Apple vs. FBI — What This Case Means for YOU

Bayard & Holmes

~ Piper Bayard & Jay Holmes

and

Guest Author & Information Security professional Chris Magill

The FBI wants Apple to rewrite code for iPhones in order to break into a phone used by one of the San Bernardino terrorists. Apple said no. They are now embroiled in a lawsuit.

On March 1, the FBI admitted exactly WHY it needs Apple’s help. The FBI was in the phone, with access to everything it needed. Then someone at the FBI changed the phone’s password. They forgot the password. Now, the FBI can’t get back in the phone.

In other words, the FBI is asking that it be allowed to gut the constitutional rights of every American in perpetuity because it made a sophomoric boo-boo.

This begs some questions . . .

1)  Why doesn’t the FBI just ask the NSA for the information?

The cat got out of the Snowden bag a few years ago that the NSA collects and stores every electronic communication that takes place in America, including and especially phone communications. Investigating the San Bernardino jihadis and their play pals is EXACTLY why the NSA collects and stores these communications. If the NSA can’t give the information to the FBI, they need to give US citizens a refund of the untold fortunes they have wasted on this data collection. (See Spooks Without Boundaries by Piper Bayard.)

2)  If the NSA for any reason can’t give the FBI the information it needs, why doesn’t the FBI ask Israel or one of the Five Eyes nations?

Again, thanks to the Snowden cat, it is public knowledge that the White House allows Israel and the Five Eyes nations (Canada, UK, NZ, Australia) access to the raw data that the NSA collects on Americans. If the NSA can’t give the FBI the info, we’re sure that for a few shekels, Israel would be happy to find it for them.

3)  What does this lawsuit mean for the American citizen?

To give you the best information possible, we have invited Information Security professional and privacy advocate Chris Magill to answer that question for us . . .

Internet bugs Canstock

Apple vs. the FBI: What This Case Means for YOU

By Chris Magill

Apple and the FBI are currently locked in a struggle over your right to privacy. The Federal government has asked the courts to require Apple to change its code to allow FBI agents to read protected data on an iPhone believed to belong to one of the San Bernardino attackers. It also wants this capability to be applied to all iPhones, even yours.

So, the question becomes should private citizens be allowed communications capabilities which cannot be read by the government?

By law, there already are communications which are protected from government eyes. For example, attorney-client privilege prevents the government from listening in on private conversations when discussing legal strategies. As Americans, we also have the protections of the right to Freedom of Speech and the right to Freedom of Assembly. Allowing government access to our phones without a warrant destroys these rights.

What is cryptography?

Cryptography is a mathematical operation that replaces plain text with scrambled characters that can only be correctly interpreted by someone who holds the secret “key.”

Cryptography has existed for thousands of years. It was a vital means of protecting communications during the Revolutionary War. Thomas Jefferson greatly improved cryptography after the founding of our country when he developed the Wheel Cipher while serving as George Washington’s Secretary of State. Yes, the United States once had a Secretary of State who understood the importance of cryptography. In the iPhone, the iMessage feature encrypts instant messages between recent iPhone versions, making it very difficult to be read by anyone other than the intended recipient, even with access to the device.

What is a backdoor?

A backdoor is an easy-to-decrypt method for governments to read content on devices that would otherwise be very difficult to access.

Think of it as though the Federal Government sought to require you to leave your patio door unlocked in case a police officer needs to access your living room during an investigation. Obviously this would be ridiculous. Only a tiny fraction of homes would ever need to be entered by police, yet everyone would be at risk from criminals entering the unsecured door. Backdoors are a dangerous idea for two reasons. First, they require a known weakness, which can then be exploited by hackers or online thieves. And second, backdoors enable government to bypass the judicial branch to spy on citizens in violation of our rights.

Aren’t bad guys protected by cryptography?

Yes, in the same way that bad guys are protected by the Constitution.

We have constitutional protections against unlawful search and seizure. These protections should also apply to the communications we share and the contents of our devices we rely on in our daily lives. The iPhone isn’t the strongest available way to pass secret messages. A determined adversary will find communications methods that can only be countered by diligent, labor-intensive traditional law enforcement and counterintelligence methods.

I haven’t broken the law, so I have nothing to hide. How does this affect me?

By the 1980s, the Justice Department estimated there were approximately 3,000 criminal offenses spanning more than 23,000 pages of Federal law. Even if you are the best attorney in the world, it’s unlikely you could even know for sure whether you’ve never violated any of them.

If the government decides to prosecute you, they have a huge arsenal of regulations to select from which you will have to defend against. Skilled cyber criminals, spies, and terrorist organizations already have access to encryption that is theoretically unbreakable. The bad guys don’t rely on commercial encryption products in consumer devices.

A government backdoor does not make you any safer from terrorism.

It does make it easier for governments to find and target those who disagree with them. This is a concern in modern day America. Ask any conservative group targeted by Lois Lerner’s IRS. With government access to a backdoor to your phone, finding people who have a differing political view becomes as simple as a Google search.

What else can happen if cryptography is compromised?

This has happened in the recent past. In 2011, Comodo was compromised by a nation state-affiliated hacker group.

Comodo is a registration authority that creates cryptographic certificates which tell your web browser the web sites you visit are who they claim to be. Fake certificates were created that enabled the government of Iran to intercept and read the personal emails of citizens using Gmail and Hotmail. We will likely never know how many Iranian dissidents were rounded up and imprisoned (or worse) as a result of this compromise. Weak encryption makes it easier for oppressive governments to spy on their own citizens and crush dissent. Weak cryptography is also a factor in most, if not all, data breaches. If your identity was stolen in any of the countless data breaches, such as Target, Home Depot, Experian, or OPM, you probably have weak or compromised cryptography to thank.

What next?

Governments have an insatiable appetite to know everything about their citizen’s activities, acquaintances, political views, and beliefs. They also have a desire to prevent citizens from having capabilities that are difficult for them to counter.

The Apple vs FBI case is not about terrorism or crime. This case is about control of the transfer of ideas.

You are the government. You select your representatives. They work for you. They derive their authority from you. You have the power to demand that they stop. Tell your representatives to block efforts to weaken freedom of speech by banning civilian access to strong encryption. Tell them to prevent the government from requiring tech companies to enable spying through commercial products.

Allowing the government to secretly spy on all Americans is the digital equivalent of book burning. Ideas that are found distasteful to whichever administration holds power can be sought out and banned, and those citizens with undesirable views targeted for retaliation or punishment. Far from protecting us from terrorists, such actions only serve to weaken our democracy.

Sources:

TechTarget: “A breach at a registration authority caused Comodo to issue nine fraudulent certificates, enabling an attacker to impersonate some major websites and servers.”

http://searchsecurity.techtarget.com/news/1529110/Comodo-warns-of-serious-SSL-certificate-breach

CNet: “Apple’s iMessage encryption trips up feds’ surveillancehttp://www.cnet.com/news/apples-imessage-encryption-trips-up-feds-surveillance/

Chris Magill is an Information Security professional and privacy advocate. When he isn’t helping companies manage their cryptographic systems and hunting down hackers, Chris enjoys spending time on his small ranch with his family in the Pacific Northwest chasing horses around. His LinkedIn profile is https://www.linkedin.com/in/cmagill

Which US Spy Agency Does What to Whom?

Bayard & Holmes

By Piper Bayard & Jay Holmes

One of the most common mistakes in fiction is confusing which intelligence agencies have the power to do what to whom and where they have the authority to do it. Today, we want to clear up that confusion.

Wiki 2015 March US_Intelligence_Community_Logo_blue

While there are numerous military and civilian intelligence agencies, we’ll focus on four of the biggest branches, which are also the ones most commonly assigned imaginative extracurricular activities books and movies – the Central Intelligence Agency (“CIA” or “Company”), the Federal Bureau of Investigation (“FBI”), the Department of Homeland Security (“DHS”), and the National Security Agency/Central Security Service (“NSA/CSS” or “NSA”). 

 

Wiki 2015 Mar CIA Logo

Central Intelligence Agency

Purpose:

To collect, assess, and disseminate foreign intelligence. The Central Intelligence Agency is and always was what Congress thought it was creating for the first time with the DHS.

Where the CIA operates:

Exclusively on foreign soil.

Entire novel and TV series are premised on the notion that the CIA conducts elaborate surveillance and investigations of American citizens on American soil. (i.e. Homeland and Burn Notice). No. Even in the case of an internal investigation, such as the investigation of traitor Aldrich Ames, the agency must contact the FBI and/or the DHS—depending on the foreigner’s activities—as soon as surveillance on American soil is involved.

What the CIA is authorized to do:

The CIA is authorized to gather intelligence on foreign countries and foreign individuals outside of the US. It has its own employees, but it can also employ contractors and foreigners. Any combination of employees (a.k.a. blue badgers), contractors (a.k.a. green badgers), or foreign agents can be involved in an operation.

Power to arrest:

The CIA does not have the authority to arrest anyone. They do at times detain foreigners in the process of covert actions, but you didn’t hear that from us. The CIA never arrests people for the purpose of prosecution.

To arrest someone on foreign soil for the purpose of prosecution, the CIA cooperates with the FBI, who must in turn cooperate with the host country.

 

Islamabad house where Ramzi Yousef was captured. Image by US govt., public domain.

Islamabad house where Ramzi Yousef was captured.
Image by US govt., public domain.

 

An example of this interaction is the arrest of the first World Trade Center bomber, Ramzi Yousef, in Islamabad, Pakistan. A US State Department employee found the relevant lead by passing out thousands of matchbooks with a modest reward offer printed on the covers. He turned over the information to the CIA, which located Yousef and kept him under surveillance until an FBI team could arrive in Pakistan. The FBI executed a raid while the Islamabad Police waited outside the building. When the FBI brought Yousef out, the Islamabad Police performed the arrest and immediately turned him back to the FBI team to be escorted to New York for formal prosecution.

Oversight:

The CIA reports to the National Intelligence Director, who reports to the president. The agency is overseen by the Senate and House Intelligence Committees. As much as Congress and the president disavow their knowledge of CIA activities at times, the CIA has never operated without oversight from Congress and the White House.

 

Wiki 2015 Mar FBI Logo

 

Federal Bureau of Investigation

Purpose:

The FBI was originally the federal government’s investigative agency. Now, the FBI investigates both criminal and terrorist activities and has offices in several overseas US embassies.

Official priorities listed at the FBI website:

  1. Protect the United States from terrorist attack
  2. Protect the United States against foreign intelligence operations and espionage
  3. Protect the United States against cyber-based attacks and high-technology crimes
  4. Combat public corruption at all levels
  5. Protect civil rights
  6. Combat transnational/national criminal organizations and enterprises
  7. Combat major white-collar crime
  8. Combat significant violent crime
  9. Support federal, state, local and international partners
  10. Upgrade technology to successfully perform the FBI’s mission

Unofficially, the FBI is tasked with keeping suit manufacturers in business.

 

Canstock photo of three actual FBI agents.

Canstock photo of three actual FBI agents.

 

Where the FBI operates:

The FBI operates inside the US as both an investigative and a law enforcement agency. Outside of the US, the FBI assists foreign governments in investigations and conducts investigations of crimes against Americans and American installations. It also acts as a liaison to foreign law enforcement agencies.

What the FBI is authorized to do:

The FBI is authorized to conduct law enforcement and surveillance inside the US. Outside the US, it relies on the CIA for surveillance and must obtain the permission and cooperation of foreign governments for any US law enforcement activities on their territory.

Power to arrest:

The FBI arrests people inside America and, with the cooperation of foreign governments, takes criminals abroad into custody.

Oversight:

The FBI answers to the Department of Justice. The president can and does speak directly to the bureau, and the attorney general and various congressional committees provide oversight.

 

Wiki 2015 Mar DHS Logo

 

Department of Homeland Security

Purpose:

We’re not sure they know, and if they do know, they’re not admitting it.

Law prevented the FBI and CIA from operating effectively to avert terrorism in the US in that the bureau and the agency weren’t allowed to share most of their information with each other. This could have been fixed with a few changes in law.

However, Congress, never one to do for a dollar what could be done for $38 billion dollars, created the DHS. Their intent in establishing the DHS was to set up an agency that could work with itself in order to prevent the next 9/11. Its original core mission was counter-intelligence in order to ensure a homeland that is safe and secure, whatever that means.

The DHS is still creating itself and being created by outside forces such as Congress and any given president. Since its inception, the department has grown to include FEMA, the Coast Guard, the Secret Service, ICE, Border Patrol, TSA, and more.

 

TSA agents in Boston. Image by DHS, public domain.

TSA agents in Boston.
Image by DHS, public domain.

 

Where the DHS operates:

DHS operates both inside the US and outside the US, supposedly with the cooperation of the CIA. That boundary is a grey area that has never quite been defined.

What the DHS can do:

The DHS can order surveillance on anyone inside the US for virtually any reason under the Patriot Act and its legal progeny. To spy on people outside the US, it relies on the NSA, the CIA, and other agencies.

Power to arrest:

Like the FBI, the DHS can arrest people in the US or abroad if it obtains the cooperation of the foreign country. Those arrested by the DHS in the US have all the rights they would have if arrested by any other US police body. If the DHS nabs someone overseas, that person will show up in the US judicial system.

Oversight:

DHS has full department status, unlike the FBI or the CIA. They have their own department head. It is a cabinet position that reports straight to the president and only nominally to the National Director of Intelligence.

 

Wiki 2015 Mar NSA Logo

National Security Agency/Central Security Service

Purpose:

Cryptology is at the core of the NSA/CSS. It’s the agency’s job to break foreign codes and set codes for the entire US government. It also listens to and stores foreign and domestic signals, including computer signals.

The NSA is very stingy at sharing what it gathers with other sectors of the intelligence community. Other intelligence organizations view the NSA as a black hole where information and money go in, and nothing comes out. In fact, it is undoubtedly the source of astronomers’ models of cosmological black holes.

Where the NSA operates:

Most NSA employees reside and operate inside the US, though they might travel to US embassies or foreign bases. Anywhere there are secured communications, the NSA has the authority to show up and investigate to make sure that security procedures are in place.

The NSA neither confirms nor denies having any facilities for gathering signals outside of the US.

What the NSA can do:

The NSA’s foreign and domestic intelligence gathering operations are not discussed, however, we would refer you to Piper’s PRISM articles listed below. Everyone in the NSA leadership serves at the pleasure of the president. As with the CIA, the president likes to pretend that he forgot that the NSA does what he tells it to do.

 

President Obama addressing NSA about mass surveillance on Jan 17, 2014, pretending he forgot that he ordered the mass surveillance in the first place. Image by US govt., public domain.

President Obama addressing NSA about mass surveillance on Jan 17, 2014, pretending he forgot that he ordered the mass surveillance in the first place.
Image by US govt., public domain.

 

Power to arrest:

The NSA doesn’t arrest anyone. Not ever. If someone shows up flashing an NSA badge, feel free to shoot them. They are a Hollywood crew and not NSA employees.

Oversight:

The question of NSA oversight has been afloat for many decades. They are supposed to report to the National Director of Intelligence and the CIA, but the CIA has never been satisfied with the NSA’s sharing of information.

Have you ever spotted fantastical activities on the part of the CIA, FBI, or NSA in fiction? Do you have any question about who gets to do what to whom in the real world?

*   *   *   *   *   *   *   *   *   *   *   *   *   *

PRISM Surveillance on Americans—What Price Convenience?

PRISM—We Can’t Stop the Signal

Why PRISM Matters

Spooks Without Boundaries

NSA: Hoarders, Cheaters, Dr. Phil, or Jerry Springer?

America Is Not a Location–The Ultimate Price of Citizen Surveillance

*   *   *   *   *   *   *   *   *   *   *   *   *

Coming in September!

THE SPY BRIDE Final Cover 3 inch

For Bayard & Holmes updates notice of releases, subscribe to the monthly Bayard & Holmes Covert Briefing.