federal magistrate handling the government's demand that Apple help the FBI hack into an iPhone used by a dead terrorist is focused on the burden the request will place on the company, as well as the details of what's technically required to carry it out, according to a recording obtained by POLITICO. During a telephone conference last month with Apple lawyers and federal prosecutors, U.S. Magistrate Judge Sheri Pym identified those issues as her primary concerns as the two sides and outside groups file a flurry of legal briefs in the high-profile legal fight. "I am looking for full briefing on this and particularly with respect to, among other things...what technically is involved here, obviously going to the burden and some other issues," Pym declared during the Feb. 18 call. "I would like really as full a record as possible on this." Most of the call was devoted to scheduling issues, but the exchange does shed some new light on the early maneuvering in the dispute over the phone used by one of the shooters in the San Bernardino terrorist attack last December. Prosecutors and the FBI want to force Apple to create software to disable the phone's self destruct feature and to allow the FBI to submit possible passcodes without the escalating delays that follow repeated unsuccessful attempts. Pym was skeptical of the government plan to file a motion to compel in the legal fight even though it already filed a detailed pleading seeking the order against Apple and the order itself gave Apple five business days to object. "I'm not really clear what it would accomplish here," the magistrate said about the government's planned motion. "I don't really see what the government would achieve by that." A lawyer for Apple, Ted Boutrous, protested the planning filing, calling it "highly unusual and unnecessary and inappropriate." "There's nothing to compel," Boutrous said on the call. "We've never seen anything like that happen where a party hasn?t even been able to assert its objection....We would ask the court to not permit that filing." "It seems premature and out of place," said another attorney for Apple, Marc Zwillinger. Assistant U.S. Attorney Tracy Wilkison said the motion was appropriate and necessary because Apple CEO Tim Cook had issued a public statement vowing to resist the government's request. "I think that motion to compel really moves this forward," Wilkison said. She also said some of the delay in the case was due to the government's unsuccessful attempts to get Apple to agree to "voluntarily" help open the iPhone used by San Bernardino shooter Syed Farook. Boutrous said Cook's statement wasn't inappropriate given that the U.S. Attorney's Office had also issued a press release and even the White House had weighed in publicly on the issue. Pym ultimately agreed to accept the government's extra motion, but said she wasn't clear on how it advanced the dispute since she planned to hear that motion and Apple's protest of the order at the same hearing. The feds initially proposed that the hearing take place March 8, but the magistrate agreed to Apple's request for more time to file briefs, including amicus filings that have already begun arriving. "I am inclined to go with the schedule proposed by Apple" Pym said. "The phone here was seized over 2 months ago. I think the extra 2 weeks is not an unreasonable additional period of time." While Apple has been vocal about its opposition to the government's request since it became public, the recording also confirms reports that Apple initially asked prosecutors not to make public court filings disclosing the dispute. "We had asked the government to not go in ex parte, to not file it on the public record,? Boutrous said in the call last month. ?Apple has been cooperating with the government and working with the government on the San Bernardino matter and has provided substantial assistance." POLITICO obtained the recording of the call Wednesday after requesting it last week from the federal court. Josh Gerstein is a senior reporter for POLITICO. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 3 20:55:00 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Mar 2016 21:55:00 -0500 Subject: [Infowarrior] - French bill carries 5-year jail sentence for company refusals to decrypt data for police Message-ID: <7307A078-D97D-4EAE-9E13-E438B55EE44A@infowarrior.org> French bill carries 5-year jail sentence for company refusals to decrypt data for police Patrick Howell O'Neill http://www.dailydot.com/politics/france-encryption-decryption-law-punish/ Employees of companies in France that refuse to decrypt data for police can go to prison for five years under new legislation from conservative legislators, Agence France-Presse reports. The new proposal echoes a bill from January 2016 that would have mandated ?backdoors? into encryption in France. That backdoor bill, championed by Conservatives in the French legislature, was defeated and criticized by the current government of Prime Minister Manuel Valls. The new punitive legislation, which is also being criticized by the Valls government, is an amendment to a larger penal reform bill. Like its predecessor, it's unclear that this amendment will make it through to law. ?It is unacceptable that the state loses any control over encryption and, in fact, be the subject of manipulation by U.S. multinationals.? The punishment for refusing to hand over access to encrypted data is a five year jail sentence and $380,000 fine. Telecom companies would face their own penalties, including up to two years in jail. M. Pierre Lellouche, a French Republican, singled out American encryption in particular. ?Ironically, encrypted systems generally come from the U.S. military?I think the Tor network and Dark cloud in general?and most companies that engage in this kind of trade are American,? he told the National Assembly. ?They deliberately use the argument of public freedoms to make money knowing full well that the encryption used to drug traffickers, to serious [criminals] and especially to terrorists. It is unacceptable that the state loses any control over encryption and, in fact, be the subject of manipulation by U.S. multinationals.? Lellouche criticized opponents of the amendment sharply: ?In terms of prevention, by one vote, you do not want to send the signal of resistance to US multinationals to end encryption of communications between terrorists. You do not want to send that signal.? The new French proposal will resonate loudly with those following the American legal clashes between the FBI and Apple. The U.S. tech firm is fighting a court order requiring it to help the Federal Bureau of Investigation hack into the iPhone of a San Bernardino shooter, arguing that it will set a harmful precedent and greatly weaken overall American cybersecurity. ?It is absolutely essential that France is sending a solemn signal that our prosecutors and intelligence services can have access to data available to these multinational corporations,? Lellouche said. ?For such companies, colleagues, know the addresses of those who plan attacks against our country. It is unbearable to accept such a situation!? French parliamentary deputies voted in favor of the new amendment on Thursday. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 3 21:04:53 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Mar 2016 22:04:53 -0500 Subject: [Infowarrior] - =?utf-8?q?_San_Bernardino_DA_says_seized_iPhone_m?= =?utf-8?q?ay_hold_=E2=80=9Cdormant_cyber_pathogen=E2=80=9D?= Message-ID: OFFFS. San Bernardino DA says seized iPhone may hold ?dormant cyber pathogen? by David Kravets - Mar 3, 2016 9:28pm EST He says iPhone might be "a weapon" to trigger some nefarious worm of some sort. The San Bernardino District Attorney told a federal judge late Thursday that Apple must assist the authorities in unlocking the iPhone used by Syed Farook, one of the two San Bernardino shooters that killed 14 people in a killing rampage in December. The phone, which was a county work phone issued to Farook as part of his Health Department duties, may have been the trigger to unleash a "cyber pathogen," county prosecutors said in a brief court filing. "The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino's infrastructure," according to a court filing (PDF) by Michael Ramos, the San Bernardino County District Attorney. < - > Jonathan Zdziarski, a prominent iPhone forensics expert, said in a telephone interview that the district attorney is suggesting that a "magical unicorn might exist on this phone." "The world has never seen what he is describing coming from an iPhone," Zdziarski said. "I would expect, I would demand, in order to make that statement at all, he should make some kind of proof." < - > In a follow-up e-mail, Zdziarski added: "This reads as an amicus designed to mislead the courts into acting irrationally in an attempt to manipulate a decision in the FB'Is favor. It offers no evidence whatsoever that the device has, or even might have, malware on it. It offers no evidence that their network was ever compromised. They are essentially saying that a magical unicorn might exist on this phone." < - > http://arstechnica.com/tech-policy/2016/03/san-bernardino-da-says-seized-iphone-may-hold-dormant-cyber-pathogen/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 4 08:10:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Mar 2016 09:10:48 -0500 Subject: [Infowarrior] - Amazon's security hypocrisy Message-ID: <5AC04C4E-86CA-4488-92CE-0B6B27BA4CCF@infowarrior.org> (What annoys me most here: the word "quietly" ... --rick) Amazon Quietly Disabled Encryption On Its Fire OS 5 Devices The surprising move comes at a time when Apple is battling with the FBI over the necessity of encryption. Michael Grothaus 03.04.16 8:20 AM http://www.fastcompany.com/3057482/fast-feed/amazon-quietly-disabled-encryption-on-its-fireos-5-devices It?s come to light that Amazon quietly disabled encryption on all of its Fire OS devices with its latest major software update. The revelation comes at a time when Apple is in an unprecedented legal battle with the FBI and a heated debate over the very importance of encryption technology in every user?s life. The disabling of Fire OS?s encryption happened with the update to the company?s Fire OS 5 software that runs on the Kindle Fire, Fire Phone, Amazon Fire HD, and Amazon Fire TV Stick, reports The Verge. What?s most striking about the disabling of Fire OS?s encryption is that Amazon didn?t publicly give users a heads-up, despite Fire OS 5 shipping to users last fall. The news was first reported publicly earlier this year when posts began popping up on Amazon?s customer discussion forums by eagle-eyed Fire OS users. Soon after, cybersecurity enthusiast David Scovetta posted a screenshot of the only place Amazon mentioned its disabling of Fire OS?s encryption: in the OS?s user guide. Amazon hasn?t commented on the removal of Fire OS encryption beyond releasing a simple statement saying its removal was due to the fact that some customers weren?t using it: "In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren?t using," an Amazon spokesperson said. "All Fire tablets? communication with Amazon?s cloud meet our high standards for privacy and security including appropriate use of encryption." Amazon?s surprise move has been blasted by the technology press, privacy advocates, and cybersecurity experts. "Removing device encryption due to lack of customer use is an incredibly poor excuse for weakening the security of those customers that did use the feature," Jeremy Gillula, staff technologist with the Electronic Frontier Foundation, told Business Insider. "Given that the information stored on a tablet can be just as sensitive as that stored on a phone or on a computer, Amazon should instead be pushing to make device encryption the default?not removing it." Nathan White, senior legislative manager at digital rights organization Access Now, told Wired, "Amazon?s decision is backward?it not only moves away from default device encryption, where other manufacturers are headed, but removes all choice by the end user to decide to encrypt it after purchase." As the Guardian notes, the move is especially baffling considering Amazon is one of the myriad tech companies supporting Apple in its fight against the FBI, with Amazon chief technology officer Werner Vogels openly talking about the importance of encryption at the Mobile World Congress a few weeks ago. "We believe that you cannot have a connected business, or an internet-connected business and not make security and protection of your customers your number one priority," Vogels said. "Encryption plays a very, very important role in that ... it is one of the few really strong tools we have so customers know that only they have access to their data and nobody else." As the Guardian notes, Vogels? comments came months after Amazon actually removed encryption. "The company has, effectively, created a public facade that supports encryption even as it removes security features from its products," the newspaper said. "It definitely seems like there is quite a bit of hypocrisy there," observed the EFF?s Gillula. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 4 10:15:34 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Mar 2016 11:15:34 -0500 Subject: [Infowarrior] - MD Court: No, Turning On Your Phone is Not Consenting to Being Tracked by Police Message-ID: <7F5C947A-43D2-480A-A7A2-3F2791230AA5@infowarrior.org> No, Turning On Your Phone is Not Consenting to Being Tracked by Police Alex Emmons Mar. 4 2016, 10:38 a.m. https://theintercept.com/2016/03/04/no-turning-on-your-phone-is-not-consenting-to-being-tracked-by-police/ The Maryland Court of Special Appeals on Wednesday upheld a historic decision by a state trial court that the warrantless use of cell-site simulators, or Stingrays, violates the Fourth Amendment. The trial court had suppressed evidence obtained by the warrantless use of a Stingray ? the first time any court in the nation had done so. Last April, a Baltimore police detective testified that the department has used Stingrays 4,300 times since 2007, usually without notifying judges or defendants. The ruling has the potential to set a strong precedent about warrantless location tracking. ?Police should now be on notice,? said Nate Wessler, a staff attorney with the ACLU?s Speech, Privacy, and Technology Project. ?Accurately explain your surveillance activities to a judge and get a warrant, or risk your evidence being thrown out.? Stingrays mimic cell phone towers, tricking nearby phones into connecting and revealing users? locations. Stingrays sweep up data on every phone nearby ? collecting information on dozens or potentially hundreds of people. The case centers around the 2014 arrest of Kerron Andrews, a suspect in a shooting that injured three people. In order to locate him, police filed a ?pen register? application, which is not a warrant, and does not require them to establish probable cause. A judge granted the application, which said that police would obtain the information from Andrews?s wireless service provider. Instead, police used a high-tech Stingray called the ?Hailstorm.? They located Andrews and found the murder weapon. However, they repeatedly failed to notify the judge about the change in tactics. Finally, during a hearing last June, the police department was forced to testify about the Hailstorm, leading the judge to accuse them of intentionally withholding information from the defense. After the trail court threw out the Stingray evidence, the Maryland attorney general alarmed civil liberties groups by arguing that anyone who keeps their phone turned ?on? is consenting to being tracked by police. The full ruling, which has not yet been issued, will presumably reject that argument. During the oral argument before the Appeals Court in February, one of the judges called the police?s pen register application a ?completely false document,? and ?completely disingenuous.? The Department of Justice issued guidelines in September requiring federal officers to apply for a warrant before using a Stingray. Those guidelines only applied to the seven agencies known to use them, not to state and local police. In 2014, the state of Maryland passed a law requiring a warrant for police to track an individual?s current or real-time location. The law only affects cases going forward, so it did not influence Andrew?s case. Stingrays are also piquing the interest of lawmakers on Capitol Hill. Lawmakers held a hearing Tuesday on a bill that would require all police departments to get a warrant before using Stingrays. ?Just because it?s easier in 2016 for law enforcement to track our location and learn intimate details about our lives, it doesn?t mean those details are somehow less worthy of Constitutional protection,? said House Oversight Committee Chairman Jason Chaffetz. ?Get a warrant.? In December, The Intercept published a secret catalogue of U.S. government surveillance equipment, including Stingrays. The advertisements for some items boast that they can spy on 10,000 people. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 5 07:26:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 5 Mar 2016 08:26:22 -0500 Subject: [Infowarrior] - =?utf-8?q?_Amazon_will_restore_Fire_OS=E2=80=98_e?= =?utf-8?q?ncryption_support_in_the_spring?= Message-ID: Amazon will restore Fire OS? encryption support in the spring by Andrew Cunningham - Mar 5, 2016 12:10am EST http://arstechnica.com/gadgets/2016/03/amazon-will-restore-fire-os-encryption-support-in-the-spring/ Amazon will restore optional full disk encryption to Fire OS 5 in a software update "coming this spring," according to a statement released by the company on Friday evening. The company originally removed disk encryption support in FireOS 5, which was introduced on Fire tablets last fall. It only made headlines yesterday after that update started to roll out for older devices?those tablets shipped with encryption support which was removed by the update, and users complained. The topic of device encryption is also on everyone's mind thanks to Apple's high-profile fight with the FBI over a locked iPhone 5C. Amazon originally said that it removed encryption support from the Android-based Fire OS because it was an "enterprise feature" that "consumers weren't using." The complaints and news reports were apparently enough to get the company to reverse course. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 5 07:29:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 5 Mar 2016 08:29:09 -0500 Subject: [Infowarrior] - San Bernadino DA made up the 'dormant cyber pathogen' thing Message-ID: What is a ?lying-dormant cyber pathogen?? San Bernardino DA says it?s made up [Update] by David Kravets - Mar 4, 2016 8:11pm EST One day after the San Bernardino County district attorney said that an iPhone used by one of the San Bernardino shooters might contain a "lying-dormant cyber pathogen," the county's top prosecutor went on the offense again. DA Michael Ramos said Apple must assist the FBI in unlocking the phone because an alleged security threat might have been "introduced by its product and concealed by its operating system." Ramos' office said the "Companies that introduce dangerous products, and it can be argued that the iPhone with its current encryption is dangerous to victims, are required to fix them. Companies that create environmental damage are required to clean it up," the prosecutor said in a filing Friday afternoon. The fact no one has heard of a pathogen that might carry devastating qualities has us and others wanting to know exactly what is a "lying-dormant cyber pathogen?" We asked Ramos' office to elaborate. Ars' e-mail and phone messages, however, were not returned. As the chatter on Twitter and elsewhere could attest, security and forensics experts have never heard of this type of threat. Online commenters called it everything from a "magical unicorn" to a make-believe plot that we might see on the broadcast TV show CSI: Cyber. But late Friday, Ramos told The Associated Press that his cyber doom suggestion was out of thin air. "This was a county employee that murdered 14 people and injured 22," Ramos said. "Did he use the county's infrastructure? Did he hack into that infrastructure? I don't know. In order for me to really put that issue to rest, there is one piece of evidence that would absolutely let us know that, and that would be the iPhone." Ramos had been tight-lipped on exactly what security threat may be on the passcode-protected phone of Syed Farook, a county worker who was one of two shooters in the Dec. 2 massacre that killed 14 and wounded scores of others. The prosecutor suggested in a court filing yesterday that the iPhone?a county phone used by Farook and recovered after the shooting?might be some type of trigger to release a "lying-dormant cyber pathogen" into the county's computer infrastructure. On Friday, the district attorney again demanded that a federal magistrate presiding over the dispute command Apple to help decrypt the phone. < - > http://arstechnica.com/tech-policy/2016/03/what-is-a-lying-dormant-cyber-pathogen-san-bernardino-da-wont-say/ I From rforno at infowarrior.org Sat Mar 5 07:36:03 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 5 Mar 2016 08:36:03 -0500 Subject: [Infowarrior] - Masnick (rightfully) skewers the full San Bernadino DA brief Message-ID: <28276A0C-9A9D-4E40-9FD4-0E0BF469013A@infowarrior.org> Full Brief From San Bernardino District Attorney Even More Insane Than Application About https://www.techdirt.com/articles/20160304/17382433809/full-brief-san-bernardino-district-attorney-even-more-insane-than-application-about-dormant-cyber-pathogen.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 6 08:52:07 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Mar 2016 09:52:07 -0500 Subject: [Infowarrior] - Email pioneer Ray Tomlinson dead at 74 Message-ID: <4C588953-04D6-4049-AF9C-06435791F07D@infowarrior.org> Email pioneer Ray Tomlinson dead at 74 http://www.smh.com.au/technology/web-culture/email-pioneer-ray-tomlinson-dead-at-74-20160306-gnbspq.html Raymond Tomlinson, the godfather of email, died Saturday morning of a suspected heart attack. He was 74. Tomlinson, who was inducted into the Internet Hall of Fame in 2012, is best known for rescuing the @ symbol from obscurity and, in the process, shaping the way we talk about being online. He was also a key driver in the development of standards for the "From", "Subject", and date fields found in email messages today. Aesthetically speaking, @ is a rotund and cozy symbol, sleek enough to have been inducted into MoMA's architecture and design collection. In 2010, the museum called the acquisition "momentous" and "elating," but cheerful enough to have acquired friendly nicknames around the world. In Israel, it's a "strudel"; in Croatia, it's a "monkey"; and in Mandarin Chinese, it goes by "little mouse". Conceptually, what @ has done is signify the internet as a destination: the @ symbol is "at", therefore the internet is a place one can go, a place at which one may reside. The symbol suggests that we think of the web as a geographic location, rather than a state of mind. It is something to be surfed, cruised and crawled through. Forty years ago, Tomlinson was an engineer at the R&D company Bolt Beranek and Newman when he developed an application that allowed messages to be sent back and forth between computers. He used @ to separate the user name from the host name, selecting a symbol with a modicum of familiarity to the general public. At the time, it was used mostly for accounting purposes ? 10 bananas @ 25 cents ? but some linguists think the marking dates to the sixth century, invented as an abbreviation for the Latin word meaning "toward" or "at". His official biography page on the Internet Hall of Fame website credit's Tomlinson with "fundamentally changing the way people communicate". "Today, tens of millions of email-enabled devices are in use every day. Email remains the most popular application, with over a billion and a half users spanning the globe and communicating across the traditional barriers of time and space," his citation reads. -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 6 18:54:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Mar 2016 19:54:31 -0500 Subject: [Infowarrior] - Apple VP op-ed: The FBI wants to roll back safeguards that keep us a step ahead of criminals Message-ID: <020B030C-284C-45DE-82BD-277ECC46F430@infowarrior.org> Apple VP: The FBI wants to roll back safeguards that keep us a step ahead of criminals By Craig Federighi https://www.washingtonpost.com/opinions/apple-vp-the-fbi-wants-to-roll-back-safeguards-that-keep-us-a-step-ahead-of-criminals/2016/03/06/cceb0622-e3d1-11e5-a6f3-21ccdbc5f74e_story.html March 6 at 7:10 PM Craig Federighi is senior vice president of software engineering at Apple. He first joined Apple in 1997. As the head of software engineering at Apple, I think nothing is more important than the safety of all of our customers. Even as we strive to deliver delightful experiences to users of iPhones, iPads and Macs, our team must work tirelessly to stay one step ahead of criminal attackers who seek to pry into personal information and even co-opt devices to commit broader assaults that endanger us all. Sadly, these threats only grow more serious and sophisticated over time. In just the past 18 months, hackers have repeatedly breached the defenses of retail chains, banks and even the federal government, making off with the credit card information, Social Security numbers and fingerprint records of millions of people. But the threat to our personal information is just the tip of the iceberg. Your phone is more than a personal device. In today?s mobile, networked world, it?s part of the security perimeter that protects your family and co-workers. Our nation?s vital infrastructure ? such as power grids and transportation hubs ? becomes more vulnerable when individual devices get hacked. Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks through access to just one person?s smartphone. That?s why my team works so hard to stay ahead. The encryption technology built into today?s iPhone represents the best data security available to consumers. And cryptographic protections on the device don?t just help prevent unauthorized access to your personal data ? they?re also a critical line of defense against criminals who seek to implant malware or spyware and to use the device of an unsuspecting person to gain access to a business, public utility or government agency. Of course, despite our best efforts, nothing is 100 percent secure. Humans are fallible. Our engineers write millions of lines of code, and even the very best can make mistakes. A mistake can become a point of weakness, something for attackers to exploit. Identifying and fixing those problems are critical parts of our mission to keep customers safe. Doing anything to hamper that mission would be a serious mistake. That?s why it?s so disappointing that the FBI, Justice Department and others in law enforcement are pressing us to turn back the clock to a less-secure time and less-secure technologies. They have suggested that the safeguards of iOS 7 were good enough and that we should simply go back to the security standards of 2013. But the security of iOS 7, while cutting-edge at the time, has since been breached by hackers. What?s worse, some of their methods have been productized and are now available for sale to attackers who are less skilled but often more malicious. To get around Apple?s safeguards, the FBI wants us to create a backdoor in the form of special software that bypasses passcode protections, intentionally creating a vulnerability that would let the government force its way into an iPhone. Once created, this software ? which law enforcement has conceded it wants to apply to many iPhones ? would become a weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all. I became an engineer because I believe in the power of technology to enrich our lives. Great software has seemingly limitless potential to solve human problems ? and it can spread around the world in the blink of an eye. Malicious code moves just as quickly, and when software is created for the wrong reason, it has a huge and growing capacity to harm millions of people. Security is an endless race ? one that you can lead but never decisively win. Yesterday?s best defenses cannot fend off the attacks of today or tomorrow. Software innovations of the future will depend on the foundation of strong device security. We cannot afford to fall behind those who would exploit technology in order to cause chaos. To slow our pace, or reverse our progress, puts everyone at risk. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 8 07:54:01 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Mar 2016 08:54:01 -0500 Subject: [Infowarrior] - YCMTSU: Another F-35 'feature' Message-ID: The latest in a long line of bugs, glitches, and problems plaguing this multi-billion-dollar flying catastrophe. At this point, I'll go out on a limb and say the F-35 is making the Bradley Fighting Vehicle look like a model of developmental awesome and procurement efficiency. My sympathies to the pilots sentenced to flying these things at home, let alone in a combat zone. --rick Radar glitch requires F-35 fighter jet pilots to turn it off and on again Troubled warplane that has yet to see any cyber security testing hit with yet another bug affecting flight performance requiring software update http://www.theguardian.com/technology/2016/mar/08/radar-glitch-requires-f-35-fighter-jet-pilots-to-turn-it-off-and-on-again -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 8 10:36:21 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Mar 2016 11:36:21 -0500 Subject: [Infowarrior] - Intel Whistle-Blowers Fear Government Won't Protect Them Message-ID: Intel Whistle-Blowers Fear Government Won't Protect Them Eli Lake http://www.bloombergview.com/articles/2016-03-08/intel-whistle-blowers-fear-government-won-t-protect-them Nearly three years after Edward Snowden bypassed the intelligence community's own process for reporting wrongdoing and leaked troves of classified documents to Glenn Greenwald, the system for protecting whistle-blowers inside the national security state remains broken. This is the view of current and former intelligence officials, national security lawyers and the chairman of the House Intelligence Committee. Their message is simple: Whistle-blowers are often too intimidated to take their case to the inspectors general and Congress. "There is a systemic problem with the whistle-blower process," Representative Devin Nunes told me. "There is no easy way for them to come forward that doesn't jeopardize their careers, across the whole defense and intelligence community enterprise." The Office of the Director of National Intelligence has in the past two years tried to address this problem, with mixed results at best. Dan Meyer, the executive director of the Intelligence Community's Whistle-Blowing & Source Protection program, said in a statement that more whistle-blowers were coming forward in the last two years since the intelligence community began implementing a 2012 executive order from President Barack Obama that gave them additional protections. He said his office was also doing more, for example, to educate agencies on the new law and regulation. Meyer conceded, however, there were holes in the process. "Protections are imperfect given their differences, the most notable being the lack of equivalent laws protecting intelligence community contractors from reprisal actions by the private companies employing them," he said. He also acknowledged: "There will likely be some reluctance on the part of whistle-blowers to come forward. In our experience, this is understandably a very emotional event in someone?s career given what?s at stake." Mark Zaid, a national security lawyer who has represented dozens of whistle-blowers over the last two decades, went further. "I have not seen any noticeable improvement in the ability of a national security whistle-blower to come forward and be confident they will be protected," he told me. Snowden himself has said that he went to the press because of the experience of whistle-blowers before him. Specifically, he has talked about Thomas Drake, a former official at the National Security Agency. In the late 1990s and early 2000s, Drake tried to warn his superiors and other oversight bodies of what he saw as a wasteful and illegal NSA program, known as "Trailblazer," to collect personal data from digital networks. For Drake, the system didn't work. Out of frustration, he eventually leaked what he has says was unclassified information about the program to the Baltimore Sun. The Justice Department prosecuted him in 2010, but dropped his case the following year. His career was ruined. A staff member on the House Intelligence Committee who took Drake seriously, Diane Roark, soon found she too was under investigation. She told me that because of her interest in Drake's complaints, and lobbying within the system on his behalf, the Justice Department and eventually her own committee put her under the microscope. "They wanted to ruin our lives and make an example out of us to anyone else in the intelligence community," she told me, even though she said she never took Drake's complaints to the press. Speaking anonymously, other U.S. intelligence officials told me analysts often face milder forms of intimidation if they are suspected of talking to Congress. This includes threats to suspend one's security clearance, or being deliberately kept out of loop on important programs. At issue is anonymity. The inspector general for the intelligence community is required by law to tell the Office of the Director of National Intelligence the identities of whistle-blowers that seek to speak with Congress. The DNI office has also bolstered its monitoring of intelligence professionals and their browsing habits on classified computer systems since the first mass disclosures by WikiLeaks in 2010. Congress and others have adjusted. Nunes told me he has found creative ways for intelligence professionals to get him information. One was through an annual survey provided to intelligence analysts on the integrity of their product. At a hearing last month Nunes disclosed that 40 percent of analysts at U.S. Central Command, or CentCom, who responded to the survey complained their reports on the Islamic State were skewed by higher-ups to make the U.S.-led campaign seem more effective than it really was. (The Pentagon's acting inspector general, Glenn Fine, is also looking into these claims). Nunes said analysts filled out extensive comments in response to the survey describing how their work was politicized, with the intention of getting them to the committee. Yet Nunes is still trying to get those in-depth comments from the Office of the Director of National Intelligence. While some analysts at Central Command have gone directly to the inspector general at the Pentagon (who declined to comment for this column), Nunes said there were many more at CentCom who did not want to risk potential retribution and file a formal complaint. Nunes also said intelligence officials who have helped his investigation into cost-padding for the construction of a new Joint Intelligence Analysis Center in Europe have been too intimidated to go through the formal whistle-blower process. It's understandable that lawmakers like Nunes would raise concerns about weak protections for whistle-blowers. His committee is supposed to perform oversight, even though his predecessors have not made this an issue. But fixing the system is also in the interest of the national security state itself. In the last five years, the intelligence community has invested great resources to protect its secrets from the next mega-leaker. But if whistle-blowers inside the system see no recourse to address legitimate grievances, then the intelligence community should brace itself for more Snowdens. (Corrects spelling of Diane Roark's last name in ninth paragraph.) This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners. To contact the author of this story: Eli Lake at elake1 at bloomberg.net To contact the editor responsible for this story: Tobin Harshaw at tharshaw at bloomberg.net -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 8 11:24:48 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Mar 2016 12:24:48 -0500 Subject: [Infowarrior] - FBI quietly changes its privacy rules for accessing NSA data on Americans Message-ID: <29DFAC29-2698-4CDE-9AAD-2351C2078A34@infowarrior.org> FBI quietly changes its privacy rules for accessing NSA data on Americans Exclusive: Classified revisions accepted by secret Fisa court affect NSA data involving Americans? international emails, texts and phone calls http://www.theguardian.com/us-news/2016/mar/08/fbi-changes-privacy-rules-accessing-nsa-prism-data -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 8 14:54:01 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Mar 2016 15:54:01 -0500 Subject: [Infowarrior] - Fwd: Of Cockpits And Phone Encryption References: <679499396.4824269.1457469774932.JavaMail.yahoo@mail.yahoo.com> Message-ID: c/o MM. -- It's better to burn out than fade away. > Begin forwarded message: > > Of Cockpits And Phone Encryption: Tradeoffs And Probabilities > from the think-this-through dept > by Mike Masnick > Tue, Mar 8th 2016 10:37am > https://www.techdirt.com/articles/20160306/22252833817/cockpits-phone-encryption-tradeoffs-probabilities.shtml > > Blake Ross (boy genius Firefox founder and later Facebook product guy) has written a somewhat bizarre and meandering -- but totally worth reading -- article about the whole Apple v. FBI fight, entitled (believe it or not): Mr. Fart's Favorite Colors . There are a few very good points in there, about the nature of programming, security and the government (some of which even make that title make sense). But I'm going to skip over the farts and colors and even his really excellent description of the ridiculousness of TSA security theater in airports, and leap forward to a key point raised in the article, focused on airplane security, which presents a really good analogy for the iPhone encryption fight. He points out that the only thing that has truly helped stop another 9/11-style plane hijacking (as Bruce Schneier points out repeatedly) is not the TSA security theater, but reinforced, locked cockpit doors that make it impossible for people in the cabin to get into the cockpit. > > However, Ross notes, there are scenarios in which those in the cockpit need to leave the cockpit (usually to use the bathroom), and therein lies an interesting security challenge for those designing the security of the planes. How do you let that pilot (or another crew member) back in, but not a bad guy? Here's the solution that airlines have come up with, as described by Ross (or you can read the NY Times version , which is a little drier): > When the pooping pilot wants to reenter the cockpit, he calls the flying pilot on the intercom to buzz him in. > If there?s no answer, the outside pilot enters an emergency keycode. If the flying pilot doesn?t deny the request within 30 seconds, the door unlocks. > The flying pilot can flip a switch to disable the emergency keypad for 5 to 20 minutes (repeatedly). > Like Asimov?s three laws, these checks and balances try to approximate safety while accounting for contingencies. If the flying pilot risked Delta?s gefilte fish and passed out, you want to make sure the other pilot can still re-enter. But add all the delays and overrides and backstops you want; you still have to make a fundamental decision. Who controls entry: the people on the inside, or the people on the outside? > Governments decided that allowing crew members to fully override the flying pilot using a key code would be insecure, since it would be too easy for that code to leak. Thus, there is nothing the outside pilot can do???whether electronically or violently???to open the door if the flying pilot is both conscious and malicious. > And as Ross notes, this is a pretty reasonable tradeoff in nearly all circumstances. It's quite difficult for someone bad to get in, and yet those in the cockpit can mostly be okay with leaving and getting back in even if a pilot remaining in the cockpit suddenly drops dead. But, there is still one scenario in which that security gets totally messed up -- and it's with Germanwings Flight 9525 almost a year ago, in which a mentally ill co-pilot locked the captain out of the cockpit and then deliberately crashed the plane into a mountain. > > As Time Magazine noted , this is the tricky part of security systems: "sometimes it?s important to keep people out; sometimes it?s important to get inside." > > And, of course, there's a little of that in the Apple v. FBI fight. The FBI is arguing that it's important to let people in, because 14 people died after a husband and wife killed 14 people and wounded more. But lots of other people are pointing out that there are much bigger security benefits in keeping people out. And that's why this is really a debate about "security v. security" rather than "security v. privacy." > > Strong encryption on devices is like that locked cockpit door. Under most scenarios, it keeps people much safer. It's a useful and powerful security feature. But, yes, in some cases -- such as that of the suicidal Germanwings co-pilot -- it is less secure. And, there do seem to be ways to mitigate that kind of risk without harming the wider security (many airlines now require that even if someone leaves the cockpit, a second crew-member must be present in the cockpit). But, in the end, we look at the likelihood and probability of the need for such security solutions. And it's not hard to realize that, in the grand scheme of things, locking people out protects many, many, many more people from the rare instances of suicidal co-pilots (and or quasi-terrorist attacks). > > And that's the real issue here. Strong encryption on our devices is much more likely to lead to much more protection and security for many more people than without such encryption. Nearly all of us are likely to be safer because of strong encryption. But, that might not include everyone. Yes, there will be some instances -- though likely few and far between -- where such encryption allows someone to secretly plan and (potentially) get away with some sort of heinous act. And it will be reasonable and expected that people will whine and complain about how the security feature got in the way of stopping that attack. But the likelihood of that is much, much smaller, than the very real possibility of attacks on weak phones affecting many of us. > > Or, as Ross concludes (in a way that makes even more sense if you read the whole piece...): > Unfortunately it?s not that complicated, which means it?s not that simple. Unbreakable phones are coming. We?ll have to decide who controls the cockpit: The captain? Or the cabin? Either choice has problems, but???I?m sorry, Aunt Congress???you crash if you pick 2. > But when you have people like the technically ignorant San Bernardino District Attorney Michael Ramos insisting that he needs to be able to get into that iPhone, just recognize that he's arguing that we should unlock cockpit doors just in case there's a suicidal co-pilot in there, without recognizing how frequently such unlocked cockpit doors will be used by others who wish to do even more harm. > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Wed Mar 9 12:53:07 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Mar 2016 13:53:07 -0500 Subject: [Infowarrior] - Senate Intel encryption bill could come next week Message-ID: Senate Intel encryption bill could come next week By Cory Bennett - 03/09/16 01:35 PM EST http://thehill.com/policy/cybersecurity/272389-senate-intel-chair-encryption-piercing-bill-could-come-next-week The chairman of the Senate Intelligence Committee says a bill to give law enforcement access to encrypted data could come as early as next week. ?I?m hopeful,? Sen. Richard Burr (R-N.C.) told The Hill before a Wednesday vote. The long-awaited bill ? in the works since last fall?s terror attacks in Paris and San Bernardino, Calif. ? is expected to force companies to comply with court orders seeking locked communications. The FBI and law enforcement have long warned that encryption is making it more difficult to uncover criminal and terrorist plots. Burr, who chairs the Senate Intelligence Committee, has been drafting legislation to address the issue with Sen. Dianne Feinstein (D-Calif.), the committee?s ranking member. Feinstein told The Hill she passed the text along earlier this week to White House chief of staff Denis McDonough. ?My hope is since I was the one that gave it to Denis McDonough, they will take a look at it and let us know what they think,? she said. The Obama administration?s response will determine the bill?s timing, Burr added. The introduction ?depends on how fast the White House gets back to us,? he said. The White House last fall decided to back away from supporting similar legislative options, leading many to believe the administration will not champion the Burr-Feinstein effort. The Senate is scheduled to recess the last two weeks of March, meaning Burr and Feinstein have until March 19 to release their offering before the upper chamber breaks until April 4. Burr pegged it as ?an outside chance? the bill would be released before that break. The measure is intended to address the so-called going dark phenomenon, in which terrorists and criminals use encryption to hide from law enforcement. In response, law enforcement officials have pushed for some type of guaranteed access to these secured conversations. But the tech community and privacy advocates have resisted, arguing that such access would cripple global digital security and infringe on civil liberties. These disagreements were thrust into the spotlight last month when Apple rebuffed a court order asking the tech giant to help unlock an iPhone used by one of the San Bernardino shooters. The contentious standoff could make the Burr-Feinstein bill the most controversial salvo in a heated Capitol Hill debate over whether and how Congress should act. While lawmakers such as Senate Armed Services Committee Chairman John McCain (R-Ariz.) and Sen. Tom Cotton (R-Ark.) have vocally backed the Burr-Feinstein efforts, a bipartisan contingent of lawmakers believe regulating encryption standards would not only weaken security, but also damage America?s economic competitiveness. A third group has concluded the issue is too complicated to go with either approach, and is backing a compromise bill to establish a national commission that would study the subject. That measure, from House Homeland Security Chairman Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.), was introduced last week with a plethora of bipartisan co-sponsors, including seven in the upper chamber and 15 in the lower chamber. Other prominent senators, including Homeland Security Chairman Ron Johnson (R-Wis.), have since come out in favor of the McCaul-Warner commission as well. Feinstein told The Hill she could not predict how her bill would be received. ?It?s obviously controversial, so I can?t tell you,? she said. ?It?s just that I have a basic fundamental belief this is very important and that no American company should be above the law.? -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 9 12:53:15 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Mar 2016 13:53:15 -0500 Subject: [Infowarrior] - =?utf-8?q?Comey=E2=80=99s_FBI_makes_waves?= Message-ID: <90356CA4-D4D9-4E4E-8B78-9D9666305F2D@infowarrior.org> Comey?s FBI makes waves Cameron Lancaster By Cory Bennett and Julian Hattem - 03/09/16 06:00 AM EST http://thehill.com/policy/cybersecurity/272290-comeys-fbi-makes-waves The aggressive posture of the FBI under Director James Comey is becoming a political problem for the White House. The FBI?s demand that Apple help unlock an iPhone used by one of the San Bernardino killers has outraged Silicon Valley, a significant source of political support for President Obama and Democrats. Comey, meanwhile, has stirred tensions by linking rising violent crime rates to the Black Lives Matter movement?s focus on police violence and by warning about ?gaps? in the screening process for Syrian refugees. Then there?s the biggest issue of all: the FBI?s investigation into the private email server used by Hillary Clinton, Obama?s former secretary of State and the leading contender to win the Democratic presidential nomination. A decision by the FBI to charge Clinton or her top aides for mishandling classified information would be a shock to the political system. In these cases and more, Comey ? a Republican who donated in 2012 to Mitt Romney ? has proved he is ?not attached to the strings of the White House,? said Ron Hosko, the former head of the FBI?s criminal investigative division and a critic of Obama?s law enforcement strategies. Publicly, administration officials have not betrayed any worry about the Clinton probe. They have also downplayed any differences of opinion on Apple. But former officials say the FBI?s moves are clearly ruffling feathers within the administration. With regards to the Apple standoff, ?It?s just not clear [Comey] is speaking for the administration,? said Richard Clarke, a former White House counterterrorism and cybersecurity chief. ?We know there have been administration meetings on this for months. The proposal that Comey had made on encryption was rejected by the administration.? Comey has a reputation for speaking truth to power, dating back to a dramatic confrontation in 2004 when he rushed to a hospital to stop the Bush White House from renewing a warrantless wiretapping program while Attorney General John Ashcroft was gravely ill. Comey was Ashcroft?s deputy at the time. That showdown won Comey plaudits from both sides of the aisle and made him an attractive pick to lead the FBI. But now that he?s in charge of the agency, the president might be getting more than he bargained for. ?Part of his role is to not necessarily be in lock step with the White House,? said Mitch Silber, a former intelligence official with the New York City Police Department and current senior managing director at FTI Consulting. ?He takes very seriously the fact that he works for the executive branch,? added Leo Taddeo, a former agent in the FBI?s cyber division. ?But he also understands the importance of maintaining his independence as a law enforcement agency that needs to give not just the appearance of independence but the reality of it.? The split over Clinton?s email server is the most politically charged issue facing the FBI, with nothing less than the race for the White House potentially at stake. Obama has publicly defended Clinton, saying that while she ?made a mistake? with her email setup, it was ?not a situation in which America?s national security was endangered.? But the FBI director has bristled at that statement, saying the president would not have any knowledge of the investigation. Comey, meanwhile, told lawmakers last week that he is ?very close, personally,? to the probe. Obama?s comments reflected a pattern, several former agents said, of the president making improper comments about FBI investigations. In 2012, he made similarly dismissive comments about a pending inquiry into then-CIA Director David Petraeus, who later pleaded guilty to a misdemeanor charge for giving classified information to his mistress and biographer, Paula Broadwell. ?It serves no one in the United States for the president to comment on ongoing investigations,? Taddeo said. ?I just don?t see a purpose.? Hosko suggested that a showdown over potential criminal charges for Clinton could lead to a reprise of the famous 2004 hospital scene, when Comey threatened to resign. ?He has that mantle,? Hosko said. ?I think now there?s this expectation ? I hope it?s a fair one ? that he?ll do it again if he has to.? Comey?s independent streak has also been on display in the Apple fight, when his bureau decided to seek a court order demanding that the tech giant create new software to bypass security tools on an iPhone used by Syed Rizwan Farook, one of the two terrorist attackers in San Bernardino, Calif. Many observers questioned whether the FBI was making an end-run around the White House, which had previously dismissed a series of proposals that would force companies to decrypt data upon government request. ?I think there?s actually some people that don?t think with one mindset on this issue within the administration,? said Sen. Tom Carper (D-Del.), the Senate Homeland Security Committee?s top Democrat, at a Tuesday hearing. ?It?s a tough issue.? While the White House has repeatedly backed the FBI?s decision, it has not fully endorsed the potential policy ramifications, leaving some to think a gap might develop as similar cases pop up. The White House is poised to soon issue its own policy paper on the subject of data encryption. ?The position taken by the FBI is at odds with the concerns expressed by individuals [in the White House] who were looking into the encryption issue,? said Neema Singh Guliani, a legislative counsel with the American Civil Liberties Union (ACLU). This week, White House homeland security adviser Lisa Monaco tried to downplay the differences between the two sides. The White House and FBI are both grappling with the same problems, she said in a discussion at the Council on Foreign Relations. ?There is a recognition across the administration that the virtues of strong encryption are without a doubt,? Monaco said on Monday. ?There is also uniformity about the recognition that strong encryption poses real challenges.? But former officials see Comey as wanting to blaze his own trail on the topic. ?I have been very surprised at how public and inflammatory, frankly, the FBI and the Justice Department?s approach has been on this,? said Chris Finan, a former National Security Council cybersecurity adviser. ?That doesn?t tend to be the administration?s preferred approach to handling things.? -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 10 16:10:05 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Mar 2016 17:10:05 -0500 Subject: [Infowarrior] - U.S. Government Calls Apple's Opposition to iPhone Unlocking Order a 'Diversion, ' Says Fears Are 'Overblown' Message-ID: <534E1534-C53F-4670-A1FE-806E238A5E82@infowarrior.org> (Feds still wrongly claiming this whole thing is 'only' about one iPhone when everyone, including their own amicii, say otherwise. Also interesting to see Comey and the FBI getting slammed via leaks and OTR statements here in DC in recent days, too....about how Comey is 'causing waves' and not necessarily representing the views of the Administration, etc, etc. ---rick) U.S. Government Calls Apple's Opposition to iPhone Unlocking Order a 'Diversion,' Says Fears Are 'Overblown' http://www.macrumors.com/2016/03/10/government-motion-deny-apple-opposition/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 11 08:57:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Mar 2016 09:57:50 -0500 Subject: [Infowarrior] - Apple calls Justice Department's filing in iPhone case a 'cheap shot' Message-ID: <1344FF3A-2E6C-4BB2-AD90-0A2202D7387D@infowarrior.org> Apple calls Justice Department's filing in iPhone case a 'cheap shot' Shara Tibken Bruce Sewell, Apple's top attorney, on Thursday ramped up his criticism of the government, accusing the US Department of Justice of taking a "cheap shot" and waging a smear campaign. His remarks were made in response to a Justice Department filing earlier that day that took a harsh tone and accused Apple of skewing the facts in the case. The agency's brief "reads like an indictment," Sewell said during a call with reporters. "In 30 years of practice, I don't think I've ever seen a legal brief that was more intended to smear the other side with false accusations and innuendo, and less intended to focus on the real merits of the case," he said. "I can only conclude the DOJ is so desperate at this point it's thrown all decorum to the winds." Sewell suggested the Justice Department's assertions were akin to Apple asking if the US could trust the FBI. He jokingly brought up rumors that former FBI Director J. Edgar Hoover ordered the assassination of President John F. Kennedy in 1963. "We are going to court to exercise our legal rights," Sewell said. "It seems like disagreeing with the Department of Justice means you must be evil and un-American. Nothing could be further from the truth." < - > http://www.cnet.com/news/apple-criticizes-dojs-filing-as-cheap-shot/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 11 19:52:55 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Mar 2016 20:52:55 -0500 Subject: [Infowarrior] - Obama backs LE in crypto fight Message-ID: Obama, at South by Southwest, Backs Law Enforcement in Fight Over Encryption Michael D. Shear http://www.nytimes.com/2016/03/12/us/politics/obama-heads-to-south-by-southwest-festival-to-talk-about-technology.html AUSTIN, Tex. ? President Obama said Friday that law enforcement must be legally able to collect information from smartphones and other electronic devices, making clear, despite divisions in his administration, that he opposes the stance on encryption taken by technology companies like Apple. Speaking to an audience of about 2,100 technology executives and enthusiasts at the South by Southwest festival here, Mr. Obama delivered his most extensive declarations on an issue that has split the technology community and pitted law enforcement against other national security departments. Mr. Obama declined to comment specifically on the efforts by the F.B.I. to require Apple?s help in gaining data from an iPhone used by one of the terrorists in the December attack in San Bernardino, Calif. But the president said that America had already accepted that law enforcement can ?rifle through your underwear? in searches for those suspected of preying on children, and he said there was no reason that a person?s digital information should be treated differently. ?If, technologically, it is possible to make an impenetrable device or system, where the encryption is so strong that there is no key, there is no door at all, then how do we apprehend the child pornographer?? Mr. Obama said. ?How do we disrupt a terrorist plot?? If government has no way into a smartphone, he added, ?then everyone is walking around with a Swiss bank account in your pocket.? By weighing in forcefully on the side of law enforcement for the first time since the Apple case came into public view last month, Mr. Obama may have added to the deep tensions between his administration and Silicon Valley executives. Mr. Obama has repeatedly declared his support for civil liberties, especially after Edward J. Snowden?s disclosures about government surveillance. But his efforts to straddle the widening gulf between privacy and security became more difficult in the wake of the Apple case, and they largely came to an end during his remarks here. The comments, which were greeted with polite silence, made clear that Mr. Obama supports the F.B.I. and his Justice Department despite differences among his advisers, including military and intelligence officials, who are wary of weakening the encryption they regularly use. Mr. Obama said he too supports the development of strong encryption to make sure that government can protect banks and critical infrastructure. And he said he wanted proper oversight of law enforcement. But, he said, technology executives who are ?absolutist? on the issue are just wrong. ?This notion that somehow our data is different and can be walled off from those other trade-offs we make, I believe, is incorrect,? he said. Mr. Obama?s comments on encryption came as he spoke broadly at the music, film and technology festival about the need for technology to be used to support civic life and the functioning of democracy. Mr. Obama became the first sitting president to visit the festival, which in the last three decades has become a mecca for the high-tech, social-media set. He made his comments during an hourlong conversation with Evan Smith, the editor of The Texas Tribune. Aides said the president was eager to make the case that the technologies behind today?s entertainment and communication apps should also be directed at solving problems of voter turnout, access to information and civic engagement. ?Technology has the power to enhance this work,? Jason Goldman, the chief digital officer for the White House, said in an article posted on the Medium website on Thursday. ?When it puts users first, it enables Americans to find their voice, for our government to deliver better services, and make our country more just.? Mr. Obama is something of a technology geek, so his presence at the festival does not come as much of a surprise. He enjoys dinners with technology moguls and has tapped the wealth of Silicon Valley for his two presidential campaigns. Mr. Obama has also talked to his closest advisers about creating a high-tech presidential center when he leaves office, in part to help visitors engage with his legacy and in part to encourage better use of technology in society. He has also sought to lure more tech executives and engineers to government to make federal agencies more responsive to their customers. Mr. Obama created the United States Digital Service as a kind of troubleshooting team to upgrade the technology associated with government services, and he has filled its staff largely with veterans of Google, Microsoft and other such firms. ?The work they?re doing is impactful ? and it?s hard to see how they don?t become a permanent feature of our government,? Mr. Goldman wrote. ?Indeed, this might be President Obama?s most important accomplishment as the First Tech President: establishing a lasting legacy of service that will carry on long after he leaves office.? Still, questions about how to harness the power of Twitter, Facebook and Snapchat to help government are not always clear, especially when the companies involved are, above all, designed to make money for their shareholders. This spring, the White House will host what it is calling a summit meeting on civic engagement, and aides said the president will use it to continue the conversation about the role that technology can play. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 12 14:52:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Mar 2016 15:52:50 -0500 Subject: [Infowarrior] - NSA data to be available for general LEO use Message-ID: Yup, this was an inevitable outcome. Not to mention, powers once obtained, are difficult to relinquish, let alone oversee objectively. Le sigh. #NewNormal Surprise! NSA data will soon routinely be used for domestic policing that has nothing to do with terrorism By Radley Balko March 10 https://www.washingtonpost.com/news/the-watch/wp/2016/03/10/surprise-nsa-data-will-soon-routinely-be-used-for-domestic-policing-that-has-nothing-to-do-with-terrorism/ -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 12 14:52:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Mar 2016 15:52:59 -0500 Subject: [Infowarrior] - The US Air Force now has two fully operational cyberspace weapon systems Message-ID: <3329D28D-BEC4-411B-BCDB-FCBE2A5F90EB@infowarrior.org> The US Air Force now has two fully operational cyberspace weapon systems | ZDNet Steve Ranger http://www.zdnet.com/article/the-us-air-force-now-has-two-fully-operational-cyberspace-weapon-systems/ The US Air Force is boosting its cyber defenses with a range of new systems. US Air Force Space Command has said that its second 'cyberspace weapon system' is now fully operational. It said that last month its Cyberspace Vulnerability Assessment/Hunter weapon system (CVA/H) reached 'full operational capability' status. CVA/H is a set of security software that is designed to find, fix, track, target, engage, and assess advanced persistent threats to air force missions. Achieving full operational status means the system is fully capable to serve as a defense system for traffic on the air force information network. The CVA/H weapon system enables execution of vulnerability assessments, adversary threat detection, and compliance evaluations, the air force said. Military systems are under constant attack by hackers of all types, and as well as developing their offensive capabilities, the military have been trying to build up their digital defences too. "The CVA/H weapon system provides a cyberspace security capability offering in-depth assessment of information system assets such as computers, infrastructure, applications, data, and cyberspace operations," Air Force Space Command said. 'Weapons system' is a term used by the military to identify critical resources -- but doesn't mean that the particular system is an actual weapon as defined by the Department of Defense. The CVA/H is the second air force weapon system to become fully operational: the first was the Air Force Intranet Control Weapon (AFINC) system in January, which serves as the top-level defensive boundary and entry point for all network traffic into the air force network, controlling the flow of all external and inter-base traffic. The AFINC is operated by the 26th Network Operations Squadron, which typically will block more than one billion instances of suspicious network traffic each week. Other cyberspace weapon systems in development include the Air Force Cyberspace Defense Weapon System, the Cyber Security and Control System Weapon System, the Cyber Command and Control Mission System Weapon System, and the Cyberspace Defense Analysis Weapon System. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 12 14:53:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Mar 2016 15:53:14 -0500 Subject: [Infowarrior] - Doctorow on POTUS' infatuation with magic ponies Message-ID: Obama: cryptographers who don't believe in magic ponies are "fetishists," "absolutists" Obama's SXSW appearance included the president's stupidest-ever remarks on cryptography: he characterized cryptographers' insistence that there is no way to make working cryptography that stops working when the government needs it to as "phone fetishizing," as opposed to, you know, reality. In a rhetorical move that he would have flunked his U Chicago law students for, Obama described a landscape with two edges: "Strong crypto" and "No crypto" and declared that in the middle was a reasonable territory in which crypto could strong sometimes and disappear the rest of the time. This is like the territory in which you are "Pregnant" or "Not pregnant" where, in between, you are "a little bit pregnant" (or, of course, like "Vaccinations are safe," vs "Vaccinations cause autism" whose middle ground is "Vaccinations are safe, but just to be sure, let's not give 'too many' at once, because reasons, and nevermind that this will drastically increase cost and complexity and reduce compliance"). Obama conflated cryptographers' insistence that his plan was technically impossible with the position that government should never be able to serve court orders on its citizens. This math denialism, the alternative medicine of information security. He focused his argument on the desirability of having crypto that worked in this impossible way, another cheap rhetorical trick. Wanting it badly isn't enough. If decades of attending SXSW (I leave for the airport in 30 minutes!) has taught me anything, it's that someone will be selling or giving away "phone fetishist" tees with PGP sourcecode on one side and a magic pony on the other before the week is out. < - > http://boingboing.net/2016/03/12/obama-cryptographers-who-don.html -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 12 16:01:44 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Mar 2016 17:01:44 -0500 Subject: [Infowarrior] - WhatsApp Encryption Said to Stymie Wiretap Order Message-ID: <3785604A-EFD5-4407-8F24-C955678B24B8@infowarrior.org> WhatsApp Encryption Said to Stymie Wiretap Order Matt Apuzzo WASHINGTON ? While the Justice Department wages a public fight with Apple over access to a locked iPhone, government officials are privately debating how to resolve a prolonged standoff with another technology company, WhatsApp, over access to its popular instant messaging application, officials and others involved in the case said. No decision has been made, but a court fight with WhatsApp, the world?s largest mobile messaging service, would open a new front in the Obama administration?s dispute with Silicon Valley over encryption, security and privacy. WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge?s wiretap order. As recently as this past week, officials said, the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp?s encryption. The Justice Department and WhatsApp declined to comment. The government officials and others who discussed the dispute did so on condition of anonymity because the wiretap order and all the information associated with it were under seal. The nature of the case was not clear, except that officials said it was not a terrorism investigation. The location of the investigation was also unclear. To understand the battle lines, consider this imperfect analogy from the predigital world: If the Apple dispute is akin to whether the F.B.I. can unlock your front door and search your house, the issue with WhatsApp is whether it can listen to your phone calls. In the era of encryption, neither question has a clear answer. Some investigators view the WhatsApp issue as even more significant than the one over locked phones because it goes to the heart of the future of wiretapping. They say the Justice Department should ask a judge to force WhatsApp to help the government get information that has been encrypted. Others are reluctant to escalate the dispute, particularly with senators saying they will soon introduce legislation to help the government get data in a format it can read. < - > http://www.nytimes.com/2016/03/13/us/politics/whatsapp-encryption-said-to-stymie-wiretap-order.html? -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 13 10:18:47 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Mar 2016 11:18:47 -0400 Subject: [Infowarrior] - RIP, FOIA Message-ID: <607EB24B-50A0-4E98-B6ED-2002F5621302@infowarrior.org> The federal government no longer cares about disclosing public information By Justin Elliott https://www.washingtonpost.com/opinions/the-federal-government-no-longer-cares-about-disclosing-public-information/2016/03/10/7e0bf1bc-e631-11e5-a6f3-21ccdbc5f74e_story.html Two years ago last month, I filed a public-records request to the Federal Emergency Management Agency as part of my reporting into the flawed response to Hurricane Sandy. Then, I waited. The Freedom of Information Act requires a response within 20 business days, but agencies routinely blow that deadline. Eight months later, ProPublica and NPR published our investigation into the Sandy response, but it did not include any documents from FEMA. The agency had simply never gotten back to me. Finally, this Feb. 10 ? 492 business days past the law?s 20-day deadline ? I got a curious phone call from FEMA. The agency was starting a ?clean search? for the documents I asked for, because the original search ?was not done properly.? Why? ?I wish I had the answer,? the staffer told me. ?There are quite a few cases that this happened to.? Documents are the lifeblood of investigative journalism, but these problems aren?t of interest only to reporters. The Freedom of Information Act is supposed to deliver on the idea of a government ?for and by the people,? whose documents are our documents. The ability to get information from the government is essential to holding the people in power accountable. This summer will mark the 50th anniversary of the law, which has been essential in disclosing the torture of detainees after 9/11, decades of misdeeds by the CIA, FBI informants who were allowed to break the law and hundreds of other stories. President Obama himself waxed poetic about FOIA on his first full day in office in 2009, issuing a statement calling it ?the most prominent expression of a profound national commitment to ensuring an open Government.? He promised that his would be ?the most transparent administration in history.? But Obama hasn?t delivered. In fact, FOIA has been a disaster under his watch. Newly uncovered documents (made public only through a FOIA lawsuit) show the Obama administration aggressively lobbying against reforms proposed in Congress. The Associated Press found last year that the administration had set a record for censoring or denying access to information requested under FOIA, and that the backlog of unanswered requests across the government had risen by 55 percent, to more than 200,000. The Republican-led House Oversight and Government Reform Committee looked into the state of the public-records law and in January issued a report with a simple, devastating title: ?FOIA Is Broken.? Incredibly, it took my ProPublica colleague Michael Grabell more than seven years to get records about air marshal misconduct from the Transportation Security Administration. As he pointed out, his latest contact in the FOIA office was still in high school when Grabell filed his initial request. [Reporters say federal officials, data increasingly off limits] After a reporter at NBC4 in Washington sought files related to the 2013 Navy Yard shooting, Navy officials actively strategized about how to thwart the request. The Navy only apologized after it mistakenly forwarded its internal email traffic to the reporter. When a Mexican journalist asked the Drug Enforcement Administration in 2014 for files related to its role in the capture of drug lord Joaqu?n ?El Chapo? Guzm?n, the agency sent a letter back demanding $1.4 million in fees to search its records. ?There?s a leadership void that has gotten worse,? veteran FOIA lawyer Scott Hodes told me. ?It?s not treated as an important thing within the administration.? Why is the law failing so badly after all the promises about transparency? My experience and the experiences of other journalists suggest the reason is twofold: incompetence and neglect. When I probed a bit more into what had gone wrong at FEMA, the agency?s entire FOIA apparatus started to look like a Potemkin village. The FOIA staff was never trained properly, a FEMA spokesman told me. Of 16 positions in the office, eight have long been vacant for reasons that are not entirely clear. The backlog of requests at FEMA has ballooned to 1,500. That?s more than double what it was less than two years ago. Spokesman Rafael Lemaitre said that the backlog was ?frankly unacceptable to senior leadership here at FEMA, who have been aware of the problems and are taking actions to correct it.? ?Obviously the Freedom of Information Act is a very vital resource for taxpayers,? Lemaitre said. ?Frankly, we haven?t done a very good job of fulfilling that promise.? Over the past two years, whenever I periodically called or emailed for updates, agency staffers either ignored me, said their systems weren?t working or told me they didn?t have any new information. My request outlasted the tenure of my original contact in the FOIA office. When I called 14 months into the process, I was told she had left the agency ? fair enough, as people change jobs all the time. But my request had apparently not been handed off to anyone else. No one seemed to know what was going on. Last year, the federal FOIA ombudsman found that FEMA took an average of 214 days to process complex FOIA requests, the third-worst in the Department of Homeland Security, which gets the most requests in the government. (That compares to an average processing time for complex requests of 119 days across the whole government.) ?A lack of responsiveness prompted lawsuits that cost the agency a bunch of money,? said James Holzer, the head of the ombudsman?s office, who praised FEMA officials for at least recognizing the problem. A hiring freeze at the agency after sequestration didn?t help matters. But officials told Holzer?s investigators last year that the eight long-vacant positions in the public records office would be filled as early as last fall. Today, those jobs remain empty. The FEMA spokesman didn?t have an explanation for what?s taking so long. When I tried to find out whether anyone had been held responsible for the fiasco, I didn?t find much more transparency. ?I cannot discuss any personnel issues, unfortunately,? the spokesman told me. Has the agency at least set a specific goal for when it will get through its backlog? ?Our target is to get these cleared as quickly as possible ? I don?t have a date for you.? -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 13 17:38:27 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Mar 2016 18:38:27 -0400 Subject: [Infowarrior] - What Happens When the Surveillance State Becomes an Affordable Gadget? Message-ID: What Happens When the Surveillance State Becomes an Affordable Gadget? http://www.bloomberg.com/news/articles/2016-03-10/what-happens-when-the-surveillance-state-becomes-an-affordable-gadget -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 14 07:06:54 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Mar 2016 08:06:54 -0400 Subject: [Infowarrior] - John Oliver on Encryption Message-ID: (c/o EP) Last Week Tonight with John Oliver: Encryption (HBO) https://www.youtube.com/watch?v=zsjZ2r9Ygzw&feature=youtu.be -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 14 07:06:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Mar 2016 08:06:59 -0400 Subject: [Infowarrior] - This Massive VPN Comparison Spreadsheet Helps You Choose the Best for You Message-ID: This Massive VPN Comparison Spreadsheet Helps You Choose the Best for You http://lifehacker.com/this-massive-vpn-comparison-spreadsheet-helps-you-choos-1764427219 -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 14 07:16:36 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Mar 2016 08:16:36 -0400 Subject: [Infowarrior] - Facebook, Google and WhatsApp plan to increase encryption of user data Message-ID: Facebook, Google and WhatsApp plan to increase encryption of user data Danny Yadron http://www.theguardian.com/technology/2016/mar/14/facebook-google-whatsapp-plan-increase-encryption-fbi-apple Silicon Valley?s leading companies ? including Facebook, Google and Snapchat ? are working on their own increased privacy technology as Apple fights the US government over encryption, the Guardian has learned. The projects could antagonize authorities just as much as Apple?s more secure iPhones, which are currently at the center of the San Bernardino shooting investigation. They also indicate the industry may be willing to back up their public support for Apple with concrete action. Within weeks, Facebook?s messaging service WhatsApp plans to expand its secure messaging service so that voice calls are also encrypted, in addition to its existing privacy features. The service has some one billion monthly users. Facebook is also considering beefing up security of its own Messenger tool. Snapchat, the popular ephemeral messaging service, is also working on a secure messaging system and Google is exploring extra uses for the technology behind a long-in-the-works encrypted email project. A legal filing implies that Department of Justice has a plan B, which involves demanding the company?s electronic signature Engineers at major technology firms, including Twitter, have explored encrypted messaging products before only to see them never be released because the products can be hard to use ? or the companies prioritized more consumer-friendly projects. But they now hope the increased emphasis on encryption means that technology executives view strong privacy tools as a business advantage ? not just a marketing pitch. These new projects began before Apple entered a court battle with the Department of Justice over whether it should help authorities hack into a suspected terrorist?s iPhone. Apple is due to appear in a federal court in California later this month to fight the order. FBI director James Comey testifies during a House committee hearing about the Department of Justice?s fight with Apple. Photograph: Drew Angerer/Getty Images Polling has shown public opinion is divided over the case. And any new encyrption efforts by tech firms put them on a collision course with Washington. Two US senators, the Democrat Dianne Feinstein of California and the Republican Richard Burr of North Carolina, say they have written draft legislation that would create penalties for companies that aren?t able to provide readable user data to authorities. Barack Obama has also made it clear he thinks some technology companies are going too far. ?If government can?t get in, then everyone?s walking around with a Swiss bank account in their pocket, right?? he said 11 March at the SXSW technology conference in Austin, Texas. WhatsApp has been rolling out strong encryption to portions of its users since 2014, making it increasingly difficult for authorities to tap the service?s messages. The issue is personal for founder Jan Koum, who was born in Soviet-era Ukraine. When Apple CEO Tim Cook announced in February that his company would fight the government in court, Koum posted on his Facebook account: ?Our freedom and our liberty are at stake.? His efforts to go further still are striking as the app is in open confrontation with governments. Brazil authorities arrested a Facebook executive on 1 March after WhatsApp told investigators it lacked the technical ability to provide the messages of drug traffickers. Facebook called the arrest ?extreme and disproportionate?. WhatsApp already offers Android and iPhone users encrypted messaging. In the coming weeks, it plans to offer users encrypted voice calls and encrypted group messages, two people familiar with the matter said. That would make WhatsApp, which is free to download, very difficult for authorities to tap. Unlike many encrypted messaging apps, WhatsApp hasn?t pushed the security functions of the service as a selling point to users. Koum, its founder, has said users should be able to expect that security is a given, not a bonus feature. It?s unclear if that will change. In the coming weeks, WhatsApp plans to make a formal announcement about its expanded encryption offerings, sources said. The efforts come at a crossroads for Silicon Valley. Google, Facebook, Snapchat, Amazon, Microsoft and Twitter have all signed on to legal briefs supporting Apple in its court case. At the same time, some of the companies have shown an increased willingness to help the government in its efforts to fight the spread of Islamic extremist propaganda online ? often using their services. Facebook?s chief operating officer, Sheryl Sandberg, has talked publicly about how tech companies can help the west combat Isis online and Eric Schmidt, executive chairman of Google?s parent company, Alphabet, recently joined a Defense Department advisory group on how tech can aid in future battles. Those matters may seem separate, but US national security officials view the increasing availability of encryption technology as a major aid to Islamic State?s online recruitment efforts. At some point, tech firms may have to choose whether they care more about being seen as helping the west to fight terrorism or standing as privacy advocates. Some technology executives think one middle path would be to encourage the use of encryption for the content of messages while maintaining the ability to hand over metadata, which reveals who is speaking to whom, how often and when. That is why the specifics of the new products will be key to determining both their security and Washington?s reaction to them. The Guardian couldn?t immediately determine the specific details of Snapchat?s and Facebook?s projects. All the companies declined to comment. In 2014, Google announced a project called End to End, which would make it easier to send encrypted emails in such a way that only the sender and recipient could decode them. The project, once a collaboration with Yahoo, has been slow-going. That appears to have changed in recent months, though, sources familiar with the project said, and other Google employees have shown in renewed interest in the idea. At a February internal town hall at Google, one engineer stood up and asked vice-president of security and privacy engineering Gerhard Eschelbeck why Google wasn?t doing more to support encrypted communications, according to two people familiar with the exchange. Gerhard countered the company increasingly was putting effort behind such projects. Some Google employees are discussing whether the technology behind End to End can be applied to other products, though no final determinations have been made. ?This has been an ongoing effort for a long time at Google,? one person briefed on the project said. One of the challenges for the search giant is that there are some types of data for which it remains challenging to offer end-to-end security, both for usability and business model reasons. Google sells targeted ads by scanning users? email, a process that gets tricky if the contents remain encrypted. Many consumers also use Gmail accounts, which include large amounts of free storage, as a sort of online file system, sometimes dating back more than a decade. ?There are lots of difficulties at Google that aren?t same at Apple,? the person briefed on the project said. ?The business models are just different.? In the meantime, WhatsApp?s encryption is based on code developed by a well-known privacy evangelist, Moxie Marlinspike, whose secure messaging app Signal is used by security hawks. One advantage of Marlinspike?s encryption tools is that they have been tested repeatedly by outside security experts. Apple, the company behind the two-year debate over encryption, is also taking steps to beef up privacy. The company has been in discussions with outside security experts about ways to make it technically harder still for investigators to force the company to hand over data from customers? iPhones, according to sources. The New York Times earlier reported on those conversations. Last month, Frederic Jacobs, an accomplished cryptographer and one of the coders behind Signal, announced he had accepted a job at Apple. It?s a summer internship with the security team for the iPhone?s core software. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 14 15:12:16 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Mar 2016 16:12:16 -0400 Subject: [Infowarrior] - Latest Pathetic Copyright Hilarity involves 'Star Trek' Message-ID: <4782A269-561E-439A-BE45-1E1BD60904F2@infowarrior.org> Well-worth reading. Paramount's trying to claim ownership over the 'mood' of the series, too. --rick Can't Make This Up: Paramount Says Star Trek Fan Flick Violates Copyright On Klingon And 'Uniform With Gold Stars' https://www.techdirt.com/articles/20160313/23584833894/cant-make-this-up-paramount-says-star-trek-fan-flick-violates-copyright-klingon-uniform-with-gold-stars.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 14 15:12:07 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Mar 2016 16:12:07 -0400 Subject: [Infowarrior] - =?utf-8?q?Richard_Clarke=3A_NSA_could_crack_the_S?= =?utf-8?q?an_Bernadino_shooter=E2=80=99s_phone?= Message-ID: <2ADD70AC-1E4F-455A-88D0-2379FAA280D4@infowarrior.org> Former cyber czar says NSA could crack the San Bernadino shooter?s phone by Sean Gallagher - Mar 14, 2016 2:35pm EDT http://arstechnica.com/tech-policy/2016/03/former-cyber-czar-says-nsa-could-crack-the-san-bernadino-shooters-phone/ Richard Clarke, former White House cybersecurity czar, says the government has always put limits on what it would do to fight terrorism, and the FBI's demands of Apple overstep them. Another former national security official has spoken out forcefully against the FBI's quest to get Apple to write code to unlock the iPhone 5c used by San Bernardino mass shooter Syed Farook. Richard Clarke served as the National Security Council's chief counter-terrorism advisor to three presidents (George H.W. Bush, Bill Clinton, and George W. Bush) before becoming George W. Bush's special advisor on cybersecurity. He told National Public Radio's David Greene today that "encryption and privacy are larger issues than fighting terrorism," taking issue with the FBI's attempts to compel Apple's assistance. Clarke added that if he was still at the White House, he would have told FBI Director James Comey to "call Ft. Meade, and the NSA would have solved this problem?Every expert I know believes that NSA can crack this phone." But the FBI wasn't seeking that help, he said, because "they just want the precedent." Clarke explained that the FBI was trying to get the courts to essentially compel speech from Apple with the All Writs Act. "This is a case where the federal government using a 1789 law trying to compel speech. What the FBI is trying to do is make code-writers at Apple, to make them write code that they do not want to write that will make their systems less secure," he said. "Compelling them to write code. And the courts have ruled in the past that computer code is speech." As counter-terrorism chief for the NSC, Clarke noted, he faced barriers in what he could do. "I also operated within limits. Within the US government, we decided long ago that there are limits in what we're going to do in the war against terrorism." He noted the Obama administration's reversal on the prior administration's policy on torture and compared torture to the violation of civil liberties that the FBI's efforts could set precedent for. "To make the FBI's job easier, we could, at the far extreme, put ankle bracelets on everybody so that we know where everybody was all the time. That's a ridiculous example, of course, but encryption and privacy are larger issues than finding terrorism." Clarke noted that Comey and the Justice Department were not getting support in their case from the defense and intelligence communities. "The Justice Department and the FBI are on their own here," he said. "The FBI director [Comey] is exaggerating the need for this, and the Attorney General [Loretta Lynch] is letting him get away with it." -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 14 18:35:44 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Mar 2016 19:35:44 -0400 Subject: [Infowarrior] - Anonymous has declared 'total war' on Donald Trump Message-ID: <8596E4C9-0773-4417-B836-586200C15527@infowarrior.org> Anonymous has declared 'total war' on Donald Trump, threatening to 'dismantle his campaign' Jason Murdock, IB Times UK http://www.businessinsider.com/anonymous-has-declared-total-war-on-donald-trump-2016-3?IR=T Hackers affiliated with the Anonymous hacktivist collective have vowed to relaunch cyber-operations against US presidential candidate Donald Trump from 1 April. They threaten to 'dismantle his campaign' by taking his election websites offline in a large-scale and orchestrated distributed denial-of-service (DDoS) attack. In December 2015, Anonymous officially 'declared war' on Trump after a radical speech in which he said Muslims should be banned from entering the United States. The operation at the time resulted in a number of websites being targeted by hackers, but failed to have lasting impact. A new video statement has been posted to YouTube which claims the 'loyalists and veterans' of Anonymous have decided to ramp up cyber-operations against Trump ? dubbed #OpTrump ? on a far larger scale than ever before. "Dear Donald Trump, we have been watching you for a long time and what we see is deeply disturbing. Your inconsistent and hateful campaign has not only shocked the United States of America [but] you have shocked the entire planet with your appalling actions and ideas. You say what your audience wants to hear but in reality you don't stand for anything except for your personal greed and power." The video, which features the traditional Guy Fawkes mask-wearing spokesperson speaking directly to camera, called the operation a "call to arms" for hacktivists across the globe. YouTube/Anonymous "We need you to shut down his websites, to research and expose what he doesn't want the public to know. We need to dismantle his campaign and sabotage his brand. We are encouraging every able person with a computer to participate in this operation. This is not a warning, this is a declaration of total war. Donald Trump ? it is too late to expect us." In a separate written message posted online, Anonymous listed a number of websites chosen to be the initial targets in the attack including trump.com, donaldjtrump.com andtrumphotelcollection.com. Alongside these chosen targets, the post lists a slew of unverified personal information purporting to belong to Donald Trump, including a social security number, personal phone number and the contact details of his agent and legal representation. This is not the first time a hacking group has attempted to take on Donald Trump. In January 2016 a separate group called the New World Hackers carried out multiple DDoS attacks on his official election campaign website ? effectively taking it offline for a short period of time. Recently, Anonymous leaked messages from his phone's voicemail account which included personal communications from journalists, sports stars and boxing promotors. Anonymous, which is a loose collective of hacktivists, routinely engages high-profile targets as part of its cyber-campaigns. Previous subjects have included the Islamic State (IS), the Vatican and most recently the Turkish government. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 14 18:38:30 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Mar 2016 19:38:30 -0400 Subject: [Infowarrior] - The FBI has a new plan to spy on high school kids across the country Message-ID: <80962DB6-A58F-42E5-8912-03EF1253E94E@infowarrior.org> The FBI has a new plan to spy on high school kids across the country Sarah Lazare Under new guidelines, the FBI is instructing high schools across the country to report students who criticize government policies and ?western corruption? as potential future terrorists, warning that ?anarchist extremists? are in the same category as ISIS and young people who are poor, immigrants or travel to ?suspicious? countries are more likely to commit horrific violence. Based on the widely unpopular British ?anti-terror? mass surveillance program, the FBI?s ?Preventing Violent Extremism in Schools? guidelines, released in January, are almost certainly designed to single out and target Muslim-American communities. However, in its caution to avoid the appearance of discrimination, the agency identifies risk factors that are so broad and vague that virtually any young person could be deemed dangerous and worthy of surveillance, especially if she is socio-economically marginalized or politically outspoken. This overwhelming threat is then used to justify a massive surveillance apparatus, wherein educators and pupils function as extensions of the FBI by watching and informing on each other. The FBI?s justification for such surveillance is based on McCarthy-era theories of radicalization, in which authorities monitor thoughts and behaviors that they claim to lead to acts of violent subversion, even if those people being watched have not committed any wrongdoing. This model has been widely discredited as a violence prevention method, including by the U.S. government, but it is now being imported to schools nationwide as official federal policy. < - > http://www.salon.com/2016/03/06/the_fbi_has_a_new_plan_to_spy_on_high_school_kids_across_the_country_partner/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 15 16:22:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Mar 2016 17:22:50 -0400 Subject: [Infowarrior] - Good luck enforcing the Trump volunteer NDA/NCA Message-ID: <3D4DC805-1954-4554-AF46-51BEC460F4F0@infowarrior.org> CRAZY! (But consider the source. -- rick) Donald Trump's volunteer contract forbids all criticism of Trump for life Patrick Howell O'Neill Donald Trump's campaign requires volunteers to sign a contract that forbids them from criticizing the Republican presidential front-runner, his family members, any Trump businesses or products, or his campaign. The six-page contract, reviewed in full by the Daily Dot, theoretically lasts for the entirety of a volunteer's life. Legal experts say, however, that the contract's non-disparagement clause would likely never hold up in court. < - > In addition to forbidding volunteers from disparaging Trump, the contract also includes a sentence that demands volunteers prevent their employees from criticizing Trump, thus making volunteers responsible for the free speech of others for an indeterminate amount of time. < - > Volunteers also sign a non-disclosure agreement, forbidding them from sharing any sensitive information from the campaign. What kind of information is sensitive or confidential is completely at Trump's discretion, according to the contract. ?He's apparently so afraid that people would say something bad about him after spending some time on his campaign that they have to sign some sort of agreement,? Perry explained. ?I don't see how this stands up. I don't see how a court enforces this.? Volunteers must also sign a non-compete agreement that extends until Trump ceases his campaign for president, identified in the contract as the ?Non-Compete Cutoff Date.? The agreement also forbids volunteers from working for another presidential candidate, should they change their minds. < - > Volunteers are, once again, theoretically bound to ?to prevent your employees from? working on any other presidential campaign at any point while Trump is running for president, ostensibly locking them into Trump's political career for life. < - > http://www.dailydot.com/politics/donald-trump-volunteer-contract-nda-non-disparagement-clause/ -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 15 18:45:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Mar 2016 19:45:43 -0400 Subject: [Infowarrior] - Apple's Response To DOJ: Your Filing Is Full Of Blatantly Misleading Claims And Outright Falsehoods Message-ID: <73845402-80ED-4410-97D3-B581A96C49DA@infowarrior.org> Apple's Response To DOJ: Your Filing Is Full Of Blatantly Misleading Claims And Outright Falsehoods https://www.techdirt.com/articles/20160315/15505433916/apples-response-to-doj-your-filing-is-full-blatantly-misleading-claims-outright-falsehoods.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 15 20:37:14 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Mar 2016 21:37:14 -0400 Subject: [Infowarrior] - Snoopers' Charter set to breeze through parliament despite protests Message-ID: Snoopers' Charter: IP Bill set to breeze through parliament despite protests By Stuart Sumner http://www.theinquirer.net/inquirer/news/2451071/snoopers-charter-ip-bill-set-to-breeze-through-parliament-despite-protests THE INVESTIGATORY POWER BILL (IP Bill) looks set to pass through its second reading in the House of Commons today despite a storm of protest from government figures and various industry bodies. The bill, which if passed into law will give the government the ability to force telecommunications firms to store users' internet and mobile phone records, has endured criticism both for its content, and the speed with which the Conservative government is rushing it through parliament. Conservative MP David Davis, who in July 2015 won a High Court ruling stating that sections 1 and 2 of the Data Retention and Investigatory Powers Act 2014 (DRIPA) were unlawful, told the INQUIRER recently that the legislation should be given more time for its second reading. "We are supposed to debate [the bill], and each of us will have six minutes [to comment on the bill and suggest amendments] in a speech. It's undemocratic. We ought to have a couple of days on the floor of the House for the second reading, that's the 'in principle' debate. "You can't even deal with one of the subjects in this bill - and there are probably five or six big subjects - in six minutes," said Davis. Meanwhile, Jim Killock, executive director of campaign organisation the Open Rights Group, said: "MPs of any political party who value democracy must resist the Government's attempts to rush the Investigatory Powers Bill through Parliament. "The UK's senior lawyers, its journalists and the tech industry have lambasted the Bill. Parliament's own committees have called for significant changes to its powers. But the Government is intent on forcing it into law. MPs must act before it's too late." Many corporations have also come out against the bill, including encryption firm Echoworx. Jacob Ginsberg, senior director at the firm encouraged MPs to abstain from the vote. "It is surprising more government parties aren't following Labour's lead in abstaining to vote on the impending Investigatory Powers Bill. The speed at which this bill has been rushed through parliament surely highlights key concerns about the level of research and lack of commitment to consumer privacy. "There are very real costs, both tangible and intangible, to the UK if this bill is not implemented properly from the get go. In the short term, I cannot see how security-conscious cloud and hosting companies can continue business in the UK. In the longer term, as new technologies and means of communication arise, UK citizens need to know that their rights and safety are top of mind for the government. I think that the committee who reviewed the first draft shared some understandable fears - and it looks like too few of those have been addressed in this revision. "Having the power to sweep up someone's browsing history without a warrant is just wrong. Moves to rush the bill through do little to reassure the public that their government is looking out for their best interests, especially when the government's exercise of these powers will not be subject to a meaningful judicial authorisation process. "If this bill passes, we're going to see a tidal wave of other European countries look to impose similar legislation as well. It's important that not only the Labour party, but also the British public seize the opportunitry to question this bill before the powers the UK government seeks are granted." With most Conservative MPs likely to vote in the bill's favour, and Labour and the SNP suggesting that they will abstain, only the Liberal Democrats look likely to attempt to delay its passage into the statute books. ? -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 16 07:16:50 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Mar 2016 08:16:50 -0400 Subject: [Infowarrior] - Major sites including New York Times and BBC hit by 'ransomware' malvertising Message-ID: (So of course the trend is to force users to disable adblockers in order for the news site to allow this sort of crap to be forced on them. Because, profits. -- rick) Major sites including New York Times and BBC hit by 'ransomware' malvertising Alex Hern http://www.theguardian.com/technology/2016/mar/16/major-sites-new-york-times-bbc-ransomware-malvertising A number of major news websites have seen adverts hijacked by a malicious campaign that attempts to install ?ransomware? on users computers, according to a warning from security researchers Malwarebytes. The attack, which was targeted at US users, hit websites including the New York Times, the BBC, AOL and the NFL over the weekend. Combined, the targeted sites have traffic in the billions of visitors. The malware was delivered through multiple ad networks, and used a number of vulnerabilities, including a recently-patched flaw in Microsoft?s former Flash competitor Silverlight, which was discontinued in 2013. When the infected adverts hit users, they redirect the page to servers hosting the malware, which includes the widely-used (amongst cybercriminals) Angler exploit kit. That kit then attempts to find any back door it can into the target?s computer, where it will install cryptolocker-style software, which encrypts the user?s hard drive and demands payment in bitcoin for the keys to unlock it. The New York Times is one of the high-profile websites affected by the attack. Photograph: Bloomberg via Getty Images Such software, known as ransomware, is fast becoming the most popular kind of malware for criminals to install on compromised computers, beating out lesser threats such as adware or trojans. Earlier this month, the first Mac OS X ransomware appeared, as part of an infected installation of BitTorrent client Transmission. While ?drive-by? installations tend to only demand one or two bitcoins as a ransom, worth a few hundred pounds, more targeted ransomware attacks have demanded much more in payment. An LA hospital was revealed to have paid $17,000 (?12,000) in ransom to an attacker in February. The vector of attack, through compromised ad networks, will also serve to inflame the debate around adblockers. The browser plugins have been attacked as a ?modern-day protection racket? and criticised for harming the business model of free online publications, but users counter that they protect their devices from attacks of this sort, as well as making the web surfing experience faster, more pleasant, and less draining on mobile devices? batteries. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 16 20:19:43 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Mar 2016 21:19:43 -0400 Subject: [Infowarrior] - Statement from Lavabit's Ladar Levison Message-ID: <83E0EAE0-C15B-4700-B9A5-CEF773511FBA@infowarrior.org> 140MB PDF of the Lavabit court documents, redacted in part. https://cryptome.org/2016/03/usg-lavabit-unsealed.pdf .... and this, from Lavabit's founder...... https://www.facebook.com/KingLadar/posts/10156714933135038 As many of you already know, the government cited the Lavabit case in a footnote. The problem is their description insinuates a precedent that was never created. Obviously I was somewhat disturbed by their misrepresentation. So I decided to draft a statement. And keep in mind, these are the same people who say "trust us." Click continue to read it, and enjoy. L~ Press Release Statement on Lavabit Citation in Apple Case For Immediate Release: March 15, 2016 Dallas, TX--Lavabit founder Ladar Levison has issued the following statement regarding the citation of his company?s appeal from 2014 in the government?s March 10th reply brief, which seeks extraordinary assistance from Apple under the All Writs Act, and is currently pending in the Central District of California: The government's citation of the Lavabit case, and their description of its outcome, is disturbingly disingenuous. The language used (in footnote 9, page 22) is incredibly misleading, as it insinuates a precedent unsupported by the appellate court?s ruling. The government implies the 4th circuit, in ?affirming contempt sanctions,? supported a district court decision which compelled Lavabit ?to assist law enforcement,? by surrendering its ?private SSL encryption key.? This verbiage suggests the seizure of third party encryption keys was found lawful by the appellate court, which is wholly unsupported by the appellate court?s opinion. Rather, the 4th circuit chose to rely on a contrived procedural technicality, holding that Lavabit ?waived? its right to an appeal, and allowed the court to avoid addressing the substantive questions raised in the case. In my opinion, the government?s depiction is so far removed from reality that it calls into question the legitimacy of every citation. Even more disturbing is the government?s reliance upon a ruling, where a small business was forced to mount an adversarial defense in a secret proceeding (which Lavabit sought to unseal multiple times), as a precedent for the seizure of source code and encryption keys. Given only a week to prepare at the district level, and then denied review at the appellate level, the Lavabit case lacks the validity of due process, subverts the rule of law, and perverts the function of the judicial branch. This citation presupposes a deliberate attempt to seek the creation of a legal framework, through the courts, for the forced forfeiture of intellectual property which ?might? facilitate surveillance. There is no basis, in case law or statute, for such authority, and suggests a strategy designed to revive the Star Chamber, and thwart the constitutional rights of all Americans. Laws formed in secret will always find themselves wanting for authority as they, by definition, lack the consent of the people. The current Apple case, together with the Lavabit case, join a growing litany of recent court decisions which have eroded away our personal liberties. Taken together, these rulings force us to ask difficult questions. Specifically, can the federal government be trusted to defend our rights, and protect our freedom? Quite simply, the deceitful description of the Lavabit case by the Department of ?Justice? is an attempt to plunder our nation?s law libraries in search of incremental infringements upon our liberties, which may have seemed minor at the time, but are now being assembled into a slippery slide capable of carrying us to the bottom of a dangerous slope. History proves how easy it is to fall, and how hard it is to climb. If we grant terrorists, miscreants, and scoundrels the ability to frighten us into surrendering our rights, then we also give them a weapon capable of far more harm than any firearm or explosive. I sincerely hope Judge Pym considers the government?s argument with the suspicion it deserves, and carefully considers the consequences of siding with law enforcement. While the current case may seem simple on its surface, a decision in favor of law enforcement will threaten our ability to think privately, speak freely, and receive meaningful due process in the future. -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 17 12:28:21 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Mar 2016 13:28:21 -0400 Subject: [Infowarrior] - =?utf-8?q?Inside_Apple_CEO_Tim_Cook=E2=80=99s_Fig?= =?utf-8?q?ht_With_the_FBI?= Message-ID: <2186B667-EF07-4403-B3CB-8D6360D54832@infowarrior.org> (this week's cover story --- rick) Inside Apple CEO Tim Cook?s Fight With the FBI Lev Grossman / Cupertino, Calif. @leverus 6:27 AM ET In an exclusive interview with TIME, Cook discusses your privacy, America?s security, and what?s at stake in the battle over encryption < - > http://time.com/magazine/us/4262476/march-28th-2016-vol-187-no-11-u-s/ -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 17 14:25:44 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Mar 2016 15:25:44 -0400 Subject: [Infowarrior] - ProtonMail, the Easy-to-Use Encrypted Email Service, Opens Up to the Public Message-ID: ProtonMail, the Easy-to-Use Encrypted Email Service, Opens Up to the Public Written by Joseph Cox Contributor Three years after the Snowden revelations, the proliferation of privacy-focused messaging apps, email clients, and other encryption services hasn?t yet managed to make the use of crypto less of a pain. Today, one service that aims to change that left its beta stage. Switzerland-based ProtonMail wants to make encrypted emails easier to send, and after being invite-only for years, it?s now allowing open registrations. The company is also launching free iOS and Android apps. ?The best way to ensure that encryption and privacy rights are not encroached upon is to get the tools into the hands of the public as soon as possible and widely distributing them,? Andy Yen, co-founder and CEO of ProtonMail, said in a statement. ?This way, we put the choice in the hands of the consumer, and not government regulators.? < - > http://motherboard.vice.com/read/protonmail-the-easy-to-use-encrypted-email-service-opens-up-to-the-public -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 17 15:43:31 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Mar 2016 16:43:31 -0400 Subject: [Infowarrior] - Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist Message-ID: Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist SAN FRANCISCO ? If the F.B.I. wins its court fight to force Apple?s help in unlocking an iPhone, the agency may run into yet another roadblock: Apple?s engineers. Apple employees are already discussing what they will do if ordered to help law enforcement authorities. Some say they may balk at the work, while others may even quit their high-paying jobs rather than undermine the security of the software they have already created, according to more than a half-dozen current and former Apple employees. Among those interviewed were Apple engineers who are involved in the development of mobile products and security, as well as former security engineers and executives. The potential resistance adds a wrinkle to a very public fight between Apple, the world?s most valuable company, and the authorities over access to an iPhone used by one of the attackers in the December mass killing in San Bernardino, Calif. It also speaks directly to arguments Apple has made in legal documents that the government?s demand curbs free speech by asking the company to order people to do things that they consider offensive. ?Such conscription is fundamentally offensive to Apple?s core principles and would pose a severe threat to the autonomy of Apple and its engineers,? Apple?s lawyers wrote in the company?s final brief to the Federal District Court for the Central District of California. < - > http://mobile.nytimes.com/2016/03/18/technology/apple-encryption-engineers-if-ordered-to-unlock-iphone-might-resist.html -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 17 16:10:05 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Mar 2016 17:10:05 -0400 Subject: [Infowarrior] - US government pushed tech firms to hand over source code | ZDNet Message-ID: <0E1AC72F-F2CD-461E-8184-809521C3777B@infowarrior.org> US government pushed tech firms to hand over source code http://www.zdnet.com/article/us-government-pushed-tech-firms-to-hand-over-source-code/ -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 18 07:03:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Mar 2016 08:03:11 -0400 Subject: [Infowarrior] - Confirmed: Lavabit shut down due to Snowden Message-ID: <250B36EC-F0B1-48A4-BE4C-9816D8EBBD05@infowarrior.org> (oops, those redactors are so careless! --rick) The Government Revealed That Lavabit Shut Down Because of Edward Snowden Jamie Condliffe Today 4:29am http://gizmodo.com/the-government-revealed-that-lavabit-shut-down-because-1765657064 Remember that the secure and private email provider Lavabit shut down back in 2013 rather than comply with the feds? While people speculated it was because the government was chasing Edward Snowden, un-redacted files now show that to be the case. Wired reports that the files were published online to a federal court system called Pacer. The owner of Lavabit, Ladar Levison, was asked in 2013 by the FBI to hand over data about one the company?s users. He didn?t: He shuttered the company instead. The newly released documents fail to obscure the email address of that single user, which happens to be... Ed_snowden at lavabit.com. Wired claims that the lack of redaction was actually an accident on the part of the government. If that?s true, it?s good news for Levison, who was prevented form revealing the identity of the user?being told he could face prison time if he spoke out Now, it seems he doesn?t have to. -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 18 12:46:42 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Mar 2016 13:46:42 -0400 Subject: [Infowarrior] - =?utf-8?q?Snoopers=27_Charter=3A_IP_Bill_proves_t?= =?utf-8?q?hat_politicians_just_don=E2=80=99t_get_IT?= Message-ID: <7E046D34-A0C9-4B90-A998-A0C41F72B82D@infowarrior.org> Snoopers' Charter: IP Bill proves that politicians just don?t get IT Column The bill is a costly mistake that may do more harm than good By Daniel Robinson Fri Mar 18 2016, 15:31 http://www.theinquirer.net/inquirer/opinion/2451644/snoopers-charter-ip-bill-proves-that-politicians-just-don-t-get-it THE PASSING of the Investigatory Powers Bill in Parliament this week marked a new low point for a government that appears to care little about the consequences of its ill-considered legislation, and shows once more - if anyone was in any doubt - that politicians display an almost total lack of understanding of modern technology that is both scandalous and dangerous in the modern world. For anyone who hasn't been paying attention, the Investigatory Powers Bill - otherwise known as the Snoopers' Charter - was passed by a vote in the House of Commons following its second reading, with Labour and the SNP abstaining rather than be seen to vote against it. The new legislation effectively supersedes the earlier Regulation of Investigatory Powers Act (RIPA), and allows the government to retain Internet Connection Records (ICRs) about every website visited by every web user in the UK for a period of 12 months, as well as details of other telecommunications activity such as phone calls. It has come under almost universal condemnation from every side, from privacy campaigners to Human Rights activists to business and technology companies, and even a group of 200 senior lawyers in the UK who signed an open letter to the government stating that the new legislation is fundamentally flawed, does not provide adequate protection for privacy, and may even be illegal under international law. But all of this opposition proved fruitless, as the ruling party proceeded to rush the legislation through Parliament without allowing enough time for MPs to properly scrutinise and debate the Bill. A cynic might say that the government was afraid that the Bill would not stand up to much scrutiny. And yet, there are serious doubts over whether the Investigatory Powers Bill is at all fit for purpose. As many independent authorities have already pointed out, there is no clear evidence that mass collection of internet data in this way will prevent acts of terrorism, which is purportedly the reason for the Bill in the first place. In fact, amassing a giant list of every website accessed by every member of the public may well lead to the security services being buried under an avalanche of data that makes it impossible to sort the wheat from the chaff. Imagine a handful of ears of corn distributed in a mound of chaff the size of Mount Everest, and you get the picture. Then there is the cost to consider. The government is forcing communications service providers to shoulder the burden of collecting and retaining the Internet Connection Records generated by their customers, which means they will be hit with the cost of storing massive amounts of highly sensitive data. Storage may be cheap these days, but just think about the number of websites you visit in just one single day, then multiply this by 365 days in a year, then multiply that by the population of the UK, and you can see that we are talking about quite serious volumes of data. This means that the internet service providers such as BT, Virgin Media, TalkTalk and the rest are almost certainly going to have to hike broadband prices in order to cover the costs of storing and managing all this data that the government is forcing them to collect, and could have an impact on investment in the infrastructure needed to deliver better broadband in future. Worse, the Bill apparently contains few measures to limit which agencies or bodies can have access to the data gathered and for what purposes. We have already seen widespread abuses of the previous RIPA act by local authorities using those powers to gather information on people committing parking offences or check whether families are genuinely within the catchment area of a particular school. And many internet firms have already fallen victim to cyber attacks that have led to the exposure of sensitive personal information regarding users. A mass of data listing every website visited by every individual subscriber to an internet service will surely represent a tempting target for criminals, and the consequences of some of this data being published for all to see don't bear thinking about. Furthermore, some industry experts have warned that Investigatory Powers Bill could have a chilling effect on UK technology startups. One lecturer at the London School of Economics blogged that some startups such as social media company Ind.ie are already packing up and leaving the UK because of fears that they may be forced to build backdoors into their products for the security services to access. But possibly the worst part of the Investigatory Powers Bill is that the snooping will be relatively easy to circumvent for anyone tech-savvy enough to realise that using a virtual private network (VPN) or the Tor network will effectively hide which websites they are looking at. All that the Internet Connection Records would show in this case is traffic between your location and the VPN provider. Of course, the UK government may next take the step of making use of VPNs illegal, but to do so would at a stroke make it impossible to secure any business communications traffic, including financial transactions. But who knows what might happen when you have a government whose decisions seem to be increasingly driven by dogma rather than by data. ? -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 18 18:39:40 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Mar 2016 19:39:40 -0400 Subject: [Infowarrior] - DoJ, FBI turn March 22 court date into evidentiary hearing Message-ID: DoJ, FBI turn March 22 court date into evidentiary hearing [u] ? updated 05:14 pm EDT, Fri March 18, 2016 ? by MacNN Staff http://www.macnn.com/articles/16/03/18/hearing.speeds.the.entire.process.by.at.least.six.months.if.granted.133093/ Hearing speeds the entire process by at least six months, if granted In another surprise move by the US Government, and further complicating the iPhone 5c penetration tool saga, the Department of Justice has asked that the hearing scheduled for Tuesday, March 22 be made an evidentiary hearing -- accelerating the discovery process significantly. Both Apple and the Department of Justice will be given opportunity to subject witnesses that have made court filings for cross-examination. (updated Friday, 6:19 PM ET) Apple attorneys have protested the motion, saying that the request should have been made weeks ago, and not less than a week before the hearing. Should the motion be granted, Engadget claims that Apple's cryptography expert and product security and privacy manager Erik Neuenschwander will be in attendance, as well as Apple's global privacy and law enforcement compliance team lead Lisa Ollie will both be present at the hearing. The FBI will reportedly be bringing the two agents who filed declarations on the case, neither of which has any significant experience with encryption, nor what is required to penetrate the iPhone's security. While the original source seems clear on the details, a call placed to the courthouse at 5PM ET (2PM PT) confirms that the filing was made on Wednesday. However, no ruling on the request has been posted to the electronic filing system as of yet. MacNN will continue to look into the situation, which is likely to evolve over the weekend. [strong]Update:[/strong] An Apple spokesperson has confirmed to us that the Tuesday hearing is now evidentiary. MacNN has spoken with a DC-area lawyer who has been closely following the matter, and who wishes to remain anonymous. She told us that the move is "desperate" by the Department of Justice and notes that if granted, the hearing will speed the process by six to twelve months and "only helps the FBI" as it remains hard to "fight an upstream battle against the tide of public opinion of the electorate, which tends to be vindictive" in an already contentious election year. She noted that the quicker the saga lurches to an end before the election cycle concludes, regardless of victor, the better off any existing pro-establishment candidate may fare. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 19 15:50:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Mar 2016 16:50:38 -0400 Subject: [Infowarrior] - Most. Transparent. Administration. Ever. Message-ID: Mar 18, 2:47 PM EDT US gov't sets record for failures to find files when asked By TED BRIDIS and JACK GILLUM http://hosted.ap.org/dynamic/stories/U/US_SUNSHINE_WEEK_FOIA WASHINGTON (AP) -- The Obama administration set a record for the number of times its federal employees told disappointed citizens, journalists and others that despite searching they couldn't find a single page requested under the Freedom of Information Act, according to a new Associated Press analysis of government data. In more than one in six cases, or 129,825 times, government searchers said they came up empty-handed last year. Such cases contributed to an alarming measurement: People who asked for records under the law received censored files or nothing in 77 percent of requests, also a record. In the first full year after President Barack Obama's election, that figure was only 65 percent of cases. White House spokesman Josh Earnest said Friday he was not familiar with the figures showing how routinely the government said it can't find any records, although the Justice Department also highlighted them in its own performance report. Earnest said federal employees work diligently on such requests, and renewed his earlier complaint that the U.S. records law has never applied to Congress since it was signed into law 50 years ago by President Lyndon Johnson, a Democrat. "Congress writes the rules and they write themselves out of being accountable," Earnest said. He urged reporters "to continue the pressure that you have applied to Congress to encourage them to subject themselves to the same kinds of transparency rules that they insist other government agencies follow." The new data represents the final figures on the subject that will be released during Obama's presidency. Obama has said his administration is the most transparent ever. The FBI couldn't find any records in 39 percent of cases, or 5,168 times. The Environmental Protection Agency regional office that oversees New York and New Jersey couldn't find anything 58 percent of the time. U.S. Customs and Border Protection couldn't find anything in 34 percent of cases. "It's incredibly unfortunate when someone waits months, or perhaps years, to get a response to their request - only to be told that the agency can't find anything," said Adam Marshall, an attorney with the Washington-based Reporters Committee for Freedom of the Press. It was impossible to know whether more requests last year involved non-existent files or whether federal workers were searching less than diligently before giving up to consider a case closed. The administration said it completed a record 769,903 requests, a 19 percent increase over the previous year despite hiring only 283 new full-time workers on the issue, or about 7 percent. The number of times the government said it couldn't find records increased 35 percent over the same period. "It seems like they're doing the minimal amount of work they need to do," said Jason Leopold, an investigative reporter at Vice News and a leading expert on the records law. "I just don't believe them. I really question the integrity of their search." In some high-profile instances, usually after news organizations filed expensive federal lawsuits, the Obama administration found tens of thousands of pages after it previously said it couldn't find any. The website Gawker sued the State Department last year after it said it couldn't find any emails that Philippe Reines, an aide to Hillary Clinton and former deputy assistant secretary of state, had sent to journalists. After the lawsuit, the agency said it found 90,000 documents about correspondence between Reines and reporters. In one email, Reines wrote to a reporter, "I want to avoid FOIA," although Reines' lawyer later said he was joking. When the government says it can't find records, it rarely provides detailed descriptions about how it searched for them. Under the law, federal employees are required to make a reasonable search, and a 1991 U.S. circuit court ruling found that a worker's explanation about how he conducted a search is "accorded a presumption of good faith, which cannot be rebutted by purely speculative claims" that a better search might have turned up files. Skepticism has led many experts increasingly to specify exactly how they want federal employees to search for files: Which offices and filing cabinets, which hard drives, whose email inboxes, even what keywords to type in search software. To do otherwise means relying on overworked government staff to figure out how best to proceed. "They do really crappy searches," said Washington lawyer Kel McClanahan of National Security Counselors Inc., which handles transparency and national security cases. He lost a federal appeals case in November on behalf of a U.S. citizen, Sharif Mobley, trying to obtain U.S. records that might show why he has been imprisoned in Yemen since 2010. The court said the FBI wasn't required to search for files in locations and ways Mobley's lawyers wanted. Under the records law, citizens and foreigners can compel the U.S. government to turn over copies of federal records for zero or little cost. Anyone who seeks information through the law is generally supposed to get it unless disclosure would hurt national security, violate personal privacy or expose business secrets or confidential decision-making in certain areas. The AP's annual review covered all requests to 100 federal agencies during fiscal 2015. The administration released its figures ahead of Sunshine Week, which ends Sunday, when news organizations promote open government and freedom of information. Overall, the Obama administration censored materials it turned over or fully denied access to them in a record 596,095 cases, or 77 percent of all requests. That includes 250,024 times when the government said it couldn't find records, a person refused to pay for copies or the government determined the request to be unreasonable or improper. The White House routinely excludes those cases from its own assessment. Under that calculation, the administration said it released all or parts of records in 93 percent of requests. More than half of federal agencies took longer to answer requests last year than the previous year. --- Associated Press writer Stephen Braun contributed to this report. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 19 19:46:08 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Mar 2016 20:46:08 -0400 Subject: [Infowarrior] - Apple Hires Corporate Security Chief Amid Legal Battle With FBI Message-ID: <46DBBF4A-6CA5-418A-8681-60804A604196@infowarrior.org> (x-posted) Apple Hires Corporate Security Chief Amid Legal Battle With FBI ? by ? Reuters March 18, 2016, 8:42 PM EDT http://fortune.com/2016/03/18/apple-hires-corporate-security-chief/ Addition comes as the tech giants battles with the FBI over iPhone data. (Reuters) ? Apple, amid a pitched battle with the U.S. government over law enforcement?s desire to crack into iPhones, has hired a new security executive to oversee its corporate digital defenses, people familiar with the matter said. Apple appointed George Stathakopoulos, formerly vice president of information security at Amazon.com AMZN -1.32% and before that Microsoft?s general manager of product security, to be vice president of corporate information security, the people said. Apple declined to comment on the new hire, but a reporter calling Apple and asking to speak with him was connected to a person answering ?George?s office?. Stathakopoulos did not immediately return the call. Stathakopoulos reports to Apple?s chief financial officer and will be responsible for protecting corporate assets, such as the computers used to design products and develop software, as well as data about customers. The company?s heads of hardware and software remain in charge of protecting users of Apple?s products. Stathakopoulos started a week ago at Apple, according to people familiar with matter, after working since 2010 at Amazon, which has a strong reputation among security professionals. Before that he worked more than eight years as a general manager at Microsoft, which is seen as having improved its security over the past decade and a half. The new post is a sign of increased focus on security issues at Apple. The world?s most valuable publicly traded company is locked in an unprecedented fight with the U.S. Justice Department, which wants Apple to write software to allow it to get data from an iPhone 5C used by a shooter in the San Bernardino killing spree. Apple and many allies in the technology industry argue that forcing the company to write such software would set a precedent that would apply to other cases and companies. Prosecutors say they are focused on a single phone. In addition to that fight, which may well reach the Supreme Court, Apple APPL 0.00% must ward off attempts to compromise its defenses by hackers eager to get information about its customers, Apple software, and corporate proprietary information. Viruses, ransomware and other malicious byproducts of the Internet era historically have been a bigger threat to Windows computers and Android phones, but the increased market share of Apple products have made them more popular targets. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 21 06:44:23 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Mar 2016 07:44:23 -0400 Subject: [Infowarrior] - =?utf-8?q?Johns_Hopkins_researchers_poke_a_hole_i?= =?utf-8?q?n_Apple=E2=80=99s_encryption?= Message-ID: <07204C81-FBCB-4963-BD6D-60BFD1C91EB2@infowarrior.org> (x-posted) (The money-quote is the last para I snipped, and only further supports the allegations, confirmed by Comey, that they didn't quite do 'everything possible' short of going to court over this matter. Indeed the FBI wanted a legal and public precedent, and decided that running around the country and court system comically screaming "gimme some help now, dipschticks, because we're in hot pursuit!" ala Sheriff Roscoe from the 'Dukes of Hazzard' was the correct approach. --rick) Johns Hopkins researchers poke a hole in Apple?s encryption By Ellen Nakashima March 21 at 12:01 AM Apple?s growing arsenal of encryption techniques ? shielding data on devices as well as real-time video calls and instant messages ? has spurred the U.S. government to sound the alarm that such tools are putting the communications of terrorists and criminals out of the reach of law enforcement. But a group of Johns Hopkins University researchers has found a bug in the company?s vaunted encryption, one that would enable a skilled attacker to decrypt photos and videos sent as secure instant messages. This specific flaw in Apple?s iMessage platform likely would not have helped the FBI pull data from an iPhone recovered in December?s San Bernardino, Calif., terrorist attack, but it shatters the notion that strong commercial encryption has left no opening for law enforcement and hackers, said Matthew D. Green, a computer science professor at Johns Hopkins University who led the research team. The discovery comes as the U.S. government and Apple are locked in a widely watched legal battle in which the Justice Department is seeking to force the company to write software to help FBI agents peer into the encrypted contents of the iPhone used by Syed Rizwan Farouk, one of two attackers who were killed by police after the shooting rampage that claimed 14 lives. Cryptographers such as Green say that asking a court to compel a tech company such as Apple to create software to undo a security feature makes no sense ? especially when there may already be bugs that can be exploited. ?Even Apple, with all their skills ? and they have terrific cryptographers ? wasn?t able to quite get this right,? said Green, whose team of graduate students will publish a paper describing the attack as soon as Apple issues a patch. ?So it scares me that we?re having this conversation about adding back doors to encryption when we can?t even get basic encryption right.? < - > https://www.washingtonpost.com/world/national-security/johns-hopkins-researchers-discovered-encryption-flaw-in-apples-imessage/2016/03/20/a323f9a0-eca7-11e5-a6f3-21ccdbc5f74e_story.html -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 21 06:50:33 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Mar 2016 07:50:33 -0400 Subject: [Infowarrior] - Bloomberg: Apple-FBI Scrap Started When iOS 8 Was Shared With the Feds Message-ID: Bloomberg: Apple-FBI Scrap Started When iOS 8 Was Shared With the Feds Jamie Condliffe Today 6:13am The current scrap between Apple and the FBI feels timely and relevant to most of us. But as a new Bloomberg feature explains, it?s been brewing for at least 18 months. The feature explores some of the tensions between Apple and the FBI over the past 18 months. It makes clear the fact that the San Bernardino case isn?t the real source of tension?it?s merely the public-facing window that let?s us peer into an ongoing battle. Indeed, the feature describes how the fight stretches back at least as far as 2014 when Apple was planning to release iOS 8. That version of the OS was a milestone for Apple, because it used encryption to make it all but impossible for the anyone?even the hardware manufacturer?to access user data. Apparently Apple actually gave the FBI a copy of iOS 8 ahead of its public release ?so it could study how the new system would change evidence-gathering techniques.? That, obviously, didn?t go down too well, and Bloomberg explains that it set off the negotiations between Apple and the government that have at this point descended into the leal battles we?re all too aware of. That?s not to say that every government department was against Apple?s approach. The feature also explains that the Obama administration was initially responsive to Apple?s viewpoint, but the San Bernardino case gave the FBI the opportunity to argue its case, ultimately having the White House follow its lead. It?s well worth reading the full feature. -- http://gizmodo.com/bloomberg-apple-fbi-scrap-started-when-ios-8-was-share-1766107055 -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 21 07:16:26 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Mar 2016 08:16:26 -0400 Subject: [Infowarrior] - Beyond surveillance: what could happen if Apple loses to the FBI Message-ID: Beyond surveillance: what could happen if Apple loses to the FBI Danny Yadron http://www.theguardian.com/technology/2016/mar/21/apple-fbi-encryption-battle This is how a former White House technologist envisions a future in which Apple loses its privacy battle with the US government. The year is 2026. You get in your new Tesla for a milk run. You place your fingertip on the door handle, the door unlocks, and the car knows it?s you as you step inside because it read your fingerprint. The car, on its own, pulls out of the garage while you scroll through live streams broadcast by your friends on whatever app has succeeded Instagram. The doors lock. The car passes the convenience store and its dairy aisle. Instead, it makes two lefts then a right before pulling up to the local police station. The cops are waiting outside. They got a judge to make Tesla update your car?s self-driving software to lock the doors and deliver you to the local precinct. You looked like a guy caught on surveillance camera and the police had a few questions. According to Ashkan Soltani, an engineer by trade who spent the past year working on privacy policy for the US government, this world might not be the realm of science fiction. If Apple loses its brawl with the US government over whether it must write code to defeat the security system of an iPhone linked to the San Bernardino shootings, Soltani sees that kind of scenario as a terrifying possibility. That fight officially begins on Tuesday when Apple and government lawyers meet for the first time in a southern California federal court. Soltani has some grounding here. He won a Pulitzer prize for helping the Washington Post sort through documents leaked by Edward Snowden and has published papers on privacy technology through Berkeley, Stanford and Harvard. He isn?t just a guy who watched too many dystopian films. He and others make a compelling case that the Apple fight isn?t really about surveillance, or encryption, or who else may have known about the horrific killing of 14 people in a southern California office complex on 2 December. It?s about who can manipulate the 1s and 0s that control our ever-increasing number of devices that track how we drive, when we?re home and if the door is locked. ?We already have a hard enough time trusting our technology and understand what it?s doing,? says Soltani, who worked on regulation for the Federal Trade Commission with a brief stint at the White House. ?What the government is asking Apple to do in some way is to further undermine that.? Consumers rationally enough gave up this agency when they allowed Microsoft to push automatic Windows updates or Apple to upload a U2 album onto every iPhone. The Apple case will decide if that power stops with a digital product?s maker, or if it can extend to the federal government. Washington, though it would never say it this way, effectively wants Apple to make its programmers agents of the state in its San Bernardino investigation. If the FBI wins, Apple would fool gunman Syed Farook?s work iPhone into accepting a benign-seeming software update, the kind Apple regularly ships out to the nearly 1bn iPhones it has sold since 2007. But in this case, the software sent by Apple would disable certain iPhone security measures to make it easier for the government to guess the phone?s four-digit passcode. Because of Apple?s security features, only Apple can push such a system tweak to one of the phones. As the government acknowledges, courts operate on precedent. So if the FBI wins this time, it means it is more likely to win the next. This year, a favorable ruling could decide whether laptop cameras can be conscripted as spies or smartphones become permanent homing beacons. In a year or two, the same ruling may have set laid the groundwork for whether your car becomes your police van or your home becomes your holding cell. Obviously, predicting the ripple effects of a court case that hasn?t started is perilous. The courts, for instance, could rule against Apple in this extraordinary case but decide to be silent on the broader questions about control of technology. Or Congress could find a middle ground with an update to woefully outdated wiretap law written for a pre-smartphone era. Apple could very well win in a sweeping supreme court decision that puts computer code outside the reach of law enforcement officials. Or it could persuade Congress to craft new law protecting tech companies from law enforcement. That of course would raise its own issues about the power of private corporations. One current federal prosecutor predicted a lot of ?bad guys are better off and we only get the dumb ones?. Stewart Baker, a former attorney for the National Security Agency, took Soltani?s Tesla warning to the opposite extreme. The thing about the world where the FBI doesn?t miss anything, that?s a world where the FBI knows everything Baker, now a partner at Steptoe & Johnson, asked: ?Would you rather live in a world where the Tesla could be packed full of explosives, programmed to drive through the fence and into the White House? and the secret service unable to get Tesla to remotely stop the vehicle? Either way, Americans will have to decide if they are OK with technology creating walled off spaces. That can be now, or it can be the next time Silicon Valley gets in the way of a criminal investigation. This is something both Apple and the government agree on. As Apple lawyers recently wrote, the case pits ?what law enforcement officials want against the widespread repercussions and serious risks their demands would create.? Or as James Comey, director of the FBI, told Congress in March, the case is about ?this collision between public safety and privacy?. Public opinion polls commissioned by Pew and the Wall Street Journal/NBC News show that Americans narrowly back the FBI over the iPhone maker. The problem for Apple and its backers is that consumers tend to put perceived near term risks, such as mass shootings, over theoretical ones ? like Big Brother. Science fiction writer Bruce Bethke, who coined the term ?cyberpunk? in 1983, doesn?t think like a typical consumer. ?Does your water meter report you to the local public utilities commission if you?re illegally watering your lawn on a Tuesday? It will. Does your cellphone call your health insurance provider if its GPS coordinates indicate you?ve just entered a tobacco shop? It will,? he wrote in an email. ?Does your toilet report you to your doctor when you?re not getting enough fiber in your diet? It will.? Americans are connecting more and more of their devices ? their refrigerators, their thermostats, their cars, their door locks ? to the internet. Photograph: Erik S Lesser/EPA Nick Harkaway, the British author of The Blind Giant: Being Human in a Digital World and currently writing a novel based on a surveillance state, said that if Apple loses, ?Everything connected in your life now belongs to law enforcement: your phone, your satnav, your DVR,? or digital video recorders for TV reruns. Such views aren?t just fantasies created by authors. At a recent security conference in San Francisco, several leading cryptographers ? the programmers and mathematicians who use complicated algorithms to make encryption work ? pondered about the the deeper meanings of the Apple case. Moxie Marlinspike, the developer behind the secure messaging app Signal and the encryption protocol used by Facebook?s WhatsApp messenger, worried that if Apple loses, the government could compel the company to alter programs downloaded from the App Store, such as his own, to be more surveillance friendly. ?The thing about the world where the FBI doesn?t miss anything, that?s a world where the FBI knows everything,? he said. He for instance noted that now accepted social movements ? such as gay rights and the movement to end slavery ? began as illegal forms civil disobedience. If keeping a secret isn?t possible, these movements can?t start, he reasoned. ?I think it should be possible to break the law,? he said. On stage, Whitfield Diffie, the godfather of modern encryption donning a suit and long, groomed white hair chimed in sternly. ?In a tyranny you build people mechanisms to deny people opportunities to take control of their actions,? he said. Barack Obama and other Washington officials obviously aren?t proclaiming they want to create a surveillance state. The world they describe is one of balance. Consumers generally maintain digital privacy, but in times of duress, criminal suspects might lose theirs. But where they draw that line becomes less clear as Americans connect more and more of their devices ? their refrigerators, their thermostats, their cars, their door locks ? to the internet. James Clapper, America?s top spy, told the US Senate in February that all of these things become inviting targets for intelligence agencies for ?identification, surveillance, monitoring, location tracking, and targeting for recruitment?. What may be a far out spy trick today, has a history of becoming a tool for police departments five years later. Even if Americans decide that?s a future they want, an Apple loss nevertheless could create a world in which consumers may no longer be able to trust the gadgets they buy are working for them. ?That?s something we?re going to have to get right as we embed these systems into our lives,? Soltani, the former tech regulator, said. ?Otherwise we go back to this world where we keeping going, ?What the hell is this thing doing??? Soltani, who left the White House in February, is taking some time off from government and plans to travel the untamed west coast in a camping van he alone controls. He will bring his smartphone. -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 21 12:46:47 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Mar 2016 13:46:47 -0400 Subject: [Infowarrior] - NYT called out for bogus encryption story Message-ID: <2F860109-D016-4B09-9762-5423A88E70DF@infowarrior.org> French Police Report On Paris Attacks Shows No Evidence Of Encryption... So NY Times Invents Evidence Itself https://www.techdirt.com/articles/20160321/00392533965/french-police-report-paris-attacks-shows-no-evidence-encryption-so-ny-times-invents-evidence-itself.shtml -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 21 18:27:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Mar 2016 19:27:11 -0400 Subject: [Infowarrior] - Feds move to postpone iPhone hearing Message-ID: <37D8C5DE-D8FB-46F3-ACEF-D22DE7FBD901@infowarrior.org> Feds move to postpone iPhone hearing By Jack Shafer Apple has claimed the government's request for assistance would potentially harm all its users. | AP Photo The Justice Department may not need Apple's help any longer. http://www.politico.com/story/2016/03/feds-move-to-cancel-iphone-hearing-221062 RIVERSIDE, Calif. ? Citing new leads about how to access an iPhone used by one of the perpetrators of the San Bernardino terrorist attack, the Justice Department on Monday asked to postpone a court hearing set for Tuesday on whether Apple should be forced to help the FBI break into that device. Their request was granted. For months, government lawyers have insisted they needed Apple to write special software so that the FBI could bypass the security features on the iPhone being used by the San Bernardino shooter, Syed Farook, and obtain information critical to their ongoing terrorism investigation. But the Justice Department unexpectedly told the court just hours before a scheduled hearing that it may not need to force Apple?s assistance after all under a little-known law, the All Writs Act, a move that Apple and the rest of Silicon Valley had said would threaten the privacy and security rights of all smartphone owners. "On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook's iPhone," federal prosecutors said in a filing Monday afternoon. "Testing is required to determine whether it is a viable method that will not compromise data on Farook's iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. ("Apple") set forth in the All Writs Act Order in this case." "Accordingly, to provide time for testing the method, the government hereby requests that the hearing set for March 22, 2016 be vacated," government lawyers wrote. Earlier Monday, though, Apple CEO Tim Cook had affirmed his company?s intent to fight this and other cases where the government seeks greater access to digital data. As he unveiled his company?s latest iPhone, Cook pledged on stage in San Francisco that Apple would not ?shirk from [its] responsibility? to protect its users. In the San Bernardino case, the Justice Department asked a federal magistrate in February to require Apple to write special code to help unlock Farook?s password-protected iPhone. Apple doesn?t retain a copy of device passwords, and its iPhone is programmed to erase itself after too many failed attempts to unlock it ? so the DOJ wanted the company craft special software to remove the restriction. Federal Magistrate Sheri Pym initially sided with the DOJ in February, drawing a sharp rebuke from Apple, which lambasted the government?s request as a digital ?backdoor.? In the eyes of the tech company, a win for the government would set a dangerous legal precedent, allowing the Justice Department unparalleled access to all digital communications in other major national security investigations. Apple argued Congress never gave law enforcement such power, and doing so now would only encourage foreign governments to seek the same access in the future. The legal battle ? marked by bitter rhetoric from both sides ? quickly encompassed the whole of Silicon Valley. Top firms like Amazon, Facebook, Google and Microsoft filed legal briefs with the court, urging the judge not to embolden the FBI as it seeks greater access to data it can't currently intercept or decipher ? a problem its director has called ?going dark.? And both Apple and the Justice Department seemed to indicate they would continue fighting the case for as long as necessary, setting up an historic war between Washington and Silicon Valley. But security experts long have suggested the FBI might be able to extract the phone's contents by other means. FBI Director James Comey had been grilled about a potential technical solution by lawmakers like Rep. Darrell Issa (R-Calif.) during his appearance on Capitol Hill to discuss the case earlier this month. The DOJ did not specify in its court filing Monday, however, exactly how it planned to obtain the contents of the San Bernardino device. "As a result of these efforts, an outside party demonstrated to the FBI this past weekend a possible method for unlocking the phone," a DOJ spokeswoman said in a statement. "We must first test this method to ensure that it doesn?t destroy the data on the phone, but we remain cautiously optimistic. That is why we asked the court to give us some time to explore this option." -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 21 21:12:37 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Mar 2016 22:12:37 -0400 Subject: [Infowarrior] - =?utf-8?q?RIP_Andy_Grove_1936_=E2=80=93_2016?= Message-ID: Andrew S. Grove 1936 ? 2016 | Intel Newsroom https://newsroom.intel.com/news-releases/andrew-s-grove-1936-2016/ SANTA CLARA, Calif, March 21, 2016 ? Intel announced that the company?s former CEO and Chairman Andrew S. Grove passed away today at the age of 79. Present at Intel?s 1968 founding with Robert Noyce and Gordon Moore, Andy Grove became Intel?s President in 1979 and CEO in 1987. He served as Chairman of the Board from 1997 to 2005. Both during his time at Intel and in retirement, Grove was one of the most influential figures in technology and business, writing best-selling books and widely cited articles, and speaking out on an array of prominent public issues. ?We are deeply saddened by the passing of former Intel Chairman and CEO Andy Grove,? said Intel CEO Brian Krzanich. ?Andy made the impossible happen, time and again, and inspired generations of technologists, entrepreneurs, and business leaders.? Born Andr?s Gr?f in Budapest, Hungary, Grove immigrated to the United States in 1956-7 having survived Nazi occupation and escaped Soviet repression. He studied chemical engineering at the City College of New York, completing his Ph.D at the University of California at Berkeley in 1963. After graduation, he was hired by Gordon Moore at Fairchild Semiconductor as a researcher and rose to assistant head of R&D under Moore. When Noyce and Moore left Fairchild to found Intel in 1968, Grove was their first hire. Andrew S. Grove was chairman of the board of Intel Corporation from May 1997 to May 2005. He was the company?s chief executive officer from 1987 to 1998 and its president from 1979 to 1997. Grove played a critical role in the decision to move Intel?s focus from memory chips to microprocessors and led the firm?s transformation into a widely recognized consumer brand. Under his leadership, Intel produced the chips, including the 386 and Pentium, that helped usher in the PC era. The company also increased annual revenues from $1.9 billion to more than $26 billion. Grove was both an astute engineer and a careful student of business management. His books High Output Management (1983) and Only the Paranoid Survive (1999) remain some of the most highly regarded management books. ?Andy approached corporate strategy and leadership in ways that continue to influence prominent thinkers and companies around the world,? said Intel Chairman Andy Bryant. ?He combined the analytic approach of a scientist with an ability to engage others in honest and deep conversation, which sustained Intel?s success over a period that saw the rise of the personal computer, the Internet and Silicon Valley.? Grove and his wife, Eva, were married for 58 years and had two daughters and eight grandchildren. While leading Intel and in retirement, Grove was active in philanthropy and public advocacy for issues deeply personal to him. Diagnosed with prostate cancer, he authored a 1996 cover story in Fortune that explained his decision to undergo an unconventional, but ultimately successful treatment. He contributed to Parkinson?s research and urged the medical community to more efficiently study the disease, from which he suffered. He provided $26 million to the City College of New York to help establish the Grove School of Engineering, and made countless generous gifts to a wide variety of charitable causes. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 22 06:59:38 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Mar 2016 07:59:38 -0400 Subject: [Infowarrior] - Senate proposal on encryption gives judges broad powers Message-ID: <5D47669F-90A1-49A1-BC49-754531AA4C23@infowarrior.org> (On one hand this sounds fairly tame and reinforces the status quo - but even better will be a gridlocked Congress doing nothing with it. Clearly Burr and DiFi did this from a knee-jerk reaction to rumor following Paris -- think the moronic NYT piece this past weekend -- and DOJ's recent high-profile bumbling with Apple only reinforced their need as legislators and surveillance maximalists to "do something." However, it's to be expected these people. -- rick) Technology | Mon Mar 21, 2016 8:19pm EDT Related: Election 2016, Politics, Tech Senate proposal on encryption gives judges broad powers WASHINGTON | By Dustin Volz and Mark Hosenball http://www.reuters.com/article/us-apple-encryption-legislation-idUSKCN0WN2B1 A bipartisan group of U.S. senators has begun circulating long-awaited draft legislation that would give federal judges clear authority to order technology companies like Apple to help law enforcement officials access encrypted data, according to sources familiar with the discussions. The proposal from Senators Richard Burr and Dianne Feinstein, the top Republican and Democrat on the Senate Intelligence Committee, does not spell out how companies must provide access or the circumstances under which they could be ordered to help. It also does not create specific penalties for noncompliance, leaving that determination to judges, the sources said. Previous legislative efforts have focused on requiring technology products to have a built-in "back door" for law enforcement. The latest approach would not mandate any specific technology, but rather would require companies to figure out how to access the data. Congress has tried and failed for years to pass legislation that could prevent criminals and spies from "going dark," or hiding from law enforcement by using encrypted computer and communications services. The latest effort died when the Obama administration signaled last fall that it would not support it. But Apple's high-profile showdown with the government over a federal magistrate judge's order that it unlock an iPhone connected to the mass shooting in San Bernardino, California, has reopened the debate. Apple and the Justice Department are set to face off in court on Tuesday. ?The going-dark issue has been gathering momentum (in Congress) like a train coming down the tracks, but it still seemed for a while like it was going to be a long time before it got to the station,? Representative Adam Schiff, the top Democrat on the House Intelligence Committee, told Reuters in an interview. ?But it arrived with a fury with this lawsuit.? Apple and many of its allies argue that the court is over-reaching its authority in the San Bernardino case and that Congress should ultimately resolve the encryption debate. President Obama warned a tech conference earlier this month against ?fetishizing? phones and made it clear that he supports law enforcement efforts to gain access to encrypted information. Administration officials have reviewed the legislation from Burr and Feinstein and offered suggested edits, the sources said, signaling that the White House may now be more open to a legislative approach. Still, the Burr-Feinstein effort is expected to face a steep climb in a gridlocked Congress wary about tackling such a complex and controversial issue during an election year. ?We have previously been quite skeptical of legislative handling of this particular matter,? White House press secretary Josh Earnest told reporters last month after the Apple case began. ?I don?t know at this point whether or not (conversations with lawmakers) will result in a piece of legislation that we will embrace.? NO CONSENSUS In an attempt to break the congressional stalemate on encryption, Democratic Senator Mark Warner and Republican Representative Michael McCaul, who chairs the House Homeland Security Committee, introduced legislation earlier this month to form a national encryption commission to further study the issue. That effort has been criticized by some privacy advocates who believe its composition would be skewed to favor law enforcement. Others have complained that it would give Congress an excuse to continue postponing action on encryption. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 22 17:38:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Mar 2016 18:38:22 -0400 Subject: [Infowarrior] - good read: How an FBI win against Apple could hurt my company Message-ID: How an FBI win against Apple could hurt my company Declan McCullagh March 22, 2016 https://the-parallax.com/2016/03/22/fbi-win-apple-hurt-company/ Apple is vigorously challenging the FBI over unlocking an iPhone for one simple reason: If Cupertino loses, there?s no obvious limit to the code that software companies, including mine, could be forced to create. The FBI claimed, in its initial court filing, that its request was ?tailored for and limited to this particular phone.? That statement was misleading. A federal judge in New York revealed that the bureau has ?a dozen more such applications pending, and it clearly intends to continue seeking assistance that is similarly burdensome.? If a favorable precedent is set, local, state, and other federal police agencies would pounce. Manhattan?s district attorney said he?d ?absolutely? invoke such a precedent, and FBI Director James Comey acknowledged in a recent congressional appearance that the Apple case would invite copycat demands. If Apple loses its fight with the FBI, and one of our users comes under criminal investigation, that precedent would let the government turn us into unwilling surveillance assistants. A hearing was scheduled in federal court today, but FBI officials requested a last-minute delay, saying they were investigating ways of accessing data that didn?t require Apple?s assistance. This case arose out of an FBI probe into the husband and wife who last year shot and killed 14 people in San Bernardino, Calif. The bureau says it obtained a work phone, an iPhone 5C, used by one of the shooters, and it wants to compel Apple to develop a version of iOS with a backdoor to unlock it. Apple is fighting the resulting court order, which is temporarily suspended while the FBI investigates other unlocking techniques. At my company, Recent Media, we write code for iOS and Android news recommendation apps. We have no legal department and certainly no process in place to comply with a judge?s order to undermine our software?s security. In fact, by limiting the log data we store, and allowing Recent News to be used anonymously, we?re hoping to avoid any such order. If Apple loses its fight with the FBI, and one of our users comes under criminal investigation, that precedent would let the government turn us into unwilling surveillance assistants. On threat of being held in contempt, we potentially could be forced to write thousands of lines of code, based on specifications drafted by prosecutors who know little to nothing about how our technology works. Such code, we imagine, could be designed to alert authorities when a user performs certain activities, or when a phone enters or leaves a certain geographical area. It could also be designed to integrate government malware that would redirect network traffic, or remotely activate a device?s microphone or camera. Threat of FBI win makes for strange bedfellows To preemptively fight the threat of innumerable such police wishlists, Facebook, Microsoft, Google, Yahoo, and others?usually bitter rivals?have set aside their differences to warn of the real dangers in allowing the government to conscript engineers. ?Make no mistake: If the government prevails in this case, it will seek many such decisions,? the companies wrote in a joint legal filing supporting Apple. ?Investigative tools meant for extraordinary cases may become standard in ordinary ones.? This is why you?re starting to hear mild-mannered engineers discuss civil disobedience. A New York Times report said Apple?s iOS engineers might quit rather than create a government backdoor to the operating system (they?d have little difficulty in finding jobs elsewhere). The ethics code of the professional association for computer scientists says to protect ?the privacy and integrity of data,? not undermine it. Computer security professionals, long aware of the ethics of backdoors, are considering their own social responsibilities. Opposition to surveillance orders is hardly hypothetical. Two years ago, after the FBI demanded that Ladar Levison hand over the private encryption key to his Lavabit email service, he pulled the plug on Lavabit. Gaining the encryption key would have enabled the bureau to decrypt the connections of all of its users, including those of Edward Snowden. (Levison filed a brief in the Apple case, saying the FBI is demanding involuntary servitude, abolished in 1865.) Apple says the FBI?s arguments would catapult the industry into unexplored terrain. The lack of any limiting principle would ostensibly allow, the company stated in a brief, ?compelling a pharmaceutical company against its will to produce drugs needed to carry out a lethal injection in furtherance of a lawfully issued death warrant, or requiring a journalist to plant a false story in order to help lure out a fugitive.? Technology companies are hardly opposed to helping police fight crime: Every major company has a department that responds to legally authorized requests for stored data. Yahoo alone deals with requests for approximately 50,000 user accounts each year. For Microsoft, the global total is closer to 110,000 accounts. In this case, the FBI is not requesting stored data from Apple. The bureau is demanding a company to craft code that would bypass its own security protections. Nobody should be surprised that Silicon Valley is supporting Apple?s fight. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 23 10:31:04 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Mar 2016 11:31:04 -0400 Subject: [Infowarrior] - Apple wasn't 'flouting' iPhone order, judge says Message-ID: <7CE8BB21-C23C-463B-AEB0-7856F12003DC@infowarrior.org> Apple wasn't 'flouting' iPhone order, judge says By Josh Gerstein and Tony Romm 03/22/16 09:35 PM EDT http://www.politico.com/blogs/under-the-radar/2016/03/apple-iphone-justice-department-221127 RIVERSIDE, Calif. ? Apple isn?t as much of a rebel as the Justice Department tries to portray ? at least, according to the federal magistrate overseeing the government?s attempt to force Apple to help crack a locked iPhone used by one of the San Bernardino shooters. Despite the skepticism, Apple?s request to overturn the original order in the case was denied Monday during a hearing in which the Justice Department asked the court to pause the proceeding so that investigators could try a new way to access the device without Apple's help. ?I certainly don't think, let me just comment, that Apple's been flouting the order,? Magistrate Judge Sheri Pym said Monday, according to a transcript obtained by POLITICO. ?The order, essentially ? pending a final decision, there's not really ? it's not in a stage that it could be enforced at this point,? Pym said. One of the company's top lawyers told the court that since a new solution could allow DOJ to access the phone without Apple, which Justice previously said it could not do, that "nullifies" the government's arguments in the case, so it should be vacated. Pym would not go quite that far, but she did stay her initial ruling, which forced Apple to aid the FBI. And she made clear she doesn?t believe the tech company has defied the court by not immediately giving in to the government?s demands. The government had asked Pym to hit the brakes Monday ? hours before a scheduled court appearance Tuesday ? after learning about a potential new way to access the device from an unnamed ?outside party." The Justice Department did not explain its thinking, but it has argued in court for weeks that it needed Apple to write special software to gain entry to the iPhone tied to the San Bernardino attack in December. Apple did not object to the request to postpone the court appearance, and the Justice Department now has until April 5 to update the court on its progress. But prosecutor Tracy Wilkison and Apple attorney Ted Boutrous still sparred during the roughly 15-minute call, after Boutrous said the government had accused the company of defying its legal obligations. ?I can't exaggerate to you how ? the perception, some of which I think has been reinforced by the government in their brief, that the company has been somehow doing something wrong,? Boutrous said. ?The government has really only been interested in trying to get into this phone and has done all of its filings and all of its work here in an effort to get into this phone and not saying anything nefarious about Apple,? Wilkison insisted. Boutrous then cited a point in the government?s brief that says: ?Apple?s rhetoric is not only false, but is corrosive of the very institutions that are best able to safeguard our liberty and our rights.? Pym ultimately said she ?was not going to take sides,? but she quickly added that she believes the legal filings from both Apple and the DOJ have included language intended more for public consumption ? and, potentially, congressional lawmakers ? than for the court. ?I think there's been multiple audiences that have been considered in litigating this case. I understand there are public policy considerations here, and that's part of what's at stake,? Pym said. Josh Gerstein is a senior reporter for POLITICO. -- It's better to burn out than fade away. From rforno at infowarrior.org Wed Mar 23 12:06:28 2016 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Mar 2016 13:06:28 -0400 Subject: [Infowarrior] - Israeli firm helping FBI to open encrypted iPhone: report Message-ID: <3282ACC6-2DF0-4694-AB79-57A0BAE6E6AD@infowarrior.org> Israeli firm helping FBI to open encrypted iPhone: report http://www.reuters.com/article/us-apple-encryption-cellebrite-idUSKCN0WP17J TEL AVIV Israel's Cellebrite, a provider of mobile forensic software, is helping the U.S. Federal Bureau of Investigation's attempt to unlock an iPhone used by one of the San Bernardino, California shooters, the Yedioth Ahronoth newspaper reported on Wednesday. If Cellebrite succeeds, then the FBI will no longer need the help of Apple Inc (AAPL.O), the Israeli daily said, citing unnamed industry sources. Cellebrite officials declined to comment on the matter. Apple is engaged in a legal battle with the U.S. Justice Department over a judge's order that it write new software to disable passcode protection on the iPhone used by the shooter. The two sides were set to face off in court on Tuesday, but on Monday a federal judge agreed to the government's request to postpone the hearing after U.S. prosecutors said a "third party" had presented a possible method for opening an encrypted iPhone. The development could bring an abrupt end to the high-stakes legal showdown which has become a lightning rod for a broader debate on data privacy in the United States. Cellebrite, a subsidiary of Japan's Sun Corp (6736.T), has its revenue split between two businesses: a forensics system used by law enforcement, military and intelligence that retrieves data hidden inside mobile devices and technology for mobile retailers. (Reporting by Tova Cohen; Editing by Elaine Hardcastle) -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 24 06:44:20 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Mar 2016 07:44:20 -0400 Subject: [Infowarrior] - Lawmakers warn of 'radical' move by NSA to share information Message-ID: <3EB81D80-2940-416D-A516-A522B99261B8@infowarrior.org> Lawmakers warn of 'radical' move by NSA to share information Julian Hattem http://thehill.com/policy/national-security/274128-lawmakers-warn-about-unconstitutional-dangerous-nsa-changes A bipartisan pair of lawmakers is expressing alarm at reported changes at the National Security Agency that would allow the intelligence service?s information to be used for policing efforts in the United States. ?If media accounts are true, this radical policy shift by the NSA would be unconstitutional, and dangerous,? Reps. Ted Lieu (D-Calif.) and Blake FarentholdBlake FarentholdLawmakers warn of 'radical' move by NSA to share information Overnight Tech: Netflix scores win over Postal Service Lawmakers go green for St. Patrick's Day MORE (R-Texas) wrote in a letter to the spy agency this week. ?The proposed shift in the relationship between our intelligence agencies and the American people should not be done in secret. ?NSA?s mission has never been, and should never be, domestic policing or domestic spying.? The NSA has yet to publicly announce the change, but the New York Times reported last month that the administration was poised to expand the agency's ability to share information that it picks up about people?s communications with other intelligence agencies. The modification would open the door for the NSA to give the FBI and other federal agencies uncensored communications of foreigners and Americans picked up incidentally ? but without a warrant ? during sweeps. Robert Litt, the general counsel at the Office of the Director of National Intelligence, told the Times that it was finalizing a 21-page draft of procedures to allow the expanded sharing. Separately, the Guardian reported earlier this month that the FBI had quietly changed its internal privacy rules to allow direct access to the NSA?s massive storehouse of communication data picked up on Internet service providers and websites. The revelations unnerved civil liberties advocates, who encouraged lawmakers to demand answers of the spy agency. ?Under a policy like this, information collected by the NSA would be available to a host of federal agencies that may use it to investigate and prosecute domestic crimes,? said Neema Singh Guliani, legislative counsel and the American Civil Liberties Union. ?Making such a change without authorization from Congress or the opportunity for debate would ignore public demands for greater transparency and oversight over intelligence activities.? In their letter this week, Lieu and Farenthold warned that the NSA?s changes would undermine Congress and unconstitutionally violate people?s privacy rights. ?The executive branch would be violating the separation of powers by unilaterally transferring warrantless data collected under the NSA?s extraordinary authority to domestic agencies, which do not have such authority,? they wrote. ?Domestic law enforcement agencies ? which need a warrant supported by probable cause to search or seize ? cannot do an end run around the Fourth Amendment by searching warrantless information collected by the NSA.? -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 24 09:47:35 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Mar 2016 10:47:35 -0400 Subject: [Infowarrior] - good read: The hubris of investigators Message-ID: The hubris of investigators Shahid Buttar A now-vacated court order requiring Apple to undermine the security of its users prompted an ongoing controversy over government access to encrypted devices. While the court in San Bernardino may never rule on the flood of arguments supporting Apple?s defense of user security, observers ? especially members of Congress ? should pay close attention to a few themes that have emerged in the public debate. Policymakers who understand those themes will reject reported legislation that would mandate backdoors in your technology, or otherwise force tech companies to ensure the FBI?s access to everyone?s communications. Senators Dianne Feinstein, D-CA, and Richard Burr, R-NC, have threatened to introduce a proposal along those lines, which would place millions of people at risk, overlook several key facts, and resign a need for long overdue ? and increasingly vital ? transparency into law enforcement excesses. < - > http://techcrunch.com/2016/03/24/the-hubris-of-investigators/?ncid=rss -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 24 16:31:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Mar 2016 17:31:22 -0400 Subject: [Infowarrior] - DOJ knew of possible iPhone-cracking method before Apple case Message-ID: <19A49E63-71EE-4FAF-A56E-7441778FCF7D@infowarrior.org> DOJ knew of possible iPhone-cracking method before Apple case Grant Gross http://www.csoonline.com/article/3047447/security/doj-knew-of-possible-iphone-cracking-method-before-apple-case.html Weeks before the FBI sought a court order forcing Apple to help it break into an iPhone used by one of the San Bernardino gunmen, a sister agency in the Department of Justice was already using an Israeli security firm's technology to attempt to crack a similar device. The FBI and the DOJ have repeatedly insisted that they had no other option but to force Apple to help them crack an iPhone used by the gunman Syed Rizwan Farook, at least until an outside party offered assistance earlier this week. ?We have engaged all parts of the U.S. government? to find a way to access the device without Apple?s help, FBI Director James Comey told lawmakers in early March. ?If we could have done this quietly and privately, we would have done it.? But more than two weeks before a judge ordered Apple to assist the FBI, the Drug Enforcement Administration, also a division of the DOJ, filed a warrant request in a Maryland court asking to use technology from security firm Cellebrite to defeat the password protections on a suspected drug dealer's iPhone. The warrant request noted that "Apple devices hold a unique encryption" that often only Apple can bypass, suggesting that the DEA was unsure if Cellebrite's method would work. But it still seems at odds with the DOJ's insistence in the San Bernardino case that it knew of no possible alternatives to access the device. A Maryland judge approved the search warrant on Feb. 16, the same day California Magistrate Judge Sheri Pym ordered Apple to provide technical assistance to the FBI in the San Bernardino case. The FBI wanted Apple's help to do the the same thing investigators were trying to do in the Maryland case -- defeat the password protections on an iPhone. Cellebrite is reportedly the "outside party" now assisting the FBI in the California shooting case. An FBI spokesman declined to comment on the identity of the outside party or the DEA's use of Cellebrite. The DOJ has based its case against Apple on the All Writs Act, a 1789 law that allows courts to "issue all writs necessary or appropriate" to implement the law, but only when they have no other legal options available. In the Maryland drug case, the warrant application describes how Cellebrite would be used to defeat password protections on a suspect's iPhone 6 and other smartphones. "The device and all readable and searchable contents will be attempted to be downloaded to a 'CellBrite' [sic] device," the Maryland warrant application says. "The 'CellBrite' device allows the user to bypass any password protected utility on the phone." The iPhone contents "will then be copied to a readable computer disc" and reviewed by the court, the warrant application says. Farook's iPhone was a 5C model, while the Maryland suspect's device was a 6 series phone. Critics of the FBI's case against Apple are now questioning whether the agency should have moved forward with its case without disclosing the possibility of using Cellebrite to hack Farook's phone. The FBI and DOJ now appear to be backing down in the Apple case because of public opinion and a possibility they won't get the court precedent they seek, said Evan Greer, campaign director for digital rights group Fight for the Future. "The FBI?s last minute excuse is about as believable as an undergrad who comes down with the flu the night before their paper is due," Greer said via email. "They should come clean immediately." -- It's better to burn out than fade away. From rforno at infowarrior.org Fri Mar 25 11:45:47 2016 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Mar 2016 12:45:47 -0400 Subject: [Infowarrior] - The VENUE Act is common sense venue reform for patent cases Message-ID: <4205CF42-0FE1-45B8-860E-E27882917692@infowarrior.org> The VENUE Act is common sense venue reform for patent cases The Washington Times http://www.washingtontimes.com http://www.washingtontimes.com/news/2016/mar/24/elliot-harmon-the-venue-act-is-common-sense-venue-/ ? Elliot Harmon is an activist at the Electronic Frontier Foundation, focusing on patent law and intellectual property issues. Last year, a company called Wetro Lan sued a small software company called Hacom LLC . Wetro Lan has no business other than patent litigation and its only asset is an expired patent on obsolete firewall technology. The inventor of that patent resides in Northern California. Hacom is based in Southern California. But where was the litigation filed? The Eastern District of Texas. This story is hardly unusual. Nearly half of the nation?s patent lawsuits are filed in the Eastern District. In 2015, one Eastern District judge heard almost 30 percent of all patent cases for the entire country. That?s because under current law, patent owners have almost complete control over which federal district to file a case in. If a new bill in Congress passes, no court will hear that large a share of patent cases. The VENUE Act was designed to address the problem of forum shopping ? that is, patent owners filing litigation in whatever forum they think will give them the greatest advantage. Forum shopping lets patent owners exploit any differences between districts in their favor. Historically, patent law sought to minimize this imbalance. At the district court level, the law required that patent suits be heard either in the district where the alleged infringement had taken place (provided that the defendant had a permanent place of business there) or where the defendant was headquartered. The law also addressed forum shopping in appeals: the Federal Circuit (the court that hears appeals of patent lawsuits) was set up, in part, to prevent parties on both sides from shopping for advantageous appellate law. The current situation, however, is anything but balanced. In 1988, Congress passed a law that seemingly broadened venue for all civil trials, creating confusion about how to apply the rules in patent cases. Over the next few years, the Federal Circuit issued a series of opinions saying that a patent owner can file suit in any district in which the defendant?s products and services are available. For many patent cases, those rulings gave patent owners free reign to file in any district in the country. It?s easy to see how that experiment has played out. In a number of ways ? some subtle, some not so subtle ? the Eastern District has gradually become the most attractive district in the nation for patent owners to sue in, particularly in the technology industry. Eastern District judges have adopted nonstandard rules and practices that only serve to make patent cases more expensive and frustrating for defendants. The extra costs give patent owners leverage to push for a settlement of even the most meritless cases before a trial begins. When a case does go to trial, the patent owner has an elevated chance of winning. Without question, it?s the venue of choice for non-practicing entities (NPEs): companies that do nothing but amass technology patents and demand money from innovators. Maybe you?ve heard the ?This American Life? story on the district, with its haunting image of an office park full of empty offices for patent-holding companies. Or you saw John Oliver lampoon the ice-skating rink that Samsung had bought next door to an Eastern District courthouse where it just happens to face repeated patent suits. The business community of Tyler, Texas, even runs a website where it advertises the district?s ?plaintiff-friendly local rules.? It?s easy to understand why the public might be skeptical about the system?s fairness. The problem is not one district, though. If the Eastern District changed its practices tomorrow, then others might take its place. The problem is that giving patent owners complete control over the venue for a patent lawsuit can lead to a situation where courts ? knowingly or not ? adjust their procedures to make themselves more (or less) convenient or attractive for patent owners. The problem is not a few rogue districts, but a system that allows and incentivizes them to go rogue. The VENUE Act would require the patent owner to file in a district where it makes sense ? for example, where the defendant?s principle place of business is; where the patent owner has a working manufacturing facility; or where the invention was developed. In doing so, it would minimize courts? ability to tailor rules in order to attract or dissuade patent lawsuits. The VENUE Act is not a comprehensive patent reform bill. After it passes, the patent system will still be in need of major overhauls to reduce its strain on innovation. We can debate those changes when the time comes. The VENUE Act is simply about giving all litigants a fair trial ? both defendants and plaintiffs ? and restoring the public?s faith in a fair and impartial system. We should all be able to agree on that. ? Elliot Harmon is an activist at the Electronic Frontier Foundation, focusing on patent law and intellectual property issues. -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 26 08:30:18 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Mar 2016 09:30:18 -0400 Subject: [Infowarrior] - Quit Propping Rudy Giuliani Up As A So-Called 'Terrorism Expert' Message-ID: Media Outlets Need To Quit Propping Rudy Giuliani Up As A So-Called 'Terrorism Expert' http://crooksandliars.com/2016/03/media-outlets-need-quit-propping-rudy -- It's better to burn out than fade away. From rforno at infowarrior.org Sat Mar 26 16:52:11 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Mar 2016 17:52:11 -0400 Subject: [Infowarrior] - Trump: "Inconceivable the power of cyber." Message-ID: <3273E30C-65F5-4942-8CBD-D84F81732A06@infowarrior.org> (x-posted) At the risk of agreeing with him on something, he's correct that the US is woefully behind in 'cyber', particularly on the unsexy, unglamourous, oh-so-hard defensive side of the game. Too bad that wasn't the 'angle' he was referring to in this interview, especially given his "inconveivable the power of cyber" quote. --rick Source: http://www.nytimes.com/2016/03/27/us/politics/donald-trump-transcript.html < - > SANGER: You know, we have an alternative these days in a growing cyberarsenal. You?ve seen the growing cybercommand and so forth. Could you give us a vision of whether or not you think that the United States should regularly be using cyberweapons, perhaps, as an alternative to nuclear? And if so, how would you either threaten or employ those? TRUMP: I don?t see it as an alternative to nuclear in terms of, in terms of ultimate power. Look, in the perfect world everybody would agree that nuclear would, you know, be so destructive, and this was always the theory, or was certainly the theory of many. That the power is so enormous that nobody would ever use them. But, as you know, we?re dealing with people in the world today that would use them, O.K.? Possibly numerous people that use them, and use them without hesitation if they had them. And there?s nothing, there?s nothing as, there?s nothing as meaningful or as powerful as that, and you know the problem is, and it used to be, and you would hear this, David, and I would hear it, and everybody would hear it, and ? I?m not sure I believed it, ever. I talk sometimes about my uncle from M.I.T., and he would tell me many years ago when he was up at M.I.T. as a, he was a professor, he was a great guy in many respects, but a very brilliant guy, and he would tell me many years ago about the power of weapons someday, that the destructive force of these weapons would be so massive, that it?s going to be a scary world. And, you know, we have been under the impression that, well we?ve been, I think it?s misguided somewhat, I?ve always felt this but that nobody would ever use them because of the power. And the first one to use them, I think that would be a very bad thing. And I will tell you, I would very much not want to be the first one to use them, that I can say. HABERMAN: O.K. SANGER: The question was about cyber, how would you envision using cyberweapons? Cyberweapons in an attack to take out a power grid in a city, so forth. TRUMP: First off, we?re so obsolete in cyber. We?re the ones that sort of were very much involved with the creation, but we?re so obsolete, we just seem to be toyed with by so many different countries, already. And we don?t know who?s doing what. We don?t know who?s got the power, who?s got that capability, some people say it?s China, some people say it?s Russia. But certainly cyber has to be a, you know, certainly cyber has to be in our thought process, very strongly in our thought process. Inconceivable that, inconceivable the power of cyber. But as you say, you can take out, you can take out, you can make countries nonfunctioning with a strong use of cyber. I don?t think we?re there. I don?t think we?re as advanced as other countries are, and I think you probably would agree with that. I don?t think we?re advanced, I think we?re going backwards in so many different ways. I think we?re going backwards with our military. I certainly don?t think we are, we move forward with cyber, but other countries are moving forward at a much more rapid pace. We are frankly not being led very well in terms of the protection of this country. < - > -- It's better to burn out than fade away. From rforno at infowarrior.org Sun Mar 27 11:08:02 2016 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Mar 2016 12:08:02 -0400 Subject: [Infowarrior] - =?utf-8?q?No=2C_America_isn=E2=80=99t_100_percent?= =?utf-8?q?_safe_from_terrorism=2E_And_that=E2=80=99s_a_good_thing=2E?= Message-ID: <04705055-DFF9-4301-8F65-6A685D47D3F3@infowarrior.org> No, America isn?t 100 percent safe from terrorism. And that?s a good thing. By Juliette Kayyem https://www.washingtonpost.com/opinions/no-america-isnt-100-percent-safe-from-terrorism-and-thats-a-good-thing/2016/03/25/af790286-f107-11e5-a61f-e9c95c06edca_story.html Admit it. After the terrorist attacks in Brussels this past week, after the brief reflection for those lost or wounded and the sense of ?oh, no, not again? passed, other thoughts quickly followed. My own selfish but natural worry, as a mother of three: Should we cancel that trip to Europe this summer? In the nearly 15 years since 9/11, the questions I?ve fielded from family and friends have varied but never ceased: Should I buy a gun? (Only with training and safety measures at home, and certainly not to combat Islamic terrorists.) Is Times Square safe on New Year?s Eve? (Like every crowd scene, you have to stay alert, but security is high at events like that.) Or my personal favorite, because it combines parental insecurities with disaster management: Is Tulane a good school so many years after Hurricane Katrina? (Yes; it had a few rough months, but your kid should still apply.) All these queries about a world in mayhem boil down to: Is my family safe? The answer is both simple and liberating: No, not entirely. America was built vulnerable, and thank goodness for that. The flow of people and things, the movement to and within cities, the congregation of the masses that makes our lives meaningful, whether at church or at Fenway Park, are inherently risky. Our system (a federal government with limited powers, mayors overseeing police departments, governors directing National Guards) wasn?t designed to produce a seamless shield against every conceivable threat. Every day, more than 2 million passengers board planes at U.S. airports. The movement of goods and services ? the expectation that everything from airline tickets to groceries can be purchased with just a few mouse clicks ? is our lifeline. We?ve traded a measure of safety for convenience. And in our America, there are sometimes monsters under the bed. In the immediate years after 9/11, the security establishment sold a vision of an America that never existed, a vision based on some notion that the country had been invulnerable and risk-free before the terrorists struck. The shock of such a massive attack on civilians in the homeland caused much of the public to experience collective amnesia, as if our nation had never before navigated perils, including ones more dangerous than al-Qaeda. President George W. Bush sold this notion to Congress and the American people when he said, in a speech just a few days after 9/11, that the attacks were something ?never before? seen and something, he implied, that our national response could prevent from ever happening again ? that if only we fought back harder and bought more gizmos, America could reduce its vulnerabilities to zero. Not so. Threats constantly change, yet our political discourse suggests that our vulnerabilities are simply for lack of resources, commitment or competence. Sometimes, that is true. But mostly we are vulnerable because we choose to be; because we?ve accepted, at least implicitly, that some risk is tolerable. A state that could stop every suicide bomber wouldn?t be a free or, let?s face it, fun one. We will simply never get to maximum defensive posture. Regardless of political affiliation, Americans wouldn?t tolerate the delay or intrusion of an urban mass-transit system that required bag checks and pat-downs. After the 2013 Boston Marathon bombing, many wondered how to make the race safe the next year. A heavier police presence helps, but the only truly safe way to host a marathon is to not have one at all. The risks we tolerate, then, are not necessarily bad bargains simply because an enemy can exploit them. No matter what promises are made on the campaign trail, terrorism will never be vanquished. There is no ideology, no surveillance, no wall that will definitely stop some 24-year-old from becoming radicalized on the Web, gaining access to guns and shooting a soft target. When we don?t admit this to ourselves, we often swing between the extremes of putting our heads in the sand or losing them entirely. This is not to say we should throw up our hands and hope for the best; our sense of unease is real. Yes, gun-related deaths (firearms are responsible for more than 30,000 American fatalities per year) far outstrip any violence in our country associated with terrorism , and our chance of dying in a terrorist attack is 1 in 20 million ? which is why President Obama says the Islamic State is not an existential threat. But it doesn?t help much to criticize the nervous and anxious simply because terrorism makes them feel terrorized. If that 1 in 20 million is my child, it?s an existential threat to me. Yet we still live, often joyfully, in a world with gun violence. And drunk drivers. And disease. We implore government to allocate resources as best it can to minimize those risks. Once we move past our angst, this becomes the most rational way to approach terrorist violence. Accepting these vulnerabilities means our safety can be measured and evaluated on three core premises: how well we minimize our risks, maximize our defenses and maintain our spirit. Minimizing risk includes actions as far-ranging as intelligence-gathering, the disruption of terrorist cells abroad (by drone strikes or police sweeps), diplomatic efforts and criminal cases. It?s reasonable to debate the relative weight we should put on each, but risk will remain as long as our enemies do. Maximizing our defenses includes implementing visa and border controls, supporting first-responder training and equipment, and hardening soft targets to the extent practicable. A bunch of state police officers watching a crowded bridge can often look like security theater, but its intent is to display a layer of defense that could make an attack less likely. And, finally ? essentially ? we must maintain our spirit. Those who challenge xenophobia and Islamophobia are often derided as ?politically correct.? If that means pro-security, then it?s a critique worth embracing. In the course of America?s history, the single attribute beyond geography that has made us safer is our capacity to absorb, integrate and assimilate communities that come to our nation and call it home. It?s an experiment we have not always lived up to, but it?s one that puts us on surer footing than our European allies. And to stray from that tradition would lead us in directions that are more dangerous than the one we find ourselves heading in today. If the attributes of our homeland security sound familiar (risk-reducing, defense-building, spirit-maintaining), it is because we practice them every day at home. We lock doors, wear helmets and keep a fire extinguisher in the kitchen ? but we don?t shy from cooking on the stove. Stuff also happens in the homeland. We must demand much from our government to make us safer. But we must also accept that vulnerability isn?t always failure. Twitter: @juliettekayyem Juliette Kayyem, a former assistant secretary at the Department of Homeland Security, is author of the forthcoming ?Security Mom: An Unclassified Guide to Protecting Our Homeland and Your Home.? -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 28 14:45:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Mar 2016 15:45:32 -0400 Subject: [Infowarrior] - =?utf-8?q?Virus_infects_MedStar_Health_system?= =?utf-8?q?=E2=80=99s_computers=2C_hospital_officials_say?= Message-ID: <8F9575DC-AAE0-4DAD-8164-6FF04F9910CC@infowarrior.org> Virus infects MedStar Health system?s computers, hospital officials say By John Woodrow Cox and Karen Turner March 28 at 3:24 PM https://www.washingtonpost.com/local/virus-infects-medstar-health-systems-computers-hospital-officials-say/2016/03/28/480f7d66-f515-11e5-a3ce-f06b5ba21f33_story.html?tid=sm_tw A virus infected the computer system of MedStar Health on Monday, forcing one of the Washington region?s largest health care providers to shut down significant portions of its online operations. Hospital officials acknowledged the breach. but said they had ?no evidence that information has been stolen.? ?MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization,? spokeswoman Ann Nickels said in a statement. ?We are working with our IT and cyber-security partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning.? The $5 billion health-care system operates 10 hospitals and more than 250 outpatient facilities in the Washington region. It serves hundreds of thousands of patients and employs more than 30,000 people. Hospital staff reported that they were unable to access email or a vast database of patient records. One employee told The Post that the entire Medstar computer system is inaccessible. ?Even the lowest level staff can?t communicate with anyone. You can?t schedule patients, you can?t access records, you can?t do anything,? said the woman, who asked that her name not be used because she wasn?t authorized to speak about the incident. Employees, she added, are using paper charts to continue seeing patients. The MedStar infection follows two recent cyber attacks against hospitals. In both cases, hackers deployed ?ransomware? ? a virus that holds systems hostage until victims pay for a key to regain access. Last month, a hospital in Los Angeles paid hackers $17,000 in bitcoins to free its system, and two weeks ago, a Kentucky facility announced it was in an ?internal state of emergency? after a similar attack. Though the nature of MedStar infection remains unclear, Nickels said she had ?not been told that it?s a ransom situation.? -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 28 16:47:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Mar 2016 17:47:22 -0400 Subject: [Infowarrior] - Official: DOJ to withdraw legal action against Apple Message-ID: <4DD9FE3B-090A-4C22-B43C-3681431AF9AB@infowarrior.org> Official: Justice Department to withdraw legal action against Apple Kevin Johnson, USA TODAY 5:27 p.m. EDT March 28, 2016 http://www.usatoday.com/story/news/nation/2016/03/28/apple-justice-department-farook/82354040/ The Justice Department is expected to withdraw from its legal action against Apple Inc., as soon as today, as an outside method to bypass the locking function of a San Bernardino terrorist?s phone has proved successful, a federal law enforcement official said Monday. The official, who is not authorized to comment publicly, said the method brought to the FBI earlier this month by an unidentified entity allows investigators to crack the security function without erasing contents of the iPhone used by Syed Farook, who with his wife, Tashfeen Malik, carried out the December mass shooting that left 14 dead. Read or Share this story: http://usat.ly/1MwMrnb -- It's better to burn out than fade away. From rforno at infowarrior.org Mon Mar 28 17:02:32 2016 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Mar 2016 18:02:32 -0400 Subject: [Infowarrior] - DOJ Motion to Vacate Apple case (PDF) Message-ID: <5E2729A4-EDBF-484B-A34C-38DCAFFAA62F@infowarrior.org> Motion to Vacate https://cdn0.vox-cdn.com/uploads/chorus_asset/file/6255515/apple-order2.0.pdf -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 29 06:48:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Mar 2016 07:48:59 -0400 Subject: [Infowarrior] - DHS Seeks Advice on Building a Cyber-Attack Database Message-ID: <467414B4-0EB7-4704-A1DC-C79E0BEB3E64@infowarrior.org> Yes, that'll help. Another database and mountain of information to analyse. *rolls eyes* --rick DHS Seeks Advice on Building a Cyber-Attack Database By Mohana Ravindranath March 28, 2016 http://www.defenseone.com/technology/2016/03/dhs-seeks-advice-building-cyber-attack-database/127038/ The Homeland Security Department wants input on an idea for a broad cybersecurity incident database, accessible by members of the public and private sectors. Businesses could use the database to assess how their cyber practices stack up against competitors, and the federal government could upload its own cyberthreat predictions, DHS suggests in a new white paper fleshing out the concept. Such a repository would ask participants to share specific but anonymized details about cyberincidents and threats, including details such as attack timeline, apparent goal and prevention measures. Until the end of May, DHS is collecting comments on the concept and wants responses on three recent white papers it issued outlining benefits, obstacles and data points participants might be asked to contribute to the repository. There are currently no concrete plans to build or manage that repository, DHS says, and the database could even be managed by a private organization. But the current administration has long encouraged the public and private sectors to share more information about cyberthreats to prevent future incidents. Last February, President Barack Obama issued an executive order directing DHS to promote ?Information Sharing and Analysis Organizations? ? sector- or subsector-specific groups sharing information about cyberthreats and practices, and "Information Sharing and Analysis Organizations" that would develop cyber standards. DHS' white papers suggest a shared repository could help organizations calculate the return on their investment in cybersecurity, helping to assess cyber risk. But "unintended consequences" of such a database include the fact that "aggregated data" showing the "total costs or impacts of certain types of incidents to certain industries" could drive up the insurance cost for common cyberincidents, DHS wrote. The department is collecting comment on various points, including: ? A description of the data points associated with cyberincidents that would be useful to other organizations ? Potential benefits of a repository not mentioned in the white paper ? Types of analysis that would be useful to a participating organization ? Anticipated obstacles that could prevent the repository model from functioning smoothly ? Why potential participants might say no to sharing this information By Mohana Ravindranath // Mohana Ravindranath covers civilian agency technology and IT policy for Nextgov. She previously covered IT for the Washington Post, and her work has also appeared in Business Insider and the Philadelphia Inquirer. She is a graduate of the University of Pennsylvania. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 29 09:46:12 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Mar 2016 10:46:12 -0400 Subject: [Infowarrior] - PCLOB Chair resigning early Message-ID: Privacy watchdog chairman resigns two years before end of term Julian Hattem http://thehill.com/policy/national-security/274534-privacy-watchdog-chairman-resigns-two-years-before-end-of-term The first ever head of a small federal privacy watchdog is resigning this summer, a year and a half before his term ends in 2018. The surprise announcement from David Medine, chairman of the Privacy and Civil Liberties Oversight Board (PCLOB), will leave a hole at the top of the five-member board, which has been instrumental to shining a light on the National Security Agency (NSA). In a statement, President Obama said that Medine?s tenure took place ?during an especially momentous period, coinciding with a concerted examination of our national security tools and policies to ensure they are consistent with my administration's commitment to civil liberties and individual privacy. ?Under David's leadership, the PCLOB's thoughtful analysis and considered input has consistently informed my decision-making and that of my team, and our country is better off because of it,? Obama added. The privacy board has served as a critical tool for critics of the NSA?s expansive surveillance powers in the years since Edward Snowden?s 2013 leaks about the agency. The PCLOB?s 2014 declaration Serving as the board?s first chairman was a ?great privilege,? Medine said in a statement. ?During my tenure and thanks to the support of the president and Congress, the board has been able to carry out its timely mission of conducting oversight and providing advice to ensure that federal counterterrorism efforts properly balance national security with privacy and civil liberties,? he added. The watchdog PCLOB had a troubled beginning, and was largely ignored after its formal creation in 2007. Medine was not confirmed until 2013, for a term that ends in January of 2018. Before his confirmation, the body could not hire its own dedicated staffers, and it largely existed in irrelevance at the margins of the government. That changed in 2013, when Snowden?s headline-grabbing leaks about the expansive powers of the NSA rattled the country, and sent lawmakers in both parties demanding that it be reformed. The privacy board?s 2014 declaration that the NSA?s vast collection of American?s phone records was illegal served as a critical blow to the agency, and laid the goundwork for the program to be ended the following year. Medine came to the PCLOB after stints at the Securities and Exchange Commission and the Consumer Financial Protection Bureau. He had also worked in the White House?s National Economic Council, the Federal Trade Commission and the law firm WilmerHale. His resignation will take effect July 1. In a statement, the privacy board said that Medine will leave his post to work at a development organization focusing on data privacy and consumer protection issues for people in developing countries The PCLOB has been far from universally critical of the NSA and other federal spying powers. In 2014, it largely endorsed the agency?s use of a contentious portion of a 2008 spying law, known as the FISA Amendments Act. The board is currently working on analysis of an executive order that is believed to allow for the government to undertake a broad swath of spying efforts. A legal fact sheet dating to 2013 claims that the ?majority? of the NSA?s data collection is performed ?solely pursuant" to the order, known as Executive Order 12333. In his statement on Tuesday, Medine said that he will continue to work on the board?s work until he leaves office. It's unclear whether the executive order analysis will be finished by the time he leaves. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 29 13:23:10 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Mar 2016 14:23:10 -0400 Subject: [Infowarrior] - Schneier: Your iPhone just got less secure. Blame the FBI. Message-ID: <9CECA445-E630-4AAD-9A51-13813EBDFB98@infowarrior.org> Your iPhone just got less secure. Blame the FBI. By Bruce Schneier https://www.washingtonpost.com/posteverything/wp/2016/03/29/your-iphone-just-got-a-lot-less-secure-and-the-fbi-is-to-blame/ The FBI has found a way into San Bernardino Syed Farook's iPhone, and is now dropping bids to force Apple to help them crack into the phone. See all the latest developments in the case, and why the case isn't over yet. (Jhaan Elker/The Washington Post) The FBI?s legal battle with Apple is over, but the way it ended may not be good news for anyone. Federal agents had been seeking to compel Apple to break the security of an iPhone 5c that had been used by one of the San Bernardino, Calif., terrorists. Apple had been fighting a court order to cooperate with the FBI, arguing that the authorities? request was illegal and that creating a tool to break into the phone was itself harmful to the security of every iPhone user worldwide. Last week, the FBI told the court it had learned of a possible way to break into the phone using a third party?s solution, without Apple?s help. On Monday, the agency dropped the case because the method worked. We don?t know who that third party is. We don?t know what the method is, or which iPhone models it applies to. Now it seems like we never will. The FBI plans to classify this access method and to use it to break into other phones in other criminal investigations. Compare this iPhone vulnerability with another, one that was made public on the same day the FBI said it might have found its own way into the San Bernardino phone. Researchers at Johns Hopkins University announced last week that they had found a significant vulnerability in the iMessage protocol. They disclosed the vulnerability to Apple in the fall, and last Monday, Apple released an updated version of its operating system that fixed the vulnerability. (That?s iOS 9.3 ? you should download and install it right now.) The Hopkins team didn?t publish its findings until Apple?s patch was available, so devices could be updated to protect them from attacks using the researchers? discovery. This is how vulnerability research is supposed to work. Vulnerabilities are found, fixed, then published. The entire security community is able to learn from the research, and ? more important ? everyone is more secure as a result of the work. The FBI is doing the exact opposite. It has been given whatever vulnerability it used to get into the San Bernardino phone in secret, and it is keeping it secret. All of our iPhones remain vulnerable to this exploit. This includes the iPhones used by elected officials and federal workers and the phones used by people who protect our nation?s critical infrastructure and carry out other law enforcement duties, including lots of FBI agents. This is the trade-off we have to consider: Do we prioritize security over surveillance, or do we sacrifice security for surveillance? [Why you should side with Apple, not the FBI, in the San Bernardino iPhone case] The problem with computer vulnerabilities is that they?re general. There?s no such thing as a vulnerability that affects only one device. If it affects one copy of an application, operating system or piece of hardware, then it affects all identical copies. A vulnerability in Windows 10, for example, affects all of us who use Windows 10. And it can be used by anyone who knows it, be they the FBI, a gang of cyber criminals, the intelligence agency of another country ? anyone. And once a vulnerability is found, it can be used for attack ? like the FBI is doing ? or for defense, as in the Johns Hopkins example. Over years of battling attackers and intruders, we?ve learned a lot about computer vulnerabilities. They?re plentiful: Vulnerabilities are found and fixed in major systems all the time. They?re regularly discovered independently, by outsiders rather than by the original manufacturers or programmers. And once they?re discovered, word gets out. Today?s top-secret National Security Agency attack techniques become tomorrow?s PhD theses and the next day?s hacker tools. The attack/defense trade-off is not new to the U.S. government. They even have a process for deciding what to do when a vulnerability is discovered: whether they should be disclosed to improve all of our security, or kept secret to be used for offense. The White House claims that it prioritizes defense, and that general vulnerabilities in widely used computer systems are patched. Whatever method the FBI used to get into the San Bernardino shooter?s iPhone is one such vulnerability. The FBI did the right thing by using an existing vulnerability rather than forcing Apple to create a new one, but it should be disclosed to Apple and patched immediately. This case has always been more about the PR battle and potential legal precedent than about the particular phone. And while the legal dispute is over, there are other cases involving other encrypted devices in other courts across the country. But while there will always be a few computers ? corporate servers, individual laptops or personal smartphones ? that the FBI would like to break into, there are a far more such devices that we need to be secure. One of the most surprising things about this debate is the number of former national security officials who came out on Apple?s side. They understand that we are singularly vulnerable to cyberattack, and that our cyberdefense needs to be as strong as possible. The FBI?s myopic focus on this one investigation is understandable, but in the long run, it?s damaging to our national security. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 29 14:37:09 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Mar 2016 15:37:09 -0400 Subject: [Infowarrior] - =?utf-8?q?US_says_it_would_use_=E2=80=9Ccourt_sys?= =?utf-8?q?tem=E2=80=9D_again_to_defeat_encryption?= Message-ID: Yup, like clockwork. --rick US says it would use ?court system? again to defeat encryption by David Kravets - Mar 29, 2016 12:19pm EDT http://arstechnica.com/tech-policy/2016/03/us-says-it-would-use-court-system-again-to-defeat-encryption/ Feds say they can force entire tech sector, not just Apple, to disable security. US government officials from the FBI director down have said repeatedly that the FBI-Apple legal brouhaha was just about a single phone?the seized iPhone used by Syed Farook, one of the San Bernardino shooters. And just last week, James Comey, the FBI director, said his fight with Apple wasn't about setting precedent; rather, it was about battling terrorism. But it seems that the storyline has changed. The Justice Department now says it will not hesitate to invoke the precedent it won in its iPhone unlocking case. The authorities had obtained a court order weeks ago ordering Apple to write code to help the authorities unlock Farook's phone, all in hopes that data on it could stop another terror attack or shed light on the one that killed 14 people in San Bernardino in December. On Monday, however, the authorities said they didn't need Apple's help, asking the judge presiding over the case to withdraw the order because they had cracked the phone and obtained the desired information, all with the help of an "outside" party. Having won the court and technological battle (although it won't disclose its unlocking method) a triumphant Department of Justice warned late Monday that its legal battle for what many say amounts to judicially ordered encryption backdoors has only just begun. "It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails," Melanie Newman, a Justice Department spokesman, wrote in an e-mail to Ars. "We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors." The government's statement was not lost on the tech sector. "While the DOJ consistently claimed its motion was directed at one company and one phone, the fine print reveals it believes it can coerce any company to disable its security to provide government access. This applies to any company that makes products with software," said Morgan Reed, executive director of The App Association. "App makers and IOT device makers can be forced to undermine the security that customers demand. These companies don't possess Apple?s legal resources and are targets for a government agency desperate for precedent that allows for universal access to connected devices." Apple issued a more measured statement. "This case raised issues which deserve a national conversation about our civil liberties, and our collective security and privacy. Apple remains committed to participating in that discussion," Apple said. US Magistrate Sheri Pym is expected to cancel the order requiring Apple to provide assistance to the DOJ any day now. -- It's better to burn out than fade away. From rforno at infowarrior.org Tue Mar 29 15:54:59 2016 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Mar 2016 16:54:59 -0400 Subject: [Infowarrior] - FBI's hack into iPhone increases pressure on Apple security Message-ID: FBI's hack into iPhone increases pressure on Apple security By: TAMI ABDOLLAH (AP), BRANDON BAILEY (AP) http://bigstory.ap.org/article/83cc2309f8a4425588e4b6c37b076ffe/us-hacks-iphone-ends-legal-battle-questions-linger WASHINGTON (AP) ? The FBI's announcement that it mysteriously hacked into an iPhone is a public setback for Apple Inc., as consumers suddenly discover they can't keep their most personal information safe. Apple remains in the dark about how to restore the security of its flagship product. The government said it was able to break into an iPhone used by a gunman in a mass shooting in California, but it didn't say how. That puzzled Apple software engineers ? and outside experts ? about how the FBI broke the digital locks on the phone without Apple's help. It also complicated Apple's job repairing flaws that jeopardize its software. The Justice Department's announcement that it was dropping a legal fight to compel Apple to help it access the phone also took away any obvious legal avenues Apple might have used to learn how the FBI did it. The Justice Department declined through a spokesman to comment Tuesday. It is a closely held secret how the FBI hacked the iPhone, but a few clues have emerged. A senior law enforcement official told The Associated Press that the FBI managed to defeat an Apple security feature that threatened to delete the phone's contents if the FBI failed to enter the correct passcode combination after 10 tries. That allowed the government to guess the correct passcode by trying random combinations until the software accepted the right one. It wasn't clear how the FBI also bypassed a related Apple security feature that deliberately introduces increasing time delays in how frequently guesses can be entered. The official spoke on condition of anonymity because this person was not authorized to discuss the technique publicly. The FBI hacked into the iPhone used by gunman Syed Farook, who died with his wife in a gun battle with police after they killed 14 people in December in San Bernardino, California. The iPhone, issued to Farook by his employer, the county health department, was found in a vehicle the day after the shooting; two personal phones were found destroyed completely so the FBI couldn't recover information from them. The FBI was reviewing information from the iPhone, and it was unclear whether anything useful would be found. Apple said in a statement late Monday that the legal case to force its cooperation "should never have been brought," and it promised to increase the security of its products. CEO Tim Cook has said the Cupertino-based company is constantly fending off security threats and trying to improve security. The FBI's announcement ? even without revealing precise details ? that it had hacked the iPhone was directly at odds with the U.S. government's firm recommendations for nearly two decades that security researchers always work cooperatively and confidentially with software manufacturers before revealing that a product might be susceptible to hackers. Those guidelines lay out a specific process about how and when to announce that commercial software might be vulnerable. The aim was to ensure that American consumers stay as safe online as possible and prevent premature disclosures that might damage a U.S. company or the economy. As far back as 2002, the Homeland Security Department ran a working group ? run by leading industry technology industry executives ? to advise the U.S. president on how to keep confidential the discoveries by independent researchers that a company's software could be hacked until it was already fixed. Even now, the Commerce Department has been trying to fine-tune those rules to protect the digital economy. The next meeting of a conference on the subject is April 8 in Chicago, but it is unclear how the FBI's behavior in the current case might influence the government's fragile relationship with technology companies or researchers. The industry's rules are not legally binding, but the government's top intelligence agency said in 2014 that such vulnerabilities should be reported to companies. "When federal agencies discover a new vulnerability in commercial and open source software - a so-called 'zero day' vulnerability because the developers of the vulnerable software have had zero days to fix it - it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose," the Office of the Director of National Intelligence said in a statement in April 2014. The statement recommended generally disclosing such flaws to manufacturers "unless there is a clear national security or law enforcement need." The chief technologist at the Center for Democracy and Technology, Joseph Lorenzo Hall, said keeping details secret about a flaw affecting millions of iPhone users "is exactly opposite the disclosure practices of the security research community. The FBI and Apple have a common goal here: to keep people safe and secure. This is the FBI prioritizing an investigation over the interests of hundreds of millions of people worldwide." -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 31 08:00:05 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Mar 2016 09:00:05 -0400 Subject: [Infowarrior] - SCO, an STD of litagation Message-ID: <4148514E-2D3D-44B9-A82C-9CC6DB285CD9@infowarrior.org> SCO vs IBM: 13-year-old Linux dispute returns as SCO files new appeal http://www.theinquirer.net/inquirer/news/2452793/sco-vs-ibm-13-year-old-linux-dispute-returns-as-sco-files-new-appeal -- It's better to burn out than fade away. From rforno at infowarrior.org Thu Mar 31 10:04:22 2016 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Mar 2016 11:04:22 -0400 Subject: [Infowarrior] - Maryland Appellate Court Rebukes Police for Concealing Use of Stingrays Message-ID: Maryland Appellate Court Rebukes Police for Concealing Use of Stingrays Alex Emmons https://theintercept.com/2016/03/31/maryland-appellate-court-rebukes-police-for-concealing-use-of-stingrays/ A MARYLAND appellate court on Wednesday explained its reasoning for its landmark decision earlier this month requiring police to establish probable cause and get a warrant before using a Stingray, or cell-site simulator. The Maryland Court of Special Appeals rejected the state of Maryland?s argument that anyone turning on a phone was ?voluntarily? sharing their whereabouts with the police. And the 73-page opinion also harshly rebuked Baltimore police for trying to conceal their use of Stingrays from the court. ?This is the first appellate opinion in the country to fully address the question of whether police must disclose their intent to use a cell-site simulator to a judge and obtain a probable cause warrant,? said Nathan Wessler, a staff attorney with the ACLU?s Project on Speech, Privacy, and Technology. The panel of judges stated that ?cellphone users have an objectively reasonable expectation that their cellphones will not be used as real-time tracking devices, through the direct and active interference of law enforcement.? In court testimony last April, a Baltimore detective revealed that the Baltimore Police Department had used Stingrays more than 4,300 times since 2007, repeatedly failing to notify courts of their use in criminal cases. Wednesday?s decision upheld the order of a Maryland trial court, which threw out evidence in the case of Kerron Andrews, a suspect in a 2014 shooting. In order to locate Andrews, police filed a ?pen register? application, which has lower standards than a warrant. The application explained that Baltimore police would collect data from Andrews?s wireless service provider. Instead, they secretly used an advanced Stingray, called the ?Hailstorm,? without notifying the judge. Last year, the Baltimore Sun published a non-disclosure agreement that the Baltimore Police Department signed in 2011 with the FBI and Harris Corporation, a leading manufacturer of Stingrays. The agreement required the department to conceal its use of Stingrays ?during pre-trial matters, in search warrants and related affidavits, in discovery, in response to court ordered disclosure ? or in testimony in any phase of civil or criminal trial, without the prior written approval of the FBI.? Police departments across the country have been signing similar agreements, and prosecutors have even dropped criminal cases to avoid facing questions about Stingrays. Judge Andrea Leahy, writing for the panel, admonished the department?s secrecy: ?We perceive the state?s actions in this case to protect the Hailstorm technology, driven by a nondisclosure agreement to which it bound itself, as detrimental to its position and inimical to the constitutional principles we revere.? The ruling represents a stern warning to police not to do that again. ?The court?s withering rebuke of secret and warrantless use of invasive cellphone tracking technology shows why it is so important for these kinds of privacy invasions to be subjected to judicial review,? said Wessler. Wednesday?s opinion adds to the growing list of appellate precedents opposing warrantless location tracking. In 2012, the U.S. Supreme Court unanimously ruled that police had to obtain a warrant before installing a tracking device on a suspect?s car. In 2014, the justices unanimously ruled again that the seizure of cellphone data during an arrest is unconstitutional. Federal courts have since found the warrantless seizure of location data unconstitutional, but Wednesday?s opinion is the first to extend the precedent to Stingrays. -- It's better to burn out than fade away.