US Secretly Acting Like China Does in Public

/4 Comments/in /by

As this ZDNet article notes, some of the Snowden disclosures revealed that NSA had asked for the source code of various tech companies (though it links to a Jake Appelbaum article that I believe to be sourced to someone else). What is new in its report of US government demands for source code, however, is how the government is getting it: through secret civil or FISA orders.

The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We’re not naming the person as they relayed information that is likely classified.

With these hearings held in secret and away from the public gaze, the person said that the tech companies hit by these demands are losing “most of the time.”

When asked, a spokesperson for the Justice Dept. acknowledged that the department has demanded source code and private encryption keys before.

That is, at a time when we condemn public Chinese demands to be able to review source code of companies doing business in China, the US has been doing the same thing, albeit without the reputational hit of doing so publicly.

All of which makes the point I made here — that the government is fairly explicitly threatening to demand source code from Apple — all the more significant, in part for an issue I’ve been meaning to return to.

Contrary to popular belief, the FISA Court does not operate in complete isolation from traditional courts. On several known issues — notably, the access to location data and the collection of Post Cut Through Direct Dial numbers — FISC has taken notice of public magistrate’s opinions and used that to inform, though not necessary dictate, FISC practice. As I have noted, at least until 2014, the FISC used the highest common denominator from criminal case law with respect to location data, meaning it requires the equivalent of a probable cause warrant for prospective (though not historic) data. And FISC first seemed to start tracking such orders during the magistrate’s revolt of 2005-6. That’s an area where FISC seems to have followed criminal case law. By contrast, FISC permits the government to collect, then minimize, PCTDD, though it appears to have revisited whether the government’s current minimization procedures meet the law, the most recent known moment of which was 2009.

In other words, this Apple fight (as well as magistrate James Orenstein’s order) may affect what FISC will approve — or has already approved in secret — for other tech companies (or even for Apple), something the tech companies that submitted amicus briefs likely know. That makes FBI’s decision to hold this fight in public, which Apple preferred not to do, all the more significant. Because if Apple prevails, it will make it a lot harder to secretly jurisdiction shop anywhere in the US, whether in a secret magistrate’s proceeding or an even more secret FISC one.

Thursday Morning: A Little Green Around The Gills

/44 Comments/in , , /by

Happy St. Patrick’s Day to those of you who observe this opportunity to drink beer (tinted green or otherwise) and eat boiled dinner and wear green! We’ll know the hardcore among you tomorrow by your hangovers.

Folks overseas don’t understand how St. Patrick’s Day blew up to the same proportions as other holidays like Halloween, blaming it on American commercialization. But the holiday as observed in the U.S., like Halloween, has roots in immigration. Four to five million Irish immigrated to the U.S.; their descendants here are nearly 40 million today, roughly seven times the number of actual Irish in Ireland now. With this many Irish-Americans, even a tepid observation of St. Patrick’s Day here would be visible abroad.

In addition to all things green, we’ll be watching this week’s second #FlintWaterCrisis hearing. Representatives Chaffetz and Cummings can go all shouty on Michigan’s OneLawyeredUpNerd Governor Rick Snyder and EPA’s Gina McCarthy though I have my doubts anything new will emerge. (And you’ll see me get really angry if Rep. SlackerForMichigan Tim Walberg shows up to merely make face on camera. Useless helicoptering.)

Unlike Tuesday, I hope like hell somebody brings up Legionnaire’s cases and deaths in Flint after the cut-over of Flint’s water to Flint River. Thousands of children may have been permanently poisoned by lead, but people sickened and died because of this complete failure of government-as-a-business.

I can’t stress this enough: There were fatalities in Flint because of the water.

Hearing details – set a reminder now:

Thursday 17-MAR — 9:00 AM — Gov. Snyder (R-MI) & EPA Head McCarthy: House Hearing on Flint, MI Water Crisis (est 3 hours, on C-SPAN3)   Link to House Oversight Committee calendar entry

You can find my timeline on Flint’s water here — as noted Tuesday, it’s a work in progress and still needs more entries.

Moving on…

Apple leaves Amazon for Google’s cloud service
Wait, what?! File under ‘Wow, I didn’t know!’ because I really though Apple housed all its cloud services under its own roof. I mean, I’ve written about data farms before, pointed to a new Apple location. I didn’t know Apple had outsourced some of its iCloud to Amazon.

Which makes Senator Ron Wyden’s remarks about asking the NSA with regard to the San Bernardino shooter’s iPhone even more interesting.

No wonder Apple is moving to Google, considering Amazon’s relationship with certain government agencies as a cloud service provider. Some of Apple’s data will remain with Amazon for now; we might wonder if this is content like iTunes versus users’ data. Keep your eyes open for future Apple cloud migrations.

US Navy sailors’ electronic devices combed for data by Iran
Gee, encrypted devices and communications sure are handy when members of the military are taken into custody by other countries. Too bad the Navy’s devices weren’t as secure as desired when Iran’s navy detained an American vessel in January this year. To be fair, we don’t know what all was obtained, if any of the data was usable. But if the devices were fully encrypted, Iran probably wouldn’t have said anything.

American Express’ customers’ data breached — in 2013
Looks like a select number of AmEx customers will receive a data breach notice with this explanation:

We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.

The breach happened on December 7, 2013, well into the Christmas shopping season, but we’re just finding out now? “Third party service” means “not our fault” — which may explain why AmEx shareholders (NASDAQ:AXP) haven’t been notified of a potential risk to stock value as yet. Who/what was the third party service? Where’s their notification to public and shareholders?

I need to brew some coffee and limber up before the hearing on Flint, track down my foam footballs and baseballs to throw at the TV while Gov. Snyder goes on about how sorry he is and how he’s going to fix Flint’s water crisis. Oh, and find an emesis basin. See you here tomorrow morning!

“Noteworthy” Ron Wyden Interview on Apple vs FBI: Ask NSA, Ask NSA, Ask NSA

/9 Comments/in /by

This interview Ron Wyden did with Oregon Public Radio includes a lot of what you might expect from him, including an argument that weakening encryption makes us less safe, including possibly exposing kids (because their location gets identified) to pedophiles.

But the most interesting part of this interview are the three times Ron Wyden made it clear, in his inimitable fashion, that someone better ask NSA whether they can decrypt this phone. To me, the interview sounds like this:

Let me tell you what I think is noteworthy here. This is a fight between FBI and Apple. I think it’s noteworthy that nobody has heard from the NSA on this. [around 2:00]

And I want to come back to the fact that the NSA has not been heard from on this and I think that that is noteworthy. [before 7:25]

[After finally being asked what he had heard from NSA] I’m on the intelligence committee, so I’m bound, I take an oath, to not get into classified matters so I’m just going to, uh, leave that there with respect to the NSA. [at 8:30]

We’ve had experts like Susan Landau and Richard Clarke insist that NSA can get into this phone. Jim Comey, in testimony before HJC, sort of dodged by claiming that NSA doesn’t have the ability to get into a phone with this particular configuration.

But Ron Wyden sure seems to think the NSA might have more to say about that.

Golly, I can’t imagine what he thinks the NSA might have to offer about this phone.

The OPM Hack Is One Big Reason Apple Couldn’t Guarantee Its Ability to Keep FBiOS Safe

/9 Comments/in /by

Underlying the legal debate about whether the government can demand that Apple write an operating system that will make it easier to brute force Syed Rizwan Farook’s phone is another debate, about whether the famously secretive tech company could keep such code safe from people trying to compromise iPhones generally.

The government asserted, in its response to Apple’s motion to overturn the All Writs Act order, that Apple’s concerns about retaining such code are overblown.

[C]ontrary to Apple’s stated fears, there is no reason to think that the code Apple writes in compliance with the Order will ever leave Apple’s possession. Nothing in the Order requires Apple to provide that code to the government or to explain to the government how it works. And Apple has shown it is amply capable of protecting code that could compromise its security. For example, Apple currently protects (1) the source code to iOS and other core Apple software and (2) Apple’s electronic signature, which as described above allows software to be run on Apple hardware. (Hanna Decl. Ex. DD at 62-64 (code and signature are “the most confidential trade secrets [Apple] has”).) Those —which the government has not requested—are the keys to the kingdom. If Apple can guard them, it can guard this.

Even if “criminals, terrorists, and hackers” somehow infiltrated Apple and stole the software necessary to unlock Farook’s iPhone (Opp. 25), the only thing that software could be used to do is unlock Farook’s iPhone.

That’s explicitly a citation to this passage from Apple’s original motion.

The alternative—keeping and maintaining the compromised operating system and everything related to it—imposes a different but no less significant burden, i.e., forcing Apple to take on the task of unfailingly securing against disclosure or misappropriation the development and testing environments, equipment, codebase, documentation, and any other materials relating to the compromised operating system. Id. ¶ 47. Given the millions of iPhones in use and the value of the data on them, criminals, terrorists, and hackers will no doubt view the code as a major prize and can be expected to go to considerable lengths to steal it, risking the security, safety, and privacy of customers whose lives are chronicled on their phones.

In pointing to that passage, DOJ ignored the first passage in the Apple motion that addresses the danger of hackers: one that notes the government itself can’t keep its secrets safe as best exemplified by the Office of Personnel Management hack.

Since the dawn of the computer age, there have been malicious people dedicated to breaching security and stealing stored personal information. Indeed, the government itself falls victim to hackers, cyber-criminals, and foreign agents on a regular basis, most famously when foreign hackers breached Office of Personnel Management databases and gained access to personnel records, affecting over 22 million current and former federal workers and family members.

By arguing that Apple can keep its secrets safe while ignoring the evidence that the government itself can’t, the government implicitly conceded that Apple is better at keeping secrets than the government.

Of course, it’s not that simple. That’s because the millions of private sector employees who play a role in the secretive functions have clearances too. They were also compromised in the OPM hack. Thus, by failing to keep its own secrets, the government has provided China a ready made dossier of information it can use to compromise all the private sector clearance holders, in addition to the government personnel.

Which is why — in addition to his comment that it was “not reasonable to draw such a conclusion [that hackers could not hack iPhones from the lock screen] based solely on publicly released exploits” — I find this passage from Apple Manager of User Privacy Erik Neuenschwander’s supplemental declaration, submitted to accompany Apple’s reply, to be rather pointed.

Thus, as noted in my initial declaration (ECF No. 16-33), the initial creation of GovtOS itself creates serious ongoing burdens and risks. This includes the risk that if the ability to install GovtOS got into the wrong hands, it would open a significant new avenue of attack, undermining the security protections that Apple has spent years developing to protect its customers.

There would also be a burden on the Apple employees responsible for designing and implementing GovtOS. Those employees, if identified, could themselves become targets of retaliation, coercion, or similar threats by bad actors seeking to obtain and use GovtOS for nefarious purposes. I understand that such risks are why intelligence agencies often classify the names and employment of individuals with access to highly sensitive data and information, like GovtOS. The government’s dismissive view of the burdens on Apple and its employees seems to ignore these and other practical implications of creating GovtOS.

From the briefing in this case, we know that Neuenschwander was part of the then-secret discussions about how to access Farook’s phone before DOJ started leaking to the press about an impending AWA order. That means he almost certainly has to have clearance (and may well deal with more sensitive discussions related to FISA orders). We also know that he would be involved in writing what he calls GovtOS. You would have to go no further than Neuenschwander to identify a person on whom China has sensitive information that would also have knowledge of FBiOS (though there are probably a handful of others).

So he’s not just talking about nameless employees when he talks about the burden of implementing this order. He’s talking about himself. Because of government negligence, his own private life has been exposed to China. And, in part because DOJ chose to conduct this fight publicly, his own role (which admittedly was surely known to China and other key US adversaries before this fight) has been made public in a way NSA’s own engineers never would be.

FBI’s request of Apple — particularly coupled with OPM’s negligence — makes people like Neuenschwander a target. Which is why, no matter how good Apple is at keeping their own secrets, that may not be sufficient to keeping this code safe.

Wednesday Morning: Place Your Bets

/13 Comments/in , /by

About 11:00 a.m. EST today President Obama will announce his nominee to the Supreme Court to fill Antonin Scalia’s seat on the bench.

Apart from Sri Srinivasan, widely mentioned as the likely nominee, who is a possible candidate? Share your guess and then place your bets on Most-Likely Nominee and offer odds on a recess appointment.

Heads up: Your browsing could put you at risk of ransomware
I suppose the news that really big and popular sites were afflicted by ransomware within the last week explains why I had yet another Adobe-brand update pushed at me. Sites affected included The New York Times, the BBC, MSN, and AOL, along with others running a compromised ad network serving ransomware.

PSA: Make sure all your data files are backed up off your PC, and have access to software to rebuild your machine, in case your device is held for ransom.

#AppleVsFBI: Apple filing in California yesterday
Funny how different the characterizations of the 26-page filing. Here’s two:

  • The Guardian (emphasis mine):

    Apple’s lawyers tried to lower the temperature in the company’s fight with the US government on Tuesday, telling a federal judge that America’s Justice Department is well-meaning but wrong in its privacy standoff with the iPhone maker.

  • Forensic scientist Jonathan Ździarski: “Here, Apple is saying, ‘If it pleases the court, tell the FBI to go fuck themselves.'”

Zika virus: even uglier than expected

Stray cats, rounded up…

  • DARPA appeals to Maker/DIY/geek-nerd types, asks them to weaponize everyday devices (IEEE Spectrum) — I find this incredibly creepy; why is DARPA doing this, if the point is to prevent harm to the public from consumer products? Why not FTC/FCC/DOE instead of the military? And what happens to the feckless DIYer who accidentally hurts someone in the course of trying this stuff at home? Will DARPA indemnify them? Or are these informal adjuncts supposed to assume liability though they are doing military and law enforcement research? And what about the participants — will their identities be “harvested” for unspecified use in the future? So much stupid.
  • US transport secretary Anthony Foxx says, “It’s not a surprise that at some point there would be a crash of any technology that’s on the road,” (The Guardian) — in regards to the recent crash of a Google self-driving car with a bus. If it’s not a surprise, why are these on the road so soon? Don’t argue humans crash; these driverless vehicles are supposed to be BETTER than humans, and the public’s roadways shouldn’t be corporate laboratories.
  • PA man charged with phishing celeb women to gain access to their personal photos and videos (The Guardian) — Oddly, he’s not charged with distribution of the celebs’ pics in what became known as ‘The Fappening.’ A perfect example of the kind of crime which would be made easier and more widespread if Apple’s security was weakened — and law enforcement struggles with tackling it now.

That’s a wrap, for now, furballs all cleaned out of the holding bins. See you tomorrow morning!

Monday Morning: Feeling Rather Mussorgsky

/6 Comments/in , , /by

It’s not even 7:00 a.m. here as I start to write this post, and the day is already frantic — like Mussorgsky’s Night on Bald Mountain. I don’t expect a placid ending to the first day of this week, either.

Strap in, lock and load.

Volkswagen on a roll — downhill, fast

  • A former employee who worked at the Michigan-based Volkswagen Group of America’s data processing center filed suit for wrongful termination. The employee lost their job after warning against data deletion after the U.S. Department of Justice ordered VW to halt normal data deletion processes to preserve potential evidence. Michigan is an at-will state, meaning employees can be fired for any reason at any time if they do not have a contract. However, employers may not fire workers in retaliation for refusing to do illegal acts or for reporting violations of health and safety code. Not a sketchy situation at all…this case might be an opportunity for discovery.
  • VW cutting jobs back home in Germany, with administrative roles taking the biggest hit. At the same time, VW says it intends to hire more software and technology personnel as it shifts away from traditional automotive technology. Huh — not a move I would expect when VW clearly hasn’t a handle on electronic vehicle technology.
  • Car sales are up 6.3 percent in the EU, but VW-brand car sales are off 4 percent. Ford and GM’s Opel picked up what VW lost in terms of sales.

Asking oranges from Apple

  • USDOJ hint-hints with little subtlety it will demand Apple’s source code. By subtlety, I mean a footnote shaped like a cudgel in its response to #AppleVsFBI:

    The FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature.

    The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labour by Apple programmers.

    You can read Marcy’s take on the USDOJ’s Lavabit gambit for more.

  • The mega-sized tech companies who support Apple are now doubling down on encryption. Couldn’t see that coming, huh?
  • Some speculate WhatsApp as a communications technology may be the next focus of law enforcement in wake of #AppleVsFBI.
  • John Oliver does a Deep Dive into #AppleVsFBI — amusing take, but Oliver and his writing team have far too simplistic a take on this case. It’s not just that FBI wants a ‘master key,’ or that the FBI relies on All Writs to make its demand on Apple. It’s about forcing a company to create something entirely new, and something that’s not intrinsically part of its product.

Another energy industry executive dead
Josh Comstock, CEO of C&J Energy Services in Houston, Texas, died unexpectedly on Friday. He passed away in his sleep at age 46. Comstock was a supporter of NHRA drag racing. His company, which provided hydraulic fracturing (fracking) services, lost considerable value over the last year with the sharp drop in oil prices and field development.

Oil dudes are under a lot of stress these days.

And it being a Monday, so are we. Relax when you can, gang. I’m clocking out.

What Mix of Approaches Should We Use to Keep Cyber Space Safe?

/26 Comments/in /by

President Obama gave a pretty crummy answer on Apple vs FBI at South by Southwest yesterday (I’ve put the entire exchange below the line). The question was posed as one pitting “privacy” versus security, and with the exception of this passage, Obama accepted that frame.

What makes it even more complicated is the fact we also want really strong encryption, because part of us preventing terrorism, or preventing people from disrupting the financial system or our air traffic control system or a whole other set of systems that are increasingly digitalized is that hackers, state or non-state, can just get in there and mess them up.

Obama also bracketed two related issues: how our decisions will affect what happens in other countries, and how they’ll affect our economic vitality (which is ultimately a cornerstone to America’s hegemonic place in the world).

And so the question now becomes, we as a society — setting aside the specific case between the FBI and Apple, setting aside the commercial interests, concerns about what could the Chinese government do with this even if we trusted the U.S. government — setting aside all those questions, we’re going to have to make some decisions about how do we balance these respective risks.

Along the way he threw out some absurd examples, such as the security theater of TSA, or the claim that we need to break into smart phones for tax enforcement when we still haven’t shut down shell companies which are a bigger threat to tax enforcement, not to mention a tool used by big time criminals.

But underlying it all is an assumption, one shared by many of those taking the law enforcement side of this debate: that the police are the ones that keep us safe.

Don’t get me wrong, what cops do is critical to keeping us safe, and there have definitely been times in my life I’ve been grateful to them (even if the time I was most victimized by crime, the cops also engaged in egregious racial profiling that made me angry).

But the cops are not the only thing that keeps us safe in this country — and our country relies on cops far more than many other countries and far more than we probably should. We probably rely on cops, in part, because we don’t use armies to sustain domestic order, we have stark wealth differences (which are getting starker), and we also have used police to enforce racial caste in a way that few other countries expect their cops to do.

In addition to cops, however, we rely on other things to keep ourselves safe: common tools like door locks, operational security (after I got mugged I became far more aware of how and where I was walking at night), norms and civil society that serve as self-policing mechanisms, some alternative policing in privately owned public spaces. We do not ask cops to patrol inside our homes to keep burglars out (we do tolerate private guards, of a variety of types, patrolling commercial spaces, though they usually have far more limited authority), but rely instead primarily on other tools that work most of the time.

In meat space, I think the current state of affairs evolved over time (and again, is clearly a product of our economic and racial history); we’re actually in a period of reassessment whether we’ve gotten the balance correct. But as we debate how to keep law and order in “cyber” space, we seem to have forgotten that it takes more than police to keep us safe, even in meat space — and we certainly haven’t considered whether the same balance as we have settled on in meat space is appropriate in cyber space.

Meanwhile, the debate about law and order in cyber space takes place against the backdrop of national security in cyber space, with little clear differentiation between the two. It’s not an accident that those tasked primarily with national security are more supportive of real device encryption, partly for technical reasons, but partly because real device encryption negatively affects law enforcement far more than it negatively affects national security (and encryption definitely helps national security more than it hurts).

But one thing never happens in either of those worlds: accountability.

On the national security side, I have long noted that people like then Homeland Security Czar John Brennan or Director of National Security Keith Alexander never get held responsible when the US gets badly pawned. The Chinese were basically able to steal the better part of the F-35 program, yet we still don’t demand good cyber practices from defense contractors or question the approach the NSA used on cyber defense. A few people lost their job because of the OPM hack, but not the people who have a larger mandate for counterintelligence or cybersecurity. Indeed, the National Security Council apparently considers cyber a third category, in addition to public safety and national security.

As a result, whereas we assume (wrongly) that we should expect the NatSec establishment to prevent all terrorist attacks, no one thinks to hold our NatSec establishment responsible if China manages to steal databases of all our cleared personnel.

On the law enforcement side it’s not much better: most cities have large numbers of crimes that never get cleared, including some of the crimes (like murder) that Jim Comey now says we can only solve if law enforcement can get inside your smart phone. And those uncleared crimes go back well before the time of smart phones. So the cops say they won’t be able to solve crimes unless they can get inside your smart phone, but they’re not, at the same time, being held accountable for the crimes they’re not solving.

One thing is clear though: the OPM hack, not to mention the Target hack and the Sony hack and the Apple selfie hack, have made it clear that the government is not competent, by itself, to keep us safe in cyberspace. Even if it were true that we could or did rely exclusively on policing to keep us safe in meat space, the track record of “law enforcement” broadly defined may be even worse in cyber space. Or it may just be that the impact a few criminals can do is far more widespread (and also, far more likely to affect white victims).

One more thing: by merging Information Assurance Division with the rest of the NSA, the government recently made a decision to default to an even more offensive-minded posture on national security policing of the cyber world than it already had. I guess the idea is to aim for complete visibility in cyberspace and take out attackers that way. Maybe that’s what needs to happen, maybe it’s not. But the equivalent decision (even ignoring the privacy problems of OmniCISA) — expecting law enforcement to acquire total awareness of everything going on in cyber space — would be untenable in domestic cyber law enforcement.

I raise all this to point to a debate we’re not having: one about what the proper means to keep cyber space safe is.

The assumption from people like President Obama is that ultimately self-defense, of which real encryption is a key part, must cede to police transparency. Yet that assumption comes with zero indication that that police transparency will actually do much to keep cyber safe space.

I don’t pretend to know the answer to what the proper model of public safety is. But I’m cognizant that we’re assuming we know what it should be when in fact the evidence suggests that model is not keeping us safe.  Read more

Why Isn’t DOJ Complaining about Apple’s Cooperation with Police States Like South Korea … or the US?

/6 Comments/in /by

There was lots that was nasty in yesterday’s DOJ brief in the Apple vs FBI case. But I want to look at this claim, from DOJ’s effort to insinuate Apple is resisting doing something for the US government it has already done for China.

Apple suggests that, as a practical matter, it will cease to resist foreign governments’ efforts to obtain information on iPhone users if this Court rules against it. It offers no evidence for this proposition, and the evidence in the public record raises questions whether it is even resisting foreign governments now. For example, according to Apple’s own data, China demanded information from Apple regarding over 4,000 iPhones in the first half of 2015, and Apple produced data 74% of the time.

There are a bunch more claims in the paragraph, that I expect Apple will address in its reply. But in this passage, DOJ suggests that Apple is doing something nefarious by providing the government of a country of over 1.3 billion people access to information from 4,000 Apple devices.

Omigosh! 4,000 phones!! That’s an unbelievable amount of cooperation with a repressive state!!!

Here’s the section of Apple’s transparency report from which DOJ gets the numbers.
Screen Shot 2016-03-11 at 6.06.08 PM

As you can see, China has asked for data from roughly the same number of devices as Australia, a country with 2% of China’s population (and a much smaller market for iPhones; though China’s number is higher if you include Hong Kong). By far the biggest snoop into citizens’ devices is South Korea (with a population of just over 50 million), which has asked for data on 37,565 devices.

And if providing a government information on devices is a sign of tyranny, then the DOJ better start worrying about … the US, which asked for information from more than twice as many phones as China in the same period, and which got compliance more often.

In truth, this is a bullshit metric, attacking responses to legal process from China as a kind of red-bashing, while ignoring the much greater data grab that our ally South Korea makes. It says nothing about special cooperation Apple has given China.

That doesn’t mean Apple hasn’t made such cooperation, but DOJ’s use of such a stupid number ought to raise real questions about the rest of it.

Friday Morning: Lovely

/6 Comments/in , , /by

We made it to Friday! Yay! And that means another jazz genre. This week it’s shibuya-kei, a sub-genre/fusion born of Japanese jazz. Our sample today is by Kenji Ozawa. Note how damned perky it is, blending jazz elements with pop and synthpop. Its cuteness might also be described as kawaii, but that’s a whole ‘nother topic.

Some other shibuya-kei artists you might want to try are Paris Match (Metro), Aira Mitsuki (Butterly), Maki Nomiya (Shibuya-kei Standards), Takako Minekawa (Plash), and Kensuke Shiina (Luv Bungalow).

Get your mellow on and jazz your Friday up.

Urgent: Update Adobe Flash immediately if you apply patches manually
Go to this Security Bulletin link at Adobe for details. The update fixes 23 vulnerabilities, one or more of which are being used in exploits now though information about attacks are not being disclosed yet. And yes, this past Tuesday was Patch Tuesday, but either this zero-day problem in Flash was not known then, or a solution had not yet been completed, or…whatever. Just make sure you check all your updates, with this Adobe Flash patch at the top of the list.

USDOJ doing its PR thing on #AppleVsFBI
After reports this week that FBI director James Comey was a political liability in the case against Apple, U.S. Attorney General Loretta Lynch appeared on Stephen Colbert’s The Late Show to make the case for Apple writing code as requested by USDOJ. She said,

“First of all, we’re not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone. We’re asking them to do what their customer wants. The real owner of the phone is the county, the employer, of one of the terrorists who is dead,”

Right. And my iPhone-owning kid wants a ham sandwich — will Apple write an app on demand for that, just because my kid’s the owner of the iPhone?

Look, nearly all software is licensed — the San Bernardino shooter’s iPhone may be property of the county that employed him, but the iOS software is property of Apple. Maybe Lynch needs a ham sandwich, too, a little boost in blood sugar to grok this point.

Volkswagen’s Terrible, No Good, Very Bad Week continues

  • Looks like VW’s U.S. CEO Michael Horn bailed out because he butted heads with the Holzkopfs in German leadership (Jalopnik)
  • By butting heads, that is to say, Horn dislikes the idea of jail time (Forbes) — though naming executives is pro forma on such lawsuits, if Horn was only in his role for roughly 18 months and this fraud goes back 8-9 years, AND Germany’s executive team disagreed with Horn’s proposal for U.S. dealers and vehicle owners, he’s reasonably twitchy about sticking around.
  • VW updated its emissions standards defeat code after its existence was revealed (Forbes) — wanna’ bet it was a software patch?

Stray cats and dogs

  • White House wants +20M more Americans on broadband (DailyDot) — Under ConnectALL initiative, a new subsidy program will help low income citizens get online with broadband access.
  • Pew Research study shows 15% of Americans still not online (Pew Research Center) — Rural, low income, minority, elderly are most likely not to have internet access; they’re the same target group as proposed federal ConnectALL program.
  • But good luck with broadband speed or cable TV content if HBO-TWC-Charter continue to scuffle over the TWC-Charter merger (AdAge) — Yet another example of the fundamental conflict between content makers and internet providers; internet providers should focus on the quality of their internet service, not on the content in the ‘series of tubes’ they supply.`

And just for giggles, note the Irish economy has expanded at fastest rate since 2000. Gee, I wonder what would happen to the Irish economy if major tech companies like Apple moved to Ireland?

I’m out of here — have a great weekend!

DOJ to Apple: Start Cooperating or You’ll Get the Lavabit Treatment

/10 Comments/in /by

DOJ has submitted its response to Apple in the Syed Farook case. Amid invocations of a bunch of ominous precedents — including Dick Cheney’s successful effort to hide his energy task force, Alberto Gonzales effort to use kiddie porn as an excuse to get a subset of all of Google’s web searches, and Aaron Burr’s use of encryption — it included this footnote explaining why it hadn’t just asked for Apple’s source code.

Screen Shot 2016-03-10 at 6.17.50 PM

That’s a reference to the Lavabit appeal, in which Ladar Levison was forced to turn over its encryption keys.

As it happens, Lavabit submitted an amicus in this case (largely arguing against involuntary servitude). But as part of it, they revealed that the reason the government demanded Lavabit’s key is because “in deference to [Edward Snowden’s] background and skillset, the Government presumed the password would be impossible to break using brute force.”

Screen Shot 2016-03-10 at 6.34.21 PM

But that says that for phones that — unlike Farook’s which had a simple 4-digit passcode — the government maintains the right to demand more, up to and including their source code.

The government spends a lot of time in this brief arguing it is just about this one phone. But that footnote, along with the detail explaining why they felt the need to obtain Lavabit’s key, suggests it’s about far more than even Apple has claimed thus far.