An encryption backdoor is a lousy idea

The recent column by veteran tech journalist Walt Mossberg…executive editor at The Verge and editor at large of Re/code.

Protecting the security of the United States and of Americans abroad is no easy task, especially against terrorists. I got a lesson in this before I became a tech columnist, when I served stretches as the chief Pentagon correspondent and the National Security correspondent for The Wall Street Journal, including coverage of the intelligence agencies.

So, I’m somewhat sympathetic with the frustrations expressed over the past year or so by national security officials — especially FBI Director James Comey — over fears that encryption of digital devices and services is making it harder for their agencies to spot and stop terrorists in the digital age…

I understand their exasperation, but not their proposed solution: Forcing American companies, notably Apple and Google, to build “backdoors” into their encrypted smartphones that would allow the government access. This would be a huge change, because both companies have introduced whole-device encryption that even they can’t decrypt. It would also be a huge mistake.

Over the past year or so, Mr. Comey and his colleagues have complained that this encryption of smartphones by Apple and Google is causing a problem they call “going dark” — making it harder for them to conduct surveillance of smartphones, messaging services and more.

The problem is that, even if the FBI served the companies with a legal court-approved search warrant for particular encrypted phones, they couldn’t comply. The lawmen would have to serve the warrant on the phones’ owners, and try and force them to unlock the devices with a password, fingerprint or some other authentication method…

But now, following the horrific terror attack in Paris, the issue is showing signs of coming back to life…Add in the massacre in San Bernadino, California, and we all know what we can expect from the amalgamation of security hawks and craven politicians.

Apple CEO Tim Cook posted a statement on a special privacy section of Apple’s web site, saying, in part: “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.”

He followed that up recently. In October, he told a tech conference that “I don’t know a way to protect people without encrypting” and “you can’t have a backdoor that’s only for the good guys…”

It’s fair to note that, in addition to protecting their customers, Apple and Google get business benefits from strong and secure encryption. They gain the ability to remove themselves from delicate law enforcement actions. And they gain protection against charges overseas that buying their products will give the U.S. government access to foreign users’ data.

They also have plenty of support for their views from people with no such business interests…

For another, Mr. Comey’s complaints are overblown. Even without a backdoor, there are still many avenues that authorities can use to track terrorists…

I sincerely hope that the U.S. government, working with tech companies, can come up with some solution that helps catch terrorists and criminals who use smartphones and messaging services to disguise their plans and identities. I wish I could say what that might be. But I do know that it shouldn’t be one that weakens or destroys user-controlled smartphone encryption.

Walt Mossberg is someone I appreciate and often agree with on technology. Not so often on politics. It’s a pleasure to say he’s nailed both this time.

Alibaba just beat the US in a global tech competition

Each year, Jim Gray held a battle of the machines.

This was a battle of speed and time and energy, and it involved some of the top minds in the world of hardcore computer science. Who could build a system that could analyze the most data in 60 seconds? Who could sort 100 terabytes the quickest? Who could sort 100 terabytes — aka 100,000 gigabytes — using the least amount of electricity?

Gray — the legendary computer scientist who won the Turing Award for his work with computer databases — was lost at sea in 2007, mourned across the computer science community and beyond. But in the years since, others have continued his battle of the machines. Today, as we move so rapidly into the age of cloud computing, this competition doesn’t just pit one machine against another. It pits an army of machines against so many other armies.

In recent years, researchers at Microsoft — where Gray was working when he died — have topped several of these contests. Last year, a top prize went to a team that includes one of the top engineers at Google. Researchers from the University of California at Berkeley have also fared well. But this year, there was a new winner: Alicloud, which sorted 100 terabytes of data in a mere six-and‐a-­half minutes, abusing the previous record of 23-and-a-half minutes.

Alicloud, or Aliyun, is the cloud computing arm of Chinese tech giant Alibaba. It’s analogous to Amazon Web Services or Microsoft Azure or the Google Cloud Platform…Such “public cloud” services represent the future of information technology. A new report from research outfit Forrester deems the public cloud a “hyper-growth market,” predicting that this market will grow to $191 billion by 2020. Here in the States, Amazon is the king of cloud computing, with revenues of about $6 billion a year, and the two big challengers are Microsoft and Google…and Alicloud is very much on the rise in China…

RTFA for all the details. Especially if you’re a datahead geek. An enjoyable read with only a trace of the “White Man’s Burden”.

Sooner or later journalists will realize that a connected world doesn’t care a rat’s ass about who rolled out a particular style or method first. It will take editors and publishers with their usual commitment to ideology – called style – a few more decades.

Politicians and pundits? Maybe another century.

Apple, tech companies warn Obama, again, against violating privacy

“Apple cannot bypass your passcode and therefore cannot access this data”

In a letter delivered to President Barack Obama on Monday, two trade groups comprised of some of the largest tech companies in the U.S. asked the White House to reject government policies designed to undermine encryption systems built to keep consumer data private.

Both the Information Technology Industry Council and the Software and Information Industry Association were signatories of the letter…The groups represent a number of companies including Apple, Google, Facebook, Microsoft and IBM, among others.

“We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool,” the letter reads…

Law enforcement officials, looking for access to data that could potentially help in criminal investigations, have repeatedly called on private sector firms to install backdoors into their existing security infrastructure. They argue technology companies like Apple are blocking access to information deemed vital to criminal investigations. Further, Apple is advertising the fact that iOS users are “above the law,” officials said…

For its part, industry representatives argue encryption is not merely a perk, but a necessity for many consumers. Some attribute the modern data privacy movement to revelations concerning the existence of government surveillance programs, as leaked by former NSA contractor Edward Snowden. The general public has since become hyper-sensitive to prying eyes, especially those attached to government bodies.

“Consumer trust in digital products and services is an essential component…” I’ll second that. For all the crapology from so-called constitutional scholars like the president, security presented as taking precedence over privacy is nothing more than sophistry. The sort of argument our original revolutionary forebears rose up against.

There is no less a need, today.

Google OOPS! of the month


Internet giant Google has apologised after Indian PM Narendra Modi’s photos started appearing in the image search results for “Top 10 criminals”.

“We apologise for any confusion or misunderstanding this has caused,” a Google statement said.

Mr Modi figures prominently in the search alongside images of terrorists, murderers and dictators.

Other world leaders on the list include former US president George Bush and Libya’s Muammar Gaddafi.

Other prominent Indians who come up in the search include Delhi Chief Minister Arvind Kejriwal, lawyer Ram Jethmalani, fugitive underworld don Dawood Ibrahim and Bollywood actor Sanjay Dutt who is serving a jail term in connection with deadly blasts in Mumbai in 1993.

“These results trouble us and are not reflective of the opinions of Google,” the company said in its statement released on Wednesday night…

The internet firm said the result was due to a British daily which had published an image of Mr Modi with erroneous metadata.

Cripes. Then, they can’t even blame the NSA.

Google loses appeal in Safari cookie tracking case – can face trial in the UK

Security company director Marc Bradshaw, editor and publisher Judith Vidal-Hall

“Ordinary computer users like me will now have the right to hold this giant to account before the courts for its unacceptable, immoral and unjust actions”

The U.K.’s Court of Appeal has denied Google’s request to block lawsuits from British consumers over the search giant’s disregard for Safari privacy restrictions designed to prevent advertisers from tracking users.

These claims raise serious issues which merit a trial,” the Court said in its judgement, according to the BBC. “They concern what is alleged to have been the secret and blanket tracking and collation of information, often of an extremely private nature…about and associated with the claimants’ internet use, and the subsequent use of that information for about nine months. The case relates to the anxiety and distress this intrusion upon autonomy has caused.”

The case stems from 2012 allegations that Google intentionally bypassed Safari’s default privacy settings, which restrict websites from setting cookies unless the user has interacted with those sites directly. Google skirted this limitation by amending its advertising code to submit an invisible form on behalf of the user — without their consent — thus allowing tracking cookies to be set.

Those allegations prompted a six-month investigation by the U.S. Federal Trade Commission, which Google eventually settled. The $22.5 million fine levied by the FTC was the largest such sanction in the agency’s history, and Google later agreed to pay a further $17 million in fines to settle cases in 37 U.S. states and the District of Columbia.

Google was able to avoid class-action lawsuits in the U.S., but its defense — that consumers had not suffered monetary harm — was not enough to evade British courts.

That’s right. The Feds and 37 states were able to claim damages from Google. But, US courts in their infinite concern for the almighty dollar and little else – ruled that the computer users whose privacy was deliberately abused by Google have no standing to sue in a class action because they didn’t lose any money as a result of Google’ sleazy practices.

But, in the UK, privacy is considered the right of an ordinary citizen and Google’s abuse of that right makes them liable for a class action suit by users. So saith this pissed-off cranky old geek who thinks we should have the same right here in the GOUSA.

And, yes, I think Google is just about the same level of scumbag as the NSA.

How to win friends & buy influence in Washington DC — Google edition

The Wall Street Journal recently published a report based on accidentally released documents about FTC’s two-year investigation into Google. The 160-page document concluded that Google’s “conduct has resulted—and will result—in real harm to consumers and to innovation in the online search and advertising markets.” I am sure Yelp and others would agree with that conclusion, and are contemplating further action.

The search results manipulation by Google has resulted in complaints that are far worse than anything FTC could have done — people have complained of declining quality and user experience. The emergence of social and mobile environments have taken some zing out of Google. Nevertheless, the WSJ report and reading through the excerpts made me wonder if there is a correlation between FTC investigation and Google’s lobbying efforts…

And after Om’s intro to the topic – we might look back at this:

Google News buries news of Google’s FTC investigation

After the embarrassing leak of a U.S. Federal Trade Commission investigation that described how Google shifted around its search results to harm competition, Google News has shifted its search results to harm journalism, promoting instead a fluff piece glorifying Google…

The exposé of Google’s “strategy of demoting or refusing to display, links to certain vertical websites in highly commercial categories,” as described in the FTC’s 2012 investigation, which concluded that “Google’s conduct has resulted – and will result – in real harm to consumers and to innovation,” was essentially erased from existence in 2013 when Google agreed to make a few minor changes to avoid a federal antitrust lawsuit.

The Wall Street Journal noted that the FTC Commission watered down its public conclusions issued about Google before letting the company off the hook, leaving the findings of the staff investigation secret for two years.

Daniel Lyons reply is included in the AppleInsider article as an update.

Read it – and judge for yourself.