16.8 C
London
Saturday, September 23, 2017
Home Tags Wiretapping

Tag: Wiretapping

Google tells judge it might resume targeted advertising "to meet changing demands."
Suit seeks damages for alleged snooping during split-up A fella in the US is suing his ex‑wife, alleging she broke federal wiretapping and privacy laws by snooping on his email during their divorce.…
Google kills Gmail's most controversial feature.
Illinois man: my headphones transmit audio metadata to data miner Segment.io.
"I intentionally forged court orders that allowed me to wiretap cellphones…"
Tara Lenich was entangled in a reported "love triangle gone wrong."
The Congressional Encryption Working Group released its year-end report that concluded that encryption backdoors do more harm than good.

The 12-page report said that “any measure that weakens encryption works against the national interest.” The bipartisan congressional panel recommended that the U.S. support strong encryption and that “Congress should foster cooperation between the law enforcement community and technology companies.” The conclusions run contrary to those of the FBI, which in the past said it has favored encryption backdoors in tech products and services.

The Encryption Working Group was formed in the wake of the FBI’s battle with Apple to access data on an iPhone belonging to terrorist Syed Farook. Ed McAndrew, a former federal cybercrime prosecutor and partner at law firm Ballard Spahr, said that the conclusions of the committee are significant, however will have little impact on pending or future legislation. “There is nothing legislative being proposed as an outgrowth of this report,” he said. “The major points of the report track what the various stakeholders have said.

Backdoors are dangerous. Weaknesses in encryption can benefit the intended and unintended third-parties.” In its report, members of the working group said that it is exceedingly difficult and impractical, if not impossible, to “to devise and implement a system that gives law enforcement exceptional access to encrypted data without also compromising security against hackers, industrial spies, and other malicious actors.” The committee also concluded requiring “exceptional access to encrypted data would, by definition, prohibit some encryption design best practices, such as ‘forward secrecy,’ from being implemented.” Perfect Forward Secrecy is a technology that ensures communication sessions are secured by randomly generated ephemeral public keys.
It is a strategy that prevents an attacker from later using a stolen private key to decrypt recorded encrypted sessions. The committee identified areas of future discussion for the next Congress, such as how law enforcement agencies should navigate the process of accessing information from private companies. Other areas slated for discussion are examining options to improve law enforcement’s ability to leverage metadata and reviewing the circumstances, resources and legal framework necessary to help law enforcement agencies exploit existing flaws in digital products, according to the report. Electronic Frontier Foundation staff attorney Andrew Crocker said he was glad the working group came out “strongly against weakening encryption.” However, he said upcoming areas of focus for the commission were of equal importance when it comes to national security. “The report points in the direction of other approaches to government access to data, some of which raise similarly serious concerns, especially so-called lawful hacking by the government,” wrote Crocker in a statement to Threatpost. In the interim, encryption is going to continue to be a hotly debated topic, particularly with law enforcement investigations, McAndrew said. “What I’ll be watching for is whether the new administration and new Congress have any type of revised CALEA legislative proposals.” CALEA stand for Communications Assistance for Law Enforcement Act and is the statute that requires telecommunication companies and others to help law enforcement agencies with lawful intercept and wiretapping operations. Some lawmakers, most notably Sen. Richard Burr of North Carolina and Sen.

Tom Cotton of Arkansas, have strongly advocated for encryption backdoors in technology products. Reuters has reported that Sen.

Burr, who chairs the Intelligence Committee, will reintroduce encryption legislation compelling companies such as Apple to build “back doors” into devices and services.
Sen.

Burr believes there is new hope for his bill under the support of the Trump administration. For his part, President-Elect Donald Trump, hasn’t publicly taken a position on encryption. However during the Apple-FBI debate he blasted Apple on the campaign trail for not cooperating with the FBI and called for a boycott of Apple products. In its report the committee concluded, “There is no ‘us versus them,’ or ‘pro-encryption versus law enforcement.’ This conversation implicates everyone and everything that depends on connected technologies—including our law enforcement and intelligence communities.

This is a complex challenge that will take time, patience, and cooperation to resolve.”
The French Constitutional Council has taken another look at a new security law it waved through in July 2015, and found it wanting. A key clause of last year's Surveillance Law essentially allowed security agencies to monitor and control wireless commu...
Enlarge / The lawyers are petitioning a court housed in the Phillip Burton Federal Building in San Francisco.Bloomberg / Getty Images News reader comments 7 Share this story Two lawyers and legal researchers based at Stanford University have formally asked a federal court in San Francisco to unseal numerous records of surveillance-related cases, as a way to better understand how authorities seek such powers from judges.

This courthouse is responsible for the entire Northern District of California, which includes the region where tech companies such as Twitter, Apple, and Google, are based. According to the petition, Jennifer Granick and Riana Pfefferkorn were partly inspired by a number of high-profile privacy cases that have unfolded in recent years, ranging from Lavabit to Apple’s battle with the Department of Justice. As they wrote in their Wednesday filing: Most surveillance orders are sealed, however.

Therefore, the public does not have a strong understanding of what technical assistance courts may order private entities to provide to law enforcement.

There are at least 70 cases, many under seal, in which courts have mandated that Apple and Google unlock mobile phones—and potentially many more.

The Lavabit district court may not be the only court to have ordered companies to turn over private encryption keys to law enforcement based on novel interpretations of law.

Courts today may be granting orders forcing private companies to turn on microphones or cameras in cars, laptops, mobile phones, smart TVs, or other audio- and video-enabled Internet-connected devices in order to conduct wiretapping or visual surveillance. This pervasive sealing cripples public discussion of whether these judicial orders are lawful and appropriate. In their 45-page petition, they specifically say that they don’t need all sealed surveillance records, simply those that should have been unsealed—which, unfortunately, doesn’t always happen automatically. Petitioners seek the unsealing of underlying materials only from cases where there is no longer any need for secrecy, e.g., the criminal investigation has terminated, the surveillance order (including any delayed-notice order) has expired, or charges have been filed.

These records are public documents and should be publicly docketed and unsealed unless good cause exists on a case-by-case basis for continued secrecy based on the facts and circumstances of the individual matter. Granick is the director of civil liberties at the Stanford Center for Internet and Society and previously worked at Zwillgen, one of the law firms that represented Apple in the wake of the December 2015 terrorist attack in San Bernadino. Pfefferkorn is the Cryptography Fellow at the same Stanford group.

Both women have been outspoken on the issue of expansive government surveillance. The petition has yet to be assigned to a judge, and as such, hearings have not been scheduled.
EnlargeAndrew Brookes / Getty Images News reader comments 1 Share this story A federal judge in Iowa has ordered the suppression of child pornography evidence derived from an invalid warrant.

The warrant was issued as part of a controversial government-sanctioned operation to hack Tor users. Out of nearly 200 such cases nationwide that involve the Tor-hidden child porn site known as "Playpen," US District Judge Robert Pratt is just the third to make such a ruling. "Any search conducted pursuant to such warrant is the equivalent of a warrantless search," Judge Pratt wrote Monday in his 19-page order in United States v.

Croghan.
While the charges against Beau Croghan have not been dropped yet, the ruling significantly hinders the government's case. Earlier this year, federal judges in Massachusetts and Oklahoma made similar rulings and similarly tossed the relevant evidence.

Thirteen other judges, meanwhile, have found that while the warrants to search the defendants' computers via the hacking tool were invalid, they did not take the extra step of ordering suppression of the evidence.

The corresponding judges in the remainder of the cases have yet to rule on the warrant question. In all of these cases related to Playpen, a federal magistrate judge in Virginia issued a warrant that was then used to authorize the deployment of this tool, known as a "network investigative technique," or NIT, as a way to locate users. Under current rules of federal jurisprudence, magistrate judges only have the authority to issue warrants within their own district. However, a change in this rule will almost certainly expand this power to magistrate judges later this year, absent Congressional action.

As of now, only more senior federal judges, known as district judges, have the authority to issue out-of-district warrants.
So, Judge Pratt concluded, because the warrant was invalid ab initio, or from the beginning, any evidence that resulted from that search must be suppressed. "Here, by contrast, law enforcement caused an NIT to be deployed directly onto Defendants' home computers, which then caused those computers to relay specific information stored on those computers to the Government without Defendants' consent or knowledge," Judge Pratt wrote. "There is a significant difference between obtaining an IP address from a third party and obtaining it directly from a defendant’s computer." As the judge continued: If a defendant writes his IP address on a piece of paper and places it in a drawer in his home, there would be no question that law enforcement would need a warrant to access that piece of paper—even accepting that the defendant had no reasonable expectation of privacy in the IP address itself. Here, Defendants' IP addresses were stored on their computers in their homes rather than in a drawer. Our tax dollars at work As Ars has reported before, investigators in early 2015 used the NIT to force Playpen users to cough up their actual IP address, which made tracking them down trivial.
In yet another related case prosecuted out of New York, an FBI search warrant affidavit described both the types of child pornography available to Playpen's 150,000 members and the malware's capabilities. As a way to ensnare users, the FBI even took control of Playpen and ran it for 13 days before shutting it down.

During that period, with many users' Tor-enabled digital shields down—revealing their true IP addresses—the government was then able to identify and arrest the nearly 200 child porn suspects. (However, nearly 1,000 IP addresses were revealed as a result of the NIT’s deployment, which could suggest that even more charges could be filed.) Privacy-minded experts applauded Judge Pratt's reasoning—that the government should not have the ability, absent proper warrants, to hack into people's computers. "Judge Pratt correctly interpreted the NIT's function and picked the correct analogy," Fred Jennings, a New York-based lawyer who has worked on numerous computer crime cases, told Ars. Jennings continues: [Pratt] correctly points out that the usual analogies, to tracking devices or IP information turned over by a third-party service provider, are inapplicable to this type of government hacking.

A common theme in digital privacy, with Fourth Amendment issues especially, is the difficulty of analogizing to apt precedent—there are nuances to digital communication that simply don't trace back well to 20th-century precedent about physical intrusion or literal wiretapping. By contrast to Judge Pratt, other courts have struggled with the basics of how Tor and IP addresses work. "In attempting to salvage the mess they made with Playpen, [the Department of Justice] has tried to say that the NIT is like a GPS tracking device," Chris Soghoian, a technologist for the American Civil Liberties Union, told Ars. "And, sadly, several judges have bought it, saying that the defendants traveled virtually to Virginia, and that the NITs were installed in Virginia while they were virtually there." For its part, the government has said it is not sure how it will deal with the suppression order in Croghan. "Our office is still in the process of reviewing the judge's order that was issued yesterday," Rachel Scherle, a federal prosecutor in Iowa, told Ars by e-mail. "No decisions have been made as to dismissal or appeal at this time, but I will keep you posted."
The EU wants to force WhatsApp, iMessage and other internet-based tools to abide by tougher data-protection rules, leaked documents say. By Matthew BroersmaThe European Union is looking to extend some of the privacy rules that currently apply to telecommunications companies to cover internet-based services such as Skype and WhatsApp in a way that could restrict their use of encryption, according to reports.The EU's plans could also oblige digital services to allow users to take content, such as copies of emails, with them when they change providers, according to reports from media outlets including The Financial Times and Reuters, all of which cited internal EU documents.New Privacy Obligations The privacy and confidentiality obligations for internet firms remain to be defined, according to the EU documents. Currently 2002's Privacy and Electronic Communications Directive, known as the ePrivacy Directive, applies only to telecoms providers such as Vodafone or Orange, and those providers have argued the rules place them at a disadvantage to web-based competitors.Facebook's WhatsApp, for instance, protects its communications with end-to-end encryption, while telecoms companies are barred from doing so, being subject to wiretapping and "lawful interception" demands by governments.Apple's mobile iMessage service also claims to offer end-to-end encryption, while Microsoft's Skype encrypts communications but also says it monitors message content for the purposes of blocking fraud and other illegal activity. ePrivacy Review The possible changes are part of a review to the ePrivacy rules announced by the EU in April, when it launched a public consultation seeking the views of stakeholders.The EU said the review was motivated in part by the introduction of the General Data Protection Regulation this year, which is set to broadly alter Europe's data protection environment.While organizations including national data protection regulators, telecoms companies and internet firms have published their responses to the consultation, the EU's own views have not previously been made public.Orange pointed out in its response that internet-based services are "allowed to commercially exploit the traffic data and the location data they collect", while telecoms firms are restricted in how they use such information.In its response, Facebook argued against any extension of the ePrivacy rules, saying new restrictions could mean it would "no longer be able to guarantee the security and confidentiality of the communication through encryption" and therefore could "have the undesired consequence of undermining the very privacy it is seeking to protect".The European Commission has said it does not necessarily plan to treat all communications services the same for all purposes. Spectrum Changes A broader reform of the EU's telecoms rules is set to begin next month, and the Commission is proposing to take the opportunity to increase the term of spectrum licenses from 10 to 25 years, according to internal documents cited by Reuters.That move, intended to introduce a more stable market for operators and encourage them to boost their investments, could face opposition from national governments, for whom spectrum license auctions have proven a lucrative source of income.Under the results of a June referendum, the UK is set to exit the European Union, but EU laws are likely nevertheless to continue to influence British policies.