Month: March 2016

New York Judge Rules Feds Can’t Coerce Apple Into Unlocking An iPhone

In a rare positive judicial ruling, a judge in New York has ruled against the feds who were demanding the power to coerce Apple into unlocking an iPhone:

A US magistrate judge in New York has ruled that the government can’t force Apple to help law enforcement unlock an iPhone using the All Writs Act.

[…]

In the brief, the judge concluded that this is an issue that should be handled by congress. If the government wants to use All Writs or CALEA to force companies to circumvent encryption, there needs to a clear law granting it that power.

It should be noted that this case separate from the San Bernardino one but the ruling could give Apple’s lawyers some judicial precedence to strengthen their argument in that case.

Unfortunately, but not surprisingly, the judge rule that Congress needs to make a law to resolve this debate. What would have been better is a ruling that said the State doesn’t have the power to coerce people into performing labor against their will. Of course such a precedence would effectively invalidate the State itself so I understand why it wasn’t made.

This issue will likely continue to come up until the Supreme Court rules on it. Having the authority to coerce companies into creating backdoors is just too enticing for the feds to roll over on. That being the case, companies should start focusing their efforts on creating software and devices that they are unable to crack. If devices are effectively secured by default it won’t matter what laws are passed or what rulings are made.

Brazilian Government Unable To Break WhatsApp’s Encryption, Retaliates By Kidnapping A Facebook Employee

This may be a preview of things to come here. The Brazilian government is a bit peeved that it is unable to bypass WhatsApp’s encryption. Furthermore, it has been unable to convince Facebook, the owner of WhatsApp, to include a backdoor in the software. In what appears to be an act of retaliation the government has decided to harass Facebook by kidnapping one of its employees:

The arrest was made at the request of officials from the state of Sergipe, in Brazil’s north-east. In a statement, the federal police said Facebook/WhatsApp had repeatedly failed to comply with court orders relating to an organized crime and drug-trafficking investigation.

[…]

WhatsApp said in a statement that it was disappointed at the arrest and is unable to provide information it does not have, due to the architecture of its service. “We cooperated to the full extent of our ability in this case and while we respect the important job of law enforcement, we strongly disagree with its decision,” the unit said.

I wish companies would stop including all the nonsense about understanding the important job of law enforcement. Enforcing laws isn’t important. Providing justice to victims is important but that’s not what law enforcers primarily do.

What makes this kidnapping even weirder is that WhatsApp is apparently a separate operational entity from Facebook so the Brazilian government didn’t even kidnap a person who is in any way responsible for the app:

Facebook issued a distinct statement, noting that WhatsApp is operationally separate from the mothership, making the arrest of a Facebook exec “extreme and disproportionate.”

This is what it looks like when a government throws a temper tantrum. Hopefully the Brazilian government will release the poor schmuck it kidnapped. Although it wouldn’t surprise me (OK, it would surprise me a little bit) if it decided to threaten to kill him if Facebook didn’t give in to its demands. Either way, if I were Facebook I’d strongly consider moving all operations out of Brazil. Operating in that country has obviously become a liability.

When The State Isn’t Wrecking The Technology Industry It’s Begging It For Help

Do you know what’s especially funny about the fight between Apple and the Federal Bureau of Investigations (FBI)? While one part of the State is trying to destroy computer security another part is begging for help:

Carter will visit a Pentagon outpost in the heart of Silicon Valley, speak at a cybersecurity conference in San Francisco and go to Microsoft and Amazon headquarters in Seattle to highlight the risks of cyberattacks and the need for greater digital cooperation with the Pentagon.

His visit to the West Coast — his third in less than a year, more than he’s made to Kabul or Baghdad — marks the latest effort by the Obama administration to recruit telecommunications, social media and other technology companies as partners in national security operations despite deep suspicion in Silicon Valley about government surveillance.

Statism in a nutshell. When computer security stands in the way of the State’s power it attempts to crush it mercilessly. But when it needs computer security to solidify and maintain its power it comes crawling back to the very people it tried to execute only a short while ago.

In the end the State wants the best of both worlds. It wants a world where its networks and devices are secure but nobody else’s are. Why should security professionals provide the State any assistance when it constantly tries to bite their hands?

Now Your Water Pitcher Can Be A Network Vulnerability

this-business-will-get-out-of-control

This Internet of Things will get out of control.

Everybody is rushing to either “cloud” enable their products or make it part of the Internet of things. There are countless examples of this nonsense. Now we even have water pitchers with fucking Wi-Fi capabilities:

Starting today, Brita will sell a sensor-filled, WiFi-connected Brita pitcher (yes, you read that correctly) that will work with Dash Replenishment Service.

The new pitcher, called the Brita Infinity pitcher, will be able to track how much water is flowing through the pitcher. When approximately 40 gallons of water have passed through the pitcher’s purification filter, the pitcher will then send a signal to the Dash Replenishment Service to reorder more filters.

Instead of having a watch pitcher you have to replace filters on whenever you water starts to taste funky you can have that and concerns about battery power, whether the pitcher is accurately measuring water usage and not shaving a bit off of the top to increase Brita’s profits, and network security too!

We’re at the point where we need to strongly consider separate wireless networks and VLANs for our Internet enabled devices. The utter lack of security concerns most Internet of Things manufacturers have shown so far makes these devices too dangerous to let onto our usual networks but the technology is becoming so pervasive that simply ignoring the technology will become increasingly more difficult.