Tweet
URL1=http://arstechnica.com/tech-policy/2014/12/feds-want-apples-help-to-defeat-encrypted-phones-new-legal-case-shows/
Summary: Court can compel Apple (or other vendors) to do what is possible and, "not too much of an imposition," to help recover evidence for the court (prosecution.) It is argued that if they can't decrypt the data, they won't be forced to, but the article suggests they could back-door a device.
From Snowden, and other sources we have seen claims that vendors were required to cooperate with the U.S. Federal government when shipping products overseas. We have also read of claims from other sources of products being intercepted before leaving or entering the country to be back-doored with custom firmware. The concept of these claims was not new, as people wanting to see US Tech firms succeed, proposed these techniques were being used in Chinese manufacturing, to warn people away from buying tech from China.
If U.S. courts can legally compel manufacturers to eavesdrop on consumers, undermine their privacy, and weaken products, then we will have another reason for foreign consumers to not buy technology from the U.S., but how will this change security?
If the courts (prosecution and executive branch) get legal authority to compel manufacturers to work against consumer privacy, how likely would these capabilities and instances of each being used, be made public?
Some people (on the side of prosecution and executive branch) are pushing this kind of work as a modernization of CALEA ( http://en.wikipedia.org/wiki/Communi...nforcement_Act ) to keep up with technology. There have been several attempts to get various "CALEA2" pushed through congress and signed into law.
URL2=https://www.aclu.org/blog/national-security-technology-and-liberty/documents-aclu-case-reveal-more-detail-fbi-attempt
The ACLU claims that the FBI uses NDA with local law enforcement, and relies on NDA with manufacturer to deny FOIA requests to learn about techniques used to acquire evidence used in a case. They also claim local law enforcement took court documents allegedly on use of "Stingray", and before the court could get the documents back, Federal Marshals took the documents from the local police department.
URL3=http://arstechnica.com/tech-policy/2014/06/dow-jones-asks-court-to-unseal-long-completed-digital-surveillance-cases/
From ARSTechnica is a story of something similar from the judicial branch; one judge unseals records he previously sealed, and another judge re-seals them.
URL4=http://arstechnica.com/tech-policy/2014/11/local-judge-unseals-hundreds-of-highly-secret-cell-tracking-court-records/
Then, also from ARSTechnica, a North Carolina judge unseals ~500 records about a week ago. Now we are waiting to see what happens here. Will these be re-sealed? We still wait to see results of this, and what will actually be released.
With all of the above history considered with Stingray capabilities and use being kept from public review, I'd expect any new capabilities by courts (prosecution and executive branch) to compel manufacturers to violate privacy of consumers to also be kept secret, until it too is leaked.
What will happen to technological exports from the US? Will consumers assume that all governments are doing things like this, and with the world economy the way it is, every country with a manufacturer of parts or firmware could be pressured to back-door their products?
How would these kinds of policies and rules impact security? Would inclusion of back-doors in products make security substantially worse, or are there presently so many security issues, that the tiny change in number of issues known and unknown by adding new back-doors, that comparing total counts before and after would be statistically equivalent to not having them? (In any estimation of security errors, there is an estimate of error, plus-or-minus a value; would the addition of back-doors be so small in comparison to security risks known and unknown as to be meaningless?) Should we assume that vendors do not already have back-doors?
Again, please avoid political arguments.
Summary: Court can compel Apple (or other vendors) to do what is possible and, "not too much of an imposition," to help recover evidence for the court (prosecution.) It is argued that if they can't decrypt the data, they won't be forced to, but the article suggests they could back-door a device.
From Snowden, and other sources we have seen claims that vendors were required to cooperate with the U.S. Federal government when shipping products overseas. We have also read of claims from other sources of products being intercepted before leaving or entering the country to be back-doored with custom firmware. The concept of these claims was not new, as people wanting to see US Tech firms succeed, proposed these techniques were being used in Chinese manufacturing, to warn people away from buying tech from China.
If U.S. courts can legally compel manufacturers to eavesdrop on consumers, undermine their privacy, and weaken products, then we will have another reason for foreign consumers to not buy technology from the U.S., but how will this change security?
If the courts (prosecution and executive branch) get legal authority to compel manufacturers to work against consumer privacy, how likely would these capabilities and instances of each being used, be made public?
Some people (on the side of prosecution and executive branch) are pushing this kind of work as a modernization of CALEA ( http://en.wikipedia.org/wiki/Communi...nforcement_Act ) to keep up with technology. There have been several attempts to get various "CALEA2" pushed through congress and signed into law.
URL2=https://www.aclu.org/blog/national-security-technology-and-liberty/documents-aclu-case-reveal-more-detail-fbi-attempt
The ACLU claims that the FBI uses NDA with local law enforcement, and relies on NDA with manufacturer to deny FOIA requests to learn about techniques used to acquire evidence used in a case. They also claim local law enforcement took court documents allegedly on use of "Stingray", and before the court could get the documents back, Federal Marshals took the documents from the local police department.
URL3=http://arstechnica.com/tech-policy/2014/06/dow-jones-asks-court-to-unseal-long-completed-digital-surveillance-cases/
From ARSTechnica is a story of something similar from the judicial branch; one judge unseals records he previously sealed, and another judge re-seals them.
URL4=http://arstechnica.com/tech-policy/2014/11/local-judge-unseals-hundreds-of-highly-secret-cell-tracking-court-records/
Then, also from ARSTechnica, a North Carolina judge unseals ~500 records about a week ago. Now we are waiting to see what happens here. Will these be re-sealed? We still wait to see results of this, and what will actually be released.
With all of the above history considered with Stingray capabilities and use being kept from public review, I'd expect any new capabilities by courts (prosecution and executive branch) to compel manufacturers to violate privacy of consumers to also be kept secret, until it too is leaked.
What will happen to technological exports from the US? Will consumers assume that all governments are doing things like this, and with the world economy the way it is, every country with a manufacturer of parts or firmware could be pressured to back-door their products?
How would these kinds of policies and rules impact security? Would inclusion of back-doors in products make security substantially worse, or are there presently so many security issues, that the tiny change in number of issues known and unknown by adding new back-doors, that comparing total counts before and after would be statistically equivalent to not having them? (In any estimation of security errors, there is an estimate of error, plus-or-minus a value; would the addition of back-doors be so small in comparison to security risks known and unknown as to be meaningless?) Should we assume that vendors do not already have back-doors?
Again, please avoid political arguments.
Comment