If you've got nothing to hide, you've got nothing to fear.

[kuhla]

source - http://www.telegraph.co.uk/technology/internet-security/11340621/Spies-should-be-able-to-monitor-all-online-messaging-says-David-Cameron.html

 

I'm only going to try to try to mainly just give the quotes from him.

 

 

David Cameron, the Prime Minister, made the pledge at a campaign event attended by up to 100 Conservative activists in Nottingham.

 

“That is the key principle: do we allow terrorists safer spaces for them to talk to each other. I say no we don’t – and we should legislate accordingly. And if I am in Government that is what you will get.”

 

He added: “I have a very simple principle which will be the heart of the new legislation that will be necessary. In our country, do we want to allow a means of communication between people which even in extremis, with a signed warrant from the home secretary personally, that we cannot read? “Up until now, governments have said: ‘No, we must not’.“That is why in extremis it has been possible to read someone’s letter, to listen to someone's telephone, to mobile communications.

 

“But the question remains: are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: ‘No we must not’.

 

“The first duty of any government is to keep our country and people safe. The attacks in Paris demonstrated the scale of the threat that we face and the need to have robust powers through our intelligence and security agencies in order to keep our people safe.“The powers that I believe we need, whether on communications data, or on the content of communications, I feel very comfortable these are absolutely right for a modern, liberal democracy.”

 

 

2015 will be the year I take encryption and internet communication privacy even more seriously than I already do.

[Malaphax]

While this is a sad comment on society that this prime minister isn't being laughed out of office for these statements, it's also rather inevitable.

 

Look what Cameron started last year with his big push for a UK wide internet filter. This was passed and is now in effect. You are opted in automatically and if you want to opt out you have to call up your ISP and explain to them that you would like to have unfiltered access to the internet. Also he has branded this filter as a "porn filter" which is disgusting on several levels because it's been proven that it doesn't just block pornography, and because this implies the government has moral authority to regulate what you view on the internet.

 

While I personally think the UK tends to verge on a nanny state, that particular legislation was the start of the end for digital freedom in that country.

 

If he turns around and begins to block "various means of communications" he's suggesting legislation that will ban/block anything that might be used to mask communications. Will this open up the legal prosecution of people using anonymous chatrooms? What about VPNs and proxys? Will he ban the use of encryption next? But think of the children! We're stopping the terrorists!

 

We're lucky that America hasn't started down this path, yet... We may have crappy monopolies and money influencing politics but at the very least there is no open censorship laws in this country. We at least have the decency to spy on everyone in secret. /s

[kuhla]

source - http://blogs.wsj.com/digits/2015/01/16/obama-sides-with-cameron-in-encryption-fight/

 

....and there it is....

 

 

President Barack Obama said Friday that police and spies should not be locked out of encrypted smartphones and messaging apps, taking his first public stance in a simmering battle over private communications in the digital age.

Apple, Google GOOGL +1.28% and Facebook FB +1.53% have introduced encrypted products in the past half year that the companies say they could not unscramble, even if faced with a search warrant. That’s prompted vocal complaints from spy chiefs, the Federal Bureau of Investigation and, this week, British Prime Minister David Cameron.

Obama’s comments came after two days of meetings with Cameron, and with the prime minister at his side.

“If we find evidence of a terrorist plot… and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem,” Obama said. He said he believes Silicon Valley companies also want to solve the problem. “They’re patriots.”
....

The president on Friday argued there must be a technical way to keep information private, but ensure that police and spies can listen in when a court approves.
....

 

[ben the jew]

I'm intrigued by this discussion and so I thought I'd post this video which I am sure many of you have seen. Schmidt's comments are in the same spirit as Cameron's. It's only really a matter of time before this attitude completely erodes away any remaining notion of anonymity or privacy online (as if we really can expect either of those anymore...at least we all <em>should</em> know better by now). We are moving in such a direction in the name of convenience, safety, and [unspoken] financial gain.<br><iframe width="420" height="315" src="https://www.youtube.com/embed/A6e7wfDHzew" frameborder="0" allowfullscreen></iframe

[Jedi2155]

I probably started thinking this way by mid-high school. One of my counters was to spread as much useless information on the net as possible. However with the intense data miners and parsers now with Big Data that isn't usable any more. At this point I've become content that there is no counter until I think of something better.

[kuhla]

I wasn't sure where to post about this since we have talked about it in a few different threads but....

 

source - http://www.engadget.com/2015/05/07/federal-court-rules-nsas-data-collection-program-is-illegal/

 

 

The US court of appeals has ruled that the NSA's bulk phone data collection wasn't authorized under law. The metadata surveillance program has been scrutinized ever since Edward Snowden made its existence public almost two years ago. But no ruling has deemed it unlawful until now. NSA's program "exceeds the scope of what Congress has authorized," wrote one of the three judges on the panel on the 2nd circuit court of appeals.

 

The ruling deems the program illegal, but it doesn't put an end to it. The decision comes at a time when the Congress is already debating legislation that would impact NSA's surveillance program. The Freedom of Act legislation being proposed would allow the government to seek information from telecom companies, strictly on an as-and-when-needed basis. And every query would need to be judicially approved. The end of that debate is expected to resolve the issue as it could effectively end NSA's current surveillance tactics.

 

Update: It's been a few hours since the ruling came out this morning and political reactions are starting to come in. The Hill reports that Sen. John McCain has voiced his concerns on Fox News. "We have the ability to monitor these communications," he said on America's Newsroom. He touched upon the balance of privacy and security and agreed that the government has overstepped from "time to time". But he also indicated that it's important for people to remember and understand the threat. He said: "People seem to have forgotten 9/11."

 

Sen. Rand Paul, on the other hand, continues to oppose NSA's tactics. He took to Twitter: "The phone records of law abiding citizens are none of the NSA's business! Pleased with the ruling this morning."

 

I'm cringing a little bit to mention this because of the other people who trumpet this reference but I feel it really works here.

 

....I just can't help myself from remembering a quote from V for Vendetta movie: "....what we need right now is a clear message to the people of this country. This message must be read in every newspaper, heard on every radio, seen on every television. ... I want this country to realize that we stand on the edge of oblivion. I want every man woman and child to understand how close we are to chaos. I want everyone to remember why they need us."

[Malaphax]

http://www.huffingtonpost.ca/2015/05/06/bil-c-51-anti-terrorism-passes-vote_n_7227520.html

 

Canada is pushing forward to pass their own version of the Patriot Act and bulk surveillance. I'm not sure how much this changes their current policy, or if it just gives certain program more legal authority to continue what they're doing. It seems like all the members of Five Eyes have take substantial steps to limit freedoms and monitor any communications.

[kuhla]

While the whole Snowden situation is controversial, here is an official response to the petition to pardon him:

 

source - https://petitions.whitehouse.gov/petition/pardon-edward-snowden

 

 

....

 

Instead of constructively addressing these issues, Mr. Snowden's dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it.

 

If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and -- importantly -- accept the consequences of his actions. He should come home to the United States, and be judged by a jury of his peers -- not hide behind the cover of an authoritarian regime. Right now, he's running away from the consequences of his actions.

 

We live in a dangerous world. We continue to face grave security threats like terrorism, cyber-attacks, and nuclear proliferation that our intelligence community must have all the lawful tools it needs to address. The balance between our security and the civil liberties that our ideals and our Constitution require deserves robust debate and those who are willing to engage in it here at home."

....

 

Makes me wonder if the words chosen would be different if he had gone to hide in a different country.

[Malaphax]

The issue I have is that even if he came back and was arrested, who would guarantee he would be given a fair trial? What jurisdiction would he be prosecuted under? Would the court proceedings be public? My guess is that they would absolutely love to say that he should come back to the US and stand trial, but the reality of the situation is that the Government would never let a jury decide his fate. Even if they did allow a jury to make a decision my bet is he would immediately be charged by either a military or secret court and found guilty.

 

What possibly benefit does Snowden have for returning to the US? Does it make his case or the information he revealed more credible? Does it make him a better person or paint his cause in a better moral light? The few other leakers that have been put through these trials by the government have either had their lives completely ruined or are still sitting in jail.

[kuhla]

source - http://www.engadget.com/2015/09/24/white-house-group-came-up-with-four-ways-to-sidestep-encryption/

 

 

A group of law enforcement officials, intelligence agents and diplomats conjured up ways to access encrypted data over the summer, according to The Washington Post. The publication got its hands on a draft paper that details four techniques to bypass encryption that tech companies could use under court order. Among the four, the most alarming one is perhaps the proposal that suggests the use of software upgrades to introduce spyware into the target's device, because that sounds like it could be easily abused. Another idea is to add physical keys to phones that law enforcement can use to unlock them. The group also listed splitting encryption keys that can only be combined with the court's permission and having companies back up data to an unsecured location for access by authorities as other possible approaches.

While it's no secret that feds would love to have access to private information, senior officials insist that these four are nothing but proofs-of-concept. One of them told the Post that they're "just saying these are things that could be done," while National Security Council spokesman Mark Stroh assured the publication that these proposed actions aren't being actively pursued. In fact, the team detailed the drawbacks of using these techniques in the draft memo and even came up with a set of principles to guide the government when dealing with the private sector. Those principles include not doing bulk collection and not giving the government "golden keys" to access private info.

 

As much as it really does pain me to do so (because this whole discussion seems to be getting worse all the time)), to play devil's advocate on this (underlined part), this is expected at any level of discussion about cybersecurity. No matter whether your job is to harden or break a system or both you end up having to discuss how you can circumvent systems. It's the only constructive way to find the holes proactively. By us having gained access to the draft, we benefit in some way from being aware of what else to look for.

 

That draft they reference can be read here (it's only 7 pages): http://apps.washingtonpost.com/g/documents/world/read-the-obama-administrations-draft-paper-on-technical-options-for-the-encryption-debate/1753/

[kuhla]

source - http://www.engadget.com/2015/10/09/california-authorities-need-a-warrant-to-probe-your-digital-life/

 

 

The state of California passed the "Leno bill" that would keep your private digital info, well, private from law enforcement in June. Now, governor Jerry Brown has signed it into law. The California Electronic Communications Privacy Act, co-authored by senator Mark Leno, will protect the Golden State's residents against warrantless surveillance of their digital data, according to the American Civil Liberties Union. Perhaps surprisingly, California's law enforcement officials were among the bill's biggest supporters. The ACLU says that "major" state law enforcement groups pulled opposition of it and that cops were apparently happy to support SB 178 because it's "in the best interest of all citizens of California."

In case you're interested, the Leno bill was cosponsored by the likes of the San Diego Police Officers Association, California Attorneys for Criminal Justice and a bevy of tech giants like Facebook, Google and Microsoft. The Electronic Freedom Foundation says this new warrant-requirement doesn't just protect your emails, texts and geographic location on your gizmos, but for online services that store your data as well. Here's to hoping that other states follow suit.

 

As good as this sounds, I'm sadly so jaded at this point, I am worried about why so many groups (that I underlined above) supported this since it runs counter to their usual stance.

[kuhla]

source - http://thehill.com/policy/cybersecurity/260776-clinton-calls-for-resolution-on-encryption-debate

 

I'll try to cut this up a bit....

 

 

Hillary Clinton on Thursday called for Silicon Valley and the government to collaborate on resolving a roiling debate over law enforcement access to encrypted data.

“We need Silicon Valley not to view government as its adversary,” the front-running Democratic presidential candidate said in a speech at the Council on Foreign Relations in New York. “We need our best minds in the private sector to work with our best minds in the public sector to develop solutions that will both keep us safe and protect our privacy.”
....

“In the Senate Armed Services we're going to have hearings on it and we're going to have legislation,” Sen. John McCain (R-Ariz.), who chairs the committee, told reporters Tuesday, calling the status quo “unacceptable.”
....

Clinton struck a cautious tone on Thursday, acknowledging both sides of the fierce debate.

“We should take the concerns of law enforcement and counterterrorism professionals seriously,” she said. “On the other hand we know there are legitimate concerns about government intrusion, network security and creating new vulnerabilities that bad actors can and would exploit.”

“Now is the time to solve this problem, not after the next attack,” she urged.

 

I like that last bit. Real solid job of trying ignite the fear. Do it now! Do it quick! We have to stop the terrorists before the next attack!

[Malaphax]

Yea, I really loved the immediate response from all intelligence agencies was to push for broader and more intrusive powers in the wake of the Paris attacks:

http://www.theguardian.com/commentisfree/2015/nov/17/intelligence-agencies-pounce-paris-attacks-pursue-spy-agenda

 

All the while, the attack had been planned and executed over unencrypted SMS.

https://www.techdirt.com/articles/20151118/08474732854/after-endless-demonization-encryption-police-find-paris-attackers-coordinated-via-unencrypted-sms.shtml

https://www.techdirt.com/articles/20151119/06213132859/paris-attacks-were-intelligence-community-failure-not-encryption-problem.shtml

 

I think NPR's coverage of the recent encryption debate was decent. They basically said it's impossible to stop people from creating or using encryption, and that to leave backdoors on everything isn't even an feasible option. Beyond that, the intelligence agencies aren't suffering because they lack information, they're running into issues of having too much information to sift through.

http://www.npr.org/sections/alltechconsidered/2015/11/16/456219061/after-paris-attacks-encrypted-communication-is-back-in-spotlight

 

Sidenote:

While i can at least understand the blatant fear mongering that occurs after a terrorist attack like Paris, I find it disgusting that Clinton used the 9/11 attacks as a reasoning for why she has multiple Super-PACs and should continue to receive donations from Wall St. Banks.

https://www.washingtonpost.com/news/post-politics/wp/2015/11/15/clintons-911-comments-give-sanders-an-opening-on-her-wall-street-ties/

[kuhla]

Even if nothing comes out of all this, and encryption remains "uncompromised", I'm still worried that all the visibility of the topic of encryption will end up making it some kind of case for reasonable suspicion to judges who have no real understanding of tech in general.

[Malaphax]

Last I heard from the judicial side of things, encryption was actually protected pretty well. Passwords are protected and Police do not have the rights to force you to unlock a phone/computer:

http://www.slate.com/blogs/future_tense/2015/09/25/court_rules_that_defendants_don_t_have_to_provide_smartphone_passcodes.html

 

I would imagine the basic argument would be somewhat along these lines: Does locking your residence, or owning a safe warrant reasonable suspicion? Does taking notes in your own shorthand suggest wrongdoing? Should the encrypting of ones data either by policy or by choice suggest that an individual is engaged in an act of wrongdoing, when a password is protected under the current judicial rulings?

 

I certainly can see a judge trying to suggest that encryption amounts to reasonable suspicion, I cannot foresee that making it past district courts or SCOTUS.

[kuhla]

source - http://www.engadget.com/2015/12/16/congress-tucked-cisa-in-budget-bill/

 

 

Last night's budget bill wasn't all about avoiding a government shutdown. Packed inside the 2,000-page bill announced by Speaker Paul Ryan (R-WI) is the full text of the controversial Cybersecurity Information Sharing Act (CISA) of 2015. If you'll recall, the measure passed the Senate back in October, leaving it up to the House to approve the bill that encourages businesses to share details of security breaches and cyber attacks.

Despite being labeled as cybersecurity legislation, critics of CISA argue that it's a surveillance bill that would allow companies to share user info with the US government and other businesses. As TechDirt points out, this version of the bill stripped important protections that would've prevented directly sharing details with the NSA and required any personally identifying details to be removed before being shared. It also removes restrictions on how the government can use the data.

A number of tech companies and privacy groups, including Apple and Dropbox, have publicly opposed the bill citing its "flawed approach" to improving cybersecurity. By tacking CISA on to an urgent budget bill, the chances that it'll pass the House are likely. As Congress looks to avoid a government shutdown, slipping the measure into desperately needed (2,000 pages) legislation is a good way for it to be overlooked.

 

It's just so slimy at this point it's almost laughable.

[kuhla]

source - http://www.cotton.senate.gov/?p=press_release&id=283

 

 

Washington, D.C.- Senator Tom Cotton (R- Arkansas) today issued the following statement in response to Apple CEO Tim Cook's comments on 60 Minutes last night:

 

"Apple is a distinctive company that has improved the lives of millions of Americans. But Tim Cook omitted critical facts about data encryption on 60 Minutes last night. He claimed that Apple does not comply with lawful subpoenas because it cannot. While it may be true that Apple doesn't have access to encrypted data, that's only because it designed its messaging service that way. As a society, we don't allow phone companies to design their systems to avoid lawful, court-ordered searches. If we apply a different legal standard to companies like Apple, Google, and Facebook, we can expect them to become the preferred messaging services of child pornographers, drug traffickers, and terrorists alike--which neither these companies nor law enforcement want. Our society needs to address this urgent challenge now before more lives are lost or shattered."

[kuhla]

source - http://www.engadget.com/2016/01/21/california-lawmaker-wants-to-ban-phone-encryption-in-2017/

 

 

California lawmaker, State Rep. Jim Cooper (D-Elk Grove), has introduced a bill that would effectively ban the sale of mobile devices that have encryption on by default beginning in 2017. The bill, AB 1681, demands that any phone sold after January 1, 2017 be "capable of being decrypted and unlocked by its manufacturer or its operating system provider." Should this bill become law, manufacturers found in violation would be subject to fines of $2,500 per phone.

 

https://vimeo.com/152504630

 

Cooper's reasoning puts a novel spin on the same, tired "The police can't do their jobs unless tech companies do it for them" argument. This time, he used human trafficking as the boogeyman that needs defeating and which can only be accomplished if the government has unfettered, disk-level access to its citizens' cell phones.

"If you're a bad guy [we] can get a search record for your bank, for your house, you can get a search warrant for just about anything," Cooper told ArsTechnica. "For the industry to say it's privacy, it really doesn't hold any water. We're going after human traffickers and people who are doing bad and evil things. Human trafficking trumps privacy, no ifs, ands, or buts about it." Apparently human trafficking also trumps the 4th Amendment as well.

 

Yes. Of course. Human trafficking. Got it.

[kuhla]

A News Article - http://www.bbc.com/news/technology-35593048
Official Apple Response - http://www.apple.com/customer-letter/

 

From news article:

....

The FBI has asked Apple to do two things.

First, it wants the company to alter Farook's iPhone so that investigators can make unlimited attempts at the passcode without the risk of erasing the data.

Secondly, they want Apple to help implement a way to rapidly try different passcode combinations, to save tapping in each one manually.

Farook is understood to have used a four-digit passcode, meaning there are 10,000 possible combinations.

The FBI wants to use what is known as a "brute force" attack: literally trying out every combination until stumbling across the correct one and unlocking the phone.
....

 

 

This should be good.

 

Apple is refusing.

[Malaphax]

While I agree they're refusing, you should keep in mind that legally speaking they're not refusing per se, they're claiming an unreasonable burden.

The current iphone doesn't have backdoors to allow for brute force attacks, the FBI (more accurately the judge) is ordering Apple to provide the FBI with a backdoor to allow attacks on the phone. Apple cannot provide this, as it doesn't currently exist. Their "refusal" is that they have no plans on adding in backdoors to their phones, which should be applauded.

 

While I understand the FBI wants to collect as much data as possible, their request is unreasonable. The scary part will be if some dumbass legislator passes a law mandating backdoors on digital devices.

[Malaphax]

http://www.businessinsider.com/john-mcafee-ill-decrypt-san-bernardino-phone-for-free-2016-2

 

John McAfee offered to decrypt the San Bernadino terrorist's phone for free to prevent the FBI/courts from compelling Apple to create a backdoor.

Oh and he's also running for president.

 

I personally think McAfee is completely bonkers, but also very intelligent. There's a part of me that believes he could actually do this.

[kuhla]

source - http://www.cnbc.com/2016/02/19/doj-files-motion-to-compel-apple-to-comply-with-fbi-order.html

 

 

....

The Justice Department filed a motion Friday to compel Apple to assist investigators in accessing data on the Apple iPhone used by Syed Rizwan Farook, one of the shooters in the 2015 attack, which left 14 people dead. The phone is owned by Farook's former employer, the San Bernardino County Department of Public Health.The department has agreed to allow investigators to search the device.

"Apple's current refusal to comply with the court's order, despite the technical feasibility of doing so, instead appears to be based on its concern for its business model and public brand marketing strategy," the motion said.
....

The legal debate will continue to play out in the coming weeks, as Apple's opposition to the motion is due Feb. 26. A hearing is set for March 22 in California.
....

 

The latest.

[kuhla]

source - http://www.engadget.com/2016/03/02/apple-fbi-encryption-congress-hearing/

 

Regarding what came out of the congressional committee yesterday.

 

 

FBI Director James Comey

....

 

When asked if the San Bernardino iPhone case would set precedent for future encryption cases, Comey said, "Sure, potentially."

....

 

Not even really hiding behind the "just one phone" argument anymore.

[Malaphax]

I think the more amusing thing is that Congress got off their ass and actually did something. They held a comity and asked real questions, it was almost like some staffers told them their iphones might be spied on by the FBI if this goes through.

 

The other fantastic argument I've heard from the FBI was "We need the phone in our possession to actually unlock and decrypt it."

To which my response is, "How long before you ask Apple to write software that allows you do access it remotely?"

[kuhla]

This just gets more and more interesting.

 

source - http://www.techspot.com/news/64181-fbi-finds-outside-party-help-unlock-iphone.html?google_editors_picks=true

 

 

....

 

In a document filed with the courts, the Department of Justice has requested that tomorrow's hearing be vacated due to this discovery.

“On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone. Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. (“Apple”) set forth in the All Writs Act Order in this case.”

 

....

 

source - https://www.reddit.com/r/apple/comments/4b70xy/starting_with_ios_93_apple_will_encrypt_icloud/

 

 

If you have 2FA enabled, starting with iOS 9.3, Apple will encrypt iCloud data against user device's passcode.

 

So the FBI might have more tools (orly) and doesn't want to fight it in court (for now) and now Apple wants to give the keys to people's clouds solely to the users.

 

I did have to laugh at that one senator (?) who was asking some technical questions at the hearing the other week.