Microsoft Sues Over Gag Orders

Microsoft, in a complaint to the Justice Department, says that governments shouldn’t be able to keep cloud providers behind a gag order when they execute a search warrant.

Microsoft brings this case because its customers have a right to know when the government obtains a warrant to read their emails, and because Microsoft has a right to tell them.

Damn straight, Microsoft.

Both Sides of Their Mouth

So let me get this straight… The FBI is in court right now telling the Department of Justice how it may sometimes need access to information, and Apple has made a…

deliberate marketing decision to engineer its products so the government cannot search them, even with a warrant

while at the same time, telling automakers

The FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles

So, again, the FBI’s argument is “make it secure, but leave opportunities for us to get in.”

You can’t have both, kids. Interesting-er and interesting-er

Richard Clarke Talks Encryption

Wikipedia

Richard Clarke, former National Security Council leader and security advisor to Clinton, Bush and Obama, in an [interview with NPR][1]

If I were in the job now, I would have simply told the FBI to call Fort Meade, the headquarters of the National Security Agency, and NSA would have solved this problem for them. They’re not as interested in solving the problem as they are in getting a legal precedent.

and later…

Every expert I know believes that NSA could crack this phone. They want the precedent that the government can compel a computer device manufacturer to allow the government in.

According to the guy who would know, the NSA has the ability to unlock the San Bernardino phone. I’ve always had a suspicion that was the case, but now it’s confirmed.

NPR has the whole transcript on the page, but I encourage listening to it to get some of the nuance.

[1]: http://www.npr.org/2016/03/14/470347719/encryption-and-privacy-are-larger-issues-than-fighting-terrorism-clarke-says title=“interview with NPR”

Amicus, Briefly

SUPPORTING APPLE THROUGH AMICUS BRIEFS:

As listed on a Press Info page on Apple’s site, Amicus Briefs supporting Apple’s stance on this issue. 

In no particular order, these companies and groups are in support of Apple’s stance of not creating software to bypass security for government use.

  • A group of law professors
  • Twitter
  • Airbnb
  • eBay
  • LinkedIn
  • Square
  • Atlassian
  • Automattic (Wordpress parent company)
  • Cloudflare
  • GitHub
  • Kickstarter
  • Mapbox
  • Meetup
  • Reddit
  • Squarespace
  • Twilio
  • Wickr
  • AT&T
  • Intel
  • Electronic Frontier Foundation (EFF)
  • Consumer Technology Association
  • Microsoft
  • Oracle
  • IBM
  • Salesforce
  • Autodesk
  • Access Now
  • The App Association
  • American Civil Liberties Union (ACLU)

And, expected later today (the deadline is 11:59 PM on March 3, 2016)

  • Google 
  • Nest Labs
  • Facebook
  • WhatsApp
  • Evernote
  • Snapchat 
  • Mozilla Foundation

Seems like Apple’s in good company, here.

This, coupled with the FBI’s disastrous (in my opinion) showing in the congressional hearings, make it seem like privacy may actually win this fight.

UPDATE

All of the “expected” entities above have signed on, as well as:

  • Box
  • Dropbox
  • Slack
  • Cisco
  • Pinterest
  • Snapchat
  • Yahoo
  • Center for Democracy & Technology
  • Privacy International
  • Human Rights Watch
  • AVG Technologies
  • Data Foundry
  • Golden Frog
  • Computer & Communications Industry Association
  • Internet Infrastructure Coalition

Tidal wave.  

Law Is Hard

Orin Kerr, writing for The Washington Post, has a great breakdown of the challenges both sides face in the Apple vs. FBI phone-unlocking saga

This case is like a crazy-hard law school exam hypothetical in which a professor gives students an unanswerable problem just to see how they do.

There are two parts to this post, be sure to read both if you are at all interested. Lots of good info and case law.

Disingenuous, At Best

FBI Director James Comey pleads his case

The San Bernardino litigation isn’t about trying to set a precedent or send any kind of message. 

Bullshit.

(emphasis mine)

UPDATE: And as if on cue, the story comes out today (24 hours after this post) that the FBI has a pile of phones awaiting this decision.  Bullshit, indeed.  

That Wall St Journal link is behind a paywall. Sorry.

Tim Cook: A Dangerous Precedent

In an open letter on the Apple Web site, Tim Cook lays out his case against helping the government unlock an iPhone:

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

“No reasonable person would find that acceptable." bears repeating. The thought that any government would have a powerful surveillance tool and never use it is ludicrous. I’m sure the FBI said “just this once, AT&T” when they did the first wire tap also.

The fact is, Apple can’t decrypt the phone. They stopped storing encryption keys on their servers years ago, just for this reason. If they don’t have the key, they can’t unlock the door. The FBI is requesting Apple build an all-new version of iOS that removes the limit on incorrect passcodes so the government can brute-force the phone by trying millions of passcode combinations. Currently, if an incorrect passcode is entered ten times in a row, the data is erased.

Apple is challenging the order, and here’s hoping they win.

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.