Group items tagged

Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.

Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.

Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.

When it comes to fake Twitter followers, Hillary Clinton is winning the presidential race by a landslide. Clinton has more fake followers and a higher ratio of bogus Twitter fans than any of the other main 2016 presidential contenders, a Vocativ analysis shows. On the other end of the scale, the candidates with the lowest percentage of fake Twitter followers are Donald Trump and Bernie Sanders. Contrary to what one might guess from his reputation for extravagant self-promotion, Trump’s 2.6 million Twitter followers are 90 percent real people. Only 311,388 were deemed fake by the analysis using the tool TwitterAudit. Bernie Sanders was tied for the highest ratio of authentic followers—90 percent of his 300,000-plus followers are real people. Then comes Gov. Jeb Bush with 89% of his followers registering as real. On the bottom of the Twitter list is Clinton, with a whopping 35 percent of her 2.3 million Twitter followers coming up as fake.

TwitterAudit, a social media analysis tool, says on its website that it judges a Twitter account’s authenticity based on its number of tweets, the date of its last tweet and the ratio of its followers to friends. The fake Twitter accounts can be bots, which are accounts run by automated software programming. They can also be accounts created by real people but with an agenda of spreading political advertisements. But under both scenarios, they are certainly not a genuine measure of candidate popularity.

Microsoft has joined forces with Taser to combine the Azure cloud platform with law enforcement management tools.

Taser’s Axon body camera data management software on Evidence.com will run on Azure and Windows 10 devices to integrate evidence collection, analysis, and archival features as set forth by the Federal Bureau of Investigation Criminal Justice Information Services (CJIS) Security Policy. As per the partnership, Taser will utilize Azure’s machine learning and computing technologies to store police data on Microsoft’s government cloud. In addition, redaction capabilities of Taser will be improved which will assist police departments that are subject to bulk data requests. Currently, Taser is operating on Amazon Web Services; however this deal may entice police departments to upgrade their technology, which in turn would drive up sales of Windows 10. This partnership comes after Taser was given a lucrative deal with the Los Angeles Police Department (LAPD) last year, who ordered 7,000 body cameras equipped with 800 Axom body cameras for their officers in response to the recent deaths of several African Americans at the hands of police.

In order to ensure Taser maintains a monopoly on police body cameras, the corporation acquired contracts with police departments all across the nation for the purchase of body cameras through dubious ties to certain chiefs of police. The corporation announced in 2014 that “orders for body cameras [has] soared to $24.6 million from October to December” which represents a 5-fold increase in profits from 2013. Currently, Taser is in 13 cities with negotiations for new contracts being discussed in 28 more. Taser, according to records and interviews, allegedly has “financial ties to police chiefs whose departments have bought the recording devices.” In fact, Taser has been shown to provide airfare and luxury hotels for chiefs of police when traveling for speaking engagements in Australia and the United Arab Emirates (UAE); and hired them as consultants – among other perks and deals. Since 2013, Taser has been contractually bound with “consulting agreements with two such chiefs’ weeks after they retired” as well as is allegedly “in talks with a third who also backed the purchase of its products.”

Several weeks ago, the Project On Government Oversight announced its cautious optimism upon learning the Director of Operational Test & Evaluation (DOT&E) planned to conduct a close air support (CAS) fly-off between the proven A-10 and the yet-to-be proved F-35. The cautious aspect of that optimism has been proven to be warranted. Under questioning by Representative Martha McSally (R-AZ), a former A-10 pilot, F-35 program executive officer Lt. Gen. Christopher Bogdan (USAF) dismissed the idea of a comparative test as irrelevant. The exchange occurred during a House Armed Services subcommittee hearing on updates to the Joint Strike Fighter program. General Bogdan’s remarks echo earlier comments by Air Force Chief of Staff Gen. Mark Welsh, who described the proposed test as a “silly exercise.” Dr. Michael Gilmore, Director of Operational Test & Evaluation, said in late August, “The comparison tests on the close-air support mission will reveal how well the F-35 performs and whether there are gaps, or improvements in capability, compared to the A-10.”

When asked by Rep. McSally to comment about the comparative tests, Lt. Gen. Bogdan acknowledged the F-35 would not do as well as the A-10 in such a test. He smugly compared the test to a decathlete competing against a champion sprinter in a 100 meter race. “I don’t have to run that race to know who is going to win it,” he said. “What I prefer to do is test the F-35 in its close air support role as the Air Force sees the requirements for that mission for the F-35,” the General said. The test envisioned by the Air Force would be conducted in the manner it wants to conduct close air support missions in the future, not in the way decades of experience has proven it must be conducted in order to be effective on the battlefield. The Air Force wants these missions to be conducted from high altitudes using digital communications and precision munitions. In other words, it wants to accomplish the mission only through high-tech means from a distance, rather than getting low to the ground where pilots and ground controllers are able to coordinate in a way which has been used to great effect for decades.

In a recent documentary, an A-10 pilot talked about the sensors available to help them correlate targets on the ground to ensure a precision strike. But in nearly the same breath, he described their shortcomings as well. “That will never replace just looking right, outside of my cockpit and looking at the battlespace. What am I seeing out there, big-picture?” That level of situational awareness only develops when a pilot is able to fly low and slow over the battlefield.  That will be lost by F-35 pilots who will be restricted to much higher altitudes and speed. They will be forced there because, as Michael Gilmore said while testifying at an earlier hearing, “The (F-35) has some vulnerabilities that you would expect a high performance aircraft to have. The A-10 is going to be able to, can take, hits an F-35 couldn’t take.” The United States has already been through this process before and learned painful and expensive lessons by ignoring proven methods of designing effective weapons systems. Pierre Sprey, a veteran of many bureaucratic battles while designing effective aircraft, says the correct approach to this process is to first understand the mission the system is to perform: you’ve “got to start with what really happens in combat,” Sprey said in a recent interview.

Mike Hearn rocked the Bitcoin world when he declared that the digital currency experiment had failed. Hearn, a software developer for Bitcoin, explained several reasons why this cryptocurrency had not been successful. He not only sold off his coins, but he felt compelled to warn the entire digital currency community that the system had reached its limit.

A Detroit judge has ruled against releasing Volkswagen AG manager Oliver Schmidt, who is awaiting trial over the VW emissions scandal in the US. The German national represented a "serious" flight risk, the judge said.

The 48-year-old Schmidt is set to stay in detention until the start of his trial in January 2018, according to the Thursday court ruling. He faces eleven felony counts over accusations that Volkswagen (VW) cheated on emission tests for diesel cars. The fraud and conspiracy charges carry a maximum of 169 years in prison. "The allegations of fraud and conspiracy in this case are very, very serious," said Judge Sean Cox of the US District Court for Eastern Michigan. There was "a serious risk" that Schmidt would not appear before the court if released, he added. Among other things, Schmidt is accused of lying to US officials. He allegedly claimed that technical problems were to blame for discrepancy between diesel emissions in road and laboratory tests. The company later admitted to using a software tool to manipulate the results. Schmidt is one of several VW executives who face charges in the US. He worked as the carmaker's emissions compliance manager. He ran a VW office in Detroit between 2012 and 2015 and later returned to Germany. He was arrested at Miami airport in January 2017 after vacationing in Florida and Cuba. He pleaded not guilty before the Detroit court. Sentence milder in Germany

As the latest installment of it’s ‘Vault 7’ series, WikiLeaks has just dropped a user manual describing a CIA project known as ‘Scribbles’ (a.k.a. the “Snowden Stopper”), a piece of software purportedly designed to allow the embedding of ‘web beacon’ tags into documents “likely to be stolen.” The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon’s creator without being detected. Per WikiLeaks’ press release:

Today, April 28th 2017, WikiLeaks publishes the documentation and source code for CIA’s “Scribbles” project, a document-watermarking preprocessing system to embed “Web beacon”-style tags into documents that are likely to be copied by Insiders, Whistleblowers, Journalists or others. The released version (v1.0 RC1) is dated March, 1st 2016 and classified SECRET//ORCON/NOFORN until 2066. Scribbles is intended for off-line preprocessing of Microsoft Office documents. For reasons of operational security the user guide demands that “[t]he Scribbles executable, parameter files, receipts and log files should not be installed on a target machine, nor left in a location where it might be collected by an adversary.”

The ‘Scribbles’ User Guide explains how the tool generates a random watermark for each document, inserts that watermark into the document, saves all such processed documents in an output directory, and creates a log file which identifies the watermarks inserted into each document. Scribbles can watermark multiple documents in one batch and is designed to watermark several groups of documents.