It looks like Apple, Inc., is exploring a new business opportunity: spyware and what we're calling "traitorware." While users were celebrating the new jailbreaking and unlocking exemptions, Apple was quietly preparing to apply for a patent on technology that, among other things, would allow Apple to identify and punish users who take advantage of those exemptions or otherwise tinker with their devices. This patent application does nothing short of providing a roadmap for how Apple can — and presumably will — spy on its customers and control the way its customers use Apple products. As Sony-BMG learned, spying on your customers is bad for business. And the kind of spying enabled here is especially creepy — it's not just spyware, it's "traitorware," since it is designed to allow Apple to retaliate against you if you do something Apple doesn't like.
Essentially, Apple's patent provides for a device to investigate a user's identity, ostensibly to determine if and when that user is "unauthorized," or, in other words, stolen. More specifically, the technology would allow Apple to record the voice of the device's user, take a photo of the device's user's current location or even detect and record the heartbeat of the device's user. Once an unauthorized user is identified, Apple could wipe the device and remotely store the user's "sensitive data." Apple's patent application suggests it may use the technology not just to limit "unauthorized" uses of its phones but also shut down the phone if and when it has been stolen.
However, Apple's new technology would do much more. This patented device enables Apple to secretly collect, store and potentially use sensitive biometric information about you. This is dangerous in two ways: First, it is far more than what is needed just to protect you against a lost or stolen phone. It's extremely privacy-invasive and it puts you at great risk if Apple's data on you are compromised. But it's not only the biometric data that are a concern. Second, Apple's technology includes various types of usage monitoring — also very privacy-invasive. This patented process could be used to retaliate against you if you jailbreak or tinker with your device in ways that Apple views as "unauthorized" even if it is perfectly legal under copyright law.
Here's a sample of the kinds of information Apple plans to collect:
The system can take a picture of the user's face, "without a flash, any noise, or any indication that a picture is being taken to prevent the current user from knowing he is being photographed";
The system can record the user's voice, whether or not a phone call is even being made;
The system can determine the user's unique individual heartbeat "signature";
To determine if the device has been hacked, the device can watch for "a sudden increase in memory usage of the electronic device";
The user's "Internet activity can be monitored or any communication packets that are served to the electronic device can be recorded"; and
The device can take a photograph of the surrounding location to determine where it is being used.
In other words, Apple will know who you are, where you are, and what you are doing and saying and even how fast your heart is beating. In some embodiments of Apple's "invention," this information "can be gathered every time the electronic device is turned on, unlocked, or used." When an "unauthorized use" is detected, Apple can contact a "responsible party." A "responsible party" may be the device's owner, it may also be "proper authorities or the police."
Apple does not explain what it will do with all of this collected information on its users, how long it will maintain this information, how it will use this information, or if it will share this information with other third parties. We know based on long experience that if Apple collects this information, law enforcement will come for it, and may even order Apple to turn it on for reasons other than simply returning a lost phone to its owner.
This patent is downright creepy and invasive — certainly far more than would be needed to respond to the possible loss of a phone. Spyware, and its new cousin traitorware, will hurt customers and companies alike — Apple should shelve this idea before it backfires on both it and its customers.
An Indian computer scientist was arrested this weekend when he refused to disclose an anonymous source who provided an electronic voting machine to a team of security researchers.
Hari Prasad is the managing director of Netindia Ltd., an Indian research and development firm. He and other researchers have long questioned the security of India's paperless electronic voting machines. Despite repeated reports of election irregularities and concerns about fraud, the Election Commission of India insists that the machines are tamper-proof.
In 2009, the commission publicly challenged Prasad to show that India's voting machines could be compromised, but refused to give him access to the machines to perform a review. Earlier this year, an anonymous source provided an Indian voting machine to a research team led by Prasad, Alex Halderman, and Rop Gonggrijp. The team exposed security flaws that could allow an attacker to change election results and compromise ballot secrecy. They published a paper detailing their findings, which you can read here.
According to Halderman, Prasad was questioned Saturday morning at his home in Hyderabad by authorities who wanted to know the identity of the source who gave the voting machine to the research team. Prasad was ultimately arrested and taken to Mumbai, though reportedly hadn't been charged with a crime.
This turn of events is deeply troubling. Prasad is a respected researcher who helped to discover a critical flaw in India's voting system. He and his fellow researchers would never have been able to document the weaknesses in India's voting machines without the help of their anonymous source. This is precisely why anonymity is important: it allows people to make important contributions to the public dialogue without fear of retribution.
The Election Commission of India should have given researchers access to the voting machines in the first place. Rather than attempting to persecute Prasad and the anonymous source, the government should be focusing its attention and resources on the real problem: electronic voting machines with no mechanism for accountability.
UPDATE: According to the Times of India and Reuters, Prasad has been charged in connection with the alleged theft of the voting machine studied by the research team. He has been remanded to police custody until Thursday, August 26.
A bill that could undermine a new and important form of online activism has quietly worked its way through the California legislature. If signed by the governor, the new law would make it a crime to impersonate someone online in order to “harm” that person. In other words, it could be illegal to create a Facebook or Twitter account with someone else’s name, and then use that account to embarrass that person (including a corporate person like British Petroleum or the U.S. Chamber of Commerce, or a public official).
Here’s the problem: temporarily "impersonating" corporations and public officials has become an important and powerful form of political activism, especially online. For example, the Yes Men, a group of artists and activists, pioneered “identity correction,” posing as business and government representatives and making statements on their behalf to raise popular awareness of the real effects of those entities’ activities, like the failure to Dow to adequately compensate victims of the Bhopal disaster and the U.S. government’s destruction of public housing units in New Orleans. These sorts of actions regularly receive widespread media coverage, sparking further public debate. Last year, the activists staged a thinly veiled hoax, presenting themselves at a press conference and on a website as the Chamber of Commerce and, in direct opposition to the Chamber’s actual position, promising to stop lobbying against strong climate change legislation. (Not amused, the Chamber promptly sued the Yes Men based on a trumped-up trademark complaint; EFF is defending the activists.)
Others have taken a similar approach, using spoof sites and identity correction to raise awareness about community issues,environmental threats, and, most recently, the historical roots of Haiti’s economic problems. Unfortunately, the targets of the criticism, like the Chamber, have responded with improper legal threats and lawsuits. It would be a shame if Senator Simitian’s bill added another tool to their anti-speech arsenal.
Proponents of the bill insist that there is no free speech problem because the new law would only apply to “credible” impersonations. That argument misses the point – identity correction depends on initial credibility, just as it also depends on prompt exposure.
What is worse, the bill is not needed. Sponsors of the bill say that victims of online harassment and defamation have little legal recourse. That’s simply not true. Laws against fraud and defamation are already on the books, and they apply online as well as offline. Moreover, judges and juries applying those laws have the benefit of an extensive body of jurisprudence aimed at limiting their impact on legitimate free speech.
We urge Governor Schwarzenegger not to sign this dangerous bill.
Yesterday, Facebook introduced Places, a new location feature that competes with popular services like Foursquare, Google Latitude, Loopt, and Gowalla. Places allows Facebook users to 'check in' to real world locations and to tag their friends as present (similar to how Facebook allows tagging in photos). Everyone who is checked in to the location can see who else is listed as "Here Now" for a few hours after they check in. Once you are checked in to a location, Places also creates a story in your friends' News Feeds and places a notice in the location's page's Recent Activity section. The product will roll out over the next few days.
Like all location products, the new application publishes potentially sensitive information, since a stream of information on location can provide a detailed picture of your life. Some locations might appear cool at one moment, and yet become something you'd rather forget the next. Your Facebook friends may include prolific bloggers, business competitors, and former lovers. For business and personal reasons, you might need to keep your location private from them. And, as pleaserobme.com effectively illustrated, revealing your location can also reveal sensitive information about where you are not.
To its credit, by default, only your Facebook friends can see when you are tagged in a location, unless you opted for the "Everyone" master setting on the privacy controls. (EFF recommends against using the "Everyone" master setting; see how to maximize your privacy on Facebook). To further protect your privacy, you can use friend lists to exercise a more fine-tuned control over who can see your check-ins. If you don't want a location to go down on your permanent record, you need to manually delete the check in.
If your friend attempts to check you in and you have not opted into Places, you will receive a notification that gives you two options: (1) “allow check-ins," which opts you in to the program or (2) "not now" which only disallows that particular check in. Once you are opted in, you will not receive further notices before being checked in by friends. If you want to have complete control over whether you are listed at a location, you have to permanently disallow check-ins by your friends by disabling "Friends can check me in to Places" on the customize privacy settings page. This is the most privacy protective option, since you will only be listed at a location if you affirmatively choose to check in.
"Here Now" broadcasts a list of those checked in to everyone else who is checked in, regardless of whether they are "friends." Sometimes you may not want every Places user in the same location to be able to see you, since the location might be large like a ballpark or an outdoor music festival. You can opt out of the Here Now feature by unchecking the "Include me in 'People Here Now' after I check in" privacy control. However, Facebook does not offer the ability to limit Here Now visibility to subsets of your friends.
Places is designed to limit your location options to places that are actually near you, as reported by the geolocation features of your mobile device. Sometimes, however, you may have personal or professional reasons to report a different location. For example, you might want to report your location as being at a cafe, when you are really at an HIV clinic or a domestic violence shelter. While you can have a friend check you in anywhere they are, or spoof your geolocation if you have sufficient technical chops, Facebook should allow arbitrary locations.
Note that location data can be a tempting target for law enforcement. We urge Facebook to follow the lead of other location service providers like Google and Loopt, and provide the strongest protection for its users by requiring a wiretap order before tracking a Places user's location for law enforcement. Update:In response to this post, Facebook tells us that "We consider our Places product to generate content of communications, and would require a search warrant for prior generated content or a wiretap to capture forward generated content."
If you start to use Places, Facebook apps can also use your location data, and your friends can authorize the disclosure of your location data. The ACLU's DotRights has provided a helpful guide to managing your location privacy settings, including how to prevent your friends' apps from seeing your location information. (Facebook responded to ACLU's criticisms in Techcrunch).
Places is Facebook's most significant product launch since the controversial introduction of Connections and Instant Personalization. We had a number of constructive conversations with Facebook leading up to this launch, and appreciated the opportunity to provide feedback. Not everything resulted in changes, but overall it was a positive process. While the product is not perfect and could use some important changes, as noted above, the privacy settings and defaults represent a substantial improvement over those earlier launches. However, the settings are only good if users understand them intuitively and use them effectively. As the product rolls out to millions of Facebook users, we will be looking closely at its implementation and effects on locational privacy.
An auction for a Ninja Boss Badge just closed (raising over $1,000 for EFF), but there is still one opportunity left: The unique Ninja Networks EFF Quest Badge, a master Badge which gives the Mark of the Defender, worth a 10% increase to other Ninja Badges' defensive skills.
Note: The DEFCON skateboard deck bat'leth functionality is not currently implemented. While it is designed to change color when placed in the presence of an unbreakable cryptosystem, we have been unable to confirm this through testing.
In the midst of recent controversies over Facebook’s privacy settings, it’s easy to forget how much personal information is available from other sources on the Internet. But the government remembers. EFF recently received a number of documents from the Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI) highlighting the government’s ability to scour not only social networks, but record each and every corner of the Internet. These documents were released in the second of a series of government disclosures resulting from EFF’s Freedom of Information Act (FOIA) lawsuit in which EFF, with the help of UC Berkeley’s Samuelson Clinic, sought information on the procedures and guidelines employed by government agencies when conducting social network monitoring or investigations.
As an example of the government’s substantial information collection capability, several documents [PDF] in the CIA’s disclosure discuss the CIA’s so-called Open Source Center, established in 2005, which has been collecting information from publicly accessible Internet sources such as blogs, chat rooms and social networking sites, in addition to monitoring radio and television programs. The Open Source Center’s website, opensource.gov, bills itself as the “US Government's premier provider of foreign open source intelligence.” It is accessible to almost 15,000 local, state, and federal government employees and offers products ranging from reports and analysis on publicly available information dating back to the mid-90s, video reports and internet clips, translations, and media mapping and hot spot analysis.
In the other document [PDF] included in this release, FBI emails reveal the FBI’s interest in the University of Arizona’s Dark Web Project, an attempt by computer scientists to “systematically collect and analyze all terrorist-generated content on the Web.” Information in the document describes the Dark Web Project as especially effective in employing spiders to search Internet forums and find hidden web sites in the “corners of the Internet.” In addition to being able to search the Internet for content, the Dark Web Project is developing a tool called Writeprint that claims to help identify the creators of anonymous online content. The FBI emails reveal an interest in applying the Dark Web Project’s tools to the FBI’s own “operational analysis and exploitation of data, including web forums.”
As EFF and the Samuelson Clinic continue to seek information about law enforcement investigation techniques used on the Internet, we hope to learn more about how the government uses this information and especially how long it plans to keep it. In the meantime, however, it is clear that government investigators are collecting a wealth of information though the Internet in general and outside of the law enforcement context. It is also a good reminder that while social networks and other websites have privacy settings, the Internet does not. Stay tuned here for the next release.
In January, the District Court dismissed the case on the incorrect argument that, because so many Americans have had their communications and communications records illegally obtained by the government, no single person has legal "standing" to challenge the ongoing program of government surveillance. This is incorrect because the number of people harmed — here the number of people whose personal communications and communications records were improperly obtained by the government — simply has nothing to do with whether the case can or should be adjudicated.
Unless corrected, the District Court’s ruling risks creating a perverse incentive for the government to violate the privacy rights of as many citizens as possible in order to avoid judicial review of its actions. Neither the Constitution nor the settled statutory structure protecting the privacy of Americans’ communications allows such a result. The District Court’s dismissal of Plaintiffs’ claims must be reversed.
The brief points out that the District Court's dismissal of the case is inconsistent with long-settled law:
The Supreme Court has made clear that the fact that a harm is widely shared does not undercut a plaintiff’s claim to standing: “Once it is determined that a particular plaintiff is harmed by the defendant, and that the harm will likely be redressed by a favorable decision, that plaintiff has standing—regardless of whether there are others who would also have standing to sue.” Clinton v. City of New York, 524 U.S. 417, 435-36 (1998). To hold otherwise “would mean that the most injurious and widespread Government actions could be questioned by nobody.” Massachusetts v. EPA, 549 U.S. 497, 526 n.24 (2007) (quoting United States v. Students Challenging Regulatory Agency Procedures (SCRAP), 412 U.S. 669, 687-88 (1973)) (italics omitted).
EFF's other case arising from the warrantless surveillance, Hepting v. AT&T, brought against telecom giant AT&T, is also up on appeal.
The law firm of Keker and Van Nest, the Law Offices of Richard Wiebe and the Moore Law Group all work with EFF on the Jewel v. NSA case.
EFF will soon be launching the SSL Observatory project, an effort to monitor and secure the cryptographic infrastructure of the World Wide Web. There is much work to be done, and we will need the help of many parties to make the HTTPS-encrypted web genuinely trustworthy. To see why, you can read the following letter, which we are sending to Verizon today:
We are writing to request that Verizon investigate the security and privacy implications of the SSL CA certificate (serial number 0x40003f1) that Cybertrust (now a division of Verizon) issued to Etisalat on the 19th of December, 2005, and evaluate whether this certificate should be revoked.
As you are aware, Etisalat is a telecommunications company headquartered in the United Arab Emirates. In July 2009, Etisalat issued a mislabeled firmware update to approximately 100,000 of its BlackBerry subscribers that contained malicious surveillance software . Research In Motion subsequently issued patches to remove this malicious code .
More recently, the United Arab Emirates Telecommunications Regulatory Authority and Etisalat threatened to discontinue service to BlackBerry users, claiming that these devices "allow users to act without any legal accountability, causing judicial, social and national security concerns for the UAE", apparently on account of Research In Motion's refusal to offer surveillance back doors in its encryption services .
These events clearly demonstrate that Etisalat and the UAE regulatory environment within which it operates are institutionally hostile to the existence and use of secure cryptosystems. It is therefore of great concern to us that Etisalat is in possession of a trusted SSL CA certificate and the
accompanying private key, which effectively functions as a master key for the encrypted portion of the World Wide Web. Etisalat could use this key to issue itself valid HTTPS certificates for verizon.com, eff.org, google.com, microsoft.com, or indeed any other website. Etisalat could use those certificates to conduct virtually undetectable surveillance and attacks against those sites. Etisalat's keys could also possibly be used to obtain access to some corporate VPNs.
We believe this situation constitutes an unacceptable security risk to the Internet in general and especially to foreigners who use Etisalat's data services when they travel.
We do not know whether Etisalat is willing to use its SSL CA keys for surveillance; however, the malicious code that Etisalat distributed last year had been signed by cryptographic keys that gave it access to various security-sensitive parts of the BlackBerry's API , indicating a willingness on Etisalat's part to use other keys for the wholesale subversion of security measures intended to protect users' privacy.
Because Microsoft, Mozilla, and other browser vendors have chosen to delegate certificate issuing authority to Verizon/Cybertrust, and because Cybertrust in turn chose to delegate this authority to Etisalat, Verizon is now the only party in a position to mitigate this risk to Internet security in a manner that is prompt and minimizes side-effects. We therefore request that Verizon reevalute whether Etisalat is a trustworthy Certificate Authority, and determine whether may be appropriate to issue a new CRL revoking Etisalat's CA certificate.