Data Privacy Smoke and Mirrors

Data Privacy

As hardware and software manufacturers make public statements about hardening and protecting their services in the name of customer privacy, federal agencies speak out against it – let the smoke and mirrors game begin…

After Snowden revealed how deep tech company’s “data sharing” cooperation with the federal government has been, many of them are now making stands on protecting their customer’s data privacy. Google and Apple have announced that their latest operating systems will include encryption by default. According to the Washington Post, Apple has gone as far as stating that they will not be able to unlock an Apple device, even with a search warrant:

“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data, so it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”

As expected, government officials are coming out in protest of the tech giants move to protect data privacy. FBI Director James Comey recently told reporters that the move could hinder investigations and put lives at risk, “I’d hate to have people look at me and say, ‘Well how come you can’t save this kid?’ ‘How come you can’t do this thing?

In all honesty, this just appears to be a lot of smoke and mirrors. Manufacturers have worked hand-in-hand with law enforcement for a very long time, and most likely are not going to stop now, or anytime soon. Does anyone remember Cisco’s “Lawful Intercept?”

On Cisco’s website, Lawful Intercept is defined as:

… the process by which law enforcement agencies conduct electronic surveillance of circuit and packet-mode communications as authorized by judicial or administrative order. Countries throughout the world have adopted legislative and regulatory requirements for providers of public and private communication services (service providers) to design and implement their networks to support authorized electronic surveillance explicitly. International standards organizations have also developed standards to guide service providers and manufacturers in specific lawful intercept capabilities.”

Communication interception devices in use by the government (and apparently some law enforcement agencies) have the capability to intercept and analyze cell phone calls and other electronic signals, so having physical access to a device may not be as big as a priority as before. Even so, if someone can remotely access a device as the currently logged in user, certain data encryption is meaningless – the device will dutifully unencrypt the data for the remote user thinking it is in fact the legitimate user.

It would seem that this display of concern for data privacy is nothing more than a public display to regain consumer trust. As soon as access to a device is needed for a criminal case or terrorist incident, you better believe that a back door or other way to access needed data will be available.


Big Brother, Google and Drones – Could Drone Strikes be coming to a Neighborhood near You?

Map of Domestic Drone Authorizations in US from the EFF

We have more ways to connect to the internet than ever before. People are sharing information and thoughts on social media sites at a skyrocketing pace. And Governments all around the world want access to it. Now the Obama administration wants the option to perform drone strikes in the US.

The question is, though as far fetched as it once may have been seen, could Googling or tweeting the wrong information lead to a drone strike?

The thought that Big Brother is watching you is no longer a myth held by 40 year old’s wearing tin foil hats and living in their parents basement. Countries the world over have moved to block, filter or try to gain access to their citizen’s internet use. And the US is no exception.

Just this week, Google released information stating that the FBI is “secretly spying” on some of it’s users. Well, kind of. Though they could not give out the exact number of times the FBI requested information about their user’s Google use, for national security reasons, they could give out a range.

From 2009-2012 Google was asked to reveal information on 0-999 users on anywhere from 1,000-2,999 accounts.

Google NSL Requests

The range is on purpose, according to Richard Salgado, a Google legal director, “You’ll notice that we’re reporting numerical ranges rather than exact numbers. This is to address concerns raised by the FBI, Justice Department and other agencies that releasing exact numbers might reveal information about investigations. We plan to update these figures annually.”

(Google’s Policy on Government Data Requests can be found here)

And it is just not Google, multiple US government agencies want the ability to search your Social Media sites as well, as an FBI Request For Information states, to “quickly vet, identify and geo-locate breaking events, incidents and emerging threats.

This is obviously in an effort to crack down on terrorists that uses social media sites. But many are alarmed that this is an extension of warrantless wiretapping and an ever erosion of American privacy.

The problem does not stop there. This week, a letter from U.S. Attorney General Eric Holder stated that the US could use drone strikes on US soil against US citizens!

Well, under extraordinary circumstances of course:

The Obama administration believes it could technically use military force to kill an American on U.S. soil in an “extraordinary circumstance” but has “no intention of doing so.”

So who gets to decide that the situation is extraordinary?

And US citizens being executed without warning or trial sounds a bit, well, un-American. Sen. Rand Paul, R-Ky thought so too as he and a group of fellow Senators from both parties performed a 13 hour filibuster last night challenging the President’s authority to kill Americans with drones.

“My legs hurt. My feet hurt. Everything hurts right now,” Paul told Fox News shortly after stepping off the Senate floor, saying he believes “we did the best that we could.”

“I would be surprised if we didn’t hear back from the White House,” Paul said. 

So could an American be typing away on a social media site, safely in his suburban American home, and without warning be taken out by a drone strike?

One would have to think it is at least a possibility.

If the situation is extraordinary that is…

South Korean Cyber Crime Unit Raids Google Office

It appears that the fallout of Google’s “unintentional” gathering of Wi-Fi data when working on the Street View project is still escalating. Yesterday morning S. Korea’s cyber crime unit raided Google’s Soul headquarters. According to an article on engadget, the raid was “due to suspicions that it may have collected and stored data from WiFi networks without authorization.”

According to engadget, this whole problem started back in 2006, when a Google engineer “working on an experimental WiFi project” wrote a piece of code for collecting “all categories of public broadcast WiFi data” — basically, all information (known as “payload”) downloaded and uploaded from an open / non-password protected network“. This code ended up in the software used by the vehicles that collected data for Street View.

South Korea is not the only country that has issues with Google’s Street View. reported today that German’s Data Privacy officials criticized Google for only giving citizens a four week window to block their buildings from being posted on the service:

“This surprised me very much,” Johannes Caspar, Hamburg’s data protection regulator, said in a statement yesterday. The “quick introduction of the objection tool and the decision to start it during the summer holidays” as well as Google’s refusal to have a complaints telephone hotline “create doubts about Google’s interests in a simple and user-friendly implementation.”

According to the article, other countries are also coming forward. Along with S. Korea and Germany – privacy officials from the US, Canada, Spain, France, Italy and the Czech Republic are also getting involved.

I know it seemed an innocent enough project, seeing a view of buildings from the street level does have its merits. But with all the turmoil that it has caused, one has to wonder about the wisdom of the Street View project.