Narrow vote blocks (for now) warrant-free FBI attempt to collect American’s email, browser history

Via ZDNet:

An amendment designed to allow the government warrantless access to internet browsing histories has been narrowly defeated in the Senate.

The amendment fell two votes short of the required 60 votes to advance.

But the effort is far from dead. Majority leader Sen. Mitch McConnell (R-KY), who switched his vote at the last minute, submitted a motion to reconsider the vote following the defeat.

Sen. John McCain (R-AZ) introduced the amendment as an add-on to the commerce, justice, and science appropriations bill earlier this week. McCain said in a statement on Monday that the amendment would “track lone wolves” in the wake of the Orlando massacre, in which Omar Mateen, who authorities say radicalized himself online, killed 49 people at a gay nightclub in the Florida city.

The amendment aims to broaden the rules governing national security letters, which don’t require court approval. These letters allow the FBI to demand records associated with Americans’ online communications.

If the amendment becomes law, federal agents won’t need a court order to access phone logs, email records, cell-site data used to pinpoint locations, as well as browsing histories of recently visited websites.

It is outrageous that mass surveillance of such user information without a warrant came so close to success. And it may still pass. How is it that warrants are viewed as unnecessary to breach the privacy of American citizens?

Here are some Twitter reactions:

FBI seeks warrant-free access to your email communications

Via The Intercept:

A PROVISION SNUCK INTO the still-secret text of the Senate’s annual intelligence authorization would give the FBI the ability to demand individuals’ email data and possibly web-surfing history from their service providers without a warrant and in complete secrecy.

If passed, the change would expand the reach of the FBI’s already highly controversial national security letters. The FBI is currently allowed to get certain types of information with NSLs — most commonly, information about the name, address, and call data associated with a phone number or details about a bank account.

Since a 2008 Justice Department legal opinion, the FBI has not been allowed to use NSLs to demand “electronic communication transactional records,” such as email subject lines and other metadata, or URLs visited.

The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., whowrote in a statement that one of the bill’s provisions “would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers.”

How is it that the FBI can drive through such proposals with only a single legislator voting no? Should this survive, the surveillance state will reach an all-time high.

Wall Street Journal calls out the FBI

The FBI has been tying itself in knots with Apple, first by trying to force Apple to break its own encryption, and then acknowledging that the agency was able to access at least two iPhones without Apple’s help.

The Wall Street Journal claims that the FBI has travelled into the zone of farce:

If history repeats itself first as tragedy and then as farce, what does the FBI have in store next for its encryption war with Apple? After withdrawing its demands in San Bernardino and then reopening hostilities with a drug prosecution in Brooklyn, the G-men abruptly dumped the second case over the weekend too. Is anyone in charge at the Justice Department, or are junior prosecutors running the joint?

* * *

Yet while Justice argued in Brooklyn that Apple’s help was essential, it also argued the FBI had no obligation to pursue a non-Apple work-around. The remarkable claim was that prosecutors need not exhaust all possible alternatives before conscripting a private company, such as consulting with other U.S. agencies, hiring an outside digital forensics outfit or even interrogating Feng again.

Such assertions were as false in Brooklyn as in San Bernardino. Two hours and a half before a deadline on Friday night, the government withdrew the case after “an individual provided the passcode to the iPhone,” according to legal filings. This second immaculate conception in as many months further undermines the FBI’s credibility about its technological capabilities. Judges ought to exercise far more scrutiny in future decryption cases even as Mr. Comey continues to pose as helpless.

* * *

Meanwhile, the White House has taken the profile-in-courage stand of refusing to endorse or oppose any encryption bill that Congress may propose. If the Obama team won’t start adjusting to the technological realities of strong and legal encryption, they could at least exercise some adult supervision at Main Justice.

The FBI cannot be trusted to protect privacy and security for our citizens, especially given their keystone cops behavior.

Senators Richard Burr and Dianne Feinstein release draft anti-encryption bill

Writing in TechDirt, Mike Masnick reviews the horrible and actually crazy, implications of the legislation.

The basics of the bill are exactly what you’d expect. It says that any “device manufacturer, software manufacturer, electronic communication service, remote computing service, provider of wire or electronic or any person who provides a product or method to facilitate communication or the processing or storage of data” must respond to legal orders demanding access to said information. First off, this actually covers a hell of a lot more than was originally expected. By my reading, anyone providing PGP email is breaking the law — because it’s not just about device encryption, but encryption of communications in transit as well. I wonder how they expect to put that genie back in the bottle.

* * *

The second this bill becomes law, the US loses a massive economic advantage. Basically all of our technology becomes suspect globally, and the entire cybersecurity industry moves off shore. It will devastate American businesses outside of the US. Burr and Feinstein are basically offering a bill that completely undermines the economic prosperity of the American tech industry. This is especially insane coming from Feinstein, given that she supposedly represents so many tech companies in California.

The article, as well as the bill itself, can be found here.


Sucks to be the FBI (and the NSA)

Facebook‘s WhatsApp texting service is now fully end-to-end encrypted. And the encryption is automatically turned on for all of its one billion users.

Via the Wall Street Journal:

Many Internet companies encrypt messages before they are stored on their servers, but they are typically able to decrypt them when necessary—for example, in the case of a court order. With Open Whisper’s technology, WhatsApp won’t be able to read its customers’ messages under any circumstances, a feature known as “end-to-end” encryption.

That will make it much harder for anyone—including criminals, intelligence agencies and law enforcement—to read WhatsApp messages without permission, said Moxie Marlinspike, founder of Open Whisper Systems. “End-to-end encryption ensures that the messages you send can only be read by their intended recipients,” he said.

The encryption technology will be turned on by default, so WhatsApp users won’t have to change any settings to enable it, Mr. Marlinspike said.

Susan Crawford essay on Apple/FBI fight

Susan Crawford, a prominent Harvard legal scholar and Barack Obama’s former Special Assistant for Science, Technology, and Innovation Policy, has written an important essay that deftly shows that the FBI has no legal authority whatsoever  to force any phone manufacturer to make any changes at all to the manufacturer’s software and hardware.

The problem for the president is that when it comes to the specific battle going on right now between Apple and the FBI, the law is clear: twenty years ago, Congress passed a statute, the Communications Assistance for Law Enforcement Act (CALEA) that does not allow the government to tell manufacturers how to design or configure a phone or software used by that phone — including security software used by that phone.

CALEA was the subject of intense negotiation — a deal, in other words. The government won an extensive, specific list of wiretapping assistance requirements in connection with digital communications. But in exchange, in Section 1002 of that act, the Feds gave up authority to “require any specific design of equipment, facilities, services, features or system configurations” from any phone manufacturer. The government can’t require companies that build phones to come to it for clearance in advance of launching a new device. Nor can the authorities ask a manufacturer to design something new — like a back door — once that device is out.

The full article is worth a read.

The tide may be turning in favor of Apple over FBI

This is an interesting survey that seems to show people coming around to supporting strong encryption.

As the FBI and Apple continue to fight in court over whether the tech giant should help unlock a San Bernardino shooter’s iPhone, a new NBC News/Wall Street Journal poll shows Americans about evenly divided, with a slightly greater number backing the iThing maker.

Forty-seven percent of respondents said that Apple should not cooperate with a Justice Department request to build a piece of software that would bypass security features on Syed Farook’s iPhone 5C. Forty-two percent of those interviewed said Apple should cooperate with the request in the ongoing case.

The poll was conducted between March 3 and 6, and interviewed 1,200 registered voters. The margin or error was 2.83 percent.

And the New York Times reports the following:

Officials had hoped the Apple case involving a terrorist’s iPhone would rally the public behind what they see as the need to have some access to information on smartphones. But many in the administration have begun to suspect that the F.B.I. and the Justice Department may have made a major strategic error by pushing the case into the public consciousness.

Many senior officials say an open conflict between Silicon Valley and Washington is exactly what they have been trying to avoid, especially when the Pentagon and intelligence agencies are trying to woo technology companies to come back into the government’s fold, and join the fight against the Islamic State. But it appears it is too late to confine the discussion to the back rooms in Washington or Silicon Valley.

The fact that Apple is a major consumer company “takes the debate out of a very narrow environment — the universe of technologists and policy wonks — into the realm of consumers where barriers like the specific language of Washington or the technology industry begins to fall away,” said Malkia Cyril, the executive director of the Center for Media Justice, a grass-roots activist network.

* * *

Ms. Cyril says the public angst about the iPhone case feels more urgent than did the discussion about government surveillance three years ago.

“This is one of those moments that defines what’s next,” she said. “Will technology companies protect the privacy of their users or will they do work for the U.S. government? You can’t do both.”

And now the DOJ comes for WhatsApp

Via the New York Times:

WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge’s wiretap order.

As recently as this past week, officials said, the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp’s encryption.

The Justice Department and WhatsApp declined to comment. The government officials and others who discussed the dispute did so on condition of anonymity because the wiretap order and all the information associated with it were under seal. The nature of the case was not clear, except that officials said it was not a terrorism investigation. The location of the investigation was also unclear.

* * *

In a twist, the government helped develop the technology behind WhatsApp’s encryption. To promote civil rights in countries with repressive governments, the Open Technology Fund,  which promotes open societies by supporting technology that allows people to communicate without the fear of surveillance, provided $2.2 million to help develop Open Whisper Systems, the encryption backbone behind WhatsApp.

Because of such support for encryption, Obama administration officials disagree over how far they should push companies to accommodate the requests of law enforcement.

DOJ mad at WhatsApp for using crypto, but US gov paid to develop the crypto WhatsApp uses.

— Christopher Soghoian (@csoghoian) March 12, 2016

Apple secures litigation support from many tech firms

Yesterday, several tech firms filed a brief in support of Apple. The firms included, Box, Cisco Systems, Dropbox, Evernote, Facebook, Google, Microsoft, Mazilla, Nest, Pinterest, Slack, SnapChat, WhatsApp, and Yahoo. It is an amazing coalition of support, given the competition between the firms. It is clear that Apple and its supporters are ready to go the distance to stop the application of the All Writs Act to impair strong data encryption.

The full text of the brief can be found here.

And other tech firms joined in with their own briefs. In all over 40 companies and individuals filed more than a dozen briefs in support.


And more support for Apple comes from the top human rights official of the United Nations.

The top human rights official at the United Nations, Zeid Ra’ad al-Hussein, the United Nations high commissioner for human rights, warned the United States authorities on Friday that their efforts to force Apple to unlock an iPhone belonging to a gunman risked helping authoritarian governments and jeopardizing the security of millions around the world.

* * *

Mr. al-Hussein said that American law enforcement agencies, in seeking trying to break the encryption protecting one phone, “risk unlocking a Pandora’s box,” and that there were “extremely damaging implications” for the rights of many millions of people, with possible effects on their physical and financial security.

“A successful case against Apple in the U.S. will set a precedent that may make it impossible for Apple or any other major international I.T. company to safeguard their clients’ privacy anywhere in the world,” Mr. al-Hussein said in a statement. “It is potentially a gift to authoritarian regimes, as well as to criminal hackers.”

50 days

On December 5, at 2:46 am, the FBI first contacted Apple regarding the San Bernardino phone. This was the day before the FBI changed the iCloud password on the device. Not until 50 days later, on January 22, did the FBI again contact Apple.

As emptywheel writes:

And yet the FBI wants us to believe they think this phone will have important information about the attack.

Apple wins iPhone unlocking ruling in New York

A magistrate court judge in New York, Judge James Orenstein in New York’s Eastern District, has ruled that Apple cannot be compelled, under the All Writs Act, to create new code to allow the hacking of an iPhone in a drug-related case.

Via The New York Times:

Judge Orenstein, in his 50-page ruling on Monday, took particular aim at a 1789 statute called the All Writs Act that underlies many government requests for extracting data from tech companies. The All Writs Act broadly says that courts can require actions to comply with their orders when not covered by existing law. Judge Orenstein said the government was inflating its authority by using the All Writs Act to force Apple to extract data from an iPhone seized in connection with a drug case.

The government’s view of the All Writs Act is so expansive as to cast doubt on its constitutionality if adopted, Judge Orenstein wrote.

* * *

Ultimately, Judge Orenstein argued that the government couldn’t use the All Writs Act to ask Apple to help extract information from a device just because a different law, the Communications Assistance for Law Enforcement Act, or Calea, addresses the issue and does not include an “information services” company like Apple. Congress has been debating whether to amend Calea to include tech companies such as Apple, Facebook and Alphabet’s Google.

This ruling obviously could be used to aid Apple in the San Bernardino case as well. The full text of the ruling is here.

Update: Later today, Apple’s top lawyer, Bruce Sewell, will testify before the House Judiciary Committee regarding the company’s refusal to unlock the San Bernardino iPhone. Here is the gist of his testimony, via The Intercept.

“The American people deserve an honest conversation around the important questions stemming from the FBI’s current demand,” Sewell wrote.

“Do we want to put a limit on the technology that protects our data, and therefore our privacy and our safety, in the face of increasingly sophisticated cyberattacks?”

“Should the FBI be allowed to stop Apple, or any company, from offering the American people the safest and most secure product it can make?”

And: “Should the FBI have the right to compel a company to produce a product it doesn’t already make, to the FBI’s exact specifications and for the FBI’s use?”

Update 2: Edward Snowden hits the nail on the head: