FBI director wants access to encrypt Apple, Google users’ data, demands law ‘fix’

Screen Shot 2014-10-18 at 12.33.13 PM

The FBI director has slammed Apple and Google for offering their customers encryption technology that protects users’ privacy. “Deeply concerned” James Comey wants to push on Congress to “fix” laws to ensure police can still access private data.

“It’s the equivalent of a closet that can’t be opened. A safe that can’t be cracked,” Comey, speaking at the Brookings Institute in Washington DC, referred to the encryption technology calling the new service “a marketing pitch.”

“But it will have very serious consequences for law enforcement and national security agencies at all levels,” he warned.

Apple has recently presented its latest Mac OS X operating system for desktop and laptop computers, encouraging its customers to use FileVault disk encryption technology to keep their data secure. The tool would also prevent NSA or FBI from having access to phones and computers.

Google said it wanted to follow suit with its Android operating system and “encryption will be enabled by default.”

If a customer does not decline the encryption offer, his or her computer or phone will be locked.

This means that the companies will not be able to unlock a phone or a hard drive to reveal photos, documents, e-mail or recordings stored within.

“Criminals and terrorists would like nothing more than for us to miss out,” Comey said, adding that encrypted information on “a bad guy’s phone has the potential to create a black hole for law enforcement.”

“Justice may be denied because of a locked phone or an encrypted hard drive,” he said.

READ MORE: Mass internet surveillance is ‘corrosive of online privacy’ – UN report

While law enforcements would still be able to intercept conversations, it would be impossible to access call data, contacts, photos and emails.

Comey believes that “encryption threatens to lead all of us to a very dark place,” while the companies argue that it is a necessary option that will protect customers from unlawful surveillance and private data access.

Edward Snowden’s revelations have provoked the US tech companies to find better protection for personal information.

Comey acknowledged: “The post-Snowden pendulum has swung too far in one direction—in a direction of fear and mistrust.”

“Some believe that the FBI has these phenomenal capabilities to access any information at any time—that we can get what we want, when we want it, by flipping some sort of switch,” he said. “It may be true in the movies or on TV. It is simply not the case in real life.”

The FBI director would like to see changes made to the Communications Assistance for Law Enforcement Act, or CALEA, “enacted 20 years ago—a lifetime in the internet age.”

Companies like Apple or Google, should be required to build lawful intercept capabilities for law enforcement, Comey says.

“We aren’t seeking to expand our authority to intercept communications,” he said. “We are struggling to keep up with changing technology and to maintain our ability to actually collect the communications we are authorized to intercept.”

CALEA only covers landline and cellphone companies, broadband services or internet phone services, which connect with traditional phones.

“We also need a regulatory or legislative fix,” Comey said, “so that all communication service providers are held to the same standard.”

Comey’s speech was not the first time he lashed out at Apple and Google for encrypting smartphones. In September, he told reporters in Washington that the encrypting technology offered by the companies, powering nearly 95 percent of the smart phones in the United States, severely hinder law enforcement operations.

FBI DIRECTOR: IF APPLE AND GOOGLE WON’T DECRYPT PHONES, WE’LL FORCE THEM TO

Capture

Comey went ballistic on Apple and Google’s decision to make everything more private

Everyone is stoked that the latest versions of iOS and Android will (finally) encrypt all the information on your smartphone by default. Except, of course, the FBI: Today, its director spent an hour attacking the companies and the very idea of encryption, even suggesting that Congress should pass a law banning the practice of default encryption.

It’s of course no secret that James Comey and the FBI hate the prospect of “going dark,” the idea that law enforcement simply doesn’t have the technical capability to track criminals (and the average person) because of all those goddamn apps, encryption, wifi network switching, and different carriers.

ENCRYPTION THREATENS TO LEAD ALL OF US TO A VERY DARK PLACE
It’s a problem that the FBI has been dealing with for too long (in Comey’s eyes, at least). Today, Comey went ballistic on Apple and Google’s recent decision to make everything just a little more private.

“Encryption isn’t just a technical feature; it’s a marketing pitch … it’s the equivalent of a closet that can’t be opened. A safe that can’t be cracked. And my question is, at what cost?” Comey said. “Both companies [Apple and Google] are run by good people, responding to what they perceive is a market demand. But the place they are leading us is one we shouldn’t go to without careful thought and debate.”

In a tightly moderated speech and discussion at the Brookings Institution—not one technical expert or privacy expert was asked to participate; however, several questions from the audience came from privacy-minded individuals—Comey railed on the “post-Snowden” world that has arisen since people began caring about their privacy.

CONGRESS MIGHT HAVE TO FORCE THIS ON COMPANIES
Comey’s speech and thinking was out-of-touch and off on many levels: He continually referred to potential “bad guys” as the only ones using encryption, and suggested that, with default encryption, people who are wrongly arrested won’t be able to unlock data within their phones that could exonerate them.

Comey also said, in all seriousness, that the FBI has “FOMO” on catching predators, just like the kids.

“With Going Dark, those of us in law enforcement and public safety have a major fear of missing out—missing out on predators who exploit the most vulnerable among us … kids call this FOMO,” he said.

Comey kept referring to the “debate” and “national conversation” that needs to be had regarding widespread encryption. That conversation, in Comey’s mind, should stop and start with the idea that there must be a “front door” means for the FBI, NSA, and other law enforcement agencies to blast through encryption. In other words, companies should be “developing [law enforcement] intercept solutions during the design phase,” a proposition that, beyond making encryption useless, is potentially not even technically feasible.

“Congress might have to force this on companies,” he said. “Maybe they’ll take the hint and do it themselves.”

Comey repeatedly noted that Apple and Google are simply responding to the “market” and consumer demand, as any good capitalist company would do. But he noted that encryption is not really what people should want, lest the “bad guys” win.

“If the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place,” he said. “Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction—in a direction of fear and mistrust.”

It’s absolutely worth noting that this out-of-control pendulum has so corrupted the thinking of the people that Congress has found it prudent to not pass a single law, not do a single thing, to reign in government mass surveillance, despite Comey’s goal of real-time interception essentially amounting to the ability to peek into anyone’s phone as they use it.

“It might be time to ask: Where are we, as a society? Are we no longer a country governed by the rule of law, where no one is above or beyond that law?,” he said, without irony. “Are we so mistrustful of government—and of law enforcement—that we are willing to let bad guys walk away?”

It also might be time to ask: Are the people chosen to run our law enforcement agencies so out of touch with the American people that they believe that only “bad guys” want privacy?

FBI director lashes out at Apple, Google for encrypting smartphones

Screen Shot 2014-09-27 at 12.27.54 PM
The companies responsible for powering nearly 95 percent of the smart phones in the United States say they’re embracing encryption for the sake of their customers’ privacy, and that’s concerning to the head of the FBI.

On Thursday this week, FBI Director James Comey attacked recent reports regarding both Apple and Google’s efforts to provide customers of their respective operating systems with the ability to secure data with encryption unlike anything previously available for mainstream mobile devices: Apple claims that even its own Palo Alto, California engineers can’t crack into locked phones running the iOS 8 platform released this month, and Google says its new Android devices will offer data encryption by default.

Speaking to reporters during a briefing in Washington on Thursday, Comey outright complained about the companies’ announcements and insisted that their efforts will severely hinder law enforcement operations.

“There will come a day — well it comes every day in this business — when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper’s or a terrorist or a criminal’s device,” the Huffington Post quoted Comey as saying. “I just want to make sure we have a good conversation in this country before that day comes.”

“I’d hate to have people look at me and say, ‘Well how come you can’t save this kid,’ ‘how come you can’t do this thing,’” he added.

Unfortunately for the Obama-appointed head of the FBI, however, that day may have already come and gone, at least with respect to Apple. Upon release of the company’s latest operating system last week, Apple said in a statement that “personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes and reminders is placed under the protection of your passcode,” adding, “Apple cannot bypass your passcode and therefore cannot access this data.”

“So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8,” Apple said.

Reuters / Adrees Latif Reuters / Adrees Latif

On Sept. 18, Google announced they’d be adopting now security-minded practices as well. “For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement,” spokeswoman Niki Christoff said to the Post. “As part of our next Android release, encryption will be enabled by default out of the box, so you won’t even have to think about turning it on.”

According to a recent study conducted by digital pollsters comScore, Android and Apple control a 52.1 percent and 41.9 percent share of the market, respectively, with regards to operating systems in the US as of May 2014.

Big names from within the FBI and Justice Department at large have previously spoken out about the federal government’s desire to eavesdrop on conversations conducted in the digital realm, be it on websites or with text messages sent between cell phones, but Comey’s latest remarks may be the most direct yet to come from an individual as high up in the executive branch.

“I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the content of anyone’s closet or their smart phone,” HuffPo quoted Comey. “The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense.”

“Google is marketing their Android the same way: Buy our phone and law-enforcement, even with legal process, can never get access to it,” he said.

Reuters / Beck DiefenbachReuters / Beck Diefenbach

According to the Washington Post, Comey told reporter that he said he could not understand why companies would “market something expressly to allow people to place themselves beyond the law” — a quip that quickly attracted criticism.

“Um, what ‘law’ is that?” Hanni Fakhoury, a former federal public defender who currently works as a staff attorney for the Electronic Frontier Foundation, tweeted on Thursday.

“It’s disappointing that the FBI has chosen to focus on examples where encryption might potentially slow hypothetical investigations, while ignoring the fact that strong, reliable encryption is the only way we have to prevent a wide range of very real and very serious crimes,” Matt Blaze, a computer security researcher and professor at the University of Pennsylvania, told the Associated Press. “We rely on smartphones to manage and protect more and more aspects of our business, personal and financial lives.”

Indeed, the American Civil Liberties Union’s chief technologist, Christopher Soghoian, wrote on Twitter on Thursday that “it wasn’t so long ago that top FBI officials were advising people to encrypt data to protect it from hackers,” along with a link to remarks made by then-FBI Executive Assistant Director Shawn Henry about “some of the most critical threats facing our nation” in 2011.

Screen Shot 2014-09-27 at 12.30.02 PM
“Managing the consequences of a cyberattack entails minimizing the harm that results when an adversary does break into a system,” Henry said at the time. “An example would be encrypting data so the hacker can’t read it, or having redundant systems that can readily be reconstituted in the event of an attack.”

In the three years since those remarks were first made, however, the revelations concerning the US National Security Agency’s widespread surveillance programs has prompted an increasing amount of people worldwide to adopt standards intended to protect themselves against eavesdroppers, be they government agents or otherwise. Leaked NSA documents have shown that government agencies have adopted spy practices that may range from tapping into data sent to Google’s massive server warehouses to breaking into iPhones with a 100 percent success rate, the likes of which have been attributed with the marketing of ultra-secure mobile devices as well as a surge in the number of people turning to online anonymity solutions, such as the Tor browser.

As Georgetown University law professor Orin Kerr told the Washington Post, however, the FBI wants to be able to pry into the phones and ergo the lives of Americans — but first with an individualized order, and not a blanket issue like the kind that lets the NSA sweep up phones records of millions of Americans on a regular basis.

“The outrage is directed at warrantless mass surveillance, and this is a very different context. It’s searching a device with a warrant,” Kerr told the paper.

Earlier this year in July, the US Supreme Court ruled that police, in most circumstances, must get a search warrant before they can scoop up data from cellphones. Los Angeles Police Department Detective Brian Collins told the Washington Post this week that he does forensic analysis on about 30 smartphones a month for the LAPD’s anti-gang and narcotics investigations and fears being unable to further aid law enforcement if Apple, Google and other tech companies increasingly turn towards encryption.

“I’ve been an investigator for almost 27 years,” Collins said, “It’s concerning that we’re beginning to go backwards with this technology.”

“Apple will become the phone of choice for the pedophile,” John J. Escalante, the chief of detectives for Chicago’s police department, added to the paper. “The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.”

Spying and storing: Assange says ‘Google works like NSA’

Capture

WikiLeaks founder Julian Assange equated Google with the National Security Agency and GCHQ, saying the tech giant has become “a privatized version of the NSA,” as it collects, stores, and indexes people’s data. He made his remarks to BBC and Sky News.

“Google’s business model is the spy. It makes more than 80 percent of its money by collecting information about people, pooling it together, storing it, indexing it, building profiles of people to predict their interests and behavior, and then selling those profiles principally to advertisers, but also others,” Assange told BBC.

“So the result is that Google, in terms of how it works, its actual practice, is almost identical to the National Security Agency or GCHQ,” the whistleblower argued.

‘Google deeply involved in US foreign policy’
Google has been working with the NSA “in terms of contracts since at least 2002,” Assange told Sky News.

“They are formally listed as part of the defense industrial base since 2009. They have been engaged with the Prism system, where nearly all information collected by Google is available to the NSA,” Assange said. “At the institutional level, Google is deeply involved in US foreign policy.”

Google has tricked people into believing that it is “a playful, humane organization” and not a “big, bad US corporation,” Assange told BBC. “But in fact it has become just that…it is now arguably the most influential commercial organization.”

“Google has now spread to every country, every single person, who has access to the internet,” he reminded.

Police stand guard during a news conference by WikiLeaks founder Julian Assange at the Ecuadorian embassy in central London August 18, 2014.(Reuters / Toby Melville)Police stand guard during a news conference by WikiLeaks founder Julian Assange at the Ecuadorian embassy in central London August 18, 2014.(Reuters / Toby Melville)

During his interviews, Assange also touched on his own situation at the Ecuadorian embassy in London, where he has been trapped since June 2012, after being offered asylum.

The embassy is watched around the clock by British police who are ready to place Assange under arrest should he attempt to leave.

Assange said that his stay there has impacted his work, as surveillance makes certain tasks very difficult.

“The 7.3 million pounds (US$12 million) of police surveillance admitted outside this embassy. It is a difficult situation. It is not a situation that is easy for [a] national security reporter. You can’t read sources. It is difficult to meet some of my staff because of that surveillance,” he said.

“On the other hand, there are no subpoenas, there are no door knocks in the night, unlike [for] other national security reporters. So in some ways there are benefits to the situation,” Assange noted. “Other people are in more difficult situations. Chelsea Manning for example, who was sentenced last year to 35 years in prison, my alleged co-conspirator.”

Attitude shift
Assange spoke optimistically about recent changes made to Britain’s extradition laws.

“Early this year, the UK passed modifications to ban extradition without charge, to insist on if you want to speak with someone you have to come to the UK or charge them. You can’t just say, ‘I want to speak to that person and I am not willing to use any standard mechanisms.’”

WikiLeaks founder Julian Assange (R) speaks as Ecuador’s Foreign Affairs Minister Ricardo Patino listens, during a news conference at the Ecuadorian embassy in central London August 18, 2014. (Reuters / John Stillwell)WikiLeaks founder Julian Assange (R) speaks as Ecuador’s Foreign Affairs Minister Ricardo Patino listens, during a news conference at the Ecuadorian embassy in central London August 18, 2014. (Reuters / John Stillwell)

Meanwhile, the situation has also been changing in Sweden, with general elections taking place over the weekend. According to Assange, there is a shift in attitude there, which could mean a significant change for him as early as next year.

“The Swedish election was on Sunday. We don’t know yet what the formation of the government will be. It will probably be a center-left government. And there is attitude changes there. We have appeal in Sweden in just two weeks’ time.”

Assange filed an appeal against a Swedish warrant for his arrest earlier in September. His lawyers are arguing that the prosecutors are acting “in gross breach of Swedish law.”

“We argue against the district court’s decision and believe they do not properly take account of the situation,” said Assange’s Swedish attorney, Thomas Olssen, according to Swedish daily Svenska Dagbladet.

The WikiLeaks founder is wanted for questioning in Sweden, for allegedly sexually assaulting two women in Stockholm in 2010.

Assange denies the allegations, but will not travel to Sweden to be questioned because he says the charges are politically motivated for his work with WikiLeaks and he will be extradited to the US. WikiLeaks enraged Washington by publishing thousands of leaked diplomatic cables in 2010.

Meanwhile, Assange has released a new book titled ‘When Google Met WikiLeaks.’ In the book, the WikiLeaks founder describes his vision for the future of the internet and recounts a meeting with Google chairman Eric Schmidt in 2011.

5 MILLION ‘COMPROMISED’ GOOGLE ACCOUNTS LEAKED

Screen Shot 2014-09-10 at 11.16.00 AM

5 million Google account login and password pairs leaked to Russian cyber security internet forum

A database of what appears to be some 5 million login and password pairs for Google accounts has been leaked to a Russian cyber security internet forum. It follows similar leaks of account data for popular Russian web services.

The text file containing the alleged compromised accounts data was published late on Tuesday on the Bitcoin Security board. It lists 4.93 million entries, although the forum administration has since purged passwords from it, leaving only the logins.

The accounts are mostly those of Google users and give access to Gmail mail service, G+ social network and other products of the US-based internet giant. The forum user tvskit, who published the file, claimed that 60 percent of the passwords were valid, with some users confirming that they found their data in the base, reports CNews, a popular Russian IT news website.

Google Russia said it is investigating the alleged leak, adding that it advises customers to use strong passwords and enable two-step login verification to protect their accounts.

The leak comes just days after similar leaks affected Mail.ru and Yandex, both popular Russian internet services. The previous leaks contained 4.66 and 1.26 million accounts respectively.

Both companies said that an overwhelming majority of the accounts listed were either obsolete, suspended for suspicious behavior or non-existent. They insisted that their own databases were not compromised and suggested that the leaked data was accumulated over years through phishing and other forms of hacking attacks on users.