Quillian and Comey
The director of the Federal Bureau of Investigation has warned US senators that the threat from the Islamic State merits a “debate” about limiting commercial encryption – the linchpin of digital security – despite a growing chorus of technical experts who say that undermining encryption would prove an enormous boon for hackers, cybercriminals, foreign spies and terrorists.
In a twin pair of appearances before the Senate’s judiciary and intelligence committees on Wednesday, James Comey testified that Isis’s use of end-to-end encryption, whereby the messaging service being used to send information does not have access to the decryption keys of those who receive it, helped the group place a “devil” on the shoulders of potential recruits “saying kill, kill, kill, kill”…
He added: “I am not trying to scare folks.”
Since October, following Apple’s decision to bolster its mobile-device security, Comey has called for a “debate” about inserting “back doors” – or “front doors”, as he prefers to call them – into encryption software, warning that “encryption threatens to lead us all to a very, very dark place”.
But Comey and deputy attorney general Sally Quillian Yates testified…they did not wish the government to itself hold user encryption keys and preferred to “engage” communications providers for access, though technicians have stated that what Comey and Yates seek is fundamentally incompatible with end-to-end encryption.
Comey, who is not a software engineer, said his response to that was: “Really?”…
…Comey’s campaign against encryption has run into a wall of opposition from digital security experts and engineers. Their response is that there is no technical way to insert a back door into security systems for governments that does not leave the door ajar for anyone – hackers, criminals, foreign intelligence services – to exploit and gain access to enormous treasure troves of user data, including medical records, financial information and much more.
The cybersecurity expert Susan Landau, writing on the prominent blog Lawfare, called Comey’s vision of a security flaw only the US government could exploit “magical thinking”…
In advance of Comey’s testimony, several of the world’s leading cryptographers, alarmed by the return of a battle they thought won during the 1990s “Crypto Wars”, rejected the effort as pernicious from a security perspective and technologically illiterate.
A paper they released on Tuesday, called “Keys Under Doormats”, said the transatlantic effort to insert backdoors into encryption was “unworkable in practice, raise[s] enormous legal and ethical questions, and would undo progress on security at a time when internet vulnerabilities are causing extreme economic harm”.
I guess all these years spent successfully stopping enemies of democracy [excluding politicians and elected officials] before encrypted communications were broadly, cheaply possible were just a fluke.
Perhaps time spent hiring and training talented well-educated people to work within a system that respects democratic freedoms may have something to do with it. Perhaps aiding folks, domestic and foreign, to build a better life – instead of simply insisting upon obedience – might diminish the danger from demagogues.
Ahmed’s pic from the Albuquerque Balloon Fiesta has shown up around the world
Apple’s World Gallery, part of the “Shot on iPhone 6″ media blitz, was honored at this year’s Cannes Lions International Festival for Creativity with five Gold Lions and a Grand Prix award in the outdoor category.
…Jury president Juan Carlos Ortiz, creative chairman ad agency DDB Americas, heaped praise on the idea of sourcing media from the public sphere. The strategy flies in the face of traditional media strategies which rely on art contracted from professional photographers.
“It’s not just a great idea, it’s a game changer,” Ortiz said. “It’s really opening a new way of doing things and changing behavior.”
World Gallery first showed up online in March as a collection of images taken by iPhone 6 users. While some images were captured by professionals in the photography field, many were shot by pro-am or amateur users. Earlier this month, Apple added a video section to the minisite, again featuring footage borrowed from iPhone 6 and 6 Plus owners.
I started noticing the video adverts showing up on TV in the last couple of weeks. Not only impressive work in most instances, I’m especially happy to see mostly amateurs receiving recognition.
There was a time, decades ago, that Kodak brought similar capabilities to hobbyist photographers. I’m delighted to see it happening again.
“Apple cannot bypass your passcode and therefore cannot access this data”
In a letter delivered to President Barack Obama on Monday, two trade groups comprised of some of the largest tech companies in the U.S. asked the White House to reject government policies designed to undermine encryption systems built to keep consumer data private.
Both the Information Technology Industry Council and the Software and Information Industry Association were signatories of the letter…The groups represent a number of companies including Apple, Google, Facebook, Microsoft and IBM, among others.
“We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool,” the letter reads…
Law enforcement officials, looking for access to data that could potentially help in criminal investigations, have repeatedly called on private sector firms to install backdoors into their existing security infrastructure. They argue technology companies like Apple are blocking access to information deemed vital to criminal investigations. Further, Apple is advertising the fact that iOS users are “above the law,” officials said…
For its part, industry representatives argue encryption is not merely a perk, but a necessity for many consumers. Some attribute the modern data privacy movement to revelations concerning the existence of government surveillance programs, as leaked by former NSA contractor Edward Snowden. The general public has since become hyper-sensitive to prying eyes, especially those attached to government bodies.
“Consumer trust in digital products and services is an essential component…” I’ll second that. For all the crapology from so-called constitutional scholars like the president, security presented as taking precedence over privacy is nothing more than sophistry. The sort of argument our original revolutionary forebears rose up against.
There is no less a need, today.
Yes, this is what it says on my wife’s iPhone, same on my iPad
In a letter…delivered to President Barack Obama on Tuesday, Apple is among a group of signatories requesting the White House reject incoming government proposals that would modify current policies to allow law enforcement access to encrypted user data.
As reported by The Washington Post, which gained access to the letter on Monday, Apple joins a cadre of more than 140 tech companies, security experts and interested civil groups concerned with upcoming legislation that could force access to consumer data, even if it is encrypted.
“Strong encryption is the cornerstone of the modern information economy’s security,” the letter reads. Further, signatories unanimously recommend that government agencies should “fully support and not undermine efforts to create encryption standards.”
According to The Post, three signatories were on a five-member presidential review team formed to investigate U.S. technology policy in 2013, just after former NSA contractor Edward Snowden sparked public outrage by leaking information regarding secret government surveillance programs. Among the revelations aired by Snowden was the existence of mass data collection initiatives targeting everything from phone calls to social networks and other high-traffic consumer products…
With iOS 8, Apple built an encryption system so secure that it is technically incapable of decrypting a user’s device even with the appropriate documentation. The lockout method was not well received by officials wanting access to user data, a procedure allowed through [so-called] proper warrants.
RTFA if you need to dull your brain with predictable rationales from security-snoops. The history of this sort of political paranoia tends to end with Big Brother having his patriarchal way with your thought and speech. Coppers are accustomed, now, to the government handing them them anything they need or need to know – or think they need to know – on a bulletproof platter.
They’re incensed that Apple dares to advertise the fact that they can’t decrypt your iPad or iPhone, either.
Stanford University researchers were stunned when they awoke Tuesday to find that 11,000 people had signed up for a cardiovascular study using Apple’s ResearchKit, less than 24 hours after the iPhone tool was introduced.
“To get 10,000 people enrolled in a medical study normally, it would take a year and 50 medical centers around the country,” said Alan Yeung, medical director of Stanford Cardiovascular Health. “That’s the power of the phone.”
With ResearchKit, Apple has created a pool of hundreds of millions of iPhone owners worldwide, letting doctors find trial participants at unprecedented rates. Already five academic centers have developed apps that use the iPhone’s accelerometers, gyroscopes and GPS sensors to track the progression of chronic conditions like Parkinson’s disease and asthma…
Bloomberg – of course – has to lurch off topic to ring up someone, anyone, who might try to cast FUD on the process.
For starters, the average iPhone user is more likely to have graduate and doctoral degrees than the average Android user, and has a higher income as well…Those sort of demographic differences could skew the findings from a study.
And Apple is making ResearchKit open source; so, in fact, there will be Android users.
Misleading data can also come from a user accidentally hitting a button or giving her phone to someone else, said C. Michael Gibson, a professor at Harvard Medical School and an interventional cardiologist…
Yet the iPhone also helps address a problem that standard trials often encounter: People enrolled in studies often falsely report their activity to researchers. By using its internal components or secondary devices connected wirelessly via Bluetooth, the iPhone can silently measure users’ behavior, without relying on them to keep track or be honest about what they’re doing…
Stanford researchers are using their ResearchKit app to study ways to encourage people to modify their behavior to improve heart health. Their app aims to automate as much data collection as possible, Yeung said. Participants will be asked to keep their phone on them as much as possible for a week, letting the GPS and accelerometer track their activity…
Other researchers are also looking for ways to use the iPhone to more accurately track behavior. A team at the Icahn School of Medicine at Mount Sinai, working with digital health company LifeMap Solutions Inc., is studying whether having an iPhone app that educates asthma patients and reminds them to use their inhaler can improve symptoms and reduce doctor visits…
As of Tuesday morning, more than 2,500 people had enrolled and consented to participate in the asthma study, according to LifeMap…
The Parkinson’s app had 5,589 consenting users by Tuesday morning, according to Sage Bionetworks. Todd Sherer said he didn’t know the cost of developing the app, but the foundation’s biomarker study, a traditional trial with almost 800 participants over five years, has cost about $60 million…
Dunno if editors or reporters at Bloomberg get credit for looking everywhere but up their own arse to ask silly questions…but, many are not only irrelevant, but, ridiculous. We’re supposed to believe that every aspect of scientific methodology will suddenly disappear because a qualitatively larger pool of test subjects are now possible. Feels more like CNN.
My favorite football analogy fits perfectly:
A truly lame sports reporter was quizzing Ruud Gullet about Fulham’s potential problems with circumstances that didn’t exist – but could. But hadn’t.
Gullet finally blew up, saying, “What if, what if, what if? If my auntie had balls she’d be my uncle.”
People take incredible photos and videos on iPhone 6 every day. And here are some of our favorites. Explore the gallery, learn a few tips, and see what’s possible with the world’s most popular camera.
I’ve been a photographer since single-digit years. Apple put this collection up to illustrate what folks have been doing with the camera in their iPhones in recent days and months.
I’m suitably impressed. I don’t own a smartphone; but, even the few snaps I’ve taken with my iPad came out of the ether as viewable and editable into something useful. The point is, however, you can get to being a decent photographer as long as the hardware is designed around a good lens – and helpful software comes with it.
Apple Pay has proven to be a venue of convenience for criminals focusing on identity fraud, a new report suggests, with many fraudsters taking advantage of lax customer verification controls put in place by Apple’s partner banks to make brick-and-mortar purchases using stolen credit cards via the growing mobile payment service.
Apple Pay itself has not been exploited, according to The Guardian, with issues instead arising at the issuing banks. The problem centers around the processes those banks use to verify customers’ identity when adding a card to Apple Pay.
When adding a card, banks can reportedly choose to accept it immediately — using a so-called “green path” — or require additional verification, via a “yellow path.” Apple provides the banks with contextual information, such as the name of the device Apple Pay is being configured on, the device’s current location, and data about the length of iTunes transaction history, during setup to help identify cases where more stringent checks are required.
The yellow path processes have apparently been found lacking in some cases, with unnamed partner banks asking only for relatively easily-obtainable information, such as the last four digits of the customer’s social security number. Once approved, criminals can then use Apple Pay to purchase products at retail, later selling them for cash — with Apple retail stores apparently a particularly attractive target…
As part of their Apple Pay agreements, issuing banks agreed to accept liability for fraud through the platform. Thus far, that amount is thought to have risen into the millions of U.S. dollars, and banks are working on fixes.
You might think that banks – especially the big banks first on board with Apple Pay – might have something as basic as authentication of their own customers down pat. You’d be wrong.
Obviously, Apple figured banks might drop the ball. That’s why issuing banks have to accept the liability for fraud.
Meanwhile, Apple Pay works so well that crooks love it. Guaranteed to be another whine from the NSA and FBI next time they hand out press releases begging Congress to make Apple weaken security.
Women sense my power and they seek the life essence…But, I do deny them my essence, Mandrake.
The National Security Agency director, Mike Rogers…sought to calm a chorus of doubts about the government’s plans to maintain built-in access to data held by US technology companies, saying such “backdoors” would not be harmful to privacy, would not fatally compromise encryption and would not ruin international markets for US technology products.
Rogers mounted an elaborate defense of Barack Obama’s evolving cybersecurity strategy in an appearance before an audience of cryptographers, tech company security officers and national security reporters at the New America Foundation in Washington…
For most of the appearance, however, Rogers was on the defensive, at pains to explain how legal or technological protections could be put in place to ensure that government access to the data of US technology companies would not result in abuse by intelligence agencies. The White House is trying to broker a deal with companies such as Apple, Yahoo and Google, to ensure holes in encryption for the government to access mobile data, cloud computing and other data…
Rogers admitted that concerns about US government infiltration of US companies’ data represented a business risk for US companies, but he suggested that the greater threat was from cyber-attacks…
US technology companies have bridled at government pressure to introduce weaknesses in encryption systems in order to ensure government access to data streams, and technical experts have warned that there is no way to create a “backdoor” in an encryption system without summarily compromising it. An appearance by Obama at a cybersecurity conference at Stanford University last week to tout cooperation between the government and US tech companies was upstaged by an impassioned speech by Apple’s chief executive, Tim Cook, who warned of the “dire consequences” of sacrificing the right to online privacy…
“‘Backdoor’ is not the context I would use, because when I hear the phrase ‘backdoor’ I think: ‘Well this is kind of shady, why wouldn’t you want to go in the front door, be very public?’” Rogers said. “We can create a legal framework for how we do this.”
“Legal framework”, eh? Let me remind folks the first mass bombing of civilians had a “legal framework”. Hitler’s Condor Legion was invited into Spain by the fascist dictator, Franco. All perfectly legal. They bombed civilians in Madrid, Guernica, across Republican Spain.
Not that the United States would ever “legally” bomb civilians. Oh.
Apple’s new Campus 2 – under construction in Cupertino, California
Apple’s landmark solar power deal…is a long-term sustainable energy solution that should generate enough to power essentially all of the company’s California operations, including the upcoming “spaceship” Campus 2, by the end of 2016.
The green energy will be purchased from First Solar, Inc., through an $848 million agreement that will last for at least 25 years, making it the largest of its kind in the industry. First Solar will be providing electricity through its forthcoming 2,900-acre California Flats Solar Project in Monterey County…
In total, the solar plant will output 280 megawatts of electricity, 130 megawatts of which will be bought by Apple. The remaining 150-megawatt capacity will be sold to Pacific Gas & Electric under a separate long-term power purchase agreement…
Cook said…that Apple will buy enough electricity to power nearly 60,000 California homes. That’s enough to offset the electricity used by Apple’s upcoming Campus 2, as well as all 52 Apple retail stores in the Golden State, and its data center in Newark.
The Apple CEO also made it clear that climate change is a very serious issue for him and his company, which is why they are taking the lead on renewable and sustainable energy. Cook also noted to investors that the agreement makes sound financial sense as well, as the $848 million deal will result in “very significant savings” on the cost of energy.
So, the most valuable corporation in the world says it makes economic sense to move eletricity generation away from fossil fuel, away from coal and oil.
Congressional pimps and cowards, Republican conservatives and Blue Dog Democrats, bleat this isn’t possible.
Which side are you on?
“History has shown us that sacrificing our right to privacy can have dire consequences”
Apple is among more than a half-dozen major U.S. corporations that have agreed to integrate the White House’s Cybersecurity Framework into their operations, but the iPhone maker will not share security information with the federal government…
While the extent to which the framework will influence Apple’s security practices is unclear, it appears that the company will not take the extra step of sharing security-related data with the Department of Homeland Security’s new National Cybersecurity and Communications Integration Center. Such information sharing is a tentpole of Obama’s cybersecurity strategy.
While a few notable security vendors have signed up, none of Silicon Valley’s major consumer-focused companies are participating, and Apple CEO Tim Cook was the only well-known corporate executive at the summit. The Valley maintains a deep distrust for the federal government in the aftermath of the Edward Snowden spying revelations, a point which Cook drove home during his speech.
“If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money,” Cook said. “We risk our way of life.”
“We must get this right,” he added. “History has shown us that sacrificing our right to privacy can have dire consequences. We still live in a world where all people are not treated equally. Too many people do not feel free to practice their religion, or express their opinion, or love who they choose.”
Personal privacy is especially important “in a world in which that information can make the difference between life and death,” Cook said.
Uncle Sugar – led by the President of these United States – is stepping up to deal with a question of security deeply rooted in the structure of the Internet. And as the Web, the Cloud, the constant value of communications and access to information becomes more a part of everyone’s life – that question of security increases as threat and value.
I don’t doubt the President considers his proposal to be something of value. On its own. But, his continuation of the Bush/Cheney cabal, his extension of the NSA and FBI as the thought police of the world absolutely corrupts the process. It is a refutation of the standards set by our constitution as imperfect as that document may sometimes be.
So, I credit Tim Cook for not sulking in a Silicon Valley McMansion – but, showing up to address problems that need to be addressed while continuing to question the intellectual dishonesty, the hypocrisy that characterizes every aspect of our government. It doesn’t matter if it’s Congress or the White House. This nation deserves better.
Tim Cook signs onto the framework, the concept of developing cybersecurity that works for everyone. But, he will not cooperate with turning private data over to the government.
Keep on rocking in the Free World.