Congressional Agency Questions Legality of Wiretaps

[GreenGoo]

A lot of more important things done with those resources. The cost of breaking modern encryption methods far exceeds the value of doing so in almost every instance. But sure if they think that means they don't need backdoors I'm more than willing to let them.

I don't disagree, but we've had a huge number of previously secure encryption methods cracked in our lifetimes. The key is to keep the encryption technology ahead of the cracking technology.

I'm sure the 4 man openssl team can handle it though.

In fairness there are about 10-15 other members that help out at times.

[Defiant]

Much as I would prefer decryption only when there's a warrant, there is the issue of it taking a (*very*) long time to decrypt. You could make the person decrypt it for you, but I imagine that would violate the fifth amendment against self incrimination?

(Quantum computing might be a way around that, but at some point, when individuals have access to that technology to encrypt, it would be hard again. At least to what I understand - I admit only having a minimal understanding of quantum computing).

[GreenGoo]

Much as I would prefer decryption only when there's a warrant, there is the issue of it taking a (*very*) long time to decrypt. You could make the person decrypt it for you, but I imagine that would violate the fifth amendment against self incrimination?

No, I believe there is precedent for forcing a person to give up the key to a lock box or a combination for a safe. This isn't much different.

Well, the difference is that before you needed a warrant. Today they just want a hole in the back of your safe so they can check it whenever they want. You know, because terrorists and stuff.

[Defiant]

No, I believe there is precedent for forcing a person to give up the key to a lock box or a combination for a safe.

OK, though maybe a lawyer can explain the difference?

(I imagine "forcing" is just punishing him with contempt of court, right?)

[Pyperkub]

Supremes to examine warrantless Cell Phone location tracking:

The case the justices were asked to review Friday concerns a Florida man who got a life term for several robberies in a 2012 case built with his mobile phone's location data the police obtained without a warrant.

The case has big privacy implications for anybody who carries a mobile phone. According to the government, that device may be tracked at will without the Fourth Amendment's probable cause standard being met.

What's more, the petition to the high court from defendant Quartavious Davis comes as cell-site tracking has become a choice surveillance tool in the aftermath of a Supreme Court ruling that said the authorities needed a warrant to affix GPS trackers to vehicles. In that 2012 decision, the high court declared that the government's act of affixing a GPS device on a vehicle was the equivalent of a search usually requiring a warrant.

The American Civil Liberties Union is representing Davis and wants the high court to overturn a March decision (PDF) from the 11th US Circuit Court of Appeals, which ruled against Davis based on precedent from the analog age.

[GreenGoo]

No, I believe there is precedent for forcing a person to give up the key to a lock box or a combination for a safe.

OK, though maybe a lawyer can explain the difference?

(I imagine "forcing" is just punishing him with contempt of court, right?)

Yes, additional legal action against him, not sure if it's contempt or what. This topic was talked about awhile (a long while now) ago and the argument was as stated. Physical impediments to accessing evidence can be coerced out of a suspect if there are suitable grounds and a judge issues a warrant. Some of the particulars (of the discussion) revolved around accessing celphone data if I remember correctly. At the time, you couldn't look in my briefcase without a warrant, but you could access and copy my phone contents if you felt like it, no warrant required.

I would love a criminal defense lawyer (or prosecutor) to speak up because it was a long time ago and my memory isn't great.

[Moliere]

Snowden joins Twitter. Currently he is only following the NSA.

@neiltyson Thanks for the welcome. And now we've got water on Mars! Do you think they check passports at the border? Asking for a friend.

[Isgrimnur]

European Safe Harbor yanked:

A deal that allows thousands of companies to transfer data from Europe to the United States is invalid, the highest EU court said on Tuesday in a landmark ruling that follows revelations of mass U.S. government snooping.

Many companies, particularly tech firms, have said the Safe Harbour agreement helps them get round cumbersome checks to transfer data between offices on both sides of the Atlantic, including payroll and human resources information and also lucrative data used for online advertising.

But the decision by the Court of Justice of the European Union (ECJ) could sound the death knell for the system, set up by the European Commission 15 year ago and used by over 4,000 firms including IBM (IBM.N), Google (GOOGL.O) and Ericsson (ERICb.ST).

The court said Safe Harbour did not sufficiently protect EU citizens' personal data as American companies were "bound to disregard, without limitation" the privacy safeguards where they come into conflict with the national security, public interest and law enforcement requirements of the United States.

"The Court of Justice declares that the Commission's U.S. Safe Harbour decision is invalid," the court said.
...
The Commission will give a press conference at 1500 CET (9:00 a.m. EDT) in response to the ruling, but it was unclear if the decision would prompt national data protection authorities to suspend personal data transfers to the United States.
...
Without Safe Harbour, multinationals could be forced to draw up contracts establishing privacy protections between groups or seek approval from data protection authorities for information transfers to countries the EU deems to have lower privacy standards, including the United States.

[GreenGoo]

Neat. I'd like to think that this is an opportunity to make great headway in privacy laws, but I'm resigned to the fact that something even more awful will be put in place.

From an outsider's viewpoint, it's hilarious that Europe feels that data isn't safe in the land of the Free. It's somewhat ironic, no?

[stessier]

Neat. I'd like to think that this is an opportunity to make great headway in privacy laws, but I'm resigned to the fact that something even more awful will be put in place.

From an outsider's viewpoint, it's hilarious that Europe feels that data isn't safe in the land of the Free. It's somewhat ironic, no?

Why should it be safe here? A totalitarian state would be good at keeping it under lockdown. We believe in freedom for all - including 1s and 0s.

[Defiant]

Neat. I'd like to think that this is an opportunity to make great headway in privacy laws, but I'm resigned to the fact that something even more awful will be put in place.

From an outsider's viewpoint, it's hilarious that Europe feels that data isn't safe in the land of the Free. It's somewhat ironic, no?

Not really, since it ain't free

[GreenGoo]

Ah, I see I miscommunicated. I'm mocking the idea that the land of the free and a civil liberties mecca has become so untrustworthy that Europe has decided their data is not safe in US Corporations' hands not because of the Corps (which is bad enough) but because of the privacy invading Government (which is worse).

Just so we're clear, they don't want the data to fall within the US's jurisdiction, not that they are worried about the data being sold to advertisers (which I'm sure is also a concern, but not the main named concern).

[Defiant]

Ah, I see I miscommunicated. I'm mocking the idea that the land of the free and a civil liberties mecca has become so untrustworthy that Europe has decided their data is not safe in US Corporations' hands not because of the Corps (which is bad enough) but because of the privacy invading Government (which is worse).

Just so we're clear, they don't want the data to fall within the US's jurisdiction, not that they are worried about the data being sold to advertisers (which I'm sure is also a concern, but not the main named concern).

While certainly both are "bad" (I wouldn't necessarily consider the government's invasion of privacy worse.). But I think this is more about companies collecting data than about the US government. If anything, it's easier for the government to collect data outside of the US because there are less restrictions. In terms of companies collecting data on users, there's little regulation here as compared to in Europe, so the privacy policies of many companies here won't fly in Europe.

Edit: OK, I missed the part about disregarding it in terms of law enforcement concerns. So you're probably right.

[ImLawBoy]

This has the potential to have a very, very big impact on my work, as I support contracts for the outsourcing of large, international networks. Should be interesting (and I'm guessing the cause of more than a few headaches).

[GreenGoo]

Well, corporations can't throw you in jail for what they find in your data, or think they find. Or put there. Just as Free Speech is only guaranteed from Government intervention, I would prefer that the government doesn't go rooting through my data. I would prefer corporations not either, but at least they are just going to make my life inconvenient, not incarcerate me.

That's why I feel government snooping is worse. Especially when they are doing some mental gymnastics to bypass laws that were clearly made to avoid this kind of invasion of privacy.

European Safe Harbor yanked:

The court said Safe Harbour did not sufficiently protect EU citizens' personal data as American companies were "bound to disregard, without limitation" the privacy safeguards where they come into conflict with the national security, public interest and law enforcement requirements of the United States.

This is the primary portion I was referring to, but like anything, I'm sure there is more to it if I felt compelled to dig deeper into the story.

edit: Ah I see you caught the part I was referring to. It's all good.

The other side of this is that I'm usually ranting about corporations misuse of my data, but here they are the lesser of two evils. I don't know if I find that funny, sad, or frightening.

[GreenGoo]

This has the potential to have a very, very big impact on my work, as I support contracts for the outsourcing of large, international networks. Should be interesting (and I'm guessing the cause of more than a few headaches).

I can imagine this is going to be (potentially) apocalyptic for a lot of businesses until it get sorted out.

Good luck.

[Defiant]

Well, corporations can't throw you in jail for what they find in your data, or think they find. Or put there. Just as Free Speech is only guaranteed from Government intervention, I would prefer that the government doesn't go rooting through my data. I would prefer corporations not either, but at least they are just going to make my life inconvenient, not incarcerate me.

That's why I feel government snooping is worse. Especially when they are doing some mental gymnastics to bypass laws that were clearly made to avoid this kind of invasion of privacy.

You don't think corporations can "put data" there? And (some) corporations have done very sketchy stuff just like the government.

And let's not forget that your credit is dependent on data corporations collect. Not to mention that there have been examples of coporations who have set prices based on the data . And then, of course, there are issues like lack of transparency and data breaches and identity theft and.... And at least we have representation in the US government (well, some of us).

They're both bad. And the consequences from either can be very serious.

Yes, corporations can't put you in prison. But my educated guess is that the corporations collecting data results in more frequent bad stuff than the government doing the same.

[Rip]

Death by a thousand paperless cuts.

[Moliere]

A Second Snowden Has Leaked a Mother Lode of Drone Docs

IT’S BEEN JUST over two years since Edward Snowden leaked a massive trove of NSA documents, and more than five since Chelsea Manning gave WikiLeaks a megacache of military and diplomatic secrets. Now there appears to be a new source on that scale of classified leaks—this time with a focus on drones.

[Pyperkub]

A Second Snowden Has Leaked a Mother Lode of Drone Docs

IT’S BEEN JUST over two years since Edward Snowden leaked a massive trove of NSA documents, and more than five since Chelsea Manning gave WikiLeaks a megacache of military and diplomatic secrets. Now there appears to be a new source on that scale of classified leaks—this time with a focus on drones.

From the article:

The revelations about the CIA and Joint Special Operations Command actions include primary source evidence that as many as 90 percent of US drone killings in one five month period weren’t the intended target, that a former British citizen was killed in a drone strike despite repeated opportunities to capture him instead, and details of the grisly process by which the American government chooses who will die, down to the “baseball cards” of profile information created for individual targets, and the chain of authorization that goes up directly to the president.1

Nice accuracy rate there...

[Defiant]

Federal Judge Rules Against NSA Phone Surveillance Program

And the ruling is just in time to be almost completely irrelevant anyway.

In June, Congress passed a law that will end this collection of the records. Instead the NSA will be allowed to search the phone companies’ databases for such call records, but only if it gets a warrant.

That change will take effect on Nov. 29, and government lawyers had urged Judge Leon to allow the NSA to conduct a transition to the new system on its own schedule.

[Pyperkub]

Details on National Security Letters (NSL's):

The FBI has interpreted its NSL authority to encompass the websites we read, the Web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs," said Nicholas Merrill, who was president of Calyx Internet Access in New York when he received the NSL targeting one of his customers in 2004.

The FBI subsequently dropped demands for the information on one of Merrill's customers, but he fought the gag order in what turned out to be an 11-year legal odyssey just to expose what the FBI was seeking.

Yet it is illegal under the Patriot Act to get library reading lists, etc without a warrant:

Area libraries balance respect for privacy, terror fight, from the Ithaca Journal
“Under the Patriot Act, law-enforcement officials must still back up their library-search requests with a warrant from a court. But that court meets in secret to hear the FBI’s reasons for suspicion, critics say, and legal standards for obtaining warrants are not as tough as standards for traditional search warrants.”

I'm guessing they may be referring to FISA, but maybe not.

Still - I see a much closer relationship to internet history and searches to library records...

[Isgrimnur]

Apple

We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.

When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
...
Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Tim Cook

[Sepiche]

I don't know... I feel like Apple is being a little disingenuous with it's statement.

The feds aren't asking for a backdoor they can use at will with no oversight on any phone. They want a single update specific to that phone that would allow them to quickly feed it passcodes without slowing down it's responses and without risking the deletion of data after 10 failed attempts. Given the security changes to the most recent iPhones, it's doubtful this technique would even work on more recent phones.

And seeing as this is a very specific request with a valid warrant, I don't feel like the argument that this could be used by others to hold much water. Only Apple can push out this kind of update to Apple products, and if that update is indeed designed to only work on that one phone, that seems to me to be a reasonable level of security and oversight.

[stessier]

It's not something that would only work with that phone - it would work for any phone with that version of ios. Granted, most phones should be on the newest version, but it's still a bad precedent to set that they can be forced to do this. Techdirt has an interesting article on the situation.

[Sepiche]

It's not something that would only work with that phone - it would work for any phone with that version of ios.

From what I've read that's not true. The FBI early on in the negotiation acknowledged that issue and asked that the custom software be designed to only work on the ID of the phone in question:
http://www.vox.com/2016/2/17/11037748/f ... bernardino

The FBI, having heard the concerns of technology companies, has asked Apple to make custom software that is tied specifically to the device ID of Farook's iPhone.

Granted as a proof of concept it would mean more, similar requests are possible, but as long as Apple has to be directly involved, and as long as the authorities are obtaining valid warrants, I don't feel this is egregious as most people seem to think.

[LordMortis]

It's not something that would only work with that phone - it would work for any phone with that version of ios.

From what I've read that's not true. The FBI early on in the negotiation acknowledged that issue and asked that the custom software be designed to only work on the ID of the phone in question:
http://www.vox.com/2016/2/17/11037748/f ... bernardino

The FBI, having heard the concerns of technology companies, has asked Apple to make custom software that is tied specifically to the device ID of Farook's iPhone.

I feel like this is mostly a PR move on Apple's part. They're making a show of fighting this for the benefit of their users, but this is so different and so specific compared to the warrant-less wiretapping that has been going on, I really don't see the downside here.

Can they engineer a hack that only works on computer? Once they do it for one, what does the well look like for others?

[Sepiche]

heh, Sorry, I stealth updated my original post a bit as you were posting.

Can they engineer a hack that only works on computer? Once they do it for one, what does the well look like for others?

They can code the update to only work if the phone it's installed on matches a specific ID.

To me it does undercut Apple's argument that once the software is created that it's out there and available. The code would have to be updated by Apple specific to each request, and moreover only Apple can push those kind of updates out to it's phones. As long as there is proper judicial oversight involved, this kind of request just doesn't seem crazy to me.

[Isgrimnur]

There are leaks and there are lockpicks. All it takes is for one black hat to get hold of the software, reverse engineer it to determine how to modify the key, and every single device in the world is potentially compromised.

[Sepiche]

There are leaks and there are lockpicks. All it takes is for one black hat to get hold of the software, reverse engineer it to determine how to modify the key, and every single device in the world is potentially compromised.

There are a number of reasons that's incredibly unlikely.

It would have to be a leak from an Apple employee with considerable access and there's nothing about this particular update that makes a situation like that any more likely than it already is. i.e. With or without the FBI's request an Apple employee could theoretically push out an iOS update that does whatever he wants, but presumably Apple has many safeguards in place to deal with that.

[El Guapo]

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Whether this would create a backdoor for some / most / all iPhones isn't really the most compelling argument to me. I find the above more compelling. Generally companies get subpoenas for records and information within their possession. Obviously that wouldn't work here, since they want something that Apple does not have in its possession. But if the FBI can compel a company to create something new in order to assist with a criminal investigation, what's the limiting principle on that? Why couldn't the FBI issue the list of orders that Apple has above?

[Pyperkub]

I think the FBI needs to hire better hackers.

[Sepiche]

But if the FBI can compel a company to create something new in order to assist with a criminal investigation, what's the limiting principle on that? Why couldn't the FBI issue the list of orders that Apple has above?

Except to me that's a slippery slope argument that sidesteps that question.

The FBI has a specific warrant and a specific request that it's asking Apple to carry out because only Apple can. If the FBI came to them without a warrant or with a vague request Apple would, I think, be within it's right declining, but they aren't being asked to create an on going security hole in their product or create a way for the FBI to collect vast amounts of user data without a warrant.

If the FBI were asking for that, I too would be rightly upset, but the FBI's request in this case seems entirely reasonable and narrow in scope.

[Rip]

But if the FBI can compel a company to create something new in order to assist with a criminal investigation, what's the limiting principle on that? Why couldn't the FBI issue the list of orders that Apple has above?

Except to me that's a slippery slope argument that sidesteps that question.

The FBI has a specific warrant and a specific request that it's asking Apple to carry out because only Apple can. If the FBI came to them without a warrant or with a vague request Apple would, I think, be within it's right declining, but they aren't being asked to create an on going security hole in their product or create a way for the FBI to collect vast amounts of user data without a warrant.

If the FBI were asking for that, I too would be rightly upset, but the FBI's request in this case seems entirely reasonable and narrow in scope.

If the FBI were asking that and they were asking many other companies they would get what they want and you would never hear about it.

Just sayin...

Me, never been a big Apple fan but this takes balls and I admire them standing up to the pressure. I don't think they should be able to require you to give them anything to unlock a phone, computer, etc.

You want the data on it, have at it.

Besides, we need the jobs.

[El Guapo]

But if the FBI can compel a company to create something new in order to assist with a criminal investigation, what's the limiting principle on that? Why couldn't the FBI issue the list of orders that Apple has above?

Except to me that's a slippery slope argument that sidesteps that question.

The FBI has a specific warrant and a specific request that it's asking Apple to carry out because only Apple can. If the FBI came to them without a warrant or with a vague request Apple would, I think, be within it's right declining, but they aren't being asked to create an on going security hole in their product or create a way for the FBI to collect vast amounts of user data without a warrant.

If the FBI were asking for that, I too would be rightly upset, but the FBI's request in this case seems entirely reasonable and narrow in scope.

It is at the core of the question. The issue is whether the All Writs Act of 1789 authorizes the FBI to compel Apple to create something new to allow it to access this particular phone. If it doesn't, then Apple is entirely within its rights to tell the FBI to pound sand.

What the All Writs Act in general authorizes is the essential first step in determining whether it authorizes this particular request. The determining the limits of that authority is how you determine exactly what it authorizes.

[Pyperkub]

I think the FBI needs to hire better hackers.

Google MFer's!

[LordMortis]

But if the FBI can compel a company to create something new in order to assist with a criminal investigation, what's the limiting principle on that? Why couldn't the FBI issue the list of orders that Apple has above?

Except to me that's a slippery slope argument that sidesteps that question.

The FBI has a specific warrant and a specific request that it's asking Apple to carry out because only Apple can. If the FBI came to them without a warrant or with a vague request Apple would, I think, be within it's right declining, but they aren't being asked to create an on going security hole in their product or create a way for the FBI to collect vast amounts of user data without a warrant.

If the FBI were asking for that, I too would be rightly upset, but the FBI's request in this case seems entirely reasonable and narrow in scope.

If the FBI were asking that and they were asking many other companies they would get what they want and you would never hear about it.

Just sayin...

Me, never been a big Apple fan but this takes balls and I admire them standing up to the pressure. I don't think they should be able to require you to give them anything to unlock a phone, computer, etc.

You want the data on it, have at it.

Besides, we need the jobs.

Rip speaks out against Trump!!!!

http://www.cnn.com/2016/02/17/politics/ ... on-debate/

[Rip]

Absolutely, I definitely don't agree with everything he says. He isn't even my favorite candidate.

But he isn't the Hitler knockoff he is made out to be.

Just a gasbag who can read polls and knows how to manipulate the propaganda machine without having control of it.

[hepcat]

Absolutely, I definitely don't agree with everything he says. He isn't even my favorite candidate.

But he isn't the Hitler knockoff he is made out to be.

Just a gasbag who can read polls and knows how to manipulate the propaganda machine without having control of it.

If it came down Trump and someone everyone else here supported, you'd vote Trump in a New York minute. Even if the other candidate spoke out against health insurance, speeding laws and beef jerky bans. Politics is all about spite for you.

[Grifman]

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

This is bogus. It's a bald assertion without any argumentation or evidence that it would be true. The FBI has a warrant. They want into the phone. I don't see how this is much different than asking the landlord to unlock an apartment for which the FBI has a warrant. As long as the FBI has to get a warrant for these type of "searches", I don't see what the problem is.