- September 27, 2014
Signaling Post-Snowden Era, New iPhone Locks Out N.S.A.
David E. Sanger and Brian X Chen
New York Times , September 27, 2014
WASHINGTON — Devoted customers of Apple products these days worry about whether the new iPhone 6 will bend in their jean pockets. The National Security Agency and the nation’s law enforcement agencies have a different concern: that the smartphone is the first of a post-Snowden generation of equipment that will disrupt their investigative abilities.
The phone encrypts emails, photos and contacts based on a complex mathematical algorithm that uses a code created by, and unique to, the phone’s user — and that Apple says it will not possess.
The result, the company is essentially saying, is that if Apple is sent a court order demanding that the contents of an iPhone 6 be provided to intelligence agencies or law enforcement, it will turn over gibberish, along with a note saying that to decode the phone’s emails, contacts and photos, investigators will have to break the code or get the code from the phone’s owner.
Breaking the code, according to an Apple technical guide, could take “more than 5 1/2 years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.” (Computer security experts question that figure, because Apple does not fully realize how quickly the N.S.A. supercomputers can crack codes.)
Already the new phone has led to an eruption from the director of the F.B.I., James B. Comey. At a news conference on Thursday devoted largely to combating terror threats from the Islamic State, Mr. Comey said, “What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law.”
He cited kidnapping cases, in which exploiting the contents of a seized phone could lead to finding a victim, and predicted there would be moments when parents would come to him “with tears in their eyes, look at me and say, ‘What do you mean you can’t’ ” decode the contents of a phone.
“The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense.”
Apple declined to comment. But officials inside the intelligence agencies, while letting the F.B.I. make the public protests, say they fear the company’s move is the first of several new technologies that are clearly designed to defeat not only the N.S.A., but also any court orders to turn over information to intelligence agencies. They liken Apple’s move to the early days of Swiss banking, when secret accounts were set up precisely to allow national laws to be evaded.
“Terrorists will figure this out,” along with savvy criminals and paranoid dictators, one senior official predicted, and keep their data just on the iPhone 6. Another said, “It’s like taking out an ad that says, ‘Here’s how to avoid surveillance — even legal surveillance.’ ”
The move raises a critical issue, the intelligence officials say: Who decides what kind of data the government can access? Until now, those decisions have largely been a matter for Congress, which passed the Communications Assistance for Law Enforcement Act in 1994, requiring telecommunications companies to build into their systems an ability to carry out a wiretap order if presented with one. But despite intense debate about whether the law should be expanded to cover email and other content, it has not been updated, and it does not cover content contained in a smartphone.
At Apple and Google, company executives say the United States government brought these changes on itself. The revelations by the former N.S.A. contractor Edward J. Snowden not only killed recent efforts to expand the law, but also made nations around the world suspicious that every piece of American hardware and software — from phones to servers made by Cisco Systems — have “back doors” for American intelligence and law enforcement.
Surviving in the global marketplace — especially in places like China, Brazil and Germany — depends on convincing consumers that their data is secure.
Timothy D. Cook, Apple’s chief executive, has emphasized that Apple’s core business is to sell devices to people. That distinguishes Apple from companies that make a profit from collecting and selling users’ personal data to advertisers, he has said.
This month, just before releasing the iPhone 6 and iOS 8, Apple took steps to underscore its commitment to customer privacy, publishing a revised privacy policy on its website.
The policy described the encryption method used in iOS 8 as so deep that Apple could no longer comply with government warrants asking for customer information to be extracted from devices. “Unlike our competitors, Apple cannot bypass your passcode, and therefore cannot access this data,” the company said.
Under the new encryption method, only entering the passcode can decrypt the device. (Hypothetically, Apple could create a tool to hack into the device, but legally the company is not required to do that.)
Jonathan Zdziarski, a security researcher who has taught forensics courses to law enforcement agencies on collecting data from iPhones, said to think of the encryption system as a series of lockers. In the older version of iOS, there was always at least one locker that was unlocked, which Apple could enter to grab certain files like photos, call history and notes, in response to a legal warrant.
“Now what they’re saying is, ‘We stopped using that locker,’ ” Mr. Zdziarski said. “We’re using a locker that actually has a combination on it, and if you don’t know the combination, then you can’t get inside. Unless you take a sledgehammer to the locker, there’s no way we get to the files.”
The new security in iOS 8 protects information stored on the device itself, but not data stored on iCloud, Apple’s cloud service. So Apple will still be able to obtain some customer information stored on iCloud in response to government requests.
Google has also started giving its users more control over their privacy. Phones using Google’s Android operating system have had encryption for three years. It is not the default setting, however, so to encrypt their phones, users have to go into their settings, turn it on, and wait an hour or more for the data to be scrambled.
That is set to change with the next version of Android, set for release in October. It will have encryption as the default, “so you won’t even have to think about turning it on,” Google said in a statement.
A Google spokesman declined to comment on Mr. Comey’s suggestions that stronger encryption could hinder law enforcement investigations.
Mr. Zdziarski said that concerns about Apple’s new encryption to hinder law enforcement seemed overblown. He said there were still plenty of ways for the police to get customer data for investigations. In the example of a kidnapping victim, the police can still request information on call records and geolocation information from phone carriers like AT&T and Verizon Wireless.
“Eliminating the iPhone as one source I don’t think is going to wreck a lot of cases,” he said. “There is such a mountain of other evidence from call logs, email logs, iCloud, Gmail logs. They’re tapping the whole Internet.”
The Profession of Arms: A Guide for Young Army Officers
It takes courage, especially for a young officer, to check a man met on the road for not saluting properly or for slovenly appearance, but, every time he does, it adds to his stock of moral courage, and whatever the soldier may say, he has respect for the officer who does pull him up.
Read Document →The Dragon's Teeth: Assessing China's Military Modernization
PLA has focused on modernising its capabilities across all warfare domains to achieve these goals. This includes land, air, and maritime operations, nuclear, space, counter-space, electronic warfare and cyberspace operations, aiming to become a fully integrated joint force.
Read Document →Transforming the PLA: A Decade of reorganisation from SSF to ISF
PRC has engaged in a sustained and broad effort to transform the PLA from an infantry-heavy, low-technology, ground forces-centric military into a high-technology, networked force with an increasing emphasis on joint operations and naval and air power projection.
Read Document →Eyes without Borders: Exploring the World of Open Source Intelligence (OSINT) in the Digital Age
Open Source Intelligence (OSINT) is gaining prominence with the rise of social media, the digital society and the vast growth of publicly and commercially available information (PAI and CAI).
Read Document →
The PLA’s Developing Cyber Warfare Capabilities and India's Options
Informationised warfare blurs the lines between peacetime and wartime. A nation in the information age cannot wait for the hostilities to break out to collect intelligence, carryout influence operations, develop antisatellite systems or design computer software weapons.
Read Document →
Galwan and After
Why did China did this when he is under tremendous pressure in all fronts, is this China's salami slice tactics being progressed rigorously, what will be new Rules of Engagement, what will be escalatory control mechanism, who has taken this decision, will there be some pressure put by China in India's North-East through insurgency.
Read Document →
India’s Joint Doctrine for Cyberspace Operations: A Critical Review
Chief of Defence Staff (CDS) General Anil Chauhan and Secretary, Department of Military Affairs, formally released declassified versions of the Joint Doctrines for Cyberspace Operations during the Chiefs of Staff Committee meeting in New Delhi.
Read Document →
Know your Enemy General(now Field Marshal) Syed Aseem Munir
Gen SA Munir's position in the hierarchy of Pakistan was not very comfortable. The state of economy, insurgency in Pakhtoonistan and Balochistan, attack on the Jaffar Express, constant protests by supporters of Imran Khan's supporters inside and outside of parliament.
Read Document →
Decoding Operation SINDOOR: Key Aspects and Implications
Precision strikes were carried out on nine sites—four in Pakistan and five in PoK—linked to anti-India terrorist groups such as the LeT, JeM and the Hizbul Mujahideen. The targeted sites included Muridke (LeT headquarters) and Bahawalpur (JeM headquarters).
Read Document →
Chinese Cyber Exploitation in India's Power Grid - Is There a linkage to Mumbai Power Outage?
The New York Times (NYT), based on analysis by a U.S. based private intelligence firm Recorded Future, reported that a Chinese entity penetrated India’s power grid at multiple load dispatch points. Chinese malware intruded into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant
Read Document →
No comments:
Post a Comment