Tag Archives: encryption

Standing Up for Security and Privacy

Yesterday Tim Cook, the CEO of Apple posted a letter to their customers on Apple.com. It details how the FBI wants to Apple to create a way to investigate an encrypted iPhone, and the dilemma Apple is facing in doing so.
If Apple is forced to comply with the order to create a backdoor through their security there will be no way to ever ensure again, that your digital security and privacy is protected.
If you’re an American and reading this you might be thinking that you don’t have anything to hide from the US government. Maybe you’re not ashamed of anything you’ve ever done, that’s fair. But if you said that, I would quickly point out that in June of 2015 all my personal identity information was hacked and stolen from the US government along with 21 million other Americans’ personal identity information (presumably by the Chinese government, though that’s not confirmed). That includes my Social Security Number, the address of every house I’ve ever lived in, my entire work history, and even my fingerprints. Yes, all my identity information that was used to grant me security clearance by the FBI (the same FBI that wants access to iPhones) was leaked from the US government into the hands of some hackers. Here is the letter that the US government sent me regarding the issue.

Dear David Mead:
As you may know, the Office of Personnel Management (OPM) was the target of a malicious cyber intrusion carried out against the U.S. Government, which resulted in the theft of background investigation records.
You are receiving this notification because we have determined that your Social Security Number and other personal information was included in the intrusion. As someone whose information was also taken, I share your concern and frustration and want you to know that we are working hard to help those impacted by this incident. The Federal government will provide you and your dependent minor children with comprehensive identity theft protection and monitoring service, at no cost to you.
Since you applied for a position or submitted a background investigation form, the information in our records may include you name, Social Security number, address, date and place of birth, residency, educational, and employment history, personal foreign travel history, information about immediate family as well as business and personal acquaintances, and other information used to conduct and adjudicate your background investigation.
Our records also indicate you fingerprints were likely compromised during the cyber intrusion. Federal experts believe the ability to misuse fingerprint data is currently limited. However, this could change over time as technology evolves. Therefore, we are working with law enforcement and national security experts to review the potential ways fingerprint data could be misused now and in the future, and will seek to prevent such misuse. If new means are identified to misuse fingerprint data, additional information and guidance will be made available.
While we are not aware of any misuse of your information, we are providing a comprehensive suite of identity theft protection and monitoring services. We are offering you, and any of your dependent children who were under the age of 18 as of July 1, 2015, credit monitoring, identity monitoring, identity theft insurance and identity restoration services for the next three years through ID Experts, a company that specializes in identity theft insurance and identity theft protection. The identity theft insurance and identity restoration service coverage has already begun. You have access to these service at any time during the next three years if your identity is compromised.
To take advantage of the additional credit and identity monitoring services, you must enroll with ID Experts using the PIN code at the top of this letter. To enroll go to https://www.opm.gov/cybersecurity. You may also call 800-750-3004 to enroll in or ask questions about these services. I hope you will take advantage of these services.
Please take not that OPM and ID Experts will not contact you to confirm any personal information. If you are contacted by anyone asking for you personal information in relation to this incident, do not provide it. For additional resources such as information you may share with people listed on your forms, sample background investigation forms, types of information which may have been taken, and tips on how to protect you personal information, visit https://www.opm.gov/cybersecuity.
Sincerely,
Beth F. Cobert
Acting Director
Office of Personnel Managment

Image of the letter.
Now I’ll ask you again, do you still want the US government to know everything you’ve ever done? Every message you’ve ever sent? Every photo you’ve ever taken? This is not paranoia, these are real threats. Breaches have already happened, and there’s no way to ensure they won’t happen again. And once that door is opened for the FBI, there won’t be much in the way of anyone else opening that same door.
If Apple loosens security, terrorists will use other forms of encryption. In most cases they probably already are, it’s not rocket science to set up. So by Apple loosening security, the FBI won’t even accomplish their goal of more transparency into acts of terror.
Yes, the attack in San Bernardino was terrible. Yes, people will continue to do horrible things and hide behind encryption. But encryption is just a tool. It helps defend us much more often than attack us. A hammer can be used as a weapon too, but they aren’t made for that purpose. Hammers are made build houses, houses to shelter us and keep us safe. Encryption was made to keep our information safe. I’ve already illustrated one example if how the US government is not reliable in that regard. I for one am glad Apple and Tim Cook have my back.


[Note]
Shortly after writing this I read Rene Richie’s article on iMore about the same subject matter. He shares a similar view as I do, but dives at it from different angles. If you’re interested in this subject matter, you should read that too, it’s great.


I have copied the entire text of Tim Cook’s letter below for posterity:
Continue reading

Breaking Encryption Will Not Keep Us Safe

Mike Rogers wrote an opinion piece that was published on CNN today arguing that the encrypted networks should have a master key that would make warranted searches into private networks easier for the government. I wrote the following email to him in response, but I thought his staff shouldn’t be the only ones to read it.

Dear Mr. Rogers,
I read your article about encryption on CNN today and I can’t believe that you are unable to see the remarkable holes in your argument for having a master key in communication networks. I’ve been a professional web developer for seven years and can’t stress enough how important tight security is.
First, encryption without a master key is the first line of defense for average citizens to keep their data safe. If there was a backdoor designed in our communications systems, hackers would find it and exploit it. With that key they would be privy to all the information for all the users on the given network. One big hack would break the entire system. Without a master key, in a well designed system, they have to break each account individually and that helps keep us safe.
Second, it’s not hard to create a private encrypted network. If terrorists know that all the major companies like Apple, Google, Microsoft, etc, have a key that can uncover all their info, they will simply move to a new service that has not been compromised, or even create their own. The problem is average, law-abiding citizens won’t go out of their way to make sure that their communications are kept private, like terrorists surely will, even though it’s in their best interests.
Third, taking away the rights of the many to punish the few hasn’t worked out well for America in recent years. At every turn, we’ve seen the systems abused over and over again. From mass surveillance by the NSA, to more general abuses of the Patriot Act, where law enforcement agencies have used it as an excuse to skip the warrant process, we’ve seen the laws that were meant to protect Americans turned on their head and hurt the innocent. Even worse, those abuses have been shown to be ineffective in stopping terrorism.
It’s time to stop punishing the law-abiding citizens of the United States, and take a more targeted approach against terrorism. Breaking encryption for the masses won’t stop a single determined terrorist, but it will infringe on the privacy and security of every American.
Thank you for your time and consideration,
David G. Mead