Friday, October 17, 2014
I'm sure the FBI would find their job easier if they had a backdoor into all encryption systems, but they must realize that is impossible. (I can write an encryption program in minutes) Nor do they seem to need them in any significant percentage of cases. (9/3576 = 0.0025 or slightly more than ¼ of one percent)
From the wiretap report available from USCourts.gov:
… The number of federal and state wiretaps reported in 2013 increased 5 percent from 2012. A total of 3,576 wiretaps were reported as authorized in 2013, with 1,476 authorized by federal judges and 2,100 authorized by state judges.
… The number of state wiretaps in which encryption was encountered increased from 15 in 2012 to 41 in 2013. In nine of these wiretaps, officials were unable to decipher the plain text of the messages. Encryption was also reported for 52 state wiretaps that were conducted during previous years, but reported to the AO for the first time in 2013. Officials were able to decipher the plain text of the communications in all 52 intercepts.
F.B.I. Director Hints at Action as Cellphone Data Is Locked
The director of the F.B.I., James B. Comey, said on Thursday that the “post-Snowden pendulum” that has driven Apple and Google to offer fully encrypted cellphones had “gone too far.” He hinted that as a result, the administration might seek regulations and laws forcing companies to create a way for the government to unlock the photos, emails and contacts stored on the phones.
But Mr. Comey appeared to have few answers for critics who have argued that any portal created for the F.B.I. and the police could be exploited by the National Security Agency, or even Russian and Chinese intelligence agencies or criminals. And his position seemed to put him at odds with a White House advisory committee that recommended against any effort to weaken commercial encryption.
… Any technology that allows the United States government to bypass encryption in the name of solving crimes could also allow hackers and foreign governments to bypass encryption in the name of stealing secrets.
In Defense of iPhones the FBI Can't Search
(Related) I can't resist asking, is there is a business opportunity here? Surveillance-R-Us?
Police Departments Skirting Public Accountability By Using Private Foundations To Obtain Controversial Surveillance Technology
Tim Cushing writes:
The less the public knows about law enforcement surveillance technology, the better. That’s the thought process governing the purchase and deployment of technology like Stingray devices and automatic license plate readers. In the case of the former, even the nation’s top cops (the FBI) actively discourage talking about the cell tower spoofers through the use of restrictive non-disclosure agreements.
If the normal routes — as deferential as they are — seem to be a bit too “leaky,” many law enforcement agencies have a third option available to keep the public in the dark about their technology acquisitions: private funding.
Read more on TechDirt.
A poor choice of which fight to fight?
Cyber-Sleuth or Cyber-Thief? LabMD Case Continues to Expose the Good, the Bad, and the Downright Ugly in Cyber-Security Developments
Over on HIPAA, HITECH, and HIT, Elizabeth Litten comments on FTC’s administrative case against LabMD, a case I’ve been following here for the past few years. After recapping the case, she writes:
This case isn’t over, and it remains to be seen whether [Administrative Law Judge] Chappell will find the witness’s testimony credible and/or relevant to a finding that LabMD violated Section 5. It also remains to be seen whether the FTC and Tiversa will end up looking like cyber-sleuths out to uncover, and protect the public from, lax security practices, or will look more like cyber-thieves grasping for money, power, publicity or something else. Either way, this case is ugly and certainly does not create a high level of confidence in the cyber-security investigation and enforcement tactics utilized by the FTC.
Read her full column on HIPAA, HITECH, and HIT.
Have I not been saying all along that even if FTC could go after LabMD, I did not think this was a good use of their resources? And have I not been saying all along that this case strikes me as somewhat unfair to LabMD whose security – other than an employee not following policy (which still happens ALL the time) – was on a par with other HIPAA-covered entities’ data security back in 2008? If HIPAA decided not to go after LabMD for violations of its Security Rule, should FTC being take a sledgehammer to LabMD?
There are those who will claim that the only reason the FTC went after LabMD was because LabMD didn’t play the game and cooperate by jumping at every request and turning over thousands of pages of documents. But when all is said and done, does this action by the FTC do a damned thing to protect consumers? I think not, and can think of a lot of serious cases in the healthcare sector that the FTC should pursue – like a breach where patients weren’t even notified that their SSN and details were available for free download on Pirate Bay.
The FTC has done tremendous yeoman service in protecting consumers’ privacy, but sadly, not in this case.
It's better to ask forgiveness than to ask permission?
Dan Novack writes:
What’s public for me is private for thee. At least that’s what Monroe County, N.Y. believes when it comes to where you drive your car.
Monroe Police have been using high-speed cameras to capture license plates in order to log vehicle whereabouts. As of July, the County’s database contained 3.7 million records, with the capability to add thousands more each day. The justification for cops having records of the whereabouts of law-abiding citizens is that the vehicles are driven in public and therefore drivers have no expectation of privacy. It’s an argument that’s at odds with the Supreme Court’s 2012 ruling in U.S. v. Jones. In Jones, a GPS tracking case, the court held that individuals do have an expectation of privacy when it comes to their long-term whereabouts, even when using public roads.
Read more on The Intercept.
So, real-time requires a real warrant?
John Wesley Hall writes:
Real-time cell site location information is protected under Fourth Amendment. Tracey v. State, SC11-2254 (October 16, 2014). This is a fascinating opinion, and it’s the most sensitive review of the issue yet
Read an excerpt from the opinion on FourthAmendment.com
An infographic for those of us who remember all these things...
Famous Internet Firsts And Where We Are Now
A tool my students could use to create their own infographics.
Canva Launches an iPad App for Creating Beautiful Infographics and Slides
Canva is a great service for creating infographics, slides, and photo collages. The service launched last fall and has steadily grown since then. The latest update to Canva was the launch of their free iPad app.
The Canva iPad app allows you to create infographics, slides, and photo collages in much the same way as the web version of the service. To create a graphic on Canva start by selecting a template then dragging and dropping into place background designs, pictures, clip art, and text boxes. Canva offers a huge library of clip art and photographs to use in your designs (some of the clip art is free, some is not). You can also import your own images to use in your graphics. Your completed Canva projects can be saved as PDF and PNG files. You can also simply link to your online graphic.
Interesting. The world, she is a-changing.
Essay · The future of the book