Government snooping, backdoors and #necessaryhashtags

[xilman]

Quote:

Originally Posted by kladner

.....even with search warrants.



[SNARK]I guess they will have to revive the use of thumb screws to extract the passwords from users directly.[/SNARK]

http://www.washingtonpost.com/busine...92f_story.html

Or implement a local equivalent of RIPA everywhere, which makes failure to decrypt a criminal offen{s,c}e punishable by years of imprisonment.

[kladner]

Quote:

Originally Posted by xilman

Or implement a local equivalent of RIPA everywhere, which makes failure to decrypt a criminal offen{s,c}e punishable by years of imprisonment.

I do wonder how long Apple's resolve will hold.

[ewmayer]

As is too-often the case, the Apple announcement may be quite overblown and misleading to begin with.

But interesting to see the heads of BigDataSuck firms "getting it" at least as far as their marketing spin is concerned.

[Xyzzy]

http://xkcd.com/538/

[Xyzzy]

Quote:

As is too-often the case, the Apple announcement may be quite overblown and misleading to begin with.

If we read the article correctly, then our i{phones|pads} are safe because we have never connected them to iTunes via a computer so no "pairing record" was ever created?

(They say you need a computer to activate these things but we never bothered.)

[ewmayer]

Quote:

Originally Posted by Xyzzy

If we read the article correctly, then our i{phones|pads} are safe because we have never connected them to iTunes via a computer so no "pairing record" was ever created?

An active iTunes (or more generally, other "cloud service"/social-media) account seems to be the worst kind of "open orifice", but parsing this snip more carefully seems to indicate that merely activating your iDevice could leave you vulnerable:

Your i{Phone|Pad|whatever} creates [a pairing record] when you connect it to a computer to sync music and similar to it. In fact you have to create one to activate it, since that's done through iTunes.

Mike, do you remember whether you needed to create an iPhone (or other) kind of Apple account when you activated your new phone?

Comments from folks who are both Apple-gizmo users and crypto wonks would be appreciated.

(The only apple gizmo I have ever used is my macbook, and I use no kind of tunes-foo/streaming-video-bar service no social media, except for a very-rarely-accessed LinkedIn account.)

==================

Fans (or haters) of the popular TV show NCIS may be interested to know how the keeping-us-all-safe heroes at NCIS operate in real life:

Child-porn conviction is tossed; Navy surveillance is blamed

Quote:

9th Circuit judges say Naval Criminal Investigative Service has routinely probed the computers of civilians in Washington and elsewhere looking for evidence of crimes in a violation so egregious that the court will let a convicted child pornographer go free to make its point

Navy criminal investigators repeatedly and routinely peeked into the computers of private citizens in Washington state and elsewhere, a violation of the law so “massive” and egregious that an appeals court says it has no choice but to throw out the evidence against an Algona man sentenced to 18 years in prison for distribution of child pornography.

The three-judge panel of the U.S. 9th Circuit Court of Appeals, in a decision handed down last week, said the 2012 prosecution of Michael Allan Dreyer by the U.S. Attorney’s Office in Seattle demonstrated Naval Criminal Investigative Service (NCIS) agents “routinely carry out broad surveillance activities that violate” the Posse Comitatus Act, a Reconstruction-era law that prohibits the military from enforcing civilian laws.

The court called the violations “extraordinary” and said evidence presented in Dreyer’s prosecution appears to show that “it has become a routine practice for the Navy to conduct surveillance of all the civilian computers in an entire state to see whether any child pornography can be found on them, and then to turn over that information to civilian law enforcement when no military connection exists.”

So, we can expect some kind of criminal prosecutions of the serial lawbreakers at NCIS, yes? /sarc

[ewmayer]

Latest op-ed from James Bamford shows that dredging for "visits to porn sites" is not just something Navy spooks have been doing:

Israel's NSA Scandal

Quote:

WASHINGTON — IN Moscow this summer, while reporting a story for Wired magazine, I had the rare opportunity to hang out for three days with Edward J. Snowden. It gave me a chance to get a deeper understanding of who he is and why, as a National Security Agency contractor, he took the momentous step of leaking hundreds of thousands of classified documents.

Among his most shocking discoveries, he told me, was the fact that the N.S.A. was routinely passing along the private communications of Americans to a large and very secretive Israeli military organization known as Unit 8200. This transfer of intercepts, he said, included the contents of the communications as well as metadata such as who was calling whom.

Typically, when such sensitive information is transferred to another country, it would first be “minimized,” meaning that names and other personally identifiable information would be removed. But when sharing with Israel, the N.S.A. evidently did not ensure that the data was modified in this way.

Mr. Snowden stressed that the transfer of intercepts to Israel contained the communications — email as well as phone calls — of countless Arab- and Palestinian-Americans whose relatives in Israel and the Palestinian territories could become targets based on the communications. “I think that’s amazing,” he told me. “It’s one of the biggest abuses we’ve seen.”

It appears that Mr. Snowden’s fears were warranted. Last week, 43 veterans of Unit 8200 — many still serving in the reserves — accused the organization of startling abuses. In a letter to their commanders, to Prime Minister Benjamin Netanyahu and to the head of the Israeli army, they charged that Israel used information collected against innocent Palestinians for “political persecution.” In testimonies and interviews given to the media, they specified that data were gathered on Palestinians’ sexual orientations, infidelities, money problems, family medical conditions and other private matters that could be used to coerce Palestinians into becoming collaborators or create divisions in their society.

...

It should also trouble Americans that the N.S.A. could head down a similar path in this country. Indeed, there is some indication, from a top-secret 2012 document from Mr. Snowden’s leaked files that I saw last year, that it already is. The document, from Gen. Keith B. Alexander, then the director of the N.S.A., notes that the agency had been compiling records of visits to pornographic websites and proposes using that information to damage the reputations of people whom the agency considers “radicalizers” — not necessarily terrorists, but those attempting, through the use of incendiary speech, to radicalize others. (The Huffington Post has published a redacted version of the document.)

In Moscow, Mr. Snowden told me that the document reminded him of the F.B.I.’s overreach during the days of J. Edgar Hoover, when the bureau abused its powers to monitor and harass political activists. “It’s much like how the F.B.I. tried to use Martin Luther King’s infidelity to talk him into killing himself,” he said. “We said those kinds of things were inappropriate back in the ’60s. Why are we doing that now? Why are we getting involved in this again?”

Presumably the "radicalizers" the power-drunk Gen. Alexander is targeting includes potential ones in the US congress and court system who might feel an urge to try to rein in the out-of-control US NatSec state and restore some semblance of rule of law. (And maybe this has something to do with near-unanimous votes in congress supporting Israeli hyper-retaliation and collective punishment in Gaza, as well).

[Xyzzy]

Quote:

Mike, do you remember whether you needed to create an iPhone (or other) kind of Apple account when you activated your new phone?

We share the same account between four iPhones and two iPads.

The account was originally created on a computer. For the earlier models of iPhones and iPads you had to have a computer to set them up.

Our more recent acquisitions (iPad Air & iPhone 5c) did not require a computer at any point of setting them up, but they did use the old shared account.

Maybe if we created a new account, from a new (wiped) iPad that particular setup would be the most secure?

We would have no problem doing this and it would certainly simplify a few things. The only benefit we derive from the shared account is shared applications, shared music and a shared contact list that can be edited by any of the devices. That all sounds nice, but we have very few apps, we use old non-active iPhones as music players and our contact (friend) list is woefully short.

[chappy]

http://boingboing.net/2014/09/18/app...detecting.html

So Apple's resolve may have nothing to do with it. But, part of the problem is that iOS devices were an open book for the NSA for several years. So they didn't need to formally request access.

[ewmayer]

James Bamford piece on The Intercept revealing the dangerous life such investigative journalism entails:

The NSA and Me

Quote:

The tone of the answering machine message was routine, like a reminder for a dental appointment. But there was also an undercurrent of urgency. “Please call me back,” the voice said. “It’s important.”

What worried me was who was calling: a senior attorney with the Justice Department’s secretive Office of Intelligence Policy and Review. By the time I hung up the payphone at a little coffee shop in Cambridge, Mass., and wandered back to my table, strewn with yellow legal pads and dog-eared documents, I had guessed what he was after: my copy of the Justice Department’s top-secret criminal file on the National Security Agency. Only two copies of the original were ever made. Now I had to find a way to get it out of the country—fast.
[...]
For several years I had been working on my first book, The Puzzle Palace, which provided the first in-depth look at the National Security Agency. The deeper I dug, the more troubled I became. Not only did the classified file from the Justice Department accuse the NSA of systematically breaking the law by eavesdropping on American citizens, it concluded that it was impossible to prosecute those running the agency because of the enormous secrecy that enveloped it. Worse, the file made clear that the NSA itself was effectively beyond the law—allowed to bypass statutes passed by Congress and follow its own super-classified charter, what the agency called a “top-secret birth certificate” drawn up by the White House decades earlier.

(h/t NC reader barrisj)

[ewmayer]

The Unpatchable Malware That Infects USBs Is Now on the Loose

If this kind of unstoppable firmware exploit hadn't arisen "naturally", the NSA would have had to invent it and get it stealthily written into the applicable standards.