Holder is wrong - backdoors and security can not coexist.

October 01, 2014 by lance in apple, Cryptography, legal

In the article below Attorney General Eric Holder said "“It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy”

This is simply not true, and harkens back to the discredited arguments made by the FBI in the 1990’s about the Clipper Chip. It is hard enough to make secure computing systems, and we are not very good at it as all the breaches demonstrate. Intentionally introducing a vulnerability, which is the essential nature of back door or law enforcement access, is madness. If there is a back door, then keys exist, and can be compromised or reverse engineered. It is an added complexity to the system, which is almost certain to introduce other vulnerabilities. Its use would not be restricted to the US. Once it exists every government will demand access.

Social media and the cloud have tilted the balance of power absurdly towards law enforcement. This argument that they must retain access to encrypted cell phones is fatuous.

Holder urges tech companies to leave device backdoors open for police - The Washington Post

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Security of offshore servers becoming even more illusory.

September 22, 2014 by lance in International, legal, Legislation, Surveillance

If this amendment passes, it will significantly reduce the perceived advantages of using servers outside the US. No only would the server still be subject to whatever legal process exists in the hosting country, but they would also be open to legal hacking by the USG.

Newly Proposed Amendment Will Allow FBI to Hack TOR and VPN Users | Hack Read

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

SWCAAS - Secret Warrant Compliance as a Service

September 05, 2014 by lance in legal, Online Privacy, Surveillance

FISA court order cropped

Here is a new “as a service” offering I had never considered. Companies are supporting ISPs in responding to classified FISA court search warrants for the ISPs, including helping to capture the data and deciding if the request is proper.

Meet the shadowy tech brokers that deliver your data to the NSA | ZDNet

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Showdown: US search warrants vs. EU Privacy laws

July 31, 2014 by lance in EU, Internet, legal

EU Flags photo

A New York district judge has ruled that Microsoft must comply with US search warrants for emails stored in European data centers. The argument is that as a US company, Microsoft is subject to the order, and because it has control of its European subsidiary which in turn has control of the data center in Europe, it should therefor comply.

This will put Microsoft, and many other US Internet companies, in a tricky place. The EU data protection laws are being expanded to explicitly bar EU subsidiaries of US companies from sending data outside the EU for law enforcement or intelligence purposes.

This also further undermines confidence in the security and privacy of data held by US Internet companies.

Microsoft ordered to hand over overseas email, throwing EU privacy rights in the fire | ZDNet

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

The Privacy Blog Podcast - Ep. 21:

July 01, 2014 by lance in Anonymity, apple, Canada, Censorship, iOS, Iran, Iraq, legal, Mobile, Podcast, Uncategorized

In episode 21 of our podcast for July, I talk about:

A decision giving Canadians more rights to Anonymity
Iraq's recent blocking of social media and more
Iran's outright criminalization of social media
A court decision requiring warrants to access cell tower location data
Another court stating that irrelevant seized data needs to be deleted after searches
A massive failure of data anonymization in New York City
A court requiring a defendant to decrypt his files so they can be searched
The Supreme Court ruling protecting cellphones from warrantless search.
Phone tracking streetlights in Chicago
And a small change for iPhones bringing big privacy benefits

Supreme Court requires warrent for cell phone searches

June 26, 2014 by lance in cellular, legal

Policeman with cellphone In a unanimous decision, the Supreme Court ruled that police must obtain a warrant before searching suspect’s cellphone. Before this, cellphones were treated just like anything else a suspect might carry, including wallet, keys, address book, or various other “pocket litter”.

Police are generally allowed to search suspects for weapons and to prevent the distraction of evidence. Because of the massive amount of storage on a modern smartphone, and its direct connection into so many other stores of data and communications, the court felt that the contents of these devices was qualitatively different and deserving of greater protection.

It is important to remember that the police can still take the phone, and that they can then get a warrant to search it if there is probable cause. They are simply prevented from searching it without the warrant, possibly in the hope (but not expectation) of finding evidence.

This decision may lay the groundwork for according similar protections to cloud stored data, which once would have been kept in the home in hard copy. Law enforcement officials claim that technology is making life easier for criminals and harder for law enforcement. I find that hard to believe and have not seen any really good studies of the matter. If you have, please let me know!

It strikes me that the routine preservation of emails and other communications, along with the massive use of server logged communications from text messages to social media, actually makes things much easier for law enforcement on the whole.

The fact that the decision was unanimous suggests that we may be entering a period of re-evaluating outdated precedents from the pre-internet era.

Some key quotes from the decision:

Regarding treating phones like other pocket litter - "That is like saying a ride on horseback is materially indistinguishable from a flight to the moon,”
On the impact on law enforcement - "Privacy comes at a cost.”
"Cell phones differ in both a quantitative and a qualita- tive sense from other objects that might be kept on an arrestee’s person. The term “cell phone” is itself mislead- ing shorthand; many of these devices are in fact minicom- puters that also happen to have the capacity to be used as a telephone. They could just as easily be called cameras, video players, rolodexes, calendars, tape recorders, librar- ies, diaries, albums, televisions, maps, or newspapers.”
"The scope of the privacy interests at stake is further com- plicated by the fact that the data viewed on many modern cell phones may in fact be stored on a remote server. Thus, a search may extend well beyond papers and effects in the physical proximity of an ar- restee, a concern that the United States recognizes but cannot defini- tively foreclose.”
"Our answer to the question of what police must do before searching a cellphone seized incident to an arrest is accordingly simple—get a warrant,"

Some Excellent Articles for further reading:

With cellphone search ruling, Supreme Court draws a stark line between digital and physical searches - The Washington Post

Police Need a Warrant to Search Your Cellphone, Supreme Court Says | Re/code

Supreme Court: Police Need Warrants to Search Cellphone Data - WSJ

Note: In the picture above, the policeman is actually just using his own cellphone.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

If you don't admit you won't decrypt

June 25, 2014 by lance in Cryptography, legal

Broken Disk The Massachusetts High Court recently ruled that a suspect can be compelled to decrypt disks, files, and devices which have been seized by law enforcement. The crux of the question before the court was whether compelling the password for decryption is forbidden by the Fifth Amendment protection against self incrimination.

The analogy one most often sees is to being compelled to provide the combination to a safe, the contents of which are subject to a search warrant. That is well settled law, you can be compelled to do so.

The court said:

We now conclude that the answer to the reported question is, "Yes, where the defendant's compelled decryption would not communicate facts of a testimonial nature to the Commonwealth beyond what the defendant already had admitted to investigators." Accordingly, we reverse the judge's denial of the Commonwealth's motion to compel decryption.

In this case, there was nothing testimonial about decrypting the files because the defendant has already admitted to owning the computers and devices, and to being able to decrypt them.

The much more interesting situation will come in a case where the defendants say they never had, or have forgotten, the password. One can not be compelled to do something impossible, but generally the proof of the impossibility falls on the defendant. In this case one would have to prove a negative. How could you prove that you don’t have the password? The only thing that can be proved is that you do, and that only by doing so.

This ruling is only binding in the sate of Massachusetts, but is likely to be influential in cases in other areas.

Massachusetts High Court Permits Compelled Decryption of Seized Digital Evidence | The National Law Review

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Update: It looks like I am wrong about providing the combination to a safe being settled law. Thanks Joey Ortega for setting me straight.

Law enforcement can't keep your seized files forever (anymore)

June 19, 2014 by lance in legal

IStock 000005044123XSmall

The US Second Circuit court of appeals just ruled on a very important case about Fourth Amendment protections for seized computer files. While this ruling is only binding on courts in the 2nd circuit, it will be influential, and we are likely to see this issue addressed by the Supreme Court before too long.

The reality of computer forensics is that investigators start by grabbing everything off the computers they are searching, then look for the specific information specified in the warrant. Generally this is done by making a direct image of the computer’s hard drive. From there additional copies are made so the chain of evidence is clean, and the original image can be shown to be unchanged. It is impractical to try to capture only the targeted information because the volumes are often so large the search must be automated and may take considerable time. Additionally, suspects may have taken steps to try to hide files on the disks.

The upshot of this is that the law enforcement entity now has a great many documents far outside the scope of the warrant. This is where we come to the specifics of the case United States v. Ganias. In 2003 the government searched Ganias’ computers as part of a fraud investigation. As I described, they captured full images of all the computer’s hard drives to 19 DVDs. After competing their searches, they kept the DVDs.

In 2006, they thought Ganias might be involved in tax related crimes, so they obtained warrants to search the DVDs they had in storage for this different set of documents.

The 2nd Circuit ruled to suppress the evidence obtained from that 2006 warrant because the documents searched should never have been seized in the first place.

The ruling recognizes the realities of the search process, and allows for capture of full drive images, and keeping that data for a reasonable time, but specifically forbids keeping it indefinitely as a source of information in future searches. That would completely void the Fourth Amendment which requires that the warrant specify the specific things to be searched.

As a reminder, the full text of the Amendment is:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Thanks to the Washington Post for a more detailed legal analysis: Court adopts a Fourth Amendment right to the deletion of non-responsive computer files - The Washington Post

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Canadian Supreme Court ruling protects on-line anonymity

June 16, 2014 by lance in Anonymity, Canada, legal

IStock 000007822598Small

Canada’s Supreme Court just released a ruling providing some protection for on-line anonymity. Specifically, the ruling requires law enforcement to obtain a warrant before going to an Internet provider to obtain the identity of a user. Previously they were free to simply approach the provider and ask (but not compel) the information.

The judges found that there is a significant expectation of privacy with respect to the identifying information, and that anonymity is a foundation of that right.

Unfortunately the case in question revolves around child pornography, which creates a great deal of passion. Much of the reaction against the decision has come from those working to protect abused children. Because the ruling has implications primarily far from child porn cases, I applaud the court in taking the larger and longer view of the principle at work.

It is important to remember that the court is not saying that the information can not be obtained. This is not an absolute protection of anonymity. This decision simply requires a warrant for the information, ensuring that there is at least probable cause before penetrating the veil of anonymity.

Other analysis: here, here, here.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Microsoft successfully challenges national security letter against enterprise customer

May 22, 2014 by lance in FBI, legal

Tape on mouth

Microsoft challenged an FBI National Security Letter, and won | ZDNet

Recently unsealed documents show that Microsoft was able to beat back a National Security Letter (NSL) from the FBI.

NSL are like subpoenas but go through a different, and secret, process that bypasses the courts. NSL also include a gag order forbidding the recipient from revealing the existence of the letter to anyone.

Microsoft fought the NSL in question because it violated their policy of notifying all enterprise customers when they receive any "legal order related to data”. The FBI withdrew it without any rulings on the legality or appropriateness of the NSL.

This may indicate a move towards some limitations of the gag order attached to NSLs, which would be very valuable for transparency in the whole process.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

The Privacy Blog Podcast – Ep.10: Storage Capacity of the NSA Data Center, Royal Baby Phishing Attacks, and how your SIM Card is Putting you at Risk

July 31, 2013 by lance in Announcements, Anonymizer, GeoLocation, legal, News, Online Privacy, Podcast

Welcome to Episode 10 of The Privacy Blog Podcast, brought to you by Anonymizer. In July’s episode, I’ll be talking about the storage capacity of the NSA’s data center in Utah and whether the US really is the most surveilled country in the world. Next, I’ll explain why the new royal baby is trying to hack you and how your own phone’s SIM card could be putting your privacy at risk.

Lastly, I’ll discuss the current legal status of law enforcement geolocation, Yahoo!’s decision to reuse account names, and some exciting Anonymizer Universal news.

As always, feel free to leave any questions in the comments section. Thanks for listening!

No warrant needed for cell location information in the Fifth US Circuit

July 31, 2013 by lance in cellular, GeoLocation, legal, Location, Surveillance

ArsTechnica has a nice article on a recent ruling by the US Fifth Circuit court of appeals.

In this 2-1 decision, the court ruled that cellular location information is not covered by the fourth amendment, and does not require a warrant. The logic behind this ruling is that the information is part of business records created and stored by the mobile phone carriers in the ordinary course of their business.

Therefor, the data actually belongs to the phone company, and not to you. The Stored Communications Act says that law enforcement must get a warrant to obtain the contents of communications (the body of emails or the audio of a phone call) but not for meta-data like sender, recipient, or location.

The court suggests that if the public wants privacy of location information that they should demand (I suppose through market forces) that providers delete or anonymize the location information, and that legislation be enacted to require warrants for access to it. Until then, they say we have no expectation of privacy in that information.

The Fifth Circuit covers Louisiana, Mississippi, and Texas.

This ruling conflicts with a recent New Jersey Supreme Court, which unanimously ruled that law enforcement does not have that right, which ruling only applies in New Jersey.

Montana has a law requiring a warrant to obtain location information, while in California a similar bill was vetoed.

It seems very likely that one or more of these cases will go to the supreme court.

Can you be forced to decrypt your files?

June 04, 2013 by lance in Cryptography, legal

Declan McCullagh at CNET writes about the most recent skirmish over whether a person can be forced to decrypt their encrypted files.

In this case, Jeffery Feldman is suspected of having almost 20 terabytes of encrypted child pornography. Evidence of use of eMule, a peer to peer file sharing tool, showed filenames suggestive of such content. Child porn makes for some of the worst case law because it is such an emotionally charged issue.

A judge had ordered Mr. Feldman to decrypt the hard drive, or furnish the pass phrase, by today. After an emergency motion, he has been given more time while the challenge to the order is processed.

The challenge is over whether being compelled to decrypt data is equivalent to forced testimony against one's self, which is forbidden by the Fifth Amendment. The prosecution position is that an encryption key is similar to a key to a safe, which may be compelled. Some prior cases have come down on the side of forcing the decryption, but not all.

If it was plausible that the suspect might not know how to decrypt the file, that would make things even more interesting. For now, the moral of the story is that you can't rely on the Fifth Amendment to protect you from contempt of court charges in the United States if you try to protect your encrypted data. Outside the US, your mileage may vary.

Cloud and telecom needs the same legal protection as snail mail.

May 16, 2013 by lance in cellular, legal, Surveillance, Tracking

The ACLU just posted an article about a recent federal magistrate judge's ruling. It is a somewhat bizarre case. The DEA had an arrest warrant for a doctor suspected selling prescription pain killer drugs for cash. They then requested a court order to obtain his real time location information from his cell provider.

The judge went along, but then published a 30 page opinion stating that no order or warrant should have been required for the location information because the suspect had no expectation of location privacy. If he wanted privacy, all he had to have done is to turn off his phone (which would have prevented the collection of the information at all, not just established his expectation).

So, if this line of reasoning is picked up and becomes precedent, it is clear than anyone on the run needs to keep their phone off and / or use burner phones paid for with cash.

My concern is that, if there is no expectation of privacy, is there anything preventing government entities from requesting location information on whole populations without any probable cause or court order.

While I think that the use of location information in this case was completely appropriate, I would sleep better if there was the check and balance of the need for a court order before getting it.

This is another situation where technology has run ahead of the law. The Fourth Amendment was written in a time where information was in tangible form, and the only time it was generally in the hands of third parties, was when it was in the mail. Therefor search of mail in transit was specially protected.

Today, cloud and telecommunication providers serve much the same purpose as the US Postal Service, and are used in similar ways. It is high time that the same protection extended to snail mail be applied to the new high tech communications infrastructures we use today.

Printers watermark your documents

May 25, 2012 by lance in Anonymity, legal, Personal Privacy, Physical Security, Surveillance, Tracking

It has long been known in security circles that many printers embed nearly invisible watermarks in all printed documents which uniquely identify the printer used. SpringyLeaks reports that a recent FOIA request revealed the names of printer companies who embed such markings and have worked with law enforcement to identify the printers used in various cases.

The article also suggest that these watermarks can be used to aid reconstruction of shredded documents.

Facebook "Like" not protected speech in Virginia

May 04, 2012 by lance in Facebook, First Amendment, Free Speech, Internet, legal, Litigation, Social Networking, Stupidity

Courthouse News Service reports that a virginia judge has ruled Facebook "Likes" are not protected speech.

The case was related to employees of the Hampton VA sheriff's office who "Liked" the current sheriff's opponent in the last election. After he was re-elected, he fired many of the people who had supported his opponent.

The judge ruled that posts on Facebook would have been protected, but not simple Likes.

Consumer Privacy Bill of Rights will be hard to enforce

February 23, 2012 by lance in International, Internet, legal, Online Privacy, Personal Privacy, Tracking

While I am encouraged to see the recently announced Consumer Privacy Bill of Rights, it is no reason to become complacent about your privacy.

First, the Consumer Privacy Bill of Rights is a set of fairly general statements. It is unclear if or when we would see real enforcement.

Second, it will be very difficult to enforce this against non-US services, and it is almost impossible for a user to know if some or all of a website she is visiting is being provided by a non-US company.

Third, it is very difficult to tell if the policies are being violated. Unless the website uses the information directly and immediately it is very hard to tie the use of information back to the source of the information. If it is being silently collected, you really can't tell.

While such policies and statements of principle are a good thing, and one hopes that most major websites will get on board with them, if you actually want to ensure your privacy, you need to take matters into your own hands.

Block cookies, clear out old cookies, and hide your IP address with tools like Anonymizer Universal.

FBI: Anonymity implies terrorist

February 08, 2012 by lance in Anonymity, Anonymizer, Cryptography, Internet, legal, National Security, Online Privacy, Physical Security, Stupidity

The FBI in conjunction with the Bureau of Justice Assistance and Joint Regional Intelligence Center have produced a number of fliers to help the public identify possible terrorists. While some of the points have merit, it is very likely that this will generate an extremely high proportion of false alerts based on perfectly reasonable and legal behaviors.

A big red flag for me were the fliers for cyber cafes and electronics stores. These suggest that the use of privacy protecting services, like Anonymizer, should be deemed suspicious. They also call out Encryption, VoIP, and communicating through video games.

In almost all of the fliers they suggest that wanting to pay cash (legal tender for all debts public and private) is suspicious.

Thanks to Public Intelligence for pulling together PDFs of the documents.

Internet Cafe flier.

Electronics Store flier.

India asks social network sites to manually screen all posts.

December 06, 2011 by lance in Free Speech, India, International, Internet, legal, Social Networking, Stupidity, Surveillance

The NYTimes.com reports that Kapil Sibal, the acting telecommunications minister for India is pushing Google, Microsoft, Yahoo and Facebook to more actively and effectively screen their content for disparaging, inflammatory and defamatory content.

Specifically Mr. Sibal is telling these companies that automated screening is insufficient and that they should have humans read and approve allmessages before they are posted.

This demand is both absurd and offensive.

It is obviously impossible for these companies to have a human review the volume of messages they receive, the numbers are staggering.
The demand for human review is either evidence that Mr. Sibal is completely ignorant of the technical realities involved, or this is an attempt to kill social media and their associated free wheeling exchanges of information and opinion.
There is no clear objective standard for "disparaging, inflammatory, and defamatory" content, so the companies are assured of getting it wrong in many cases putting them at risk.
The example of unacceptable content sighted by Mr. Sibal is a Facebook page that maligned Congress Party president Sonia Gandhi suggesting that this is more about preventing criticism than actually protecting maligned citizens.

Privacy, logging policies, and trackrecord

September 27, 2011 by lance in Anonymity, Computer Security, hacking, International, Internet, legal, Online Privacy, Security Breaches, Surveillance

HideMyAss.com keeps logs and exposes their users. Why that is a bad policy, and how to judge a good privacy provider.