Apple vs. FBI — What This Case Means for YOU

Bayard & Holmes

~ Piper Bayard & Jay Holmes

and

Guest Author & Information Security professional Chris Magill

The FBI wants Apple to rewrite code for iPhones in order to break into a phone used by one of the San Bernardino terrorists. Apple said no. They are now embroiled in a lawsuit.

On March 1, the FBI admitted exactly WHY it needs Apple’s help. The FBI was in the phone, with access to everything it needed. Then someone at the FBI changed the phone’s password. They forgot the password. Now, the FBI can’t get back in the phone.

In other words, the FBI is asking that it be allowed to gut the constitutional rights of every American in perpetuity because it made a sophomoric boo-boo.

This begs some questions . . .

1)  Why doesn’t the FBI just ask the NSA for the information?

The cat got out of the Snowden bag a few years ago that the NSA collects and stores every electronic communication that takes place in America, including and especially phone communications. Investigating the San Bernardino jihadis and their play pals is EXACTLY why the NSA collects and stores these communications. If the NSA can’t give the information to the FBI, they need to give US citizens a refund of the untold fortunes they have wasted on this data collection. (See Spooks Without Boundaries by Piper Bayard.)

2)  If the NSA for any reason can’t give the FBI the information it needs, why doesn’t the FBI ask Israel or one of the Five Eyes nations?

Again, thanks to the Snowden cat, it is public knowledge that the White House allows Israel and the Five Eyes nations (Canada, UK, NZ, Australia) access to the raw data that the NSA collects on Americans. If the NSA can’t give the FBI the info, we’re sure that for a few shekels, Israel would be happy to find it for them.

3)  What does this lawsuit mean for the American citizen?

To give you the best information possible, we have invited Information Security professional and privacy advocate Chris Magill to answer that question for us . . .

Internet bugs Canstock

Apple vs. the FBI: What This Case Means for YOU

By Chris Magill

Apple and the FBI are currently locked in a struggle over your right to privacy. The Federal government has asked the courts to require Apple to change its code to allow FBI agents to read protected data on an iPhone believed to belong to one of the San Bernardino attackers. It also wants this capability to be applied to all iPhones, even yours.

So, the question becomes should private citizens be allowed communications capabilities which cannot be read by the government?

By law, there already are communications which are protected from government eyes. For example, attorney-client privilege prevents the government from listening in on private conversations when discussing legal strategies. As Americans, we also have the protections of the right to Freedom of Speech and the right to Freedom of Assembly. Allowing government access to our phones without a warrant destroys these rights.

What is cryptography?

Cryptography is a mathematical operation that replaces plain text with scrambled characters that can only be correctly interpreted by someone who holds the secret “key.”

Cryptography has existed for thousands of years. It was a vital means of protecting communications during the Revolutionary War. Thomas Jefferson greatly improved cryptography after the founding of our country when he developed the Wheel Cipher while serving as George Washington’s Secretary of State. Yes, the United States once had a Secretary of State who understood the importance of cryptography. In the iPhone, the iMessage feature encrypts instant messages between recent iPhone versions, making it very difficult to be read by anyone other than the intended recipient, even with access to the device.

What is a backdoor?

A backdoor is an easy-to-decrypt method for governments to read content on devices that would otherwise be very difficult to access.

Think of it as though the Federal Government sought to require you to leave your patio door unlocked in case a police officer needs to access your living room during an investigation. Obviously this would be ridiculous. Only a tiny fraction of homes would ever need to be entered by police, yet everyone would be at risk from criminals entering the unsecured door. Backdoors are a dangerous idea for two reasons. First, they require a known weakness, which can then be exploited by hackers or online thieves. And second, backdoors enable government to bypass the judicial branch to spy on citizens in violation of our rights.

Aren’t bad guys protected by cryptography?

Yes, in the same way that bad guys are protected by the Constitution.

We have constitutional protections against unlawful search and seizure. These protections should also apply to the communications we share and the contents of our devices we rely on in our daily lives. The iPhone isn’t the strongest available way to pass secret messages. A determined adversary will find communications methods that can only be countered by diligent, labor-intensive traditional law enforcement and counterintelligence methods.

I haven’t broken the law, so I have nothing to hide. How does this affect me?

By the 1980s, the Justice Department estimated there were approximately 3,000 criminal offenses spanning more than 23,000 pages of Federal law. Even if you are the best attorney in the world, it’s unlikely you could even know for sure whether you’ve never violated any of them.

If the government decides to prosecute you, they have a huge arsenal of regulations to select from which you will have to defend against. Skilled cyber criminals, spies, and terrorist organizations already have access to encryption that is theoretically unbreakable. The bad guys don’t rely on commercial encryption products in consumer devices.

A government backdoor does not make you any safer from terrorism.

It does make it easier for governments to find and target those who disagree with them. This is a concern in modern day America. Ask any conservative group targeted by Lois Lerner’s IRS. With government access to a backdoor to your phone, finding people who have a differing political view becomes as simple as a Google search.

What else can happen if cryptography is compromised?

This has happened in the recent past. In 2011, Comodo was compromised by a nation state-affiliated hacker group.

Comodo is a registration authority that creates cryptographic certificates which tell your web browser the web sites you visit are who they claim to be. Fake certificates were created that enabled the government of Iran to intercept and read the personal emails of citizens using Gmail and Hotmail. We will likely never know how many Iranian dissidents were rounded up and imprisoned (or worse) as a result of this compromise. Weak encryption makes it easier for oppressive governments to spy on their own citizens and crush dissent. Weak cryptography is also a factor in most, if not all, data breaches. If your identity was stolen in any of the countless data breaches, such as Target, Home Depot, Experian, or OPM, you probably have weak or compromised cryptography to thank.

What next?

Governments have an insatiable appetite to know everything about their citizen’s activities, acquaintances, political views, and beliefs. They also have a desire to prevent citizens from having capabilities that are difficult for them to counter.

The Apple vs FBI case is not about terrorism or crime. This case is about control of the transfer of ideas.

You are the government. You select your representatives. They work for you. They derive their authority from you. You have the power to demand that they stop. Tell your representatives to block efforts to weaken freedom of speech by banning civilian access to strong encryption. Tell them to prevent the government from requiring tech companies to enable spying through commercial products.

Allowing the government to secretly spy on all Americans is the digital equivalent of book burning. Ideas that are found distasteful to whichever administration holds power can be sought out and banned, and those citizens with undesirable views targeted for retaliation or punishment. Far from protecting us from terrorists, such actions only serve to weaken our democracy.

Sources:

TechTarget: “A breach at a registration authority caused Comodo to issue nine fraudulent certificates, enabling an attacker to impersonate some major websites and servers.”

http://searchsecurity.techtarget.com/news/1529110/Comodo-warns-of-serious-SSL-certificate-breach

CNet: “Apple’s iMessage encryption trips up feds’ surveillancehttp://www.cnet.com/news/apples-imessage-encryption-trips-up-feds-surveillance/

Chris Magill is an Information Security professional and privacy advocate. When he isn’t helping companies manage their cryptographic systems and hunting down hackers, Chris enjoys spending time on his small ranch with his family in the Pacific Northwest chasing horses around. His LinkedIn profile is https://www.linkedin.com/in/cmagill

America is Not a Location

By Piper Bayard

America is not a location. America is an ideal. It is the dream of a country in which freedom is paramount, and it is secure because the government is the servant of the people.

Because America is an ideal, Americans are not born. Rather, America, itself, must be born anew with each generation. Each generation has the choice of embracing the American ideal of a government that answers to the people, or of rejecting that ideal in favor of a more paternalistic system of government.

 

Actual photo of ideal elected American official at work.

Actual photo of ideal American government at work.

 

When the government spies on us with everything from street corner cameras to warrantless searches of random individuals to collection and analysis of our every electronic transmission and phone communication, we are no longer the masters, and the government is no longer our servant. It is our ruler. It is a parent searching our rooms and opening our mail on the off chance that we might be doing something it doesn’t want us to do. That is exactly what is happening now.

The difference between the government being the servant and the government being the master can be boiled down to one thing:  a warrant.

When an agency such as the NSA, FBI, DHS, etc., is required to obtain a warrant, an official paper trail is created by which the people can force the government to answer for who and how it searches, why it searches, and what it obtains. It is a record by which citizens can hold the government accountable for its actions in a court of law.

Since Edward Snowden dropped his NSA whistleblower bomb, the White House has gone from denying that the U.S. spies on its own citizens to unashamedly stating that it will continue to collect and analyze data on American citizens in the name of “national security.”

 

meme by bizarrojerri.wordpress.com

meme by bizarrojerri.wordpress.com

 

At this point, numerous disturbing facts have become public information:

  • Through various means, our government is collecting and storing every digital transaction American citizens make – every email, every phone communication, every bank transaction, every credit and debit card transaction, every check remittance, and every online health and education record.
  • Our government allows the other Five Eyes countries – Canada, New Zealand, the U.K., Australia – as well as Israel and unnamed others access to this raw data on American citizens.
  • Our government has written agreements with these countries for their unlimited access to our raw data, with only smoke and mirror oversight of what data they collect or how they use it. It is an “honor among eavesdroppers” arrangement.
  • Our government trades information about American citizens and intelligence operations with corporations in exchange for their data on American citizens.
  • When trigger words* like “snow,” “bust,” or “sick” alert one of the countless analysts in both the government and the private sector who are tasked with pawing through this hoarder’s mountain of raw data, they are free to peruse and interpret the threads of our lives at their personal discretion.
  • Everything these analysts do is off the public record. No probable cause. No individual warrant. No accountability.

 

U.S. Government Serving Up Americans to the World

U.S. Government Serving Up Americans to the World

 

The administration rationalizes all of these acts with the all-encompassing buzzwords “national security” and the Foreign Intelligence Surveillance Act (FISA).

Originally, FISA was enacted to allow data collection on foreign terrorists. Warrants were based on probable cause, and the judges of the FISA court approved them. These boundaries slipped substantially with the Patriot Act. Now, under the current administration, there are no meaningful boundaries at all, with the FISA court essentially rubberstamping every administrative request* to spy on American citizens that comes their way, issuing blanket orders that are nothing but fishing trips, subjecting Americans to data collection and retention with no probable cause.

One example of a typical FISA-approved blanket order is the Top Secret order to Verizon Wireless signed on April 25, 2013, which was published by The Guardian on June 6, 2013.

This order was requested by the FBI, which in turn receives its orders from the White House. It forces Verizon Wireless to give the NSA information on ALL telephone calls in its system on an “ongoing daily basis.” Telephone calls originating and terminating in foreign countries are specifically excluded—the height of irony considering the original purpose of FISA was solely to collect data on suspect foreigners. For full text of this order, see Verizon Forced to Hand Over Telephone Data–Full Court Ruling Dated April 25, 20143 (below).

At its core, our government has given itself authority and provision to maintain a wiretap on every American and foreigner within U.S. borders.

No probable cause. No discretion. No accountability to the public. Each and every one of us is now assumed guilty until proven innocent. Each and every one of us now answers to the government master that was once our servant, turning the American ideal on its ear.

 

Ideal photo of actual U.S. government at work.

Ideal photo of actual U.S. government at work.

 

Spy on suspected terrorists. Do it unapologetically. Do it inside or outside our borders. But let there be probable cause. Let there be warrants. Let there be public records. Let there be accountability. If we are to remain American, we must not allow the government to exercise such omnipotent power with impunity.

Freedom is the essence of the American ideal. It is about shouldering the responsibility for ourselves, for our safety, and for our governance. It is not about perfect security from cradle to grave. When we abdicate our responsibility for our freedom in favor of comfort and the illusion of safety, we become wards of the state. What were once our rights as responsible adults are now merely our privileges as subjects, granted or withheld by our rulers at their whim and discretion.

We must demand more of our leaders. Freedom can be won, and freedom can be surrendered, but Freedom will never be given back once successfully taken by the ruling class. Unbridled surveillance of American citizens is that taking.

Like nuclear weapons, the surveillance train has left the station. But like nuclear weapons, we have the choice about how we will use that technology. America is at a crossroads. Will our generation shoulder the responsibility for our freedom and set firm boundaries on the actions of our government? Or will we devolve into a location on a map? The choice belongs to each of us.

 

This Means You

This Means You

*   *   *   *   *   *   *   *   *   *   *   *   *

Verizon Forced to Hand Over Telephone Data–Full Court Ruling Dated April 25, 2013. The Guardian, June 6, 2013.

NSA Collecting Phone Records of Millions of Verizon Customers Daily, Glenn Greenwald, The Guardian, June 6, 2013.

NSA PRISM Program Taps in to User Data of Apple, Google, and others. Glenn Greenwald, The Guardian, June 6, 2013.

Obama Blasts Media ‘Hype’ Over Secret Program, Calling Them ‘Modest Encroachments on Privacy’. Brett LoGiurato, Business Insider, June 7, 2013.

US, British Intelligence Mining Data from Nine U.S. Internet Companies in Broad Secret Program. Barton Gellman and Lora Poitras, The Washington Post, June 7, 2013.

Here’s the Law the Obama Administration is Using as Legal Justification for Broad Surveillance. Brett LoGiurato, Business Insider, June 7, 2013.

Obama: No One is Listening to Your Calls. Michael Pearson, CNN Politics, June 9, 2013.

Edward Snowden: The Whistleblower Behind the NSA Surveillance Revelations. Glenn Greenwald, Ewen MacAskill, and Lora Poitras, The Guardian, June 9, 2013.

US Agencies Said to Swap Data with Thousands of Firms, Michael Riley, Bloomberg, June 14, 2013.

British Spy Agency Taps Cables, Shares with US NSA , Reuters, June 21, 2013. (Info on Five Eyes)

NSA Shares Raw Intelligence Including Americans’ Data with Israel, Glenn Greenwald, The Guardian, September 11, 2013.

NSA and Israeli Intelligence:  Memorandum of Understanding–Full Document, The Guardian, September 11, 2013.

What Makes US-Israeli Intelligence Co-operation ‘Exceptional’?, Matthew Brodsky, The Guardian, September 13, 2013.

Judge Upholds NSA’s Bulk Collection of Data on Calls, Adam Liptak and Michael S. Schmidt, New York Times, December 27, 2013.

Foreign Intelligence Surveillance Act Court Orders 1979 – 2014, Electronic Privacy Information Center, May 1, 2014.

 

 

 

NSA: Hoarders, Cheaters, Dr. Phil, or Jerry Springer? You Decide.

By Piper Bayard

“Compulsive Hoarding is a mental disorder marked by an obsessive need to acquire and keep things, even if the items are worthless, hazardous, or unsanitary.” ~ Hoarders

At this point, we know the following about the NSA and its electronic data collection on Americans and foreigners:

  • First and foremost, the NSA is not acting in a vacuum. The basic purpose of intelligence agencies is to gather information . . . not for themselves, but for the policy makers. Their actions must be authorized and funded by the White House and Congress.
  • The NSA, at the behest of the White House and Congress, is unapologetically collecting and storing all of our electronic transmissions—phone calls, banking transactions, grocery purchases, social media posts, social media connections, internet search histories, etc., in the name of “security.”
  • In spite of all of this Extreme Security, they couldn’t pinpoint two deadbeats with a hotline to Chechnya Jihad Central who were Facebooking and Tweeting their jihadi hafla across the Cyberverse.

What does this tell us? The NSA has so many ones and zeros stacked up on us that it can no longer tell fact from fiction, or terrorist from law-abiding citizen. It has at this point collected so much hay in the barn that it can no longer find the threatening needle, or even the barn.

Actual photo of NSA data storage

Actual photo of NSA data storage

So I’m wondering . . . Do we need to send the Hoarders crew to NSA headquarters to help them sort out this dysfunction? Or do we just need to fire them all and put the crew of Cheaters in charge of figuring out who needs surveilling, and who doesn’t?

Come on over to our new site, and help me walk the NSA through a 12-Step Program. Please bring your comments — we love your comments — over to the new site, and remember to subscribe when you get there. We want to bring you all with us!

Bayard & Holmes

NSA:  Hoarders, Cheaters, Dr. Phil, or Jerry Springer? You Decide.

The DHS Trigger Word Challenge!

By Piper Bayard

It’s out! The Department of Homeland Security released the list of words that trigger Homeland Security unwarranted monitoring of our social media. What a great opportunity to have a bit of fun by playing the DHS Trigger Word Challenge.

%22GAME%22 on keyboard Canstock

Below is the list of my favorite words that I pulled from the Department of Homeland Security Analyst’s Desktop Binder. How many of them can you use in a sentence? Just to make sure that 20-something dropout at the NSA-contracted private corporation doesn’t get confused and think you’re a jihadi terrorist, be sure to include the word “bacon” in your sentence. Have fun! And don’t worry that you will get the DHS on your tail by commenting here. PRISM already has you covered. 🙂

From the Department of Homeland Security National Operations Center Media Monitoring Capability Desktop Reference Binder:

Interstate                         Authorities                    Initiative                    Facility

Southwest                        Worm                              2600                           Cloud

Drill                                   Cancelled                      Leak                             Smart

Exercise                            Help                               Burst                            Trojan

Cops                                   Recovery                       Crash                           Twister

Police                                 Recall                            Agriculture                 Sick

Exposure                           Flu                                  Wave                            Swine

Tamiflu                             Vaccine                          Strain                          Airport

Watch                               Closure                            Metro                          Power

Subway                              Electric                           Failure                        Dock

Relief                                  Delays                            Mexico                       Drug

Marijuana                         Border                            Twister                       Snow

Ice                                        Bust                               Pirates                        Plot

and my personal favorite . . .                                  Social media

Remember . . . Only one sentence, and include the word “bacon.” Go! 🙂

PRISM Surveillance on Americans–What Price Convenience?

By Piper Bayard

Sure, I could be writing about my debut dystopian thriller, FIRELANDS, which was released last week by Stonehouse Ink. In fact, I planned to do that very thing. And while I certainly hope you’ll decide to check it out, there is something even more important happening that we need to discuss.

Last week, former National Security Agency (“NSA”) intelligence analyst and whistleblower Edward Snowden came forward and released training slides used to train operatives at the NSA in a surveillance program called PRISM. PRISM allows the NSA to collect data directly from the servers of Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple and search for any information on anyone at all. It was begun under a previous administration for the purpose of collecting information on foreign terrorists. It was greatly expanded by President Obama to include data collection on all Americans. These are two of the slides.

PRISM - Providers & Dates when collection began

PRISM Collection details

Some of these companies cooperated without protest. Others required warrants issued under the Foreign Intelligence Surveillance Act (“FISA”). However, FISA does not grant authority to collect data on Americans or others within US borders, something which PRISM does. All of these companies are denying knowledge and participation at this point.

Not only does the NSA directly access these companies’ servers, which serve primarily Americans, they are sharing PRISM’s power of unbridled access into our internet usage with the UK government. That’s right. The GCHQ – that’s the UK’s NSA equivalent – has the same access to all of our information that our own Obama administration is enjoying.

As for President Obama, he and his administration are, of course, downplaying the whole PRISM-gate and denying that PRISM was ever used to collect data on Americans or on people living in the US. At the same time, he says this is a “modest encroachment” on privacy that is a worthy trade off for preventing terrorism. (Attorneys will recognize this as “arguing in the alternative.”) Groups such as the American Civil Liberties Union disagree with the inconsequential nature of these violations and are considering the legal options on behalf of the American people and others living within US borders.

As a recovering attorney, I could give you my take on the constitutionality and legal implications of this surveillance program. As a senior intelligence operative, Holmes could certainly enlighten us were he at liberty to do so. However, former intelligence analyst and whistleblower Edward Snowden says it best in his own words. Please take a few minutes to listen to this interview with him about PRISM, why he gave up the good life he led in Hawaii—he can never go home again—and what he hopes to accomplish with his revelations.

Programs like PRISM are extremely powerful and can reach into anyone’s email, internet records, and phone records. I am not suggesting that America should not track terrorists, but I see no sign from the Obama administration that any safeguards whatsoever are in place. Instead, the president suggests that we should take it all on good faith that his administration is not targeting Americans. Strong echoes of Richard Nixon’s infamous, “Trust me.”

In all of the stir this has created, we haven’t yet heard the deeper questions. Corporations sponsor and “own” politicians, so who in corporate America gets to benefit from this data collection? Do corporations who buy political figures get to use this technology to spy on their competitors? Do the IRS and other agencies get to use this information collected on us in the name of safety for their own purposes? After all, it’s much easier to target political opponents with such things as IRS scrutiny when their entire communication history is available for review.

Regardless of the answers to these questions, the most important point to remember is this:  the American government doesn’t do anything that the American people don’t let it get away with—yet. Where will we draw our line?

Related Links:

1)    Here’s the Law the Obama Administration is Using as Legal Justification for Broad Surveillance. Brett LoGiurato, Business Insider, June 7, 2013.

2)    Obama: No One is Listening to Your Calls. Michael Pearson, CNN Politics, June 9, 2013.

3)    Obama Blasts Media ‘Hype’ Over Secret Program, Calling Them ‘Modest Encroachments on Privacy’. Brett LoGiurato, Business Insider, June 7, 2013.

4)    Edward Snowden: The Whistleblower Behind the NSA Surveillance Revelations. Glenn Greenwald, Ewen MacAskill, and Lora Poitras, The Guardian, June 9, 2013.

5)    NSA PRISM Program Taps in to User Data of Apple, Google, and others. Glenn Greenwald, The Guardian, June 6, 2013.

6)    U.S., British Intelligence Mining Data from Nine U.S. Internet Companies in Broad Secret Program. Barton Gellman and Lora Poitras, The Washington Post, June 7, 2013.