Group items tagged

Pending before federal magistrate judge James Orenstein is the government’s request for an order obligating Apple, Inc. to unlock an iPhone and thereby assist prosecutors in decrypting data the government has seized and is authorized to search pursuant to a warrant. In an order questioning the government’s purported legal basis for this request, the All Writs Act of 1789 (AWA), Judge Orenstein asked Apple for a brief informing the court whether the request would be technically feasible and/or burdensome. After Apple filed, the court asked it to file a brief discussing whether the government had legal grounds under the AWA to compel Apple’s assistance. Apple filed that brief and the government filed a reply brief last week in the lead-up to a hearing this morning.

We’ve long been concerned about whether end users own software under the law. Software owners have rights of adaptation and first sale enshrined in copyright law. But software publishers have claimed that end users are merely licensees, and our rights under copyright law can be waived by mass-market end user license agreements, or EULAs. Over the years, Granick has argued that users should retain their rights even if mass-market licenses purport to take them away. The government’s brief takes advantage of Apple’s EULA for iOS to argue that Apple, the software publisher, is responsible for iPhones around the world. Apple’s EULA states that when you buy an iPhone, you’re not buying the iOS software it runs, you’re just licensing it from Apple. The government argues that having designed a passcode feature into a copy of software which it owns and licenses rather than sells, Apple can be compelled under the All Writs Act to bypass the passcode on a defendant’s iPhone pursuant to a search warrant and thereby access the software owned by Apple. Apple’s supplemental brief argues that in defining its users’ contractual rights vis-à-vis Apple with regard to Apple’s intellectual property, Apple in no way waived its own due process rights vis-à-vis the government with regard to users’ devices. Apple’s brief compares this argument to forcing a car manufacturer to “provide law enforcement with access to the vehicle or to alter its functionality at the government’s request” merely because the car contains licensed software. 

This is an interesting twist on the decades-long EULA versus users’ rights fight. As far as we know, this is the first time that the government has piggybacked on EULAs to try to compel software companies to provide assistance to law enforcement. Under the government’s interpretation of the All Writs Act, anyone who makes software could be dragooned into assisting the government in investigating users of the software. If the court adopts this view, it would give investigators immense power. The quotidian aspects of our lives increasingly involve software (from our cars to our TVs to our health to our home appliances), and most of that software is arguably licensed, not bought. Conscripting software makers to collect information on us would afford the government access to the most intimate information about us, on the strength of some words in some license agreements that people never read. (And no wonder: The iPhone’s EULA came to over 300 pages when the government filed it as an exhibit to its brief.)

Saudi Arabia is the world’s largest source of funds for Islamist militant groups such as the Afghan Taliban and Lashkar-e-Taiba – but the Saudi government is reluctant to stem the flow of money, according to Hillary Clinton. “More needs to be done since Saudi Arabia remains a critical financial support base for al-Qaida, the Taliban, LeT and other terrorist groups,” says a secret December 2009 paper signed by the US secretary of state. Her memo urged US diplomats to redouble their efforts to stop Gulf money reaching extremists in Pakistan and Afghanistan.

“Donors in Saudi Arabia constitute the most significant source of funding to Sunni terrorist groups worldwide,” she said. Three other Arab countries are listed as sources of militant money: Qatar, Kuwait and the United Arab Emirates. The cables highlight an often ignored factor in the Pakistani and Afghan conflicts: that the violence is partly bankrolled by rich, conservative donors across the Arabian Sea whose governments do little to stop them. The problem is particularly acute in Saudi Arabia, where militants soliciting funds slip into the country disguised as holy pilgrims, set up front companies to launder funds and receive money from government-sanctioned charities. One cable details how the Pakistani militant outfit Lashkar-e-Taiba, which carried out the 2008 Mumbai attacks, used a Saudi-based front company to fund its activities in 2005. Meanwhile officials with the LeT’s charity wing, Jamaat-ud-Dawa, travelled to Saudi Arabia seeking donations for new schools at vastly inflated costs – then siphoned off the excess money to fund militant operations. Militants seeking donations often come during the hajj pilgrimage – “a major security loophole since pilgrims often travel with large amounts of cash and the Saudis cannot refuse them entry into Saudi Arabia”. Even a small donation can go far: LeT operates on a budget of just $5.25m (£3.25m) a year, according to American estimates.

Saudi officials are often painted as reluctant partners. Clinton complained of the “ongoing challenge to persuade Saudi officials to treat terrorist funds emanating from Saudi Arabia as a strategic priority”. Washington is critical of the Saudi refusal to ban three charities classified as terrorist entities in the US. “Intelligence suggests that these groups continue to send money overseas and, at times, fund extremism overseas,” she said. There has been some progress. This year US officials reported that al-Qaida’s fundraising ability had “deteriorated substantially” since a government crackdown. As a result Bin Laden’s group was “in its weakest state since 9/11” in Saudi Arabia. Any criticisms are generally offered in private. The cables show that when it comes to powerful oil-rich allies US diplomats save their concerns for closed-door talks, in stark contrast to the often pointed criticism meted out to allies inPakistan and Afghanistan. Instead, officials at the Riyadh embassy worry about protecting Saudi oilfields from al-Qaida attacks. The other major headache for the US in the Gulf region is the United Arab Emirates. The Afghan Taliban and their militant partners the Haqqani network earn “significant funds” through UAE-based businesses, according to one report. The Taliban extort money from the large Pashtun community in the UAE, which is home to 1 million Pakistanis and 150,000 Afghans. They also fundraise by kidnapping Pashtun businessmen based in Dubai or their relatives.

As the Obama administration campaign to stop the commercialization of strong encryption heats up, National Security Agency whistleblower Edward Snowden is firing back on behalf of the companies like Apple and Google that are finding themselves under attack. “Technologists and companies working to protect ordinary citizens should be applauded, not sued or prosecuted,” Snowden wrote in an email through his lawyer. Snowden was asked by The Intercept to respond to the contentious suggestion — made Thursday on a blog that frequently promotes the interests of the national security establishment — that companies like Apple and Google might in certain cases be found legally liable for providing material aid to a terrorist organization because they provide encryption services to their users.

In his email, Snowden explained how law enforcement officials who are demanding that U.S. companies build some sort of window into unbreakable end-to-end encryption — he calls that an “insecurity mandate” — haven’t thought things through. “The central problem with insecurity mandates has never been addressed by its proponents: if one government can demand access to private communications, all governments can,” Snowden wrote. “No matter how good the reason, if the U.S. sets the precedent that Apple has to compromise the security of a customer in response to a piece of government paper, what can they do when the government is China and the customer is the Dalai Lama?”

Weakened encryption would only drive people away from the American technology industry, Snowden wrote. “Putting the most important driver of our economy in a position where they have to deal with the devil or lose access to international markets is public policy that makes us less competitive and less safe.”

Now that the United States government has cracked open an iPhone that belonged to a gunman in the San Bernardino, Calif., mass shooting without Apple’s help, the tech company is under pressure to find and fix the flaw.But unlike other cases where security vulnerabilities have cropped up, Apple may face a higher set of hurdles in ferreting out and repairing the particular iPhone hole that the government hacked.The challenges start with the lack of information about the method that the law enforcement authorities, with the aid of a third party, used to break into the iPhone of Syed Rizwan Farook, an attacker in the San Bernardino rampage last year. Federal officials have refused to identify the person, or organization, who helped crack the device, and have declined to specify the procedure used to open the iPhone. Apple also cannot obtain the device to reverse-engineer the problem, the way it would in other hacking situations.

A federal judge in New York ruled in favor of Apple on Monday, saying that an obscure Colonial-era law did not authorize him to force the firm to lift data from an iPhone at the government’s request. The ruling is not binding in any other court, but it takes on an outsize importance as the U.S. government battles Apple in a separate case in California over whether the tech firm should help unlock a phone used by one of the shooters in the San Bernardino terrorist attack in December. The two cases involve different versions of iPhone’s operating system and vastly different requests for technical help, but they both turn on whether a law from 1789 known as the All Writs Act can be applied to cases in which the government cannot get at encrypted data stored on suspects’ devices. Magistrate Judge James Orenstein in Brooklyn, who sits in the Eastern District of New York, has become the first federal judge to rule that the act does not permit a court to order companies to pull encrypted data off a customer’s phone or tablet.

In a 50-page opinion disdainful of the government’s arguments, Orenstein found that the All Writs Act does not apply in instances where Congress had the opportunity but failed to create an authority for the government to get the type of help it was seeking, such as having firms ensure they have a way to obtain data from encrypted phones.

He wrote that the government’s interpretation of the 200-year-old law was “absurd” in that it would authorize what they were seeking even if every member of Congress had voted against granting such authority. It would, he added, undermine “the more general protection against tyranny that the Founders believed required the careful separation of governmental powers.” [Read the magistrate’s order in favor of Apple] He also found that ordering Apple to help the government by extracting data from the iPhone — which belonged to a drug dealer — would place an unreasonable burden on the company. None of the factors he reviewed in the case, Orenstein said, “justifies imposing on Apple the obligation to assist the government’s investigation against its will.”

Shortly before the US announcement of its decision to suspend talks with Russia on the ‘cessation of hostilities’ agreement reached by US Secretary State Kerry and Russian Foreign Minister Lavrov on 9th September 2016, a clearly well-sourced article setting out US options was published by Reuters. This article was clearly written on the basis of information provided by senior officials of the US government.  It confirms that “staff level” discussions are underway in the US in light of the collapse of the Kerry-Lavrov agreement and the Syrian army’s advances in Aleppo, though as of the date of publication of the Reuters article (29th September 2016) no suggestions of what to do had been made to Obama. Here is a list of the options apparently being considered (1) “supporting rebel counter attacks elsewhere with additional weaponry or even air strikes, which “might not reverse the tide of battle, but might cause the Russians to stop and think””; (2) “a U.S. air strike on a Syrian air base far from the fighting between Assad’s troops and rebel forces in the north” (the Syrian air base in question is probably the one at Deir Ezzor); (3) “sending more U.S. special operations forces to train and advise Kurdish and Syrian rebel groups”; (4) “deploying additional American and allied naval and airpower to the eastern Mediterranean, where a French aircraft carrier is already en route”.

Apparently the idea of supplying more shoulder held surface to air missiles to the Jihadis has been ruled out because “the Obama administration fears (they) could fall into the hands of Islamic State militants or al Qaeda-linked groups”. As for the idea of a no-fly zone (“a humanitarian airlift to rebel-held areas (NB: this almost certain refers to Aleppo – AM), which would require escorts by U.S. warplanes”) this has apparently been deemed “too risky” and has been “moved down the list”. This list of options exposes how completely out of options the US really is. 

Options (1) and (2) cannot influence the course of the fighting in Aleppo and US officials apparently admit as much.  On past experience option (1) is less likely to make the Russians “stop and think” than to make them more determined and more angry.  Option (3) is a case of more of the same.  The US has been doing this for years without achieving any results.  Option (4) is essentially symbolic unless it is intended to prepare the way for the declaration of a no-fly zone, which however US officials seem to be ruling out. If reports are to be believed the Russians may be taking more steps to guard against the possibility of the US declaring a no-fly zone.  Fox News is reporting US officials as saying that the Russians have reinforced the S400 anti aircraft missile system they have already deployed to Syria with a number of advanced S-300VM “Antey-2500″ anti aircraft systems.  Whilst the Russians have not confirmed this report, if it is true then it makes any US attempt to impose a no-fly zone even more risky.  A sign that the report probably is true is that the Kremlin is pointedly failing to deny it. The Russians have also pointedly reminded the US that they know the whereabouts of all US military personnel in Syria, including presumably those supposedly present in the various Jihadi headquarters (or “operations rooms”) existing in the country. 

Sub Categories: » HOMEPAGE / WORLD/ MIDEASTSaturday,December 12 2015, Your time is 1:49:10 AMMIDEAST >Putin orders military to take tough action against threats in Syria MOSCOW - Agence France-PressePrint Page Send to friend » Share on FacebookRussian President Vladimir Putin addresses the audience during an annual meeting at the Defence Ministry in Moscow, Russia, December 11, 2015. REUTERS PhotoPresident Vladimir Putin on Dec. 11 ordered his forces in Syria to take tough action against any threats, speaking two weeks after Turkey shot down a Russian warplane in the war-torn country."I order you to act as tough as possible," he told a defence meeting in televised remarks.     "Any targets threatening the Russian grouping or our land infrastructure should be immediately destroyed."   "I would like to warn those who would once again try to organise some sort of provocations against our servicemen," he said in a thinly veiled threat to Ankara.

Putin's call for a tougher military response is also likely to cause concern among monitors who have repeatedly accused Russia of conducting an indiscriminate bombing campaign and killing civilians in Syria.   Russia has been carrying out air strikes in the war-ravaged nation at the request of President Bashar al-Assad since the end of September, while a US-led coalition is conducting its own campaign targeting the Islamic State of Iraq and the Levant (ISIL).      Earlier this week Russia said it hit IS targets with missiles fired from a submarine in the Mediterranean for the first time since launching the campaign on September 30.     Putin rejected claims that Russia is using the Syrian campaign, which also saw the military fire off cruise missiles from warships in the Caspean Sea, to showcase its top weapons to the West.   "Our actions there are not guided by some unclear abstract geopolitical interests, nor are they guided by a desire to practice and test new weapons systems which is of course important in itself," Putin said at the defence meeting.   "The most important thing is not this. The most important thing is to prevent the threat to Russia itself."   Defence Minister Sergei Shoigu, for his part, said ISIL jihadists now control 70 percent of Syrian territory, putting their number at 60,000.

If the U.S. Department of Justice asks a New York court to force Apple Inc to unlock an iPhone, the technology company could push the government to reveal how it accessed the phone which belonged to a shooter in San Bernardino, a source familiar with the situation said.The Justice Department will disclose over the next two weeks whether it will continue with its bid to compel Apple to help access an iPhone in a Brooklyn drug case, according to a court filing on Tuesday.The Justice Department this week withdrew a similar request in California, saying it had succeeded in unlocking an iPhone used by one of the shooters involved in a rampage in San Bernardino in December without Apple's help.The legal dispute between the U.S. government and Apple has been a high-profile test of whether law enforcement should have access to encrypted phone data.

Apple, supported by most of the technology industry, says anything that helps authorities bypass security features will undermine security for all users. Government officials say that all kinds of criminal investigations will be crippled without access to phone data.Prosecutors have not said whether the San Bernardino technique would work for other seized iPhones, including the one at issue in Brooklyn. Should the Brooklyn case continue, Apple could pursue legal discovery that would potentially force the FBI to reveal what technique it used on the San Bernardino phone, the source said. A Justice Department representative did not have immediate comment.

The latest leaks from WikiLeaks' Vault 7 is titled “Dark Matter” and claims that the CIA has been bugging “factory fresh” iPhones since at least 2008 through suppliers.

And here is the full press release from WikiLeaks: Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.   Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.   "DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.   Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.   Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.   While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

The U.S. National Security Agency has the ability to snoop on nearly every communication sent from an Apple iPhone, according to leaked documents shared by security researcher Jacob Appelbaum and German news magazine Der Spiegel.  An NSA program called DROPOUTJEEP allows the agency to intercept SMS messages, access contact lists, locate a phone using cell tower data, and even activate the device’s microphone and camera. 

According to leaked documents, the NSA claims a 100 percent success rate when it comes to implanting iOS devices with spyware. The documents suggest that the NSA needs physical access to a device to install the spyware—something the agency has achieved by rerouting shipments of devices purchased online—but a remote version of the exploit is also in the works. Appelbaum says that presents one of two possibilities: “Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves,” Appelbaum said at the Chaos Communication Conference in Hamburg, Germany. 

“Do you think Apple helped them with that?” Appelbaum asked. “I hope Apple will clarify that.”

Tech giants including Apple, Facebook and Google called for substantial reforms to the US government's surveillance programmes Thursday in a letter to the Senate judiciary committee.In the wake of more revelations about the lengths to which the National Security Agency has gone to intercept data, the companies have called for more transparency and "substantial enhancements to privacy protections and appropriate oversight and accountability mechanisms for those programs."The letter, also signed by AOL, Microsoft and Yahoo, follows the release of more documents obtained by former NSA contractor Edward Snowden that reveal the US authorities were secretly tapping in to the tech firm's main communications links.The letter "applauds" the USA Freedom Act, a bill sponsored by Democrat senator Patrick Leahy and Republican congressman James Sensenbrenner that would end the bulk collection of data from millions of Americans and set up a privacy advocate to monitor the Fisa court, which oversees the NSA's US activities.

In a recent report the Information Technology and Innovation Foundation (ITIF) said the US tech firms could end up losing out on tens of billions of dollars in the cloud-based computing space in the wake of Snowden's revelations. Cloud computing is a rapidly growing area and revelations that the US authorities have been scooping up the personal data of millions of users, particularly outside the US, could cost them business."On the low end, US cloud computing providers might lose $21.5bn over the next three years," ITIF concluded. On the high end the report put the figure at $35bn.

Security researcher Jacob Appelbaum dropped a bombshell of sorts earlier this week when he accused American tech companies of placing government-friendly backdoors in their devices. Now Texas-based Dell Computers is offering an apology. Or to put it more accurately, Dell told an irate customer on Monday that they “regret the inconvenience” caused by selling to the public for years a number of products that the intelligence community has been able to fully compromise in complete silence up until this week. Dell, Apple, Western Digital and an array of other Silicon Valley-firms were all name-checked during Appelbaum’s hour-long presentation Monday at the thirtieth annual Chaos Communication Congress in Hamburg, Germany. As RT reported then, the 30-year-old hacker-cum-activist unveiled before the audience at the annual expo a collection of never-before published National Security Agency documents detailing how the NSA goes to great lengths to compromise the computers and systems of groups on its long list of adversaries.

Spreading viruses and malware to infect targets and eavesdrop on their communications is just one of the ways the United States’ spy firm conducts surveillance, Appelbaum said. Along with those exploits, he added, the NSA has been manually inserting microscopic computer chips into commercially available products and using custom-made devices like hacked USB cables to silently collect intelligence. One of the most alarming methods of attack discussed during his address, however, comes as a result of all but certain collusion on the part of major United States tech companies. The NSA has information about vulnerabilities in products sold by the biggest names in the US computer industry, Appelbaum said, and at the drop off a hat the agency has the ability of launching any which type of attack to exploit the flaws in publically available products.

The NSA has knowledge pertaining to vulnerabilities in computer servers made by Dell and even Apple’s highly popular iPhone, among other devices, Appelbaum told his audience. “Hey Dell, why is that?” Appelbaum asked. “Love to hear your statement about that.”

Verizon is the latest big company to enter the post-Snowden market for secure communication, and it's doing so with an encryption standard that comes with a way for law enforcement to access ostensibly secure phone conversations.Verizon Voice Cypher, the product introduced on Thursday with the encryption company Cellcrypt, offers business and government customers end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app. The encryption software provides secure communications for people speaking on devices with the app, regardless of their wireless carrier, and it can also connect to an organization's secure phone system. Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they're able to prove that there's a legitimate law enforcement reason for doing so. Seth Polansky, Cellcrypt's vice president for North America, disputes the idea that building technology to allow wiretapping is a security risk. "It's only creating a weakness for government agencies," he says. "Just because a government access option exists, it doesn't mean other companies can access it." 

Phone carriers like Verizon are required by U.S. law to build networks that can be wiretapped. But the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law.

Other companies have designed their encryption in this way, including AT&T, which offers encrypted phone service for business customers. Apple and Android recently began protecting content stored on users's phones in a way that would keep the tech companies from being able to comply with requests from law enforcement. The move drew public criticism from FBI Director James Comey, and some security experts expect that a renewed effort to stir passage of legislation banning such encryption will accompany Silicon Valley's increased interest in developing these services. Verizon believes major demand for its new encryption service will come from governmental agencies conveying sensitive but unclassified information over the phone, says Tim Petsky, a senior product manager for Verizon Wireless. Corporate customers who are concerned about corporate espionage are also itching for answers. "You read about breaches in security almost every week in the press," says Petsky. "Enterprise customers have been asking about ways to secure their communications and up until this point, we didn't have a solution." 

ESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept. The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released. By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

The CIA declined to comment for this story. The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store. The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode. Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “keylogger.”

Other presentations at the CIA conference have focused on the products of Apple’s competitors, including Microsoft’s BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows. The revelations that the CIA has waged a secret campaign to defeat the security mechanisms built into Apple’s devices come as Apple and other tech giants are loudly resisting pressure from senior U.S. and U.K. government officials to weaken the security of their products. Law enforcement agencies want the companies to maintain the government’s ability to bypass security tools built into wireless devices. Perhaps more than any other corporate leader, Apple’s CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies. “If U.S. products are OK to target, that’s news to me,” says Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”

The European data protection activists behind the Europe v Facebook (evf) campaign group, that has long been a thorn in Facebook’s side in Europe, have filed new complaints under regional data protection law targeting Facebook, Apple, Microsoft, Skype and Yahoo for their alleged collaboration with the NSA’s Prism data collection program. The student activist organisation is targeting the European subsidiaries of these five U.S. companies, arguing that their corporate structure means they fall fully under European privacy laws despite being U.S. headquartered companies. And yet, being as they are U.S. companies, they are required to comply with U.S. surveillance laws — putting them in the “tricky” situation of having to comply with potentially conflicting legal requirements. It’s that legal conflict evf is now probing.

Evf takes the view that the law needs clarifying — and it using these new data protection complaints as the vehicle to obtain clarification from the various regional data protection agencies. Facebook and Apple; Microsoft and Skype; and Yahoo have subsidiaries in Ireland, Luxembourg and Germany respectively. ”We want a clear statement by the authorities if a European company may simply give foreign intelligence agencies access to its customer data. If this turns out to be legal, then we might have to change the laws,” noted evf speaker, Max Schrems, in a statement. The key question, as evf sees it, is whether “mass transfer” of personal data from to a foreign intelligence agency is legal under European law.  ”Many journalists have asked us in recent weeks if PRISM is legal from a EU perspective. We have looked at that a little closer. The result was – after consulting with legal experts – that it is very likely illegal under EU data protection laws, because of the corporate structure of the companies,” added Schrems. Google and YouTube have not been included in this first round of evf complaints being as they have a different corporate structure that does not include European subsidiaries. However it notes they do have datacenters in European countries, which will give evf a route to filing Prism-related data protection complaints against both at a later date.

Writing in a press notice announcing its new action, evf added: If a European subsidiary sends user data to the American parent company, this is considered an “export” of personal data. Under EU law, an export of data is only allowed if the European subsidiary can ensure an “adequate level or protection” in the foreign country. After the recent disclosures on the “PRISM” program such trust in an “adequate level of protection” by the involved companies can hardly be upheld. There can in no way be an adequate level of protection if they cooperate with the NSA on the other end of the line. Right now an export of data to the US must be seen as illegal if the involved companies cannot disprove the reports on the PRISM program. According to evf, the subsidiaries being targeted by these complaints have “the burden of proof” — to either “credibly assure” that the Prism program is a hoax, or “explain how mass access by a foreign intelligence agency interplays with EU data protection laws”. Evf cites a 2006 case precedent involving payment processor SWIFT which had forwarded transaction details to U.S. authorities. In that case it says a group of EU data protection authorities decided that such a mass data transfer is illegal under EU law, leading to SWIFT to move European data to a server in Switzerland. The case also led to an agreement between the U.S. and the EU on the use of payment data to combat crime.

"When NSA whistleblower Edward Snowden came forth last year with U.S. government spying secrets, it didn't take long to realize that some of the information revealed could bring on serious repercussions — not just for the U.S. government, but also for U.S.-based companies. The latest to feel the hit? None other than Apple, and in a region the company has been working hard to increase market share: China. China, via state media, has today declared that Apple's iPhone is a threat to national security — all because of its thorough tracking capabilities. It has the ability to keep track of user locations, and to the country, this could potentially reveal "state secrets" somehow. It's being noted that the iPhone will continue to track the user to some extent even if the overall feature is disabled. China's iPhone ousting comes hot on the heels of Russia's industry and trade deeming AMD and Intel processors to be untrustworthy. The nation will instead be building its own ARM-based "Baikal" processor.

(Reuters) - Apple Inc <AAPL.O> on Thursday struck back in court against a U.S. government request to unlock an encrypted iPhone belonging to one of the San Bernardino shooters, arguing such a move would violate its free speech rights and require the company to devote significant resources to comply.

Read the brief: