Search This Blog

Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

Wednesday 30 March 2016

Apple v FBI - Some Uncomfortable Truths

 
‘We must not lose sight of corporate power.’ Grand Central, an installation by Valentin Ruhry, cleverly subverts digital consumer culture with a product display featuring everyday objects found at a train station. MAK GALLERY, Vienna, 2014, curated by Marlies Wirth. Courtesy of Christine König Galerie, Vienna.


Julia Powles and Enrique Chaparro in The Guardian


It has been a spectacular six-week showdown – the world’s most valuable brand, Apple, pitted against the powerful American agents of the FBI. Two titans of spin, locked in a fast-moving battle over a dead terrorist’s smartphone. Now, as dramatically as it exploded, the FBI’s legal demand that Apple help it crack the iPhone of one of the San Bernardino killers has evaporated – the agents hacked their way in anyway, assisted by a mysterious third party.

There was always more to the Apple v FBI case than met the eye – and it is true for this latest twist too. The biggest issue is that both sides stand to gain a lot more from this battle than any of us. With little relation to reality, and backed by a worryingly partisan chorus, the notoriously closed Apple is emerging as a champion of users’ rights. Equally worryingly, a government agency is claiming the power to keep to itself a tool that can potentially break security features on millions of phones, while earmarking a demand for further judicial or legislative intervention in the future. Whichever way you look, this feud is far from a road to freedom in the digital environment.

Breaching Fortress Apple

From the FBI’s side, it seems clear that the case was opportunistically selected. No one wants to defend a terrorist. And after hammering on about law enforcement “going dark” on secured communications, the authorities were salivating for a pin-up case. Terror on home soil provided it.

But the FBI failed to account for one thing: the fallout of enraging a cultish brand on top of the most guarded, controlling ecosystem that computing has ever seen. Apple, incensed at the idea of anyone trespassing on its authority, went public – an equally opportunistic move, straight from the Taylor Swift playbook. And in so doing, Apple debunked the FBI’s otherwise earnest rhetoric that it only wanted to get at one iPhone, from one terrorist.

The key fact is that the FBI demanded a general tool: a modified operating system able to circumvent certain user-set security features in any given iPhone. There are clear dangers in bringing such a tool into existence. As forensics expert Jonathan Ździarski puts it, this is “a bomb on a leash”; a leash that can be undone, legally or otherwise. The FBI’s last-minute deferral of the court hearing in this case would, ideally, have been the enlightened recognition of this reality, as well as the multiple case-handling incompetencies and dubious legal foundations of the FBI’s request. Bizarrely, the withdrawal was on another ground: a third party had emerged with a hack. With the case now wholly dropped, we have a new danger: a classified bomb held by the FBI and unknown third-party hackers – but not by Apple, the one party capable of defusing it.

These facts are as much as the public debate has countenanced, resulting in predictable mud-slinging between techies and bureaucrats; big tech and big brother. What this misses is that this case has been a cause célèbre all along because it presents minimal threat to vested interests and power.

Apple v FBI was never the mother of all privacy battles. It is and always has been a security battle, between alleged national security and individual security, fought over a landscape of increasing insecurity.

It is this insecurity – existing, pervasive, worsening, global vulnerability of our infrastructure, communications and rights – that has been the greatest deception in this battle to date. Because despite how Apple has portrayed itself and been valorized by the media, phones are not impregnable, nor are our data and the platforms they reside on. Not by a long shot. The outside hack proves just that: if an external source that decided to cooperate with the FBI could break into the phone, and in shockingly short time, other less savory sources could do so too.

This case should be a tremendous opportunity for a global conversation about technology fragility. We need responsible leadership that recognizes that there is no such thing as perfect security, and that responds with restraint and redundancy, rather than a headlong tumble into connecting all the things.

Coupled to this must be a specific concession at the heart of the case and the unsatisfactory truce now reached. Digital locks and picks, by their very nature, are binary – they work for all or for none. In the current state of the art, it isimpossible to manufacture what the FBI wants: implanted vulnerabilities, or “backdoors”, that work exclusively for “good guys with a warrant”. Whatever the FBI is holding now, it suffers from this reality. But the problem is also bigger than that. As renowned computer security expert Matt Blaze describes the essence of the dilemma: “We can’t discuss how to make our systems secure with backdoors until we can figure out how to do it without backdoors.”

Boxing in the shadows of vast corporate power

This case, and others like it, are also an opportunity for a deep and reaching conversation about corporate power, and about the increasing intrusion of tech majors into democratic space. This is an angle that has been worryingly absent in most of the case’s commentary.

Regardless of the merits of its position, many of the arguments that have been marshaled at Apple’s feet in recent weeks set a dangerous, potentially pernicious trend. In particular, the argument that corporations are subjects entitled to human rights such as freedom of expression is deeply problematic, undermining reasonable regulation and presenting a destabilizing influence on democracy. The black box society is real, and this case and inevitable future iterations of the same battle have every indication of making it worse.

So we are at the crossroads. And out in the cold. Many decisive questions still remain open, and despite the reams of technical jargon written about this case, its core is not primarily technical, but political.

Under ideal circumstances, and privilege against self-incrimination aside, we should expect that any society would reasonably cooperate with law enforcement to investigate heinous crimes. But what is the most rational response to take when authorities such as the FBI, as well as lawmakers around the world,continue to overreach in their demands, seemingly unwilling to protect an already fragile technology ecosystem and our rights within it?

At the same time, the sheer scale of corporate power challenges the very foundations of democracy, while keeping us locked within walled gardens. Apple,Google, Facebook and the rest have received a tremendous windfall from this case, with nothing more than their words to induce our trust. But trust must be earned. It is predicated on transparency and it demands accountability, not marketing and press releases. Big tech will maintain privacy (or whatever theydefine as privacy) as far as it is convenient for their business. And when it is not, they will gladly forgo it. Apple is no more immune to this than any other business, and we should be as vigilant about its power as we are about any government.

Political, legal and technical solutions (in that order) for these problems may exist. Only honest, open, democratic discussion can find them.

Tuesday 29 March 2016

FBI-Apple case: Investigators break into dead San Bernardino gunman's iPhone

BBC News
The FBI has managed to unlock the iPhone of the San Bernardino gunman without Apple's help, ending a court case, the US justice department says.
Apple had been resisting a court order issued last month requiring the firm to write new software to allow officials to access Syed Rizwan Farook's phone.
But officials on Monday said that it had been accessed independently and asked for the order to be withdrawn.
Farook and his wife killed 14 in San Bernardino, California, in December.
They were later shot dead by police.
The FBI said it needed access to the phone's data to determine if the attackers worked with others, were targeting others and were supported by others.
US officials said Farook's wife, Tashfeen Malik, had pledged allegiance to the so-called Islamic State on social media on the day of the shooting.
Last week, prosecutors said "an outside party" had demonstrated a possible way of unlocking the iPhone without the need to seek Apple's help.
A court hearing with Apple was postponed at the request of the justice department, while it investigated new ways of accessing the phone.
At the time, Apple said it did not know how to gain access, and said it hoped that the government would share with them any vulnerabilities of the iPhone that might come to light. 
On Monday a statement by Eileen Decker, the top federal prosecutor in California, said investigators had received the help of "a third party", but did not specify who that was.
Investigators had "a solemn commitment to the victims of the San Bernardino shooting", she said.
"It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with co-operation from relevant parties, or through the court system when co-operation fails," the statement added.
Responding to the move, Apple said: "From the beginning, we objected to the FBI's demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government's dismissal, neither of these occurred. This case should never have been brought."
The company said it would "continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated".
Grey line

Analysis: Dave Lee, BBC North America technology reporter

The court case that had the US technology industry united against the FBI has for the time being gone away.
Now this debate moves into more uncertain territory. The US government has knowledge of a security vulnerability that in theory weakens Apple devices around the world.
To protect its reputation, Apple will rush to find and fix that flaw. Assuming it can do that, this row is back to square one.
Therefore Apple has called for the matter to remain part of the "national conversation", while the US department of justice says it will still try to use the courts to compel Apple and other phone makers to help with future investigations.
Grey line
An Israeli newspaper last week reported that data forensics experts at cybersecurity firm Cellebrite, which has its headquarters in Israel, are involved in the case.
Cellebrite told the BBC that it works with the FBI but would not say more.
Its website, however, states that one of its tools can extract and decode data from the iPhone 5C, the model in question, among other locked handsets.
The court order had led to a vigorous debate over privacy, with Apple receiving support from other tech giants including Google, Microsoft, and Facebook.
FBI director James Comey said it was the "hardest question" he had tackled in his job.
However, he said, law enforcement saved lives, rescued children and prevented terror attacks using search warrants that gave it access to information on mobile phones.