Posts

Friday Morning: This Thing Called Life

It’s Friday, when we usually cover a different jazz genre. But we’re playing these sorry cards we’ve been dealt this week and observing the passing of a great artist.

We’ll probably all be sick of seeing this same video, but it is one of the very few of Prince available for embedding with appropriate intellectual property rights preserved. It’s a result of Prince’s tenacious control over his artistic product that we won’t have ready access to his past performances, but this same tenacity taught many artists how to protect their interests.

It’s worth the hour and a quarter to watch the documentary Prince in the 1980s; the enormity of his talent can’t be understood without reactions by professionals to his abilities.

The way his voice slides easily into high registers at 05:44, his guitar playing beginning at 06:53, offer us just the smallest glimpses of his spectacular gifts.

Good night, sweet Prince, may flights of angels sing thee to thy rest.

Great Google-y moogley

  • European Community’s Antitrust Commission issued a Statement of Objections regarding perceived breaches of antitrust laws by Google’s Android operating system (European Commission press release) — The EU has a problem with Android’s ~90% market share in some member states. They may have a tough time with their case as the EU did very little to preserve the Nokia Symbian OS when Microsoft bought Nokia phone business. Their point about lack of application interoperability and portability between mobile devices is also weak as they did not make that case with Windows-based applications on personal computers. Further, Google has been aggressive to the point of annoyance in its efforts to segregate Android and Google apps — I can attest to this, having a handful of Android devices which have required irritating application upgrades to facilitate this shift over the last year and a half. This will be an interesting case to watch.
  • The second annual Android Security Report was released on Google’s blog this week (Google Blog) — Some interesting numbers in this report, including Google’s revelation that it scans 400 million devices a day. Gee, a figure intelligence agencies must envy.
  • Roughly 29% of Android devices can’t be accessed to issue monthly security patches (Naked Security) — Sophos has a bit of an attitude about the back-of-the-envelope number it scratched out, calculating a little more than 400 million Android devices may not be running modern Android versions Google can patch, or may not be accessible to scanning for patching. You’d think a cybersecurity vendor would revel in this opportunity to sell product. Or that an otherwise intelligent and successful security firm would recognize the numbers reflect Android’s continued dominance in the marketplace with more than 1.4 billion active devices. The risk is big, but how much of that risk is due to the success of the devices themselves — still highly usable if aging, with insufficient memory for upgrades? Sounds so familiar (*cough* Windows XP)…
  • Google passed a benchmark with mobile version of Chrome browser on more than 1 billion devices (Business Insider) — Here’s another opportunity to screw up interpretation of data: mobile Chrome works on BOTH Android and iOS devices. I know for a fact the latest mobile Chrome will NOT work on some older Android devices.

Under Not-Google: Opera browser now has free built-in VPN
A lesser-known browser with only 2% of current market share, Opera is a nice alternative to Chrome and Firefox. Its new built-in free VPN could help boost its market share by offering additional privacy protection. It’s not clear this new feature will protect users against censorship tools, though — and this could be extremely important since this Norwegian software company may yet be acquired by a Chinese company which placed a bid on the firm a couple of months ago.

Definitely Not-Google: Apple cracker cost FBI more than $1 million
Can’t swing an iPad without hitting a report on FBI director James Comey’s admission at the Aspen Security Forum this week in Londn that cracking the San Bernardino shooter’s work iPhone cost “more than I will make in the remainder of this job, which is 7 years and 4 months,” or more than $1 million dollars. Speaking of exorbitant expenses, why was Comey at this forum in London? Oh, Comey was the headliner for the event? Isn’t that interesting…wonder if that speaking gig came with speaker’s fee?

That’s it for this week’s morning roundups. Hope you have a nice weekend planned ahead of you!

Wednesday Morning: Water, Water, Everywhere [UPDATE]

Day after day, day after day,
We stuck, nor breath nor motion;
As idle as a painted ship
Upon a painted ocean.

Water, water, every where,
And all the boards did shrink;
Water, water, every where,
Nor any drop to drink.

— excerpt, The Rime of the Ancient Mariner by Samuel Taylor Coleridge

Felony and misdemeanor charges are expected today in the Flint water crisis. State Attorney General Bill Schuette will put on a media dog-and-pony show, when it is expected that three persons — two engineers with the Michigan Department of Environmental quality and a Flint water department employee — will be charged for Flint’s lead water levels after the cut-over to Flint River water.

Mind you, the descriptions of these persons do not match that of higher level persons who were responsible for

1) making the final decision to cut Flint off from Detroit’s water system and switching to the Flint river;
2) evaluating work performed by consulting firms about the viability of Flint River as a water source, or about reporting on lead levels after the cut-over;
3) ensuring the public knew on a timely basis the water was contaminated once it was already known to government officials;
4) lack of urgency in responding to a dramatic uptick in Legionnaire’s disease, or the blood lead levels in children.

Just for starters. Reading the Flint water crisis timeline (and yes, it needs updating), it’s obvious negligence goes all the way to the top of state government, and into the halls of Congress.

Michigan’s Governor Snyder has elected to perform some weird self-flagellating mea culpa or performance art, by insisting he and his wife will drink filtered Flint city water for a month. It’s a pointless gesture since the toxic lead levels, experienced during the two years immediately after the city’s cut-over to the Flint River, have already fallen after doing permanent damage to roughly eight thousand children in and around Flint.

Flint’s Mayor Karen Weaver said about the governor’s stunt, “[H]e needs to come and stay here for 30 days and live with us and see what it’s like to use bottled or filtered water when you want to cook and when you want to brush your teeth.”

Or get a new mortgage, I would add. The gesture also does nothing for Flint’s property values. Imagine living in Flint, trying to refinance your home to a lower interest rate, telling the bank, “Oh, but the water’s safe enough for the governor!” and the bank telling you, “Nah. Too risky.”

UPDATE — 10:45 AM EDT —
Charges have been filed against City of Flint’s Laboratory & Water Quality Supervisor Mike Glasgow and Michigan Department of Environmental Quality Office of Drinking Water and Management Assistance district director Steven Busch and MI-ODWMA District Engineer Michael Prysby. Mlive.com-Flint reports,

Glasgow is accused of tampering with evidence when he allegedly changed testing results to show there was less lead in city water than there actually was. He is also charged with willful neglect of office.

Prysby and Busch are charged with misconduct in office, conspiracy to tamper with evidence, tampering with evidence, a treatment violation of the Michigan Safe Drinking Water Act and a monitoring violation of the Safe Drinking Water.

None of the individuals charged in the case have been arraigned.

Sure would like to see the evidence on Glasgow, given the email he wrote 14-APR-2014 (see the timeline).

House hearing on encryption yesterday

  • Worth the time if you have it to listen to the House Energy and Commerce Oversight and Investigations Subcommittee’s hearing, ‘Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives‘ to catch Apple’s general counsel Bruce Sewell and UPenn’s CIS asst. prof. Matt Blaze. Not so much for Indiana State Police Captain Charles Cohen, who was caught up in misinfo/disinfo about Apple’s alleged non-cooperation with the U.S. government. Wish there was a transcript, especially for the part where Sewell was quizzed as to whether Apple would encrypt their cloud.
  • Speaking of Cohen and misinfo/disinfo, Apple said it hasn’t released source code to Chinese (Reuters) — This is the spin IN’s Cohen got caught up in. Nope.

Another Congressional hearing of interest: Fed Cybersecurity
In case you missed it, catch the video of today’s House Oversight Subcommittee on Information Technology hearing on Federal Cybersecurity Detecion, Response, and Mitigation. You may have seen Marcy’s tweets on this hearing, at which Juniper Networks was a no-show, and Rep. Ted Lieu (D-CA) was kind of pissed off. Catch Bruce Schneier’s post about Juniper’s vulnerability.

Volkswagen has company: Mitsubishi’s mileage data tweaked to cheat
The Japanese automaker may have to pay back tax rebates offered on vehicles meeting certain fuel efficiency standards. Data from mileage tests on hundreds of thousands of cars was fudged to make the cars look 5-10 percent more efficient.

Speaking of cheating: Volkswagen’s use of code words masked references to emissions controls cheats
The amount of data under review along with the use of code words and phrases like “acoustic software” may delay the completion of the probe’s report. Don’t forget: tomorrow is the second 30-day deadline set for VW to provide a technical solution for owners of its passenger diesel vehicles.

That’s enough. Michigan state AG newser underway now as I update this again at 1:15 p.m. EDT; I may not update here since I addressed known charges above. Catch you on the other side of the hump.

Monday Morning: Calm, You Need It

Another manic Monday? Then you need some of Morcheeba’s Big Calm combining Skye Edward’s mellow voice with the Godfrey brothers’ mellifluous artistry.

Apple’s Friday-filed response to USDOJ: Nah, son
You can read here Apple’s response to the government’s brief filed after Judge James Orenstein’s order regarding drug dealer Jun Feng’s iPhone. In a nutshell, Apple tells the government they failed to exhaust all their available resources, good luck, have a nice life. A particularly choice excerpt from the preliminary statement:

As a preliminary matter, the government has utterly failed to satisfy its burden to demonstrate that Apple’s assistance in this case is necessary—a prerequisite to compelling third party assistance under the All Writs Act. See United States v. N.Y. Tel. Co. (“New York Telephone”), 434 U.S. 159, 175 (1977). The government has made no showing that it has exhausted alternative means for extracting data from the iPhone at issue here, either by making a serious attempt to obtain the passcode from the individual defendant who set it in the first place—nor to obtain passcode hints or other helpful information from the defendant—or by consulting other government agencies and third parties known to the government. Indeed, the government has gone so far as to claim that it has no obligation to do so, see DE 21 at 8, notwithstanding media reports that suggest that companies already offer commercial solutions capable of accessing data from phones running iOS 7, which is nearly three years old. See Ex. B [Kim Zetter, How the Feds Could Get into iPhones Without Apple’s Help, Wired (Mar. 2, 2016) (discussing technology that might be used to break into phones running iOS 7)]. Further undermining the government’s argument that Apple’s assistance is necessary in these proceedings is the fact that only two and a half weeks ago, in a case in which the government first insisted that it needed Apple to write new software to enable the government to bypass security features on an iPhone running iOS 9, the government ultimately abandoned its request after claiming that a third party could bypass those features without Apple’s assistance. See Ex. C [In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, Cal. License Plate #5KGD203 (“In the Matter of the Search of an Apple iPhone” or the “San Bernardino Matter”), No. 16-cm-10, DE 209 (C.D. Cal. Mar. 28, 2016)]. In response to those developments, the government filed a perfunctory letter in this case stating only that it would not modify its application. DE 39. The letter does not state that the government attempted the method that worked on the iPhone running iOS 9, consulted the third party that assisted with that phone, or consulted other third parties before baldly asserting that Apple’s assistance remains necessary in these proceedings. See id. The government’s failure to substantiate the need for Apple’s assistance, alone, provides more than sufficient grounds to deny the government’s application.

Mm-hmm. That.

Dieselgate: Volkswagen racing toward deadline

  • Thursday, April 21 is the extended deadline for VW to propose a technical solution for ~500,000 passenger diesel cars in the U.S. (Intl Business Times) — The initial deadline was 24-MAR, establishing a 30-day window of opportunity for VW to create a skunkworks team to develop a fix. But if a team couldn’t this inside 5-7 years since the cars were first sold in the U.S., another 30 days wouldn’t be enough. Will 60 days prove the magical number? Let’s see.
  • VW may have used copyrighted hybrid technology without paying licensing (Detroit News) — What the heck was going on in VW’s culture that this suit might be legitimate?
  • After last month’s drop-off in sales, VW steps up discounting (Reuters) — Trust in VW is blamed for lackluster sales; discounts aren’t likely to fix that.

Once around the kitchen

  • California’s winter rains not enough to offset long-term continued drought (Los Angeles Times) — Op-ed by Jay Famiglietti, senior water scientist at the NASA Jet Propulsion Laboratory–Pasadena and UC-Irvine’s professor of Earth system science. Famiglietti also wrote last year’s gangbuster warning about California’s drought and incompatible water usage.
  • Western scientists meet with North Korean scientists on joint study of Korean-Chinese volcano (Christian Science Monitor) — This seems quite odd, that NK would work in any way with the west on science. But there you have it, they are meeting over a once-dormant nearly-supervolcano at the Korea-china border.
  • BTW: Deadline today for bids on Yahoo.

There you are, your week off to a solid start. Catch you tomorrow morning!

The FBI’s Asinine Attempt to Retroactively Justify Cracking Farook’s Phone

“Hold on honey,” said Syed Rizwan Farook, who had just murdered 14 of his co-workers, “let me go get my work phone in case they call me during our getaway”

That’s the logic the FBI is now peddling to reporters who are copping onto what was clear from the start: that there was never going to be anything of interest on Farook’s phone. After all, they’re suggesting geolocation data on the phone (some of which would be available from Verizon) might explain the 18 minutes of the day of the attack the FBI has yet to piece together.

For instance, geolocation data found on the phone might yet yield clues into the movements of the shooters in the days and weeks before the attack, officials said. The bureau is also trying to figure out what the shooters did in an 18-minute period following the shooting.

Farook drove a SUV to the attack and was killed in the same SUV. To suggest his work phone, which was found in a Lexus at his house, might have useful geolocation data about the day of the attack would suggest he made a special trip to the car to leave his phone in it and turned it off afterwards (if we really believe it was off and not just drained when the FBI found it the day after the attack).

Hold on honey, let me go place my work phone in the Lexus.

Similarly, it is nonsensical to suggest the phone would yield evidence of ties with foreign terrorists.

The FBI has found no links to foreign terrorists on the iPhone of a San Bernardino, Calif., terrorist but is still hoping that an ongoing analysis could advance its investigation into the mass shooting in December, U.S. law enforcement officials said.

They’ve had the metadata from the phone since December 6, at the latest. That’s what would show ties with foreign terrorists, if Farook had been so stupid as to plot a terrorist attack against his colleagues on his work phone, to which his employer had significant access.

Finally, reporters should stop repeating the FBI’s claim that Farook turned off his backups.

In particular, the bureau wanted to know if there was data on the phone that was not backed up in Apple’s servers. Farook had stopped backing up the phone to those servers in October, six weeks before the attack.

The government has actually never said that in sworn declarations. Rather, their forensics guy, Christopher Pluhar, asserted only that Farook may have turned them off.

Importantly, the most recent backup is dated October 19, 2015, which indicates to me that Farook may have disabled the automatic iCloud backup feature associated with the SUBJECT DEVICE. I believe this because I have been told by SBCDPH that it was turned on when it was given to him, and the backups prior to October 19, 2015 were with almost weekly regularity. [my emphasis]

But if he did, he was a damned incompetent terrorist, because — as Jonathan Zdziarski, who is quoted in this article, pointed out — at the same screen he would have used to turn off the iCloud backup, he could have also deleted all his prior backups, which we know he didn’t do.

  • Find my iPhone is still active on the phone (search by serial number), so why would a terrorist use a phone he knew was tracking him? Obviously he wouldn’t. The Find-my-iPhone feature is on the same settings screen as the iCloud backup feature, so if he had disabled backups, he would have definitely known the phone was being tracked. But the argument that Farook intentionally disabled iCloud backup does not hold water, since he would have turned off Find-my-iPhone as well.
  • In addition to leaving Find-my-iPhone on, the option to delete all prior backups (which include iMessage history and other content) is also on the same settings screen as the option to disable iCloud backups. If Farook was trying to cover up evidence of leads, he would have also deleted the existing backups that were there. By leaving the iCloud backup data, we know that Farook likely did not use the device to talk to any leads prior to October 19.

We also know from a supplemental Pluhar declaration that Farook had not activated the remote-wipe function, which he also would have done if he were a smart terrorist trying to cover his tracks.

Finally, Apple’s Privacy Manager, as Erik Neuwenschander demonstrated, Pluhar didn’t know what the fuck he was talking about with regards to backups.

Agent Pluhar also makes incorrect claims in paragraph 10(b). Agent Pluhar claims that exemplar iPhones that were used as restore targets for the iCloud backups on the subject device “showed that … iCloud back-ups for ‘Mail,’ ‘Photos,’ and ‘Notes’ were all turned off on the subject device.” This is false because it is not possible. Agent Pluhar was likely looking at the wrong screen on the device. Specifically, he was not looking at the settings that govern the iCloud backups. It is the iCloud backup screen that governs what is backed up to iCloud. That screen has no “on” and “off” options for “Mail,” “Photos,” or “Notes.

Zdziarski offers another possible explanation for the lack of backups on Farook’s phone, so there are other possible explanations.

iCloud backups could have ceased for a number of reasons, including a software update that was released on October 21, just two days after the last backup, or due to iCloud storage filling up.

The point is, we don’t know, and it’s not even clear Pluhar would know how to check. So given all that other evidence suggesting Farook may not have turned off his backups, journalists probably should not claim, as fact, he did.

Of course, that claim is really just a subset of the larger set of the bullshit FBI has fed us about the phone. It’d really be nice if people stopped taking their bullshit claims seriously, as so few of the past ones have held up.

Why Isn’t DOJ Complaining about Apple’s Cooperation with Police States Like South Korea … or the US?

There was lots that was nasty in yesterday’s DOJ brief in the Apple vs FBI case. But I want to look at this claim, from DOJ’s effort to insinuate Apple is resisting doing something for the US government it has already done for China.

Apple suggests that, as a practical matter, it will cease to resist foreign governments’ efforts to obtain information on iPhone users if this Court rules against it. It offers no evidence for this proposition, and the evidence in the public record raises questions whether it is even resisting foreign governments now. For example, according to Apple’s own data, China demanded information from Apple regarding over 4,000 iPhones in the first half of 2015, and Apple produced data 74% of the time.

There are a bunch more claims in the paragraph, that I expect Apple will address in its reply. But in this passage, DOJ suggests that Apple is doing something nefarious by providing the government of a country of over 1.3 billion people access to information from 4,000 Apple devices.

Omigosh! 4,000 phones!! That’s an unbelievable amount of cooperation with a repressive state!!!

Here’s the section of Apple’s transparency report from which DOJ gets the numbers.
Screen Shot 2016-03-11 at 6.06.08 PM

As you can see, China has asked for data from roughly the same number of devices as Australia, a country with 2% of China’s population (and a much smaller market for iPhones; though China’s number is higher if you include Hong Kong). By far the biggest snoop into citizens’ devices is South Korea (with a population of just over 50 million), which has asked for data on 37,565 devices.

And if providing a government information on devices is a sign of tyranny, then the DOJ better start worrying about … the US, which asked for information from more than twice as many phones as China in the same period, and which got compliance more often.

In truth, this is a bullshit metric, attacking responses to legal process from China as a kind of red-bashing, while ignoring the much greater data grab that our ally South Korea makes. It says nothing about special cooperation Apple has given China.

That doesn’t mean Apple hasn’t made such cooperation, but DOJ’s use of such a stupid number ought to raise real questions about the rest of it.

DOJ to Apple: Start Cooperating or You’ll Get the Lavabit Treatment

DOJ has submitted its response to Apple in the Syed Farook case. Amid invocations of a bunch of ominous precedents — including Dick Cheney’s successful effort to hide his energy task force, Alberto Gonzales effort to use kiddie porn as an excuse to get a subset of all of Google’s web searches, and Aaron Burr’s use of encryption — it included this footnote explaining why it hadn’t just asked for Apple’s source code.

Screen Shot 2016-03-10 at 6.17.50 PM

That’s a reference to the Lavabit appeal, in which Ladar Levison was forced to turn over its encryption keys.

As it happens, Lavabit submitted an amicus in this case (largely arguing against involuntary servitude). But as part of it, they revealed that the reason the government demanded Lavabit’s key is because “in deference to [Edward Snowden’s] background and skillset, the Government presumed the password would be impossible to break using brute force.”

Screen Shot 2016-03-10 at 6.34.21 PM

But that says that for phones that — unlike Farook’s which had a simple 4-digit passcode — the government maintains the right to demand more, up to and including their source code.

The government spends a lot of time in this brief arguing it is just about this one phone. But that footnote, along with the detail explaining why they felt the need to obtain Lavabit’s key, suggests it’s about far more than even Apple has claimed thus far.

On Jim Comey’s Attempts to Force Apple to Change Its Business Model

As he has said repeatedly in Congressional testimony, FBI Director Jim Comey wants to change Apple’s business model.

The former General Counsel for defense contractor Lockheed and hedge fund Bridgewater Associates has never, that I’ve seen, explained what he thought Apple’s business model should be, or how much he wants to change it, or how the FBI Director put himself in charge of dictating what business models were good for America and what weren’t and why we’re even asking that in an age of multinational corporate structures.

It seems there are three possible business models Comey might have in mind for Apple:

  • The AT&T (or Lockheed) model, in which a provider treats federal business as a significant (in Lockheed’s case, the only meaningful) market, and therefore treats federal requests, even national security ones, as a primary market driver; in this case, the Feds are your customer
  • The Google model, in which a provider sees the user’s data as the product, rather than the user herself, and therefore builds all systems so as to capture and use the maximal amount of data
  • A different model, in which Apple can continue to sell what I call a walled garden to customers, still treating customers as the primary market, but with limits on how much of a walled garden it can offer

I raise these models, in part, because I got into a conversation on Twitter about what the value of encryption on handsets really is. The conversation suffered, I think, from presuming that iPhones and Android phones have the same business model, and therefore one could calculate the value of the encryption offered on an iPhone the same way one would calculate the value of encryption on an Android phone. They’re not.

Even aside from the current difference between Google’s business model (the data model at the software level, the licensing model at the handset level) versus Apple’s model, in Apple’s model, the customer is the customer, and she pays a premium for an idyllic walled garden that includes many features she may not use.

I learned this visiting recently with a blind friend of mine, whom I used to read for on research in college, who therefore introduced me to adaptive technologies circa 1990 (which were pretty cutting edge at the time). I asked her what adaptive technologies she currently uses, thinking that as happened with the 90s stuff the same technology might then be rolled out for a wider audience in a slightly different application. She said, the iPhone, the iPhone, and the iPhone. Not only are there a slew of apps available for iPhone that provide adaptive technologies. Not only does the iPhone offer the ability to access recorded versions of the news and the like. But all this comes standard in every iPhone (along with other adaptive technologies that wouldn’t be used by a blind person any more than most sighted ones). All iPhone users pay for those adaptive technologies as part of their walled garden, even though even fewer realize they’re there than they realize their phone has great encryption. But because they pay more for their phone, they’re effectively ensuring those who need adaptive technologies can have them, and on the market leader in handsets. Adaptive technologies, like online security, are part of the idyllic culture offered within Apple’s walled garden.

The notion that you can assign a value to Apple’s encryption, independent of the larger walled garden model, seems mistaken. Encryption is a part of having a walled garden, especially when the whole point of a walled garden is creating a space where it is safe and easy to live online.

Plus, it seems law enforcement in this country is absolutely obtuse that the walled garden does provide law enforcement access in the Cloud, and they ought to be thrilled that the best encryption product in the world entails making metadata — and for users using default settings, as even Syed Rizwan Farook seems to have been — content readily available to both PRISM and (Admiral Rogers made clear) USA Freedom Act. That is, Apple’s walled garden does not preclude law enforcement from patrolling parts of the garden. On the contrary, it happens to ensure that American officials have the easiest ability to do so, within limits that otherwise ensure the security of the walled garden in ways our national security elite have been both unwilling and even less able to do.

But there’s one more big problem with the fanciful notion you can build a business model that doesn’t allow for encryption: Signal is free. The best app for encrypted calls and texts, Signal, is available free of charge, and via open source software (so it could be made available overseas if Jim Comey decided it, too, needed to adopt a different business model). The attempt to measure in value what value encryption adds to a handset is limited, because someone can always add on top of it their own product, so any marginal value of encryption on a handset would have to make default encrypted device storage of additional marginal value over what is available for free (note, there is a clear distinction between encrypting data at rest and in motion, but the latter would be more important for anyone conducting nefarious actions with a phone).

Finally, there’s one other huge problem with Comey’s presumption that he should be able to dictate business models.

Even according to this year’s threat assessment, the threat from hacking is still a greater threat to the country than terrorism. Apple’s business model, both by collecting less unnecessary data on users and by aspiring to creating a safe walled garden, offers a far safer model to disincent attacks (indeed, by defaulting on encryption, Apple also made iPhone theft and identity via device theft far harder). Comey is, effectively, trying to squelch one of the market efforts doing the most to make end users more resilient to hackers.

The only model left–that could offer a safer default environment–would effectively be an AT&T model pushed to its limits: government ownership of telecoms, what much of the world had before Reagan pushed privatization (and in doing so, presumably made the rest of the world a lot easier for America to spy on). Not only would that devastate one of the brightest spots in America’s economy, but it would represents a pretty alarming move toward explicit total control (from what it tacit control now).

Is that what former Hedgie Jim Comey is really looking to do?

One final point. While I think it is hard to measure marginal value of encryption, the recent kerfuffle over Kindle makes clear that the market does assign value to it. Amazon dropped support for encryption on some of its devices last fall, which became clear as people were no longer able to upgrade. When they complained in response, it became clear they were using Kindles beyond what use Amazon envisioned for them. But by taking away encryption users had already had, Amazon not only made existing devices less usable, but raised real questions about the CIA contractor’s intent. Pretty quickly after the move got widespread attention, Amazon reversed course.

Even with a company as untrustworthy and data hungry as Amazon, removing encryption will elicit immediate distrust. Which apparently is not sustainable from a business perspective.

Husband of San Bernardino Victim Agrees: Farook’s Phone Unlikely to Yield Useful Information

Even before the government obtained an All Writs Act ordering Apple to help back door Syed Rezwan Farook’s phone, it had arranged with a former judge to submit a brief on behalf of the victims of the attack, supporting the government’s demand. Yet not all victims agree. The husband of a woman shot three times in the attack, Salihin Kondoker, has submitted his own letter to the court in support of Apple’s stance. In it, he provides support for a point I was among the first to make: that the phone isn’t going to provide much information about the attack, in large part because it was a work phone Farook would have known was being surveilled.

In my opinion it is unlikely there is any valuable information on this phone. This was a work phone. My wife also had an iPhone issued by the County and she did not use it for any personal communication. San Bernardino is one of the largest Counties in the country. They can track the phone on GPS in case they needed to determine where people were. Second, both the iCloud account and carrier account were controlled by the county so they could track any communications. This was common knowledge among my wife and other employees. Why then would someone store vital contacts related to an attack on a phone they knew the county had access to? They destroyed their personal phones after the attack. And I believe they did that for a reason.

It’s a question no one asked Jim Comey earlier this week when he testified before the House Judiciary Committee.

Curiously, Kondoker (who explains he has attended briefings the FBI has held for victims) alludes to information the FBI is currently ignoring.

In the weeks and months since the attack I have been to the FBI briefings that were held for victims and their families. I have joined others in asking many questions about how this happened and why we don’t have more answers. I too have been frustrated there isn’t more information. But I don’t believe that a company is the reason for this.

[snip]

In the wake of this terrible attack, I believe strongly we need stronger gun laws. It was guns that killed innocent people, not technology. I also believe the FBI had and still has access to a lot of information which they have ignored and I’m very disappointed in the way they’ve handled this investigation.

I’m really curious what that is — and why Jim Comey, who promises he would never ignore a lead, isn’t ensuring it gets chased down?

Why Did Apple “Object” to All Pending All Writs Orders on December 9?

As I noted the other day, a document unsealed last week revealed that DOJ has been asking for similar such orders in other jurisdictions: two in Cincinnati, four in Chicago, two in Manhattan, one in Northern California (covering three phones), another one in Brooklyn (covering two phones), one in San Diego, and one in Boston.

According to Apple, it objected to at least five of these orders (covering eight phones) all on the same day: December 9 (note, FBI applied for two AWAs on October 8, the day in which Comey suggested the Administration didn’t need legislation, the other one being the Brooklyn docket in which this list was produced).

Screen Shot 2016-02-24 at 7.23.53 PM

The government disputes this timeline.

In its letter, Apple stated that it had “objected” to some of the orders. That is misleading. Apple did not file objections to any of the orders, seek an opportunity to be heard from the court, or otherwise seek judicial relief. The orders therefore remain in force and are not currently subject to litigation.

Whatever objection Apple made was — according to the government, anyway — made outside of the legal process.

But Apple maintains that it objected to everything already in the system on one day, December 9.

Why December 9? Why object — in whatever form they did object — all on the same day, effectively closing off cooperation under AWAs in all circumstances?

There are two possibilities I can think of, though they are both just guesses. The first is that Apple got an order, probably in an unrelated case or circumstance, in a surveillance context that raised the stakes of any cooperation on individual phones in a criminal context. I’ll review this at more length in a later post, but for now, recall that on a number of occasions, the FISA Court has taken notice of something magistrates or other Title III courts have done. For location data, FISC has adopted the standard of the highest common denominator, meaning it has adopted the warrant standard for location even though not all states or federal districts have done so. So the decisions that James Orenstein in Brooklyn and Sheri Pym in Riverside make may limit what FISC can do. It’s possible that Apple got a FISA request that raised the stakes on the magistrate requests we know about. By objecting across the board — and thereby objecting to requests pertaining to iOS 8 phones — Apple raised the odds that a magistrate ruling might help them out at FISA. And if there’s one lawyer in the country who probably knows that, it’s Apple lawyer Marc Zwillinger.

Aside the obvious reasons to wonder whether Apple got some kind of FISA request, in his interview with ABC the other day, Tim Cook described “other parts of government” asking for more and more cases (though that might refer to state and city governments asking, rather than FBI in a FISA context).

The software key — and of course, with other parts of the government asking for more and more cases and more and more cases, that software would stay living. And it would be turning the crank.

The other possibility is that by December 9, Apple had figured out that — a full day after Apple had started to help FBI access information related to the San Bernardino investigation, on December 6 — FBI took a step (changing Farook’s iCloud password) that would make it a lot harder to access the content on the phone without Apple’s help. Indeed, I’m particularly interested in what advice Apple gave the FBI in the November 16 case (involving two iOS 8 phones), given that it’s possible Apple was successfully recommending FBI pursue alternatives in that case which FBI then foreclosed in the San Bernardino case. In other words, it’s possible Apple recognized by December 9 that FBI was going to use the event of a terrorist attack to force Apple to back door its products, after which Apple started making a stronger legal stand than they might otherwise have done pursuant to secret discussions.

That action — FBI asking San Bernardino to change the password — is something Tim Cook mentioned several times in his interview with ABC the other night, at length here:

We gave significant advice to them, as a matter of fact one of the things that we suggested was “take the phone to a network that it would be familiar with, which is generally the home. Plug it in. Power it on. Leave it overnight–so that it would back-up, so that you’d have a current back-up. … You can think of it as making of making a picture of almost everything on the phone, not everything, but almost everything.

Did they do that?

Unfortunately, in the days, the early days of the investigation, an FBI–FBI directed the county to reset the iCloud password. When that is done, the phone will no longer back up to the Cloud. And so I wish they would have contacted us earlier so that that would not have been the case.

How crucial was that missed opportunity?

Assuming the cloud backup was still on — and there’s no reason to believe that it wasn’t — then it is very crucial.

And it’s something they harped on in their motion yesterday.

Unfortunately, the FBI, without consulting Apple or reviewing its public guidance regarding iOS, changed the iCloud password associated with one of the attacker’s accounts, foreclosing the possibility of the phone initiating an automatic iCloud back-up of its data to a known Wi-Fi network, see Hanna Decl. Ex. X [Apple Inc., iCloud: Back up your iOS device to iCloud], which could have obviated the need to unlock the phone and thus for the extraordinary order the government now seeks.21 Had the FBI consulted Apple first, this litigation may not have been necessary.

Plus, consider the oddness around this iCloud information. FBI would have gotten the most recent backup (dating to October 19) directly off Farook’s iCloud account on December 6.

But 47 days later, on January 22, they obtained a warrant for that same information. While they might get earlier backups, they would have received substantially the same information they had accessed directly back in December, all as they were prepping going after Apple to back door their product. It’s not clear why they would do this, especially since there’s little likelihood of this information being submitted at trial (and therefore requiring a parallel constructed certified Apple copy for evidentiary purposes).

There’s one last detail of note. Cook also suggested in that interview that things would have worked out differently — Apple might not have made the big principled stand they are making — if FBI had never gone public.

I can’t talk about the tactics of the FBI, they’ve chosen to do what they’ve done, they’ve chosen to do this out in public, for whatever reasons that they have.What we think at this point, given it is out in the public, is that we need to stand tall and stand tall on principle. Our job is to protect our customers.

Again, that suggests they might have taken a different tack with all the other AWA orders if they only could have done it quietly (which also suggests FBI is taking this approach to make it easier for other jurisdictions to get Apple content). But why would they have decided on December 9 that this thing was going to go public?

Update: This language, from the Motion to Compel, may explain why they both accessed the iCloud and obtained a warrant.

The FBI has been able to obtain several iCloud backups for the SUBJECT DEVICE, and executed a warrant to obtain all saved iCloud data associated with the SUBJECT DEVICE. Evidence in the iCloud account indicates that Farook was in communication with victims who were later killed during the shootings perpetrated by Farook on December 2, 2015, and toll records show that Farook communicated with Malik using the SUBJECT DEVICE. (17)

This passage suggests it obtained both “iCloud backups” and “all saved iCloud data,” which are actually the same thing (but would describe the two different ways the FBI obtained this information). Then, without noting a source, it says that “evidence in the iCloud account” shows Farook was communicating with his victims and “toll records” show he communicated with Malik. Remember too that the FBI got subscriber information from a bunch of accounts using (vaguely defined) “legal process,” which could include things like USA Freedom Act.

The “evidence in the iCloud account” would presumably be iMessages or Facetime. But the “toll records” could be too, given that Apple would have those (and could have turned them over in the earlier “legal process” step. That is, FBI may have done this to obscure what it can get at each stage (and, possibly, what kinds of other “legal process” it now serves on Apple).


October 8: Comey testifies that the government is not seeking legislation; FBI submits requests for two All Writs Act, one in Brooklyn, one in Manhattan; in former case, Magistrate Judge James Orenstein invites Apple response

October 30: FBI obtains another AWA in Manhattan

November 16: FBI obtains another AWA in Brooklyn pertaining to two phones, but running iOS 8.

November 18: FBI obtains AWA in Chicago

December 2: Syed Rezwan Farook and his wife killed 14 of Farook’s colleagues at holiday party

December 3: FBI seizes Farook’s iPhone from Lexus sitting in their garage

December 4: FBI obtains AWA in Northern California covering 3 phones, one running iOS 8 or higher

December 5, 2:46 AM: FBI first asks Apple for help, beginning period during which Apple provided 24/7 assistance to investigation from 3 staffers; FBI initially submits “legal process” for information regarding customer or subscriber name for three names and nine specific accounts; Apple responds same day

December 6: FBI works with San Bernardino county to reset iCloud password for Farook’s account; FBI submits warrant to Apple for account information, emails, and messages pertaining to three accounts; Apple responds same day

December 9: Apple “objects” to the pending AWA orders

December 10: Intelligence Community briefs Intelligence Committee members and does not affirmatively indicate any encryption is thwarting investigation

December 16: FBI submits “legal process” for customer or subscriber information regarding one name and seven specific accounts; Apple responds same day

January 22: FBI submits warrant for iCloud data pertaining to Farook’s work phone

January 29: FBI obtains extension on warrant for content for phone

February 14: US Attorney contacts Stephen Larson asking him to file brief representing victims in support of AWA request

February 16: After first alerting the press it will happen, FBI obtains AWA for Farook’s phone and only then informs Apple

Friday Morning: Afro-Cuban Coffee

I should just dedicate Fridays to different genres of jazz. Today feels like a good day for Afro-Cuban jazz.

This chap, Francisco Raúl Gutiérrez Grillo, who performed under the name Machito with his Afro-Cubans, was an incredibly important innovator shaping Afro-Cuban jazz as well as modern American music. He was important to race in the music industry as well, as his Afro-Cubans may have been the first multi-racial band.

I’m brewing some Café Bustelo before I bust out my dancing shoes. ¡Vamonos!

Judge applies ‘Parkinson’s Law’ to VW emissions cheat case
You know the adage, “work expands so as to fill the time available for its completion”? U.S. District Court Judge Charles Breyer gave Volkswagen 30 days to come up with a fix* for all the emissions standards cheating passenger diesel engine cars in the class action lawsuits he oversees in San Francisco. Gotta’ love this:

“It’s an ongoing harm that has to be addressed … I’ve found the process is a function of how much time people have available to fill. The story about lawyers is that that if you give them a year to do something, it will take them a year to do something. If you give them 30 days to do something, they’ll do something in 30 days.”

As time passes, vehicle owners are increasingly damaged as no one wants to buy their cars and their investment is lost. Hence the aggressive time limit.

* Caution: that link to SFGate may autoplay video and ad content. Really, SFGate? That’s such hideously bad form.

Rough road ahead in Saudi Arabia to a post-oil world
This piece in WaPo paints a grim picture of cheap oil’s impact on Saudi Arabia — and there are huge pieces missing. Worth a read while asking yourself how much Saudis are spending on military efforts against Yemen and Syria, and what new industries they’re investing in to replace oil-based employment.

Took long enough: Software and social media firms get Apple’s back
Did their legal departments finally read the case thoroughly and realize they had skin in this game, too? Who knows — but Google as well as Microsoft are planning to file amicus briefs in support of Apple. Microsoft had already indicated they would support Apple in a congressional hearing yesterday morning; Google piped up later. The latest skinny is that Facebook and Twitter both intend to file briefs as well in favor of Apple. Looks like Microsoft’s current management took an 180-degree turn away from progenitor Bill Gates’ initial response, hmm?

Hit and run

That’s a wrap on this week. Keep your eyes peeled for news dumps while folks are still picking apart last night’s GOP-cast reality TV show. And make time to dance.

EDIT — 8:40 AM — Ugh, why didn’t the Detroit News publish this piece *yesterday* instead of a Friday morning? Michigan’s Gov. Snyder’s “inner circle” exchanged emails advising a switchback from Flint River a year before the switchback took place, and only three weeks before Snyder’s re-election. There was enough content in this to go to press without waiting for a quote from one of the former advisers.