The government’s attempt to get Apple to build a bespoke operating system so they can brute force access to an iPhone without it erasing its data has led the media to some of us who were in the first round of the crypto wars. Today was my turn. A few seconds on CBS in the Morning, ink in a nice explainer by Steve Lohr in the New York Times. I also spoke to the LA Times and the Wall St. Journal, but I haven’t seen what if anything they made of it.
I presume they found me because I wrote the first US legal article on law and encryption: The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution. There’s also a shorter sequel that some find easier to read, It Came From Planet Clipper.
The Apple case potentially raises at least these major legal issues:
- To what extent the government can use the All Writs Act to compel people unrelated to a case to provide unwilling technical support–here, Apple says, 12-40 man-weeks of expert engineering–to the government’s efforts to disable a security system in order to effectuate a search warrant or similar court order;
- Whether ordering a firm to write code (here, a bespoke phone OS), is a form of compelled speech violating the First Amendment
- Whether ordering a firm to digitally sign that code (or anything else) is an impermissible form of compelled speech
- Whether if a court can issue this order requiring assistance to disable a security system without violating the Constitutions, it follows that Congress could also legislate to forbid people from building strong security systems that the government cannot break into unassisted — and, most critically, whether that would mean the government could forbid the deployment of strong cryptographic tools without back doors. (This last issue was the main subject of the two articles I linked to above. It’s not a simple question.)
Although the Apple issue likely will be decided on non-constitutional grounds, the parties are making a record on the constitutional issues with an eye to a set of appeals that could go as far as the Supreme Court. The issues are important and interesting, so the media is right to treat this as a big deal.
Concerned by sneaky updates to Windows telemetry on my Win 7 boxes … the object of which seems to be to degrade their privacy to a level equal to Window 10 minus the always-on eavesdropping of Cortana (No Thanks!)…I am running this batch file from an elevated command prompt to clean things up. I adapted it and slimmed it down from the to my eye excessive version at wildersecurity.com.
Text of the key parts of the file below if your system blocks downloads of .bat files, as well it might.
“If you think privacy is unimportant for you because you have nothing to hide, you might as well say free speech is unimportant for you because you have nothing useful to say.” (source)
I have seen this attributed to Edward Snowden but I’ve also seen it said that his original was “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” (Snowden in this reddit interview.) Either way it’s good.
The new Ashley Madison Hack lookup tool is at https://ashley.cynic.al/.
As the site notes, just because an email is in there doesn’t prove the person who uses it signed up. But I would find it at least suggestive once we have some evidence that the DB itself is the real thing. (I suppose this doesn’t suffice.)
Thirty-six million — 36 million! — names in the hacked Ashley Madison database? Perhaps North Americans really are not that different from the French when it comes to affairs, just sneakier.
That said, (unlike some and some more) I don’t look forward to an orgy of outing with much pleasure, and think it likely will hurt more people than it helps. I guess I believe that at least in some cases, although certainly not all, the pig really is happier than Socrates.
EDRi, Microsoft’s new small print – how your personal data is (ab)used:
Summing up these 45 pages, one can say that Microsoft basically grants itself very broad rights to collect everything you do, say and write with and on your devices in order to sell more targeted advertising or to sell your data to third parties. The company appears to be granting itself the right to share your data either with your consent “or as necessary”.
This was particularly ominous:
Also, when device encryption is on, Windows automatically encrypts the drive Windows is installed on and generates a recovery key. The BitLocker recovery key for the user’s device is automatically backed up online in the Microsoft OneDrive account.
That said, there will be a few things you can turn off by deep diving into your computer’s settings and the Privacy Dashboard. And, I suspect, by not having a Microsoft Account or a OneDrive at all.
Microsoft’s new services agreement goes into effect on 1 August 2015, only a couple of days after the launch of the Windows 10 operating system on 29 July.