Topic: Law enforcement
Though the headline on the Recode piece linked below says Apple is facing questions from the US Senate on its new Face ID feature, the reality is that the questions are coming from one Senator: former comedian Al Franken, who’s always taken an interest in tech issues and tends to use them to raise his public profile. A number of the questions he’s posing have already been addressed by Apple (including in its public announcement of the feature) while others suggest Franken thinks Apple is Google or some other company which regularly uses data on its customers to target advertising. All of which suggests he either hasn’t taken time to understand the feature properly, or is simply grandstanding, which frankly feels more likely. Apple’s stance on privacy and security is abundantly clear at this point, as demonstrated by its approach to the Touch ID feature (which Franken previously investigated in a similar way). None of that will stop people freaking out about the feature, and coincidentally or not the Economist magazine’s cover story this week is about the dangers of companies collecting facial data. But Apple is storing this data on the device in ways inaccessible to anyone but the user or for purposes other than those intended by Apple and approved by the user.
After the London terror attack, a top U.K. official says Facebook needs to open up WhatsApp – Recode (Mar 27, 2017)
This is a worrying (though not altogether unexpected) resurfacing of the arguments from early 2016, when the FBI was trying to get into an iPhone owned by one of the San Bernardino shooters. In this case, UK Home Secretary Amber Rudd (whose role has no direct counterpart in the US, but is responsible for domestic law enforcement and counter-terrorism among many other things) has made calls for WhatsApp to “open up” and specifically referred to encryption. That’s because WhatsApp was allegedly one of the apps used by the terrorist behind last week’s attack in London, though there’s no evidence yet that he used it to plan the attack or coordinate with others. The bigger issue, as with last year’s Apple-FBI fight, is of course that once the government can get in, there’s no guarantee others won’t use the same methods, whether that’s because of hacks like the one that hit Cellebrite a few weeks ago, or exposures of government tools like the Wikileaks CIA hack. Encryption is a fact of life at this point, and essential for secure communication and protection of privacy for millions of law-abiding users, and no government back door can solve the law enforcement problem without also compromising that essential function. And the Rudd quote in the closing paragraph of this story suggests she doesn’t actually understand the FBI-Apple situation at all, which is not surprising from a government official but worrisome nonetheless.
Apple Joins Group of Companies Supporting Google in Foreign Email Privacy Case – Mac Rumors (Mar 14, 2017)
Given the way other big tech companies had weighed in on the related Microsoft case over the past few years, it was a little odd that more hadn’t sprung to Google’s defense in this one, but it’s good to see that they are now doing so. These cases have far-reaching consequences not just for user privacy but for the ability of US companies to do business in overseas markets, and those companies need to defend themselves vigorously. The final outcome of both cases is therefore worth watching closely.
via Mac Rumors
Uber has issued a statement announcing that it is ceasing the use of its Greyball platform for evading law enforcement and regulators, and that it’s in the process of responding to “organizations” (presumably regulators and law enforcement personnel in the cities where the platform previously did operate) who have enquired about it. This is striking because Uber’s initial response to the New York Times report was brazen in its lack of contrition – it had acted as though it saw nothing wrong, but has clearly now had a change of heart. The wording of today’s announcement certainly seems to concede that it did use the tool for evading regulators in the past, and even suggests it may continue to do so in the near future because of unspecified elements of how it works, which seems bizarre.
I think there may have been one day in the past week when there wasn’t some new negative story about Uber, and that’s just based on what I’ve written about here. The latest is reporting from the New York Times that Uber has a program called Greyball which identifies app users who may not be who they seem and serves up fake cars or otherwise obfuscates the real activity going on with drivers in the area. Although there are some legitimate reasons for Uber to do something like this – for a time, competitors were frequently ordering and canceling cars – it was deliberately used to evade law enforcement in places where Uber was breaking local laws. Its statement in the article suggests it sees nothing wrong with this behavior, but characterizes this last scenario as “opponents who collude with officials on secret ‘stings’ meant to entrap drivers”. One might, I suppose, make a similar argument about police running speed traps, but radar detectors are illegal in some places anyway. The legality of what Uber did here isn’t 100% clear, but it’s yet another example of Uber’s disregard for regulations and willingness to do almost anything to flout or circumvent them. On the other hand, it appears Uber’s PR department has lost the will to fight on yet another front and isn’t even disputing this story.
via New York Times
Cellebrite director says firm now doing ‘lawful’ extraction of data through iPhone 6 – AppleInsider (Feb 23, 2017)
This is the same firm that was recently hacked, supposedly exposing some of the tools it uses to crack iPhones, and now it’s boasting that it can crack iPhone 6 models in addition to the earlier models it has long been able to crack. I’ve still never seen any kind of official commentary on the hack of Cellebrite itself, but if that really did happen the fact that the company is getting ever better at hacking iPhones while leaving itself open to hacking should be worrying to lots of people. And if US law enforcement is still regularly paying Cellebrite to do this work without ensuring that it is able to keep the hacks secure, then it shares part of the blame by funding this work which ultimately puts regular users at risk.
Court Rules Google Has to Hand Over Data in Contradiction to Recent Microsoft Ruling – The Register (Feb 4, 2017)
The recent ruling in the ongoing case involving Microsoft and customer data stored outside the US had at least temporarily provided some reassurance that the big tech companies’ stance on this issue would be upheld in court. However, a new court in a different part of the US has now ruled the other way, though its rationale for ruling differently is that Google manages its data and data centers differently from Microsoft. This is a blow to the big tech companies who’ve fought to keep their overseas data centers (and the data held there on non-US customers) off limits for US law enforcement, but the Microsoft case was likely to go to the Supreme Court anyway. Hopefully, the court will rule in such a way that provides clarity not just in the Microsoft case but more broadly on this question.