23-02-2016, 12:37 #1
[EN] Bill Gates backs FBI iPhone hack requestFebruary 23, 2016
Stephen Foley in New York and Tim Bradshaw in San Francisco
Bill Gates has broken ranks with Silicon Valley in the stand-off between Apple and the US government, saying technology companies should be forced to co-operate with law enforcement in terrorism investigations.
The Microsoft founder took issue with Tim Cook’s characterisation of the government’s order that Apple help break open the San Bernardino shooter’s iPhone as a demand for a “back door”, denying that it would set a wider precedent.
“This is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case,” Mr Gates told the Financial Times.
“It is no different than [the question of] should anybody ever have been able to tell the phone company to get information, should anybody be able to get at bank records. Let’s say the bank had tied a ribbon round the disk drive and said, ‘Don’t make me cut this ribbon because you’ll make me cut it many times’.”
Apple has been pulled into a war of words with US law enforcement in the last week, after a judge ordered the company to write software that would enable FBI investigators to unlock Syed Rizwan Farook’s iPhone. Mr Cook, Apple’s chief executive, has called the request a “chilling” example of “overreach” by the US government that would set a “dangerous precedent that threatens everyone’s civil liberties”.
Mr Gates’s stance sets him apart from the rest of the technology industry, including the company he founded. Satya Nadella, Microsoft chief, has not publicly commented on the matter, but a spokesperson for the Seattle-based company pointed to a statement by the Reform Government Surveillance organisation, of which it is a member, opposing the order.
Silicon Valley executives including Mark Zuckerberg, Facebook chief; Jack Dorsey, Twitter founder; and Sundar Pichai, head of Google, have all sided with Mr Cook. National Security Agency whistleblower Edward Snowden called the showdown “the most important tech case in a decade”.
But James Comey, FBI director, has insisted that the case is “quite narrow”.
“We don’t want to break anyone’s encryption or set a master key loose on the land,” Mr Comey wrote in a blog post on Sunday night.
Mr Gates told the FT that there were benefits to the government being able to enforce taxation, stop crime and investigate terror threats, but said there must be rules on when the information can be accessed.
“I hope that we have that debate so that the safeguards are built and so people do not opt — and this will be country by country — [to say] it is better that the government does not have access to any information,” he said.
Mr Gates was speaking at the launch of the annual letter from his charitable organisation, the Bill and Melinda Gates Foundation, in which he argues that “an energy miracle” will be needed to bring electricity to the one-fifth of the world’s population that does not currently have it, while still reducing carbon emissions to zero.
“Let’s science the expletive-expletive out of this,” he said, quoting Matt Damon’s character in the movie, The Martian. “I don’t know what the expletives are.”
23-02-2016, 15:38 #2
The Seeds Of Apple's Standoff With DOJ May Have Been Sown In Brooklyn
Apple could easily defeat the security on the phones in California and Brooklyn — just like it's done 70 times before.
February 22, 2016
The debate over whether Apple should defeat the security on the iPhone of San Bernardino shooter Syed Rizwan Farook isn't the first time the company has clashed with law enforcement.
The FBI also wanted to get into the iPhone of a drug dealer in Brooklyn. Jun Feng pleaded guilty to selling methamphetamine last year. As part of its investigation, the government obtained a search warrant for Feng's iPhone. But the phone was locked by a passcode, so prosecutors asked a judge for an order compelling Apple to bypass it.
"In about 70 prior occasions, this exact situation had occurred," says Susan Hennessey, a former National Security Agency lawyer who's now a fellow at the Brookings Institution. "And Apple had elected to comply with the court order."
The fact that Apple had bypassed the lock on roughly 70 phones in previous cases was revealed during a court hearing last October.
And Apple might have quietly done the same to Jun Feng's phone, too, but something unusual happened. Federal Magistrate Judge James Orenstein did not sign the order the government wanted. Instead, he went public and asked Apple if the company had any objections.
"What was remarkable was that the public hadn't seen the argument surfaced," says Jennifer Granick at the Stanford Center for Internet and Society. She says Judge Orenstein was trying to stoke a public debate. "Judge Orenstein had concerns about whether the government's legal argument was a valid legal argument."
The judge seemed particularly skeptical that the government relied in part on an 18th-century law called the All Writs Act. Prosecutors say it gives them authority to compel private companies to help carry out search warrants.
The government probably expected Apple to comply, just like the company had dozens of times before, says Hennessey.
"What All Writs is intended to do is that in those areas where Congress has not spoken, it's intended to fill the gap, such that the courts can effectuate their orders," Hennessey says. "This is precisely how All Writs has been applied throughout history."
But this time, lawyers for Apple disagreed. They said the company had complied when the law seemed settled, but at the hearing in Feng's case in October, Apple's lawyers argued that the government was actually asking for something novel: the power to force a tech company to break the security on one of its devices.
It's similar to the argument that's now playing out in California, where the FBI wants Apple to defeat the security on Farook's iPhone.
"The cases are different, but the underlying legal question is very similar," says Alex Abdo, a lawyer with the American Civil Liberties Union. "The question in the New York case is whether the government can rely on this very old statute to conscript Apple into government service."
There are some key differences between the two cases. The defendant's iPhone in New York was using an older operating system, iOS 7, which makes it relatively easy for Apple to bypass the lock. The iPhone in California is running Apple's newer operating system, iOS 9, and the company says it would have to create software just to get into the phone. Abdo says that's a conscious choice by Apple.
"They didn't want to be in the position, they told the court, of having to serve as a government investigative agent," he says. "They wanted to be out of the business of spying on their customers."
That may be especially important to Apple in international markets, where security is a big selling point. But U.S. law enforcement is frustrated by that argument. Federal prosecutors say Apple is putting its own public relations interests ahead of national security.
They think Apple could easily defeat the security on the phones in California and Brooklyn — just like it's done 70 times before.
24-02-2016, 19:48 #3
If Amazon were in Apple’s position, would it unlock its cloud for the feds?
Feb 23, 2016
As Apple continues to resist FBI demands to unlock a terrorist suspect’s phone, it raises a question: What if Amazon Web Services was ordered to provide access to a customer’s cloud? Would AWS hand the data over to the feds?
Amazon’s terms of service provide us a clue. AWS says it complies with legally binding orders when compelled to do so. Here’s a statement from Amazon’s FAQ on cloud data privacy (which is not written specifically about the Apple-FBI issue):
“We do not disclose customer content unless we're required to do so to comply with the law or a valid and binding order of a governmental or regulatory body. Governmental and regulatory bodies need to follow the applicable legal process to obtain valid and binding orders, and we review all orders and object to overbroad or otherwise inappropriate ones.”
Most of the time, when ordered to hand over data, Amazon does so. In 2015 AWS received 1,538 subpoenas from law enforcement officials, according to information the company recently began making public. Just over half the time (in 832 cases, or 54% of the time) AWS complied fully with those orders. Another quarter of the time (in 399 cases) Amazon partially responded to the request for information, while in the remaining 20% of cases AWS did not respond to the subpoena.
For customers who are concerned about Amazon handing over their data to the government, there are protections that can be put in place. “There’s a huge market focused on encrypting data stored in the cloud, and giving the customers the keys,” explains 451 Research analyst Adrian Sanabria. If customers use a third-party encryption service to scramble their data and manage the keys themselves, then even if Amazon did hand over the data to the feds, it would be useless. “Yes, it does sometimes create some issues with flexibility and breaking functionality, but it is there as an option if you want it, and (if done properly) AWS (or the government) can’t decrypt the data,” Sanabria says.
AWS offers multiple different encryption methods, including ones that are built in automatically to some services – like S3, the Simple Storage Service, and others that customers manage themselves, such as the Hardware Security Module (HSM). AWS’s marketplace offers a variety of additional encryption and security services from independent software vendors.
Amazon says that it notifies customers when there’s been a request for their data to be handed over, unless there’s a compelling reason not to do that; for example if its clear the cloud service is being used for an illegal purpose.
AWS is more stringent about not providing other types of information to the government. In the second half of 2015 alone, AWS received 249 “National security requests” but did not comply with any of them. AWS also received 78 requests from non-U.S. entities, the vast majority of which (60) the company did not respond to.
Even with all the concern over providers or the government being able to access data, Sanabria estimates that only a minority of cloud users encrypt data and manage their own keys.
24-02-2016, 19:51 #4
Telecoms Tight-Lipped On Apple's Encryption Battle With FBI
February 24, 2016
While vendors, startups, and tech CEOs in Silicon Valley are sounding off on the ongoing Apple-versus-FBI debate over unlocking an encrypted iPhone belonging to one of the San Bernardino shooters, telecommunications carriers have largely remained quiet.
Last week, Cupertino, Calif.-based Apple was asked by the FBI to create a new version of an iPhone operating system that would bypass specific security features that the current operating system has in place. The requested operating system would create a backdoor that could be used on any iPhone. The FBI says it will use the system to unlock an iPhone linked to the December 2015 San Bernardino shooting. But Apple CEO Tim Cook refused, saying that having a "master key" to all iPhones would set a dangerous precedent and weaken security for all Apple users.
While the majority of the tech companies voicing their views back Apple, many telecommunications companies are either noticeably silent, or are providing responses that err on the side of diplomacy.
"The conservative viewpoint is saying that morally, it doesn't seem to right to not help with something that cost lives. But at the same time, some believe that it could open the door to more breaches. I'm listening to it all, but I can't decide what is technically the truth versus what is politics," said one solution provider who spoke under the condition of anonymity.
"There is also a part of me that feels like it's kind of nice that there is a technology company that is not going to cave and give up our privacy rights," the provider added.
Tech vendors and carriers were famously outed as working with the government by Edward Snowden in 2013. Snowden, an IT professional who had done work for the CIA, copied classified information and fled the country, revealed that over the years, some carriers -- including Verizon and AT&T -- have granted the National Security Agency (NSA) access to both Internet communications and countless phone records.
Because of the cooperative nature of the past relationships that the government has had with carriers, it's no surprise that carriers are pleading the fifth, said the solution provider, who partners with many domestic and international carriers.
Verizon, CenturyLink, and Comcast declined to comment on the subject when reached by CRN.
AT&T, however, spoke up and is taking a neutral approach.
"Our personal view is that there has to be a balance between personal privacy and security," said Ralph de la Vega, president and CEO of AT&T's Mobile and Business Solutions unit during an interview at Mobile World Congress in Barcelona, Spain.
"Right now, the laws are a little bit muddled," de la Vega continued. "We think that Congress should take the leadership role in setting up clear laws to be followed by the land that balances the security and privacy aspects for the citizens of the country. I think that's the right way to settle it … versus doing it in the courts or in any other forum."
In a New York Times report in August 2015, AT&T was once again characterized as having a "highly collaborative" partnership with the NSA, but the report said the carrier was possibly even tighter with the government than its competitors in the telecommunications space. The report said Dallas-based AT&T gave the NSA access to billions of emails and authorized wiretapping of communications transmitted over its network for a decade.
While telecom provider Sprint has not publicly issued a statement, competitor T-Mobile's notoriously vocal CEO, John Legere, said he understood both sides of the debate, and that Cook is "in a really, really difficult spot."
"I mean, obviously what we have got is an unheralded situation where he’s being requested to help authorities deal with the security of the device. … We will see where it goes. I wouldn’t know how to advise him," Legere said in an interview with CNBC last week.
The debate between Apple and the FBI isn't simply about one iPhone, according to the solution provider who requested anonymity. The dilemma also opens the door to geopolitical issues. Many countries outside the U.S. are Apple customers, and phone-unlocking laws could get blurry if a citizen of a foreign country commits a crime.
"For countries that the U.S. is not friendly with that are buying Apple products, what is Apple's stance on unlocking those phones, is it country by country?" the provider said.
But from a security perspective, the solution provider isn't bothered by the fact that some of its carrier partners are known to have worked with the government in the past. In fact, this isn't the first time Apple was asked to hand over information and it has complied with such requests in the past, the partner said.
"For us, it's not really an issue," said the provider.