Home Tags Legal

Tag: Legal

France votes to penalize companies for refusing to decrypt devices, messages

Richard Ying et Tangui MorlierFrench parliamentarians have adopted an amendment to a penal reform bill that would punish companies like Apple that refuse to provide decrypted versions of messages their products have encrypted.

The Guardian reports: "The controversial amendment, drafted by the rightwing opposition, stipulates that a private company which refuses to hand over encrypted data to an investigating authority would face up to five years in jail and a €350,000 (£270,000) fine." This is only the bill's first reading, and the final fate of the amendment is uncertain.

Earlier this year, the French government rejected crypto backdoors as "the wrong solution." "Given the government’s reluctance to take on the big phone companies in this way, it remains to be seen whether the thrust of the amendment can survive the lengthy parliamentary process that remains before the bill becomes law," The Guardian writes. Amendment 90 (original in French) is just one of several proposals that sought to impose stiff penalties on companies that refused to cooperate with the authorities.

As the French site Numerama notes, even harsher proposals were rejected.

For example, Amendments 532 and 533 suggested imposing a fine of €1,000,000 (£770,000) on companies that refused to decrypt messages. Amendment 221 proposed a fine of €2,000,000 (£1,550,000) and wanted "all relevant" information to be handed over, not just the decrypted messages.

Finally, Amendment 51 suggested that if a company refused to help the authorities decrypt messages, its executives would be considered as "accomplices to terrorism." While politicians in France fall over themselves to paint Apple and others as terrorist sympathizers for defending encryption, support for the US company has come from the UN's high commissioner for human rights Zeid Ra’ad Al Hussein. On Friday, he issued a statement urging the US authorities "to proceed with great caution in the ongoing legal process involving the Apple computer company and the Federal Bureau of Investigation (FBI), given its potentially negative ramifications for the human rights of people all over the world." Al Hussein said he was concerned the case risked "unlocking a Pandora’s Box that could have extremely damaging implications for the human rights of many millions of people, including their physical and financial security." He went on: "It is neither fanciful nor an exaggeration to say that, without encryption tools, lives may be endangered." This post originated on Ars Technica UK

Zylpha Launches New Version of Its MOJ Portal Integration

Press Release Zylpha (www.zylpha.com), the UK’s leading legal systems innovator has launched a new version of its widely acclaimed MoJ (Ministry of Justice) Portal integration.

The software, which incorporates a host of new features and functionality, automates the smooth transfer of case management information for RTA (Road Traffic Accident) and EL/PL (Employers’ and Public liability) Portal submissions.

This significantly speeds up the document submission process, whilst reducing costs and eliminating the manual input errors associated with the double handling of data. The latest version now has intuitive new workflow screens with additional context sensitive user guidance to aid navigation and enhance user experience.

There are also options to chain consecutive portal functions where appropriate, thereby saving time and ensuring improved accuracy.
Scheduled status updates are also now included at each stage with clear visibility of timeout dates to reduce risk. MOJ Portal Integration The new RTA/ELPL release is fully integrated within leading Case Management Systems, SolCase and Visualfiles from LexisNexis.
It significantly reduces the time taken to complete submissions from 25 minutes down to five minutes on average. Zylpha expects that the new workflow screens and user enhancements will reduce the time taken even further. Commenting on the new version Tim Long CEO of Zylpha added, “We were really impressed by the time and cost savings that our original solution delivered for our clients.

By taking this version to new levels of refinement, with added features and functionality, we are convinced it will soon establish itself as a must have best-practice solution. Quite simply, our team has just made an extremely successful system even better.” Ends About Zylpha www.zylpha.comHeadquartered in Southampton Zylpha is an innovative specialist offering tools for the legal profession including: Secure electronic document production and delivery. Court Bundling. Integration with the MOJ Portal. Links to agencies for AML and Identity Verification. The company, which was founded by Tim Long its CEO, has won widespread acclaim in both the legal and local government sectors for its systems that transform secure communications for court and case management bundles. For more information please contact:Tim LongZylpha Ltd.T: 01962 658881M: 07917 301496t.long@zylpha.comwww.zylpha.com Or Leigh RichardsThe Right ImageT: 0844 / 561 7586M: 07758 372527leigh.richards@therightimage.co.ukwww.therightimage.co.uk

China is building a big data plaform for “precrime”

It's "precrime" meets "thoughtcrime." China is using its substantial surveillance apparatus as the basis for a "unified information environment" that will allow authorities to profile individual citizens based upon their online behaviors, financial transactions, where they go, and who they see.

The authorities are watching for deviations from the norm that might indicate someone is involved in suspicious activity.

And they're doing it with a hand from technology pioneered in the US.As Defense One's Patrick Tucker reports, the Chinese government is leveraging "predictive policing" capabilities that have been used by US law enforcement, and it has funded research into machine learning and other artificial intelligence technologies to identify human faces in surveillance video.

The Chinese government has also used this technology to create a "Situation-Aware Public Security Evaluation (SAPE) platform" that predicts "security events" based on surveillance data, which includes anything from actual terrorist attacks to large gatherings of people. The Chinese government has plenty of data to feed into such systems.

China invested heavily in building its surveillance capabilities in major cities over the past five years, with spending on "domestic security and stability" surpassing China's defense budget—and turning the country into the biggest market for security technology.

And in December, China's government gained a new tool in surveillance: anti-terrorism laws giving the government even more surveillance powers, and requiring any technology companies doing business in China to provide assistance in that surveillance. The law states that companies “shall provide technical interfaces, decryption and other technical support and assistance to public security and state security agencies when they are following the law to avert and investigate terrorist activities”—in other words, the sort of "golden key" that FBI Director James Comey has lobbied for in the US.

For obvious reasons, the Chinese government is particularly interested in the outcome of the current legal confrontation between the FBI and Apple over the iPhone used by Syed Farook. Bloomberg reports that China is harnessing all that data in an effort to perform behavioral prediction at an individual level—tasking the state-owned defense contractor China Electronics Technology Group to develop software that can sift through the online activities, financial transactions, work data, and other behavioral data of citizens to predict which will perform "terrorist" acts.

The system could watch for unexpected transfers of money, calls overseas by individuals with no relatives outside the country, and other trigger events that might indicate they were plotting an illegal action.

China's definition of "terrorism" is more expansive than that of many countries. At a news conference in December, China Electronics Technology Group chief engineer Wu Manqing told reporters, "We don’t call it a big data platform, but a united information environment…It’s very crucial to examine the cause after an act of terror, but what is more important is to predict the upcoming activities.”

FBI says NY judge went too far in ruling the FBI...

More Inception than legal argument at this point The US Department of Justice has appealed a decision by a New York judge to refuse the FBI access to an iPhone: one part in a wider legal battle between law enforcement and Apple. The New York case is separate from the San Bernardino case in California, over which Apple and the FBI have been very publicly fighting. However the decision by a New York magistrate last month to shoot down the FBI's demand that Apple help agents access a locked iPhone, and his rationale for doing so, have been widely cited and referenced, not least by Apple. In New York, the iPhone belongs to alleged drug dealer Jun Feng, whereas the San Bernardino phone belonged to mass killer Syed Farook. In particular, magistrate judge James Orenstein concluded that the FBI did not have the legal authority to compel Apple to help them bypass the phone's passcode and, critically, said the powerful All Writs Act was the wrong legal instrument to use.

The FBI is using that same act to argue for access in the San Bernardino case. Judge Orenstein wrote: The implications of the government's position are so far-reaching – both in terms of what it would allow today and what it implies about Congressional intent in 1789 – as to produce impermissibly absurd results. He added that to give the FBI and DEA the powers they requested would greatly expand governmental powers and put the All Writs Act's constitutionality in doubt. He also declared that since Apple has no responsibility for Feng's wrongdoing, he could not justify "imposing on Apple the obligation to assist the government's investigation against its will." The New York case was addressed by FBI director James Comey at a Congressional hearing on the Apple case last week, where he acknowledged that the FBI had lost. He tried to play down its importance by suggesting it was just one fight in a much larger battle. Regardless, the decision is important, so prosecutors have asked district judge Margo Brodie to look at it and grant them the court order that Orenstein denied. The FBI argues that Orenstein looked at the question too broadly and focused on possible future abuse rather than the actual case he was considering.

And then effectively accuses him of overreach by saying his ruling "goes far afield of the circumstances of this case and sets forth an unprecedented limitation on federal courts' authority." It also argues – as it has done in the San Bernardino case – that the request is device-specific and so does not constitute blanket approval for the FBI to break into any iPhone. As for Apple, unsurprisingly it is in favor of Orenstein's judgment, with a spokesman saying that the company "shares the judge's concern" that use of the All Writs Act in these case is a dangerous path and a "slippery slope". ® Sponsored: 2016 global cybersecurity assurance report card

Privacy groups want rules for how ISPs can track their customers

Some Internet service providers are building powerful tools to track customers, and the U.S.

Federal Communications Commission needs to step in, privacy advocates say. Some privacy advocates are calling on the FCC to create new regulations that limit how ISPs can track their customers across the Internet.

The agency could release a proposal for ISP privacy rules as soon as this month, FCC Chairman Tom Wheeler said last week. Some ISPs are deploying "invasive and ubiquitous" tracking practices as a way to deliver targeted advertising to customers, 12 privacy groups said in a letter to the FCC this week.
In recent years, large ISPs like Comcast and Verizon have entered into advertising partnerships or launched their own advertising services that take advantage of ISP customer data, the letter said. Because U.S. lacks a comprehensive privacy law, "there are very few legal constraints on business practices that impact the privacy of American consumers," said the letter, signed by the American Civil Liberties Union, the Electronic Privacy Information Center and other groups. "The FCC has the opportunity to fill this void." Calls for FCC privacy regulation from privacy groups are setting up a showdown with ISPs and their trade groups, which have resisted agency action on privacy.

For years, the Federal Trade Commission has taken enforcement action against companies, including ISPs, that violate their own privacy policies, critics of FCC action note. "Rather than advocating for a comprehensive privacy policy that applies to all entities in the Internet ecosystem," those privacy groups want the FCC to create new rules applying only to ISPs, said Anne Veigle, senior vice president of communications at USTelecom, a telecom and ISP trade group. "This effort will not give consumers the clear and consistent protections they should have and will only harm competition and innovation on the Internet." USTelecom, CTIA, and three other ISP trade groups sent their own letter to the FCC on March 1, with the groups calling for the agency to keep the rules "flexible" and targeted on unfair or deceptive conduct, as the FTC does, instead of creating extensive new regulations. "Consumer information should be protected based upon the sensitivity of the information to the consumer and how the information is used -- not the type ofbusiness keeping it, how that business obtains it, or what regulatory agency has authority over it," the trade groups' letter said. The move of the FCC toward new privacy rules for ISPs is related in part to the agency's reclassification of broadband as a regulated, common carrier service as part of new Net neutrality rules passed in February 2015.

The FCC had other avenues for passing new privacy regulations, but reclassification of broadband moved the authority for policing broadband privacy from the FTC to the FCC, said Harold Feld, senior vice president at Public Knowledge, one of the privacy groups calling for strong new rules. While the privacy groups haven't proposed many specific rules for the FCC to adopt, they want the FCC to go farther than the FTC practice of filing complaints only after the agency saw a privacy violation. The ISPs "have an obligation" to disclose more details about the information they collect and their uses of it, Feld said.

The groups want the FCC to look at how ISPs are coming cable data from customer set-top boxes with other sources to "create very detailed user profiles for marketing purposes," he added. The privacy groups also want ISPs to get opt-in permission to use customer data for most purposes. "We want ISPs to secure clear permission from subscribers before using the data collected for any purpose other than to provide broadband service," he said.   But extensive new rules may not be necessary with more customers using encryption to protect their data, some critics said. Even the privacy groups recognize that "the use of encryption only continues to grow," said Debbie Matties, vice president for privacy at CTIA. "While many other companies providing services on the Internet have the ability to see and monetize this encrypted data, ISPs cannot.

Different rules for ISPs would only confuse consumers and is not supported by the facts."

DOJ appeals New York court order in favor of Apple

The U.S.

Department of Justice has appealed an order by a court in New York that turned down its request that Apple should be compelled to extract data from the iPhone 5s of an alleged drug dealer. The case in New York is seen as having a bearing on another high-profile case in California where Apple is contesting an order that would require the company to assist the FBI, including by providing new software, in its attempts at cracking by brute force the passcode of an iPhone 5c running iOS 9. The phone was used by one of the two terrorists in the San Bernardino killings on Dec. 2 and the FBI wants Apple to disable the auto-erase feature on the phone, which would erase all data after 10 unsuccessful tries of the passcode, if the feature was activated by the terrorist. The DOJ argues in the New York case as well that it is unable to access the data on the phone running iOS 7, because it is locked with a passcode.

By trying repeated passcodes, the government risks permanently losing all access to the contents of the phone because when an iPhone is locked it is not apparent if the auto-erase feature is enabled, according to the filing Monday. But Apple can help extract the data from the iPhone 5s, which it has done dozens of times in the past for similar iPhone versions at the request of the government, the DOJ argues.

For versions of the operating system that predate iOS 8, Apple has the capability to bypass the passcode feature and access the contents of the phone that were unencrypted, it wrote in the filing. Invoking user privacy and safety, Apple has said that its previous acquiescence to similar judicial orders does not mean it consents to the process.

But the government, which has a warrant, claims that Apple made an U-turn in the particular instance, having first agreed to extract the data, when it responded that "Upon receipt of a valid search warrant pursuant to the instructions laid out in [the legal process guidelines], we can schedule the extraction date within a 1-2 week time frame." At no time during the communications ahead of the government seeking an order did Apple object to the propriety of the proposed order directing its assistance, according to the DOJ filing Monday. Magistrate Judge James Orenstein of the U.S.

District Court for the Eastern District of New York ruled recently that Apple can’t be forced to extract the data from the iPhone.

The government's reading of the All Writs Act, a statute enacted in 1789 and commonly invoked by law enforcement agencies to get assistance from tech companies on similar matters, would change the purpose of the law “from a limited gap-filing statute that ensures the smooth functioning of the judiciary itself into a mechanism for upending the separation of powers by delegating to the judiciary a legislative power bounded only by Congress's superior ability to prohibit or preempt.” But the government argues that the residual authority of the court under the All Writs Act is particularly important where legislation lags behind technology or risks obsolescence. The government argues that courts have relied on the All Writs Act to mandate third-party assistance with search warrants even in circumstances far more burdensome that what is requested in the New York case.

An unreasonable burden on the third-party is a key criterion when a Judge considers an order under the Act.

Apple has argued that a burden on the company would be the impact on its ability to protect customer information, which could threaten the trust customers have in the company and tarnish the Apple brand. The DOJ is now asking the court to review the decision by the Magistrate Judge. "Judge Orenstein ruled the FBI’s request would 'thoroughly undermine fundamental principles of the Constitution’ and we agree,” Apple said in a statement on the new filing by the DOJ.

The company said it shared the Judge’s concern “that misuse of the All Writs Act would start us down a slippery slope that threatens everyone’s safety and privacy."

Attorney for “Drone Slayer” says federal lawsuit should be dismissed

GoFundMe The man who shot down a drone over his Kentucky home last year has filed a new legal response to an ongoing lawsuit, arguing that the case should be dismissed because the federal court lacks jurisdiction. William Merideth shot down a drone flying over his home in June 2015.

The drone's pilot, David Boggs, filed a lawsuit in January asking the court in Louisville to make a legal determination as to whether his drone’s flight constituted trespassing.

Boggs asked the court to rule that he is entitled to damages of $1,500 for his destroyed drone."The United States Government has exclusive sovereignty over airspace of the United States pursuant to 49 U.S.C.A. § 40103," Boggs' lawyer, James Mackler, wrote in the civil complaint. "The airspace, therefore, is not subject to private ownership nor can the flight of an aircraft within the navigable airspace of the United States constitute a trespass." Merideth had previously been cleared on state criminal charges. How low can you go? D.

Chad McCoy, Merideth’s attorney, wrote in his March 3 brief that Boggs’ attempt to try to obtain a declaratory judgment is simply not warranted here. A careful reading of the Complaint reveals the argument to be as follows: The Defendant damaged the Plaintiff’s drone.

The Plaintiff anticipates that the Defendant will try and argue that he was justified in shooting the drone pursuant to Kentucky state trespass laws and KRS 503.080.

To prevent the Defendant from raising that defense, the Plaintiff wants this court to circumvent the argument and declare that there is no state law trespass.

This is an improper use of 28 U.S.C. 2201.
In reality, this is a Bullitt County small claims court case. As the consumer drone age has taken flight, legal scholars have wondered about this exact situation.
If a drone flies over private property, is it trespassing? The short answer is that American courts have not addressed the question adequately. The best case-law on the issue dates back to 1946, long before inexpensive consumer drones were technically feasible.

That year, the Supreme Court ruled in a case known as United States v.

Causby that a farmer in North Carolina could assert property rights up to 83 feet in the air. At the time, the Supreme Court did not draw a firm limit.

As the justices concluded: The airspace, apart from the immediate reaches above the land, is part of the public domain. We need not determine at this time what those precise limits are.

Flights over private land are not a taking, unless they are so low and so frequent as to be a direct and immediate interference with the enjoyment and use of the land. We need not speculate on that phase of the present case. In June 2015, Ars reported on another case in Modesto, California involving another drone that was shot down by a neighbor.
In that case, the drone's pilot won an $850 judgment in small claims court in Stanislaus County. Meanwhile, Boggs and his attorney have until March 28 to reply.

Why security is really all about trust

Security isn’t black and white.
It isn’t a choice between full security and no security -- it’s a continuum with a lot of gray in between. Full security, even if achievable, would “secure” things beyond the realm of reasonable usability.

But even then hackers would find a way in. Usable security comes down to a single feeling: trust. Trust makes our world mostly normal and livable.
In one of Bruce Schneier’s books (I forget which) he wrote about the societal trust in everyday acts like ordering pizza.

The pizza company trusts you’re going to pay when the pizza is delivered.

The driver trusts that you’re going to pay and tip, and you won’t harm him or her.

The customer trusts that the pizza will match the order -- and trusts the delivery driver, a stranger, enough to open their door. Without such pervasive trust, everyday life would be impossible. The issue is dogging Uber and other tech companies right now: Uber wants its customers to feel safe enough to hop into a stranger's car, despite horror stories stemming from a few bad apples.

Apple, and nearly every other big name in the IT industry, is fighting the feds so that customers feel they can safely store private information.

Every software vendor works hard against bugs and hackers to keep the trust of their customers. Once trust is harmed, it can be impossible to regain.

Ask anyone who’s ever been cheated on. To curry trust, companies have to address several components, including security, compliance, privacy, and transparency. Trust factor No. 1: Security The base component of trust in the security world is, of course, good security.

Customers want to be assured that a product won’t open the door to random hacking, harassment, and unauthorized activity. When a piece of software or hardware gets hacked too many times, customers look elsewhere. Security doesn’t have to be perfect.
In fact, the product itself can survive with hundreds to thousands of bugs, year after year.
It all depends on whether those defects result in harm to the customer.

As long as relatively few people get hacked or bothered, most people will keep on using it. On the same note, you can have a secure product with only a few bugs -- but if one them gets badly abused, it could be game over. Security is rarely a selling point. Most people choose cool features over security.

But a lot of exploits over time or one bad exploit that impacts a lot of people can damage a whole bunch of trust. Without security as the foundation, trust is impossible. Trust factor No. 2: Compliance Computer products need to comply with basic societal norms, human rights, national and local laws -- and government regulations if applicable.
Interestingly, different cultures have different expectations.
In China, people accept that it is legal for their government to monitor every digital transaction they make (although some use proxies to get around the country’s censoring firewalls). In the United States, people accept far more business ownership of their personal data, with few meaningful restrictions, than their European counterparts. Other countries, such as India, accept that bribes are normal way of doing business for everything from paying your taxes to operating a business.

Every country has its own idea of what is just and fair, but the people expect that every vendor doing business in their country comply with the federal and local laws. Trust factor No. 3: Privacy Customers expect that their private information will not be shared without consent.

This is true even of countries where the government and businesses know almost everything about each individual. People may accept sharing their information with business and government, but they don’t want their friends and neighbors to have the same access. This expectation of privacy is one of the newest components of trust, one that many companies are only now coming to grips with.

But it’s huge. Users want to be able to control how much of their data is accessed and where it goes. Many of the smartest companies, not directly in the data collection business, are realizing that the smartest privacy strategy is to collect the least amount of personal data possible.

The less personal information they have, the less they have to protect, and the less that can be stolen. Trust factor No. 4: Transparency More and more, people expect governments and companies to be more transparent about what they collect and when.

There's a growing expectation that governments and companies must post their information collection policies in an easily accessible place, though this applies more to companies than to governments. Other trust components Security, compliance, privacy, and transparency are the foundations of trust in computer security, but there are two more: expectations and perception. Overall, trust is a matter of expectations. Yes, different countries have different expectations.

But it’s the communication, transparency, and acceptance of those guidelines that creates expectations, and it ultimately determines whether trust succeeds or fails. Perception is reality. Many businesses die failing to recognize this.
It doesn’t matter how trustworthy a product is if consumers view it as untrustworthy. Our world is replete with examples of a tiny fraction of vocal observations turning into a global meme.
It happens in politics all the time.

A politician or candidate does one little thing (spell "potato" wrong, yell during a big win, speak Mandarin to Chinese people), and suddenly many people see the politician through the lens of the one incident. No wonder politicians give us canned, measured speech. Perceptions can harm better security.
I work at a software company where occasionally an update patch will cause operational issues in a small number of computers, often unrelated to the patch.

But a few dozen complaints get amplified in the media, including this publication, and the next thing you know tens of millions of people stop applying the patch. Gaining and keeping trust A big part of gaining and keeping trust is to continuously foster an environment where trust is valued and communicated to everyone participating.

Consumers will forgive occasional or even ongoing issues if enough goodwill has been earned to show the company cares about the customer. The more I analyze computer security, the more I realize it’s not about numeric bug counts ... or security at all.
It’s more about intent and trustworthiness, and every component that makes up that trustworthiness, largely led by perceptions. Long-term, established trust sells, regardless of the underlying security posture.

Everything else is background noise.

Feds: New judge must force iPhone unlock, overturning ruling that favored...

Kārlis Dambrāns As expected, federal prosecutors in an iPhone unlocking case in New York have now asked a more senior judge, known as a district judge, to countermand a magistrate judge who ruled in Apple’s favor last week. Last week, US Magistrate Judge James Orenstein concluded that what the government was asking for went too far.
In his ruling, he worried about a “virtually limitless expansion of the government's legal authority to surreptitiously intrude on personal privacy.”The case involves Jun Feng, a drug dealer who has already pleaded guilty, and his seized iPhone 5S running iOS 7. Prosecutors have said previously that the investigation was not over and that it still needed data from Feng's phone.

As the government reminded the court, Apple does have the ability to unlock this phone, unlike the seized iPhone 5C in San Bernardino. Moreover, as Department of Justice lawyers note, Apple has complied numerous times previously. In its 51-page Monday filing, the government largely re-hashed its previous arguments, saying that existing law should force Apple’s assistance. In this case, the government arrested a criminal.

The government got a warrant to search the criminal’s phone. Law enforcement agents tried to search the phone themselves, but determined they could not do so without risking the destruction of evidence.

The government then applied for a second court order to ask Apple to perform a simple task: something that Apple can easily do, that it has done many times before, and that will have no effect on the security of its products or the safety of its customers.

This is how the system is supposed to work. In 2014 and 2015, Apple took a two-pronged approach to resisting government pressure: one was to make iOS 8 more resilient than previous versions of the operating system, making it impossible for Apple itself to bypass a passcode lockout.

The other crucial element was to impose firmer legal resistance in court filings.

The New York case is believed to be the first time that Apple openly resisted the government’s attempt to access a seized phone. Agree to disagree? This New York case pre-dates Apple's current battle with the government over a locked iPhone 5C that belonged to one of the shooters in the December 2015 terrorist attack in San Bernardino—that case is due to be heard in court next month in nearby Riverside, California.
In the California case, federal investigators asked for and received an unprecedented court order compelling Apple to create a new firmware to unlock the device.
In February 2016, Apple formally challenged that order, and the outcome is pending. Both the New York and California cases, however, involve the government’s attempt to use an obscure 18th-Century statute known as the All Writs Act, which enables a court to order a person or a company to perform some action. "Judge Orenstein ruled the FBI’s request would 'thoroughly undermine fundamental principles of the Constitution’ and we agree," an Apple spokesman told Ars in a statement. "We share the judge’s concern that misuse of the All Writs Act would start us down a slippery slope that threatens everyone’s safety and privacy." The New York case, however, marks the first time that a federal judge has ruled in favor of a more privacy-minded Apple. More recent amicus, or friend of the court briefs, supporting Apple, have cited Judge Orenstein’s ruling. “The government’s argument is: ‘I would have gotten away with it too, if it weren't for you pesky magistrate!’” Riana Pfefferkorn, a legal fellow at the Stanford Center for Internet and Society, told Ars.

Amazon douses flames, vows to restore Fire OS fondleslab encryption

Under-Fire web biz finds reverse gear after outcry from Fire and Kindle owners Amazon has U-turned on its decision to remove filesystem encryption from Fire OS, which powers its Fire and Kindle slabs. We've been told that a version due out within the next month or two will return support for encrypting documents stored on the devices.

This decision to restore the feature comes just days after it emerged that Amazon had axed the encryption from the latest build of its tablet operating system: Fire OS 5. Removing the crypto sparked outcry from furious Fire and Kindle owners as well as the wider tech world.

Amazon appears to have taken notice. "We will return the option for full disk encryption with a Fire OS update coming this spring,” a spokesman for the web bazaar told El Reg on Saturday. The decision to remove the encryption was at odds with Amazon's public support [PDF] for Apple in the iPhone giant's battle with the FBI.

Apple refused to comply with an order to help unlock a killer's encrypted smartphone, and has rallied the tech industry to back it against the Feds. Amazon's decision to axe the encryption feature from Fire OS 5 was made well before the Apple-FBI legal case blew up last month.

Amazon thought disk encryption wasn't being used by enough people to continue support for it.
Soon it will let people switch the mechanism back on – and, I guess, in a way, we have the FBI to thank for that. ® Sponsored: Agile For Dummies, 2nd Edition

Central Bank of Venezuela doubles down in “cyber-terrorism” website lawsuit

JR Ferrer ParisOn Friday, lawyers for the Central Bank of Venezuela (CBV) filed a new amended civil complaint against DolarToday, the US-based website that publishes a daily unofficial exchange rate between American dollars and Venezuelan bolivares. The Venezuelan government has made it a crime to publish the street trading rate as it countermands the "official" exchange rates, which are far more favorable to the government.

The recent collapse of the price of oil has exacerbated Venezuela's economic woes; the country is widely expected to default on its international debts later this year. Late last month, US District Judge Gregory Sleet ruled in favor of DolarToday’s earlier motion to dismiss.
In his two-page ruling, Judge Sleet found that the CBV lacked standing and dismissed the case. However, he allowed the CBV to file an amended complaint within seven days, which it has now done. As Judge Sleet wrote: Price inflation in a nation's economy is not an injury sufficiently particularized to the Central Bank. Rather, inflation is a generalized harm.

Additionally, an alleged injury must. be "concrete" both qualitatively and temporally. Whitmore v.

Arkansas, 495 U.S. 149, 155; 158, (1990). Here, inflation is not sufficiently identifiable, but a hypothetical injury. Having found that there is no injury is fact, the court need not reach the remaining standing requirements.
In conclusion, Central Bank lacks Article III standing and the court lacks subject matter jurisdiction as a matter of law. In the new filing, the CBV's lawyers largely re-iterate nearly all of its previous arguments.

CBV's legal team now adds specific injuries, which include: Diminished seigniorage; Reputational harm because Defendants’ reporting of manufactured exchange rates have created the false impression in the public that the Central Bank’s monetary policies are ineffectual and that it cannot manage the Venezuelan economy; and Deprived the Central Bank of capital that it would attract and retain, by having caused numerous entities and persons to invest their capital elsewhere than Venezuela. Ars asked Adam Fox, one of the CBV's attorneys, whether the CBV is claiming that the Venezuelan economy would be stable and well-functioning if not for the DolarToday website. "The point of this lawsuit is that the DolarToday Defendants are publishing a fabricated exchange rate that is causing the Central Bank economic and reputational harm," he e-mailed. "The implicit suggestion of your questions that Venezuela also faces economic challenges that may be independent of those imposed by the DolarToday defendants is beside the point." In a statement, Ben Wolkov, general counsel for DolarToday, described the lawsuit as "baseless" in a Thursday statement. "As a US-based media outlet with rights to freedom of speech and freedom of the press, DolarToday will continue to focus on its dual mission of informing Venezuelans about the country’s social, political, and economic affairs and serving as a credible and authoritative source for other media outlets attempting to report on Venezuela," he said. Printing more money is bound to solve the problem, right? In the initial October 2015 civil complaint, the US-based lawyer for the CBV argued that the three Venezuelan-American men who run the site are engaged in "cyber-terrorism" designed to create "the false impression that the Central Bank and the Republic are incapable of managing Venezuela’s economy." It is no exaggeration to say that the Venezuelan economy has been in something of a tailspin in recent years.
Its authoritarian president, Nicolas Maduro (successor of strongman Hugo Chavez), has been unable to rein in skyrocketing inflation (now at 180 percent) and a massively depressed economy.

The country recently sent $1.28 billion worth of gold to Switzerland as a way to avoid a default. On Thursday, the president of the CBV told the Associated Press that the country would be printing larger bills to accommodate skyrocketing inflation. DolarToday, as it explains in its motion to dismiss, does nothing more than call currency traders on the Venezuelan-Colombian border to find out what the exchange rate is between bolivares and pesos.

The site simply converts the pesos to dollars to find out the market rate between bolivares and dollars.

The site then publishes that figure. Venezuela has maintained strict currency controls since 2003 and its currency cannot—at least officially—be traded on the open market.

The government maintains multiple "official" exchange rates, which differ depending on what purpose the foreign currency is needed for.

The black market exchange rate, at least according to DolarToday, is significantly higher.

As of this writing, $1 buys about 975 bolivares.

For years, the Venezuelan government has blocked domestic access to the US-based site. "While the Venezuelan government has made it illegal for anyone to publish black market currency rates in Venezuela and has blocked DolarToday’s website from the Internet in that country, Venezuelans access the DolarToday rate on DolarToday’s Facebook, Twitter, and Instagram pages," Ricardo A.

Gonzalez, another attorney who represents the website, said in the same Thursday statement.

What is a “lying-dormant cyber pathogen?” San Bernardino DA won’t say

pmquanApple's encryption battle San Bernardino DA says seized iPhone may hold “dormant cyber pathogen” To get back at Apple, GOP congressman introduces pointless bill Amazon removed device encryption from Fire OS 5 because no one was using it Apple’s new ally in unlocking battle: A man whose wife was shot 3 times in attack FBI is asking courts to legalize crypto backdoors because Congress won’t View all…One day after the San Bernardino County district attorney said that an iPhone used by one of the San Bernardino shooters might contain a "lying-dormant cyber pathogen," the county's top prosecutor went on the offense again.

DA Michael Ramos said Apple must assist the FBI in unlocking the phone because an alleged security threat might have been "introduced by its product and concealed by its operating system." Ramos, however, has been tight-lipped on exactly what security threat may be on the passcode-protected phone of Syed Farook, a county worker who was one of two shooters in the Dec. 2 massacre that killed 14 and wounded scores of others.

The prosecutor suggested in a court filing yesterday that the iPhone—a county phone used by Farook and recovered after the shooting—might be some type of trigger to release a "lying-dormant cyber pathogen" into the county's computer infrastructure. On Friday, the district attorney again demanded that a federal magistrate presiding over the dispute command Apple to help decrypt the phone. Apple has not advanced a single argument to indicating [sic] why the identification and prosecution of any outstanding coconspirators, or to detect and eliminate cyber security threats to San Bernardino County's infrastructure introduced by its product and concealed by its operating system, and Apple's refusal to assist in acquiring that information, is not a compelling governmental interest. To the extent that Apple states in its brief at page 33 that there is no compelling state interest because the government "has produced nothing more than speculation that this iPhone might contain potentially relevant information," Apple completely forgets that a United States Magistrate has issued a search warrant based on a finding of probable cause that the iPhone does contain evidence of criminal activity.

The reason we search is to find out if the device contains evidence or is an instrumentality of the crime.
Such authority is granted by the United States Constitution. But what exactly is a "lying-dormant cyber pathogen?" As the chatter on Twitter and elsewhere could attest, security and forensics experts have never heard of this type of threat. Online commenters called it everything from a "magical unicorn" to a make-believe plot that we might see on the broadcast TV show CSI: Cyber.  The fact no one has heard of a pathogen that might carry devastating qualities has us and others wanting to know more. We asked Ramos' office to elaborate.

Ars' e-mail and phone messages, however, were not returned. Apple also declined comment. The FBI is demanding that Apple build software that would enable the government to defeat the passcode lock without data being lost on the phone the county issued to Farook.

Apple has steadfastly rejected building what the tech company said amounts to an encryption backdoor.

Apple says helping would weaken iPhone security overall. Until Ramos' court filings on Thursday and Friday, the authorities have been maintaining that the phone might provide evidence of possible co-conspirators that have escaped justice.

The authorities also say there are hundreds of phones in prosecutors' hands that need unlocking to help solve crimes. Magistrate Sheri Pym has already ordered Apple to build the software. A hearing on Apple's challenge is scheduled for March 22 before Pym in Riverside federal court.