Shhh… Bruce Schneier on How We Sold Our Souls & Privacy to Internet Giants

It’s simple. Whenever Bruce Schneier speaks, listen.

How we sold our souls – and more – to the internet giants

Bruce Schneier
Sunday 17 May 2015 11.00 BST

Last year, when my refrigerator broke, the repair man replaced the computer that controls it. I realised that I had been thinking about the refrigerator backwards: it’s not a refrigerator with a computer, it’s a computer that keeps food cold. Just like that, everything is turning into a computer. Your phone is a computer that makes calls. Your car is a computer with wheels and an engine. Your oven is a computer that cooks lasagne. Your camera is a computer that takes pictures. Even our pets and livestock are now regularly chipped; my cat could be considered a computer that sleeps in the sun all day.

Computers are being embedded into all sort of products that connect to the internet. Nest, which Google purchased last year for more than $3bn, makes an internet-enabled thermostat. You can buy a smart air conditioner that learns your preferences and maximises energy efficiency. Fitness tracking devices, such as Fitbit or Jawbone, collect information about your movements, awake and asleep, and use that to analyse both your exercise and sleep habits. Many medical devices are starting to be internet-enabled, collecting and reporting a variety of biometric data. There are – or will be soon – devices that continually measure our vital signs, moods and brain activity.

This year, we have had two surprising stories of technology monitoring our activity: Samsung televisions that listen to conversations in the room and send them elsewhere for transcription – just in case someone is telling the TV to change the channel – and a Barbie that records your child’s questions and sells them to third parties.

All these computers produce data about what they’re doing and a lot of it is surveillance data. It’s the location of your phone, who you’re talking to and what you’re saying, what you’re searching and writing. It’s your heart rate. Corporations gather, store and analyse this data, often without our knowledge, and typically without our consent. Based on this data, they draw conclusions about us that we might disagree with or object to and that can affect our lives in profound ways. We may not like to admit it, but we are under mass surveillance.

Internet surveillance has evolved into a shockingly extensive, robust and profitable surveillance architecture. You are being tracked pretty much everywhere you go, by many companies and data brokers: 10 different companies on one website, a dozen on another. Facebook tracks you on every site with a Facebook Like button (whether you’re logged in to Facebook or not), while Google tracks you on every site that has a Google Plus g+ button or that uses Google Analytics to monitor its own web traffic.

Most of the companies tracking you have names you’ve never heard of: Rubicon Project, AdSonar, Quantcast, Undertone, Traffic Marketplace. If you want to see who’s tracking you, install one of the browser plug-ins that let you monitor cookies. I guarantee you will be startled. One reporter discovered that 105 different companies tracked his internet use during one 36-hour period. In 2010, the seemingly innocuous site Dictionary.com installed more than 200 tracking cookies on your browser when you visited.

It’s no different on your smartphone. The apps there track you as well. They track your location and sometimes download your address book, calendar, bookmarks and search history. In 2013, the rapper Jay Z and Samsung teamed up to offer people who downloaded an app the ability to hear the new Jay Z album before release. The app required that users give Samsung consent to view all accounts on the phone, track its location and who the user was talking to. The Angry Birds game even collects location data when you’re not playing. It’s less Big Brother and more hundreds of tittletattle little brothers.

Most internet surveillance data is inherently anonymous, but companies are increasingly able to correlate the information gathered with other information that positively identifies us. You identify yourself willingly to lots of internet services. Often you do this with only a username, but increasingly usernames can be tied to your real name. Google tried to enforce this with its “real name policy”, which required users register for Google Plus with their legal names, until it rescinded that policy in 2014. Facebook pretty much demands real names. Whenever you use your credit card number to buy something, your real identity is tied to any cookies set by companies involved in that transaction. And any browsing you do on your smartphone is tied to you as the phone’s owner, although the website might not know it.

Surveillance is the business model of the internet for two primary reasons: people like free and people like convenient. The truth is, though, that people aren’t given much of a choice. It’s either surveillance or nothing and the surveillance is conveniently invisible so you don’t have to think about it. And it’s all possible because laws have failed to keep up with changes in business practices.

In general, privacy is something people tend to undervalue until they don’t have it anymore. Arguments such as “I have nothing to hide” are common, but aren’t really true. People living under constant surveillance quickly realise that privacy isn’t about having something to hide. It’s about individuality and personal autonomy. It’s about being able to decide who to reveal yourself to and under what terms. It’s about being free to be an individual and not having to constantly justify yourself to some overseer.

This tendency to undervalue privacy is exacerbated by companies deliberately making sure that privacy is not salient to users. When you log on to Facebook, you don’t think about how much personal information you’re revealing to the company; you chat with your friends. When you wake up in the morning, you don’t think about how you’re going to allow a bunch of companies to track you throughout the day; you just put your cell phone in your pocket.

But by accepting surveillance-based business models, we hand over even more power to the powerful. Google controls two-thirds of the US search market. Almost three-quarters of all internet users have Facebook accounts. Amazon controls about 30% of the US book market, and 70% of the ebook market. Comcast owns about 25% of the US broadband market. These companies have enormous power and control over us simply because of their economic position.

Our relationship with many of the internet companies we rely on is not a traditional company-customer relationship. That’s primarily because we’re not customers – we’re products those companies sell to their real customers. The companies are analogous to feudal lords and we are their vassals, peasants and – on a bad day – serfs. We are tenant farmers for these companies, working on their land by producing data that they in turn sell for profit.

Yes, it’s a metaphor, but it often really feels like that. Some people have pledged allegiance to Google. They have Gmail accounts, use Google Calendar and Google Docs and have Android phones. Others have pledged similar allegiance to Apple. They have iMacs, iPhones and iPads and let iCloud automatically synchronise and back up everything. Still others let Microsoft do it all. Some of us have pretty much abandoned email altogether for Facebook, Twitter and Instagram. We might prefer one feudal lord to the others. We might distribute our allegiance among several of these companies or studiously avoid a particular one we don’t like. Regardless, it’s becoming increasingly difficult to avoid pledging allegiance to at least one of them.

After all, customers get a lot of value out of having feudal lords. It’s simply easier and safer for someone else to hold our data and manage our devices. We like having someone else take care of our device configurations, software management, and data storage. We like it when we can access our email anywhere, from any computer, and we like it that Facebook just works, from any device, anywhere. We want our calendar entries to appear automatically on all our devices. Cloud storage sites do a better job of backing up our photos and files than we can manage by ourselves; Apple has done a great job of keeping malware out of its iPhone app store. We like automatic security updates and automatic backups; the companies do a better job of protecting our devices than we ever did. And we’re really happy when, after we lose a smartphone and buy a new one, all of our data reappears on it at the push of a button.

In this new world of computing, we’re no longer expected to manage our computing environment. We trust the feudal lords to treat us well and protect us from harm. It’s all a result of two technological trends.

The first is the rise of cloud computing. Basically, our data is no longer stored and processed on our computers. That all happens on servers owned by many different companies. The result is that we no longer control our data. These companies access our data—both content and metadata—for whatever profitable purpose they want. They have carefully crafted terms of service that dictate what sorts of data we can store on their systems, and can delete our entire accounts if they believe we violate them. And they turn our data over to law enforcement without our knowledge or consent. Potentially even worse, our data might be stored on computers in a country whose data protection laws are less than rigorous.

The second trend is the rise of user devices that are managed closely by their vendors: iPhones, iPads, Android phones, Kindles, ChromeBooks, and the like. The result is that we no longer control our computing environment. We have ceded control over what we can see, what we can do, and what we can use. Apple has rules about what software can be installed on iOS devices. You can load your own documents onto your Kindle, but Amazon is able to delete books it has already sold you. In 2009, Amazon automatically deleted some editions of George Orwell’s Nineteen Eighty-Four from users’ Kindles because of a copyright issue. I know, you just couldn’t write this stuff any more ironically.

It’s not just hardware. It’s getting hard to just buy a piece of software and use it on your computer in any way you like. Increasingly, vendors are moving to a subscription model—Adobe did that with Creative Cloud in 2013—that gives the vendor much more control. Microsoft hasn’t yet given up on a purchase model, but is making its MS Office subscription very attractive. And Office 365’s option of storing your documents in the Microsoft cloud is hard to turn off. Companies are pushing us in this direction because it makes us more profitable as customers or users.

Given current laws, trust is our only option. There are no consistent or predictable rules. We have no control over the actions of these companies. I can’t negotiate the rules regarding when Yahoo will access my photos on Flickr. I can’t demand greater security for my presentations on Prezi or my task list on Trello. I don’t even know the cloud providers to whom those companies have outsourced their infrastructures. If any of those companies delete my data, I don’t have the right to demand it back. If any of those companies give the government access to my data, I have no recourse. And if I decide to abandon those services, chances are I can’t easily take my data with me.

Political scientist Henry Farrell observed: “Much of our life is conducted online, which is another way of saying that much of our life is conducted under rules set by large private businesses, which are subject neither to much regulation nor much real market competition.”

The common defence is something like “business is business”. No one is forced to join Facebook or use Google search or buy an iPhone. Potential customers are choosing to enter into these quasi-feudal user relationships because of the enormous value they receive from them. If they don’t like it, goes the argument, they shouldn’t do it.

This advice is not practical. It’s not reasonable to tell people that if they don’t like their data being collected, they shouldn’t email, shop online, use Facebook or have a mobile phone. I can’t imagine students getting through school anymore without an internet search or Wikipedia, much less finding a job afterwards. These are the tools of modern life. They’re necessary to a career and a social life. Opting out just isn’t a viable choice for most of us, most of the time; it violates what have become very real norms of contemporary life.

Right now, choosing among providers is not a choice between surveillance or no surveillance, but only a choice of which feudal lords get to spy on you. This won’t change until we have laws to protect both us and our data from these sorts of relationships. Data is power and those that have our data have power over us. It’s time for government to step in and balance things out.

Adapted from Data and Goliath by Bruce Schneier, published by Norton Books. To order a copy for £17.99 go to bookshop.theguardian.com. Bruce Schneier is a security technologist and CTO of Resilient Systems Inc. He blogs at schneier.com, and tweets at @schneierblog

Shhh… Windows 10 – "Windows Hello" Biometric Authentication Technology has Potential Serious Security Loopholes

Something is fundamentally wrong…

The new Windows 10, reportedly to be released this summer, comes with Windows Hello, which will log in users with biometric authentication, ie. the technology will unlock the devices by using the users’ face, fingerprint or iris which Microsoft label as “more personal and more secure” with security and privacy accounted for.

Well, let’s see how this would last. Recall Apple’s fingerprint reading technology on its previous iPhones was hacked within 24 hours.

And speaking of facial recognition, I know someone whose six year old son managed to fool a Samsung smartphone because of the resemblance to his mother. All it took for him was to stare at her mom’s phone while she was asleep and… Bingo!

So here’s my question: what about identical twins?

Good luck, Windows 10.

Shhh… Snowden's Privacy Apps and Programs

Use only end-to-end encryption programs and apps like SpiderOak, Signal, RedPhone and TextSecure, according to Snowden – see article below.

And never ever anything like Dropbox, Facebook and Google, as he has previously stressed (watch this video clip):

The apps Edward Snowden recommends to protect your privacy online

Mar 05, 2015 9:57 AM ET
Andrea Bellemare, CBC News

There are a host of free, easy-to-use apps and programs that can help protect your privacy online, and if everybody uses them it can provide a sort of “herd immunity” said Edward Snowden in a live video chat from Russia on Wednesday.

Snowden appeared via teleconference in an event hosted by Ryerson University and Canadian Journalists For Expression, to launch the CJFE’s online database that compiles all of the publicly released classified documents the former U.S. National Security Agency contractor leaked. In response to a Twitter question,Snowden expanded on what tools he recommends for privacy.

“I hardly touch communications for anything that could be considered sensitive just because it’s extremely risky,” said Snowden.

But Snowden did go on to outline a few free programs that can help protect your privacy.

“You need to ensure your communications are protected in transit,” said Snowden. “It’s these sort of transit interceptions that are the cheapest, that are the easiest, and they scale the best.”

Snowden recommended using programs and apps that provide end-to-end encryption for users, which means the computer on each end of the transaction can access the data, but not any device in between, and the information isn’t stored unencrypted on a third-party server.

​”SpiderOak doesn’t have the encryption key to see what you’ve uploaded,” said Snowden, who recommends using it instead of a file-sharing program like Dropbox. “You don’t have to worry about them selling your information to third parties, you don’t have to worry about them providing that information to governments.”

“For the iPhone, there’s a program called Signal, by Open Whisper Systems, it’s very good,” said Snowden.

He also recommended RedPhone, which allows Android users to make encrypted phone calls, and TextSecure, a private messenging app by Open Whisper Systems.

“I wouldn’t trust your lives with any of these things, they don’t protect you from metadata association but they do strongly protect your content from precisely this type of in-transit interception,” said Snowden.

He emphasized that encryption is for everyone, not just people with extremely sensitive information.

“The more you do this, the more you get your friends, your family, your associates to adopt these free and easy-to-use technologies, the less stigma is associated with people who are using encrypted communications who really need them,” said Snowden. “We’re creating a kind of herd immunity that helps protect everybody, everywhere.”

Shhh… US in Long Battle As China Request Source Code From Western Technology Companies

This spat on intrusive rules is going to be a huge long battle.

The US is voicing opposition to Chinese rules that foreign vendors hand over the source code if they were to supply computer equipments to Chinese banks – which could expand to other sectors as the matter is “part of a wider review”.

Other measures to comply with include the setting up of research and development centers in China and building “ports” for Chinese officials to manage and monitor the data processed by their hardware.

Submitting to these “intrusive rules” for a slice of the huge Chinese markets also means alienating the rest of the world – as complying with these rules means creating backdoors, adopting Chinese encryption algorithms and disclosing sensitive intellectual property.

Find out more from this video:

US-China Spat on Intrusive Rules – And Actual Intrusions

Speaking of “intrusive rules” (see BBC report far below) and “actual intrusions” in China, the latter I have expanded recently in two articles – one on Apple yesterday and the other on VPN blocks last week – and merged in this new column I’m also pasting right below.

The long and short of it, it’s espionage made easy. Period.


Apple Lets Down Its Asia Users

Written by Vanson Soo
MON,02 FEBRUARY 2015

Knuckling under to China on security inspections

If you are a die-hard fan of Apple products and if you, your company or business have anything to do with mainland China, recent developments involving the US tech giant can be construed as bad news, with deeper implications than what was generally thought and reported.

First, about Apple.

I have always liked the beauty and elegance of Apple products. I have owned two Mac laptops and an iPhone but I have shunned them as anyone deeply conscious and concerned about privacy and security should do. Edward Snowden, for example, who laid bare extensive snooping by the US National Security Agency, recently said he had never used the iPhone given the existence of secret surveillance spyware hidden in the devices.

Consider the latest news that Apple Inc. has caved in to Chinese demands for security inspections of its China-made devices including iPhones, iPads and Mac computers. The move understandably makes business sense to Apple [and its shareholders] as China is just too huge a market to ignore – so the Cupertino-based company [whose market capitalization hit US$683 billion last week, more than double Microsoft’s US$338 billion] realized it simply couldn’t ignore Beijing’s “concerns” about national security arising from the iPhone’s ability to zero in onto a user’s location.

Now pause right there. No, there’s no typo above. And yes, the Android and Blackberry smartphones can also mark a user’s location. So what’s the catch? Figure that out – it’s not difficult.

What Apple found they can ignore is the privacy and security of its die-hard users – after all, it has been well documented that Apple users were [and probably still are] known for their cult-like loyalty to the brand. Look no further for evidence than last summer when Apple announced its plan to host some of its data from its China-based users on servers based inside the country and claimed the company was not concerned about any security risks from using servers hosted by China Telecom, one of the three state-owned Chinese carriers.

The company has also denied working with any government agencies to create back doors into its products or servers… So surrendering to security audits wouldn’t?

If only Apple users managed to chuck away their cult mentality and come to their senses about their privacy and security risks, the firm would realize the Google approach, though still not perfect, is a better way of cultivating brand loyalty.

And in case you’re wondering, I use Linux most of the time – and shun the most popular Linux distributions to be on the safe side.a

Now next. And this is bad news with far-reaching global implications – and it’s affecting not just only those based in China.

News surfaced in late January that some foreign-based virtual private network (VPN) vendors found their services in China had been disrupted following a government crackdown – which the authorities labeled as an “upgrade” of its Internet censorship – to block the use of VPNs as a way to escape the so-called Great Firewall.

The real impact is not merely on domestic residents who were cut off from YouTube, BBC/CNN news and other information sources but resident expatriates, multinationals, foreign embassies and those traveling to China, especially businessmen and executives. Think: Chinese espionage now made easy!

Many China-based internet users use VPNs to access external news sources but this is also bad news for companies and government offices based in China as well as anyone visiting the Chinese mainland – as many businessmen and executives use VPNs, as part of their company (and security) practice, on their business trips. Many foreigners and businesses residing in China also use VPNs for their day-to-day communications.

The VPNs provide an encrypted pipe between a computer or smartphone and an overseas server such that any communications would be channeled through it, which effectively shields internet traffic from government filters that have set criteria on what sites can be accessed.

And as China is fast moving beyond the “factories of the world” tag to become a global economic powerhouse and important trading partner to many developed and developing countries, this is one development to keep a close watch on.

Obama-XiJinping5

29 January 2015 Last updated at 14:35

US tech firms ask China to postpone ‘intrusive’ rules

By Kevin Rawlinson BBC News

US business groups are seeking “urgent discussions” over new Chinese rules requiring foreign firms to hand over source code and other measures.

The groups wrote to senior government officials after the introduction of the cybersecurity regulations at the end of last year.

The US Chamber of Commerce and other groups called the rules “intrusive”.

The regulations initially apply to firms selling products to Chinese banks but are part of a wider review.

“An overly broad, opaque, discriminatory approach to cybersecurity policy that restricts global internet and ICT products and services would ultimately isolate Chinese ICT firms from the global marketplace and weaken cybersecurity, thereby harming China’s economic growth and development and restricting customer choice,” the letter read.

The groups said that the rules would force technology sellers to create backdoors for the Chinese government, adopt Chinese encryption algorithms and disclose sensitive intellectual property.

Firms planning to sell computer equipment to Chinese banks would also have to set up research and development centres in the country, get permits for workers servicing technology equipment and build “ports” which enable Chinese officials to manage and monitor data processed by their hardware, Reuters reported.

Source code is the usually tightly guarded series of commands that create programs. For most computing and networking equipment, it would have to be turned over to officials, according to the new regulations.

Tension

In the letter, a copy of which has been seen by the BBC, the groups have asked the Chinese government to delay implementation of the regulations and “grant an opportunity for discussion and dialogue for interested stakeholders with agencies responsible for the initiatives”.

They added: “The domestic purchasing and related requirements proposed recently for China’s banking sector… would unnecessarily restrict the ability of Chinese entities to source the most reliable and secure technologies, which are developed in the global supply chain,” the letter, which was dated 28 January, read.

The letter from the American groups, including the US Chamber of Commerce, AmCham China and 16 others, was addressed to the Central Leading Small Group for Cyberspace Affairs, which is led personally by Chinese President Xi Jinping.

It comes at a time of heightened tension between the USA and China over cybersecurity. In May last year, Beijing denounced US charges against Chinese army officers accused of economic cyber-espionage.

Pressure

It was also alleged that the US National Security Agency spied on Chinese firm Huawei, while the US Senate claimed that the Chinese government broke into the computers of airlines and military contractors.

American tech firms, such as Cisco and Microsoft, are facing increased pressure from Chinese authorities to accept rigorous security checks before their products can be purchased by China’s sprawling, state-run financial institutions.

Beijing has considered its reliance on foreign technology a national security weakness, particularly following former National Security Agency contractor Edward Snowden’s revelations that US spy agencies planted code in American-made software to snoop on overseas targets.

The cyber-space policy group approved a 22-page document in late 2014 that contained the heightened procurement rules for tech vendors, the New York Times reported on Thursday.

From Apple With Love – Granting Chinese Security Audits Leaves More Deep & Profound Implications Than Betrayal of Apple Die-Hards

I always like the beauty and elegance of Apple products (I had 2 Mac laptops and 1 iPhone) but I have to admit I have already shunned them as anyone deeply conscious and concerned about privacy and security should do – Snowden, for example, recently said he never used the iPhone given the existence of secret surveillance spyware in the devices.

Consider the latest news that Apple Inc. has caved in to Chinese demands for security inspections of its China-made devices like the iPhones, iPads and Mac computers. The move understandably makes business sense to Apple (and its shareholders) as China is just too huge a market to ignore – so the Cupertino-based company (whose market capitalization hit $683 billion last week, more than double Microsoft’s $338 billion) realized it simply can’t ignore Beijing’s “concerns” about national security arising from the iPhone’s ability to zero in onto a user’s location.

Now pause right there. No, there’s no typo above. And yes, the Android and Blackberry smartphones can also mark a user’s location. So what’s the catch? Figure that out – it’s not difficult.

And what Apple found they can ignore is the privacy and security of its die-hard users – after all, it has been well-documented Apple users were (and probably still are) well known for their “cult” like loyalty to the brand. Look no further for evidence than last summer when Apple announced its plan to host some of its data from its China-based users on servers based inside the country and claimed the company was not concerned about any security risks from using servers hosted by China Telecom, one of the three state-owned Chinese carriers. The company has also denied working with any government agencies to create back doors into its products or servers… (So surrendering to security audits wouldn’t?)

If only Apple users somewhat managed to chuck away their cult mentality and come to their senses (about their privacy and security risks), the US tech giant would realize the Google approach (though still not the perfect example) is a better way to cultivating brand loyalty (see article below).

And in case you’re wondering, I use laptops with no parts made in China along with Linux most of the time – and shun the most popular Linux distributions to be on the safe side.


Apple’s New Security Concessions to Beijing

By Doug Young | January 27, 2015, 10:13 AM

Apple is deepening its uneasy embrace of Beijing security officials, with word that it has agreed to allow security audits for products that it sells in China. This latest development comes less than a year after Apple took the unusual step of moving some of the user information it collects to China-based servers, which was also aimed at placating security-conscious regulators in Beijing.

Apple’s increasingly close cooperation with Beijing contrasts sharply with Google, whose popular Internet products and services are increasingly being locked out of China as it refuses to play by Beijing’s rules. Other global tech giants are also having to deal with the delicate situation, each taking a slightly different approach to try to protect user privacy while complying with Beijing’s insistence that they make their information available to security-conscious government regulators.

As a relatively neutral observer, I can sympathize with both the Apples and Googles of the world. Companies like Apple have decided that China is simply too large for them to ignore, and thus are taking steps to address Beijing’s security concerns as a condition for access to the huge market. Microsoft has also taken a similar tack, and Facebook is showing it will also be willing to play by such rules with its recent repeated lobbying for a chance to set up a China-based service.

Google has taken a more defiant stance by refusing to compromise user privacy and free speech, with the result that a growing number of its products and services are now blocked in China. The company shuttered its China-based search website in 2010 over a dispute with Beijing on self censorship. Last year many of its global sites and even its Gmail email service also became increasingly difficult to access for users in China.

Apple isn’t being nearly so defiant, and the latest headlines say it has agreed to the audits of its products by the State Internet Information Office. The reports say Apple agreed to the audits when CEO Tim Cook met with State Internet Information Office official Lu Wei during a December trip to the U.S. I previously wrote about Lu’s trip after photos appeared on an official Chinese government website showing him visiting the offices of Facebook, Apple, and also Amazon.

Lu reportedly told Cook that China needs to be sure that Apple’s popular iPhones, iPads, and other products protect user privacy and also don’t compromise national security. Unlike other PC and cellphone makers that simply sell their devices to consumers, Apple actively keeps records of its product users and some of their usage habits and other related information on remote computers.

This latest move looks like an extension of another one last summer, which saw Apple agree to host some of the data from its China-based users on servers based inside the country. That move also looked aimed at calming national security worries from Beijing, since storing such information on China-based computers would make it more accessible to investigators conducting security-related probes.

In an interesting twist to the story, this latest report comes from a state-owned newspaper in Beijing, making it a sort of semi-official disclosure of China’s approach to the matter. That would follow the government’s own announcement of Lu Wei’s December trip, and perhaps shows that Beijing wants to be more open about steps it’s taking to address national security threats like terrorism. That kind of more open attitude could help both domestic and foreign companies to better navigate China’s tricky cyber realm, though it won’t be of much help to defiant companies like Google that are more intent on protecting free speech and user privacy.

Shhh… Snowden: iPhone has Secret Surveillance Spyware that Can Be Remotely Controlled

The NSA whistleblower Edward Snowden revealed last week that he doesn’t use an iPhone because the Apple device has a secret surveillance spyware controlled by the US intelligence agency.

Obama: Why is Your Blackberry Super-Encrypted & You Want to Ban the World from Using Encryption?

Let’s have a different take on Obama and his endorsement (of Cameron’s drive) to kill encryption.

Obama is not allowed to use an iPhone because it’s “not safe”, the NSA advised him – Edward Snowden has recently said the iPhone was made to remotely track and transmit data about users.

Obama uses a Blackberry because of its reputation for security. But it’s still not safe enough, so his device was further encrypted though experts warned it’s still no absolute guarantee.

So Mr. President, you understand very well the value of encryption and privacy. And you want to ban encryption in the name of national security when you knew very well the terrorists you’re after are very apt at finding alternatives (remember Osama bin Laden?), including using primitive channels like typewriters, paper and pen, etc?

And at the same time, you’re crippling the entire world – companies, individuals and government (what did Merkel tell you?) – with the floodgates thrown open to cyber-criminals and hackers?

Reckon you can see that the equation doesn’t add up?

Shhh… Phone Apps Disguised to Spy on Hong Kong Protesters

With the widespread use of social media during the week-long protests in Hong Kong, including attempts to find phone apps capable of defying potential shutdown of the power grid, this story from The Associated Press below (Credits to The Associated Press) is a timely stern reminder:

The Associated Press
Published: October 2, 2014

HONG KONG — The Chinese government might be using smartphone apps to spy on pro-democracy protesters in Hong Kong, a U.S. security firm said.

The applications are disguised as tools created by activists, said the firm, Lacoon Mobile Security. It said that once downloaded, they give an outsider access to the phone’s address book, call logs and other information.

The identities of victims and details of the servers used “lead us to believe that the Chinese government are behind the attack,” said a Lacoon statement.

China is, along with the United States and Russia, regarded as a leader in cyber warfare research. Security experts say China is a leading source of hacking attacks aimed at foreign governments and companies to computers in China.

The Chinese government has denied engaging in cyberspying and says China is among the biggest victims of hacking attacks.

Lacoon said it found two similar “malicious, fake” apps that appeared to be related. One targets phones that run Apple Inc.’s iOS operating system; the other is meant for phones using Google Inc.’s Android system.

The “very advanced software,” known as an mRAT, or multidimensional requirements analysis tool, “is undoubtedly being backed by a nation state,” the company said. Lacoon said it was calling the software Xsser.

“The Xsser mRAT represents a fundamental shift by nation-state cybercriminals from compromising traditional PC systems to targeting mobile devices,” the company said.

Such “cross-platform attacks” that target both Apple and Android phones are rare, which adds to signs a government is involved, Lacoon said. It said the app might be the first spyware for iOS created by a Chinese government entity.

In May, U.S. prosecutors charged five Chinese military officers with cyberspying and stealing trade secrets from major American companies. A security firm, Mandiant, said last year it traced attacks on American and other companies to a military unit in Shanghai.

Shhh… Apple & Google Phones Too Secure?

This may as well be the best ever advertisement any company would die for…

FBI director James Comey criticized on Thursday that the encryption in the latest operating systems of Apple and Google phones were so secure that law enforcement officials would have no access to information stored on those devices even with valid warrants and asked why companies would “market something expressly to allow people to place themselves beyond the law”.

“There will come a day when it will matter a great deal to the lives of people … that we will be able to gain access,” Mr Comey reportedly told the media.

“I want to have that conversation [with companies responsible] before that day comes.”

Law enforcement agencies place premiums on their forensic abilities to search sensitive data like photos, messages and web histories on smartphones – and also on old plain vanilla cellular phones to some extent – to solve some serious crimes: mobile phones increasingly perform and even replace what we used to do with our computers but thanks to the convergence of technologies, law enforcement and investigators are now able to use mobile phone forensic, much like computer forensic techniques, to retrieve data, including deleted data, from the phones as they did on computers.

The comments from Comey came hot on the heels of news last week that Apple’s latest mobile operating system, iOS 8, is so well encrypted that even Apple Inc. cannot unlock their mobile devices. Google meanwhile is also adopting its latest encryption format for its new (to be released) Android operating system that the company would be unable to unlock.

Question: Has Comey approached the NSA for help?

Shhh… New Phones for Spies

Christmas comes early for spies this year.

The National Security Agency and Defense Information Systems Agency (the unit that manages all communications hardware needs for the Pentagon) are reportedly going to issue in December their newly developed smart phones and tablets based on commercially designed devices. Only a selected number of “customers” would get such a device as an early Christmas present, including spies and some high-level military and government officials.

These new phones and tablets are modified from commercial designs  – for good operational reasons – and thus mark a departure from the current use of special phones that stand out from the crowd and cost thousands of dollars. These ordinary looking devices will use some special Apps to optimize use of cloud computing and thus ease the risks of losing them and having sensitive data easily compromised.

And by the way, these modified devices run on Google’s Android operating system. Apple’s loyal worshippers will be left disappointed…

Shhh… New iPhone Spy App to Log the World

It’s the App, Stupid!

Sounds familiar? Yes, it’s often the software that matters more than the hardware.

Whilst the countdown to the new iPhone 5 release is grabbing headlines, there is reportedly a new Spy App for iPhone that should deserve even more attention. This is unlike any other past so called iPhone Spy software: imagine you can log all incoming and outgoing phone calls and SMS of a chosen target’s phone?!

Yes, I know. The potential for this new iPhone Spy App, if it’s true, will simply blow your socks off…

No Ordinary CSI: Mobile Phone Forensics

If it falls into the wrong hands, it could cause you plenty of trouble

I love my iPhone but I always look at it with deep suspicion. It probably knows more about me than my puffy pillows. But unlike them, it could easily betray me one day.

Blame it on Steve Jobs but I assume I’m not alone. Most of us have fallen prey to the modern digital world.

We take for granted the unlimited things we can do with our smartphones.

But, by using the devices, we are increasingly exposing ourselves to bottomless risks (Read the entire column here and there).

Inspecting the Inspectors

I love my MacBook, as well as my iPhone and iPod. But I now wonder if I will have the same personal struggle I had with Nike more than a decade ago.

Despite all the recent frenzy in the papers about the upcoming public listing of Facebook, Jeffrey Lin and “Lin- sanity” at the New York Knicks, Apple has continued to grab the headlines.

This is not only because its stock topped a record US$500 or chaos at Apple Stores in China when the iPhone4s first went on sale, but also due to the disclosure last week that working conditions at mainland plants making Apple products would be audited and the findings will be made public by an outside independent party.

Wait a minute, did I say independent? (Read the entire column here and there).