Friday, March 04, 2016
I make it 16 briefs and three letters in support of Apple. Plenty of fodder for my students to chew as they write their papers on cryptography this week.
Google, Amazon, Facebook, Microsoft and a parade of other technology companies filed a barrage of court briefs on Thursday, aiming to puncture the United States government’s legal arguments against Apple in a case that will test the limits of the authorities’ access to personal data.
(Related) On the FBI side, wild speculation? No evidence of this, so why suggest it?
San Bernardino DA says seized iPhone may hold “dormant cyber pathogen”
The San Bernardino District Attorney told a federal judge late Thursday that Apple must assist the authorities in unlocking the iPhone used by Syed Farook, one of the two San Bernardino shooters that killed 14 people in a killing rampage in December. The phone, which was a county work phone issued to Farook as part of his Health Department duties, may have been the trigger to unleash a "cyber pathogen," county prosecutors said in a brief court filing.
"The iPhone is a county owned telephone that may have [Surely it was connected at some time? Bob] connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino's infrastructure," according to a court filing (PDF) by Michael Ramos, the San Bernardino County District Attorney.
The development represents the first time any law enforcement official connected to the investigation provided any indication of what the authorities might discover on the phone.
(Related) A government divided. (Nothing new there)
Pentagon Chief Wary of Tech 'Back Doors'
US Secretary of Defense Ashton Carter has said he opposes high-tech "back doors" that would allow the government access to encrypted data on people's phones and other devices.
Apparently not everyone is convinced encryption is the way to go. Let's hope they find out why Amazon did it.
Amazon Quietly Removes Device Encryption in Fire Devices
Fire OS 5 is based on the Android 5.0 Lollipop release, which was revealed in October 2014 with multiple security enhancements built in, including full device encryption enabled by default on first boot.
To further boost the security of devices, Google announced in October 2015 that full-disk encryption was mandatory in devices running Android 6.0 Marshmallow. Thus, the company required that all manufacturers enabled the feature out-of-the-box for new devices that support a secure lockscreen and which have high memory resources.
Amazon’s Fire devices had encryption enabled, and users still running iterations of Fire OS 4 can take full advantage of the security feature. However, those who decided to upgrade to the newer Fire OS 5 platform release could no longer enjoy the same capabilities it seems.
Although it did not make an official announcement on the matter, Amazon did inform users on the change, and even suggested they refrain from upgrading to the newer OS version to continue taking advantage of encryption. Basically users need to choose from two equally bad options: update and leave their data unprotected, or continue running outdated software on their devices.
… SecurityWeek has contacted Amazon requesting comment and we will update the story as soon as we receive a response.
Never engage in a battle of wits when you are only half armed.
GOP lawmaker: Ban government from buying Apple products
Rep. David Jolly (R-Fla.) is proposing a way to punish Apple for refusing to abide by a court order directing the company to unlock an iPhone used by one of the San Bernardino shooters: Stop buying its products for government use.
“Deliver what you promise, promise only what you can deliver.” What make that so hard to understand? Looking at the dates, the Feds need to move faster!
Feds go after online payment firm for deceptive cybersecurity
Federal regulators on Thursday sent a major signal to financial technology companies, settling charges against an online payment firm for deceiving customers about data security.
The company, Dwolla, has agreed to pay $100,000 to settle the allegations.
The move is a new step for the Consumer Financial Protection Bureau (CFPB), and represents one of the first enforcement actions taken against a financial technology company for allegedly misrepresenting security practices.
… The CFPB claims that from late 2010 until 2014, Dwolla falsely assured customers that its data security practices exceeded industry standards and guarded customer data with “safe” and “secure” transactions. The agency also said the company misled users about how much personal information was encrypted.
… In a statement, the firm also stressed there was no indication of a data breach in the company’s five years of existence. [Significant. That is usually how the government gets involved. Bob]
… With Thursday’s enforcement action, the CFPB has positioned itself next to other federal agencies — such as the Federal Trade Commission and Securities and Exchange Commission — as a de facto data security regulator.
This will not be the last “cross technology” issue. Cable companies offer Internet but claim TV delivered to computers (rather than to your TV) is not an Internet service.
Consumer group calls for action against Comcast streaming video
Consumer advocates are urging regulators to take action against Comcast's new video service, Stream TV.
The service, which was launched last year, allows people to purchase and watch TV on their computers and phones without it counting against their Internet data caps.
Advocacy group Public Knowledge filed a 30-page complaint against Comcast Wednesday night, charging that the streaming service violates conditions from its 2011 merger with NBC-Universal.
… According to the 2011 merger conditions, Comcast agreed that if it imposed Internet data caps, it would not treat its own video services differently than others. Because Comcast's own Stream TV is exempt from data caps in a process known as "zero rating," Public Knowledge argues it is giving itself favorable treatment.
For my next Disaster Recovery class. No matter how extensively you plan, there seems to be something you overlooked – and it will happen. Who knew there were birds in the area!
Bird droppings apparently caused NY nuclear reactor outage
… In a report to the Nuclear Regulatory Commission last month, the New Orleans-based company said the automatic reactor shutdown was apparently from bird feces that caused an electric arc between wires on a feeder line at a transmission tower.
"If it has nowhere to send its electricity, the generator senses that and automatically shuts down," Entergy spokesman Jerry Nappi said.
Plant managers told the NRC they were revising preventive maintenance for additional inspection and cleaning and installing bird guards on transmission towers.
Without video or audio to accompany these slides, it becomes a list you have to research yourself. Still, it is probably worth looking at the ones I don't know about.
Best of the Web - Spring 2016
This afternoon at the NCTIES 2016 conference I had the privilege to once again give my Best of the Web presentation to a packed room (conservative guess of 350 people). The presentation features short overviews of my favorite new and or updated ed tech resources of the last year. Almost all of today's presentation featured things that I haven't included in past Best of the Web presentations. The slides from the presentation are embedded below.