On June 9, 1997, 25 officials of the National Security Agency — members of a security squad known as the "Red Team" — hacked into the computer networks of the Department of Defense, using only commercially available equipment and software. It was the first high-level exercise testing whether the U.S. military's leaders, facilities, and global combatant commands were prepared for a cyber attack. And the outcome was alarming.
The path to hell starts at the backdoor, and we need to make sure that encryption technology remains strong.
— Brad Smith, Chief Legal Officer, Microsoft
In short, whatever else the AWA's "usages and principles" clause may be intended to accomplish, it cannot be a means for the executive branch to achieve a legislative goal that Congress has considered and rejected.
— US Magistrate Judge James Orenstein, New York
A big win for Apple and one that possibly sets up a circuit split between the 2nd and 9th Circuits.
Thieves stole 14 global positioning system devices from a New York public-works department on Monday night. Police located them almost immediately.
At every level of our legal system - from the Constitution, to our statues, common law, rules, and even the Department of Justice's own policies - society has acted to preserve certain rights at the expense of burdening law enforcement's interest in investigating crimes and bringing criminals to justice.
Forceful and compelling, with notable citations of the First and Fifth Amendments and CALEA.
Microsoft Corp. will file an amicus brief next week to support Apple Inc. in its fight with the U.S. government over unlocking a terrorist's iPhone, President and Chief Legal Officer Brad Smith said at a congressional hearing Thursday to discuss the need for new legislation to govern privacy.
About time.
NHTSA will interpret 'driver' in the context of Google's described motor vehicle design as referring to the (self-driving system), and not to any of the vehicle occupants.
A big win for Google, AI, and autonomous vehicle technology.
Either everyone gets security or no one does. Either everyone gets access or no one does. The current case is about a single iPhone 5c, but the precedent it sets will apply to all smartphones, computers, cars and everything the Internet of Things promises. The danger is that the court's demands will pave the way to the FBI forcing Apple and others to reduce the security levels of their smart phones and computers, as well as the security of cars, medical devices, homes, and everything else that will soon be computerized. The FBI may be targeting the iPhone of the San Bernardino shooter, but its actions imperil us all.
Bruce Schneier is one of the leading security and privacy experts in the world and his opinion in this case is no surprise.
On Tuesday, the United States District Court of California issued an order requiring Apple to assist the FBI in accessing a locked iPhone — and not just any iPhone, but the iPhone 5c used by one of the San Bernardino shooters. The order is very clear: build new firmware to enable the FBI to perform an unlimited, high speed brute force attack and place that firmware on the device.
Dan Guido argues that the request is technically feasible given that Apple can sign firmware updates to the Secure Enclave:
I believe it is technically feasible for Apple to comply with all of the FBI's requests in this case. On the iPhone 5C, the passcode delay and device erasure are implemented in software and Apple can add support for peripheral devices that facilitate PIN code entry. In order to limit the risk of abuse, Apple can lock the customized version of iOS to only work on the specific recovered iPhone and perform all recovery on their own, without sharing the firmware image with the FBI.
Despite the technical feasibility and the emotion of a terrible domestic terrorism case, Apple is fighting this order as the act of coercing a company to defeat their own security measures using a law from 1789 could lead to dangerous precedence for future cases and for encryption at large. Tim Cook's letter shows that Apple well understands the legal precedent this could set and is resolutely opposed:
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.
I applaud Apple's stance and support the continued adoption of strong encryption and security measures to protect us from government and criminals alike.
This blog post explains how you might have the wrong idea™ about percentiles, the degree of the mistake (it depends), and what you can do instead.
I used to work with a monitoring system that produced banded metrics, but didn't realize they were as robust to scaling and other manipulations as they are.