US Government and Big tech on collision course over backdoor entry

Attorney General William Barr has suggested Apple has not offered ‘material’ assistance as authorities investigate the deadly shooting which took place at a Pensacola naval base last month.

Although Apple disputes the claim from Barr, the conflict between the firm and the Attorney General’s office sets the technology industry on a collision course with the Government. Barr seems to be calling for backdoors to be build into digital products and services, a move which has been robustly opposed by the technology industry.

“We have asked Apple for their help in unlocking the shooter’s iPhones,” Barr said during a press conference. “So far Apple has not given us any substantive assistance.

“This situation perfectly illustrates why it is critical that investigators be able to get access to digital evidence once they have obtained a court order based on probable cause. We call on Apple and other technology companies to help us find a solution so that we can better protect the lives of Americans and prevent future attacks.”

Apple rejects the statement and has claimed it has assisted in the investigation.

“We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation,” Apple said in a statement.

“Our responses to their many requests since the attack have been timely, thorough and are ongoing. We responded to each request promptly, often within hours, sharing information with FBI offices in Jacksonville, Pensacola and New York. The queries resulted in many gigabytes of information that we turned over to investigators. In every instance, we responded with all of the information that we had.”

Apple has not unlocked the devices, but there are ways and means to access some information without doing so. The firm has assisted authorities through data taken from the iCloud (for example) in other cases.

Over the first six months of 2019, Apple received numerous requests from the US Government for customer information and data. The table below outlines the requests.

Request type Requests received Percentage where data was provided
Device 4,796 84%
Financial Identifier 918 81%
Account Identifier 3,619 90%
Emergency 206 90%

For devices, the Government is requesting device identifiers such as serial number or IMEI number. Examples of financial identifiers are credit card or gift card information. The account identifier could be the customers Apple ID or email address. And ‘Emergency’ describes requests received from a government agency seeking customer data in an emergency matter.

The Apple statement also reiterated its position on privacy:

“We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers.”

This is an argument which has reared its head numerous times, and it does appear the pieces are falling into place for it to do so once again.

Apple has regularly been a critic of Governments for refused to enable police and intelligence agencies access to phones. In 2015, Apple defied a court order to assist the FBI by unlocking an iPhone which belonged to one of two terrorists who killed 14 people in San Bernardino. The firm has regularly used the argument of privacy in defending its actions, seemingly not wanting to create precedent for future cases.

And while these two cases have focused on the security measures embedded on devices, the services industry has also found itself in conflict in a very similar fashion.

Over the course of 2017, the then-Home Secretary Amber Rudd launched a sustained attack on the technology industry in an attempt to force the creation of backdoors into messaging services such as WhatsApp. The prevention of terrorism and paedophilia was used as justification to break down the defences offered by end-to-end encryption, but industry refused demands to create backdoors to circumnavigate the security features.

Rudd even went as far as to state users do not care about security, but use these messaging applications for simplicity and convenience.

Barr is not taking the same simple-minded and short-sighted approach as Rudd, but this could be viewed as a challenge. What we could see over the coming months is the US Government heading into conflict with the technology industry once again over access to data on secured products and in encrypted services.

What is worth noting is that there are very valid arguments on both sides of the fence. Governments and regulators should be entitled to enlist the assistance of the technology industry in combatting crime, whereas the technology industry should also be able to draw a line through ideas which would create collateral damage.

The creation of backdoors and designed weaknesses in security features is not something which should be considered. Technology companies, whether software or hardware, have designed security features to be robust enough that not even the manufacturer or developer can circumnavigate them. This ensures security but also prevents abuse.

If backdoors are inserted, this is vulnerability by design. It is effectively waving a red-flag in front of the hacker community, inviting them to find the weakness. Accessing an individual’s phone or WhatsApp account will offer reward for hackers, and whether by accident or design, the vulnerability will be eventually found and exploited.

This is not a viable solution for the sustained health of the digital economy, but this fact directs Big Tech and the US Government on another collision course over access. This is a battle which has been fought before and won by no-one, but it is once again on th

Huawei extensions show what a shambles US Government is right now

The US Commerce Department has granted a third 90-day extension to Huawei’s Temporary General License (TGL), pushing back the ban deadline to February 2020.

The credibility of the US Government is starting to look very feeble as it once again fails to deliver on a promise it made to its citizens on the grounds of national security. Since President Donald Trump signed the document to ban US companies from doing any business with Huawei, very little has actually changed.

“The Temporary General License extension will allow carriers to continue to service customers in some of the most remote areas of the United States who would otherwise be left in the dark,” said Secretary of Commerce Wilbur Ross.

“The Department will continue to rigorously monitor sensitive technology exports to ensure that our innovations are not harnessed by those who would threaten our national security.”

And while the Commerce Department might have the smaller, rural telcos in mind with this announcement, it might well be undermined by the FCC in a few days’ time.

On Friday, the FCC Commissioners will all vote on whether the use of funds from an $8.5 billion government programme to purchase equipment or services should be restricted. The restrictions would effectively ban the smaller telcos from working with companies who are deemed a threat to national security, in short, Huawei and ZTE.

The FCC’s Universal Service Fund is designed to offer government subsidies to smaller rural telcos which plug the gaps in the connectivity landscape. These difficult to reach, or commercially unattractive areas are often overlooked by the four major MNOs. For Huawei, these highly-regionalised telcos are effectively its only customers, though the have been targeted by both the FCC and Congress.

Alongside the ban from using FCC funds to purchase materials or services from Huawei or ZTE, Congress is also considering legislation which would free up an additional $1 billion for the rural telcos. These funds would be used to ‘rip and replace’ existing Huawei or ZTE components from the networks.

This is where the Commerce Department is slightly confusing matters; it is a complete contradiction from the actions of the FCC and Congress. Remarkably, as the FCC and Congress is heading one direction, Ross and his cronies seem to be pulling elsewhere.

And despite this seemingly being good news, Huawei doesn’t seem to be paying too much attention.

“Extending the Temporary General License won’t have a substantial impact on Huawei’s business either way,” a Huawei spokesperson said. “This decision does not change the fact that Huawei continues to be treated unfairly either.

“We have long held that the decision by the US Department of Commerce to add Huawei to the Entity List has caused more harm to the US than to Huawei. This has done significant economic harm to the American companies with which Huawei does business and has already disrupted collaboration and undermined the mutual trust on which the global supply chain depends.”

While we’re not too sure about the ‘significant’ damage done to US firms, though Huawei is surviving the assault from the US Government. It has lost out in some markets due to political pressure from the White House on allies, Australia and Poland for example, but this is not the economic dirty bomb which President Trump might have hoped for.

With another extension to last through to February 2020, the Huawei ban is starting to look very similar to Brexit. Not only is it looking more likely that it will never actually happen, the underlying rationale is starting to look feeble.

If Huawei is such a threat to national security, as many have been saying for years, why does the Commerce Department feel it is OK to offer such extensions. Why would Ross intentionally put US citizens in harm’s way? The paper veil excuse of national security to cover up the real goal is starting to look pathetic, but since when has logic made any material impact on today’s political elite.

With the White House failing to back-up the tough talk on Huawei, national security concerns being waved aside and other US agencies working to ban Huawei despite the extension, US politics is looking like little more than a shambles. A confusing patch-work of egos colliding and shiny teeth blocking meaningless statements.

Microsoft President defends Huawei, calling Trump Un-American

Microsoft President Brad Smith has leapt to the defence of under-fire Chinese vendor Huawei, suggesting the US Government should table evidence if it wants to continue on this path.

In an interview with Bloomberg Businessweek, Smith has aired his views on the prolonged tensions between China and the US. In a similar position to some more considered regulators around the world, Smith has demanded the burden of proof to back-up serious accusation made by the White House.

“Oftentimes, what we get in response is, ‘Well, if you knew what we knew, you would agree with us.’ And our answer is, ‘great, show us what you know so we can decide for ourselves. That’s the way this country works,” Smith said.

Smith is of course 100% correct here. We completely understand some details will not be able to be released in their entirety to the general public, but certain individuals, organizations and agencies should be offered insight to evidence which the White House is hording. The burden of truth is not one which should be brushed aside, and President Trump has not earned the right to demand blind belief.

Fortunately, there are some across the world who elect to make responsible and considered decisions. We’re not talking about the Australians, the state which decided to blindly follow the orange light without asking any questions or demonstrating the ability of independent thought, but the Germans.

The fact that Huawei has not been banned from the German market tells us and the world that the White House has not deemed it pertinent to demonstrate proof of nefarious activities to one of its allies.

Last December, Germany’s Federal Office for Information Security (BSI) took a bold stance against the White House, demanded the US Government produce evidence to support the claims should it want the Germans to introduce its own ban. As there has been no action taken by the German Government or any of its agencies to date, it would be a fair assumption the US Government is yet to produce anything.

The Germans are not alone in ignoring the huffing and puffing from the Oval Office, though Smith joining the party is a notable development.

What is worth noting, is this is probably a commercially based decision, though that is not necessarily something Smith should be scalded for. Like most other US companies, Smith wants the opportunity for his firm to work with one of the technology industry’s fastest growing innovators.

Huawei is one of the world’s leading smartphone manufacturers, but it has also been making some promising moves in the PC and laptop segments also. With tetherless connectivity in laptops set to become a common trait over the next few years, this segment could witness a disruption. As Windows is installed on most PCs and laptops, Smith and Microsoft will win irrelevant as to which brand triumphs, but it will want to make sure it is working with every brand possible.

Microsoft will want to continue working with Huawei, as will many other companies. At least 130 applications have been submitted to the US Commerce Department seeking exemption from the ban to work with Huawei, though none have been approved thus far.

Soon enough, the US Government will have to present evidence to back up the claims. This administration seemingly believes it can bully its way through international relations, though if US companies start turning against US ‘foreign policy’ it creates a very uncomfortable situation.

White House distances itself from US nationalised 5G idea

Following rumours the US Government was going to nationalise a 5G network, White House officials and the FCC have hit back rubbishing the claims.

Several White House officials have confirmed to various news outlets the proposal was nothing more than blue-sky thinking from a staff member at the National Security Council, and shouldn’t be taken too seriously. Alongside this denial from the Trump administration, the FCC has also been relatively vocal in opposition.

“I oppose any proposal for the federal government to build and operate a nationwide 5G network,” said Republican FCC Chairman Ajit Pai.

“The main lesson to draw from the wireless sector’s development over the past three decades – including American leadership in 4G – is that the market, not government, is best positioned to drive innovation and investment.”

It should hardly be surprising that Pai, irrelevant as to whether he is a Trump puppet or not, is opposed to such a proposal. Considering he has almost single handed dismantled net neutrality rules, removing some regulatory barriers for carriers, it would be incredibly contradictory for the US Government to take such a dominant position in deploying and managing 5G infrastructure. Even so, this is also an issue which has seemingly been able to unite Republican and Democrat Commissioners.

“The United States’ leadership in the deployment of 5G is critical and must be done right,” said Democrat Commissioner Mignon Clyburn. “Localities have a central role to play; the technical expertise possessed by industry should be utilized; and cybersecurity must be a core consideration. A network built by the federal government, I fear, does not leverage the best approach needed for our nation to win the 5G race.”

While the White House was keen to distance itself from any real policy, we don’t quite believe it all. Considering the detail that went into the proposal, it would have at least have had to been greenlighted by someone for a bit of exploratory research. An off-cuff idea was probably raised, a minion told to do some research and then the memo intentionally leaked to get an idea on how it would be received.

The culture of leaking in politics is relatively common, and should you believe the sceptics, it is done intentionally to measure the reception of some more radical ideas. An intentionally leaked documents offers arm’s length should it be a bad idea, or the chance to claim responsibility should the reaction be positive. As you can see below, it certainly wasn’t.

“There is nothing that would slam the brakes more quickly on our hard-won momentum to be the leader in the global race for 5G network deployment more quickly than the federal government stepping-in to build those networks,” said Jonathan Spalter, CEO of broadband association USTelecom.

Industry and the media didn’t like this idea, so everyone is scrambling to get as far away as possible from the toxic memo. There will still be some voices of support for such an idea, as it is believed a federally controlled asset would offer greater security against the Chinese (who clearly only think about spying on the US), but these individuals will be restricted to the shadows of the White House. Of course, there will be some government prying and intervention, though it will be months before we figure out how much.

Whether it was an actual idea from the geniuses behind the US/Mexico wall is irrelevant. The positives which can be taken away from this is that the government is going to be kept away from building a critical piece of infrastructure. Leave the complicated jobs of building the network to those who know what they are doing and let the bureaucrats sit in their corner playing with red ribbons and brown paper envelopes.

Microsoft gets support of privacy groups in battle against US

Privacy International has filed an amicus brief on behalf of 26 organizations in support of Microsoft’s battle against the US and the sticky fingers of its intelligence agencies.

This is a court case which has been ongoing for some time, as Microsoft has resisted the demands of the US government in handing over data which is stored on servers in Ireland. While the government believes as a US company Microsoft should hand over whatever it demands, Microsoft has been standing firm, stating it believes the US is overreaching considering the residence of the data and European data protection laws.

Late last week, Privacy International filed an amicus brief on behalf of itself and 26 human and digital rights organizations and legal scholars, supporting the tech giant.

Legal battles, such as this, are often long-drawn out affairs, where multiple do-gooders and glory chaser decide to add to the euphoria, because of the precedent which can be set. Very little of this case will concern the information which the US is currently trying to get its hands on, but if it is successful in this venture, the tracks will be laid for future pokes into personal and private information.

“Our brief further explains how the US Government’s position would set the stage for repeated violations of data-protection laws around the world,” Privacy International said in a statement.

“Approximately 120 countries have laws that specifically protect personal data. The US Government would similarly violate these laws in countless cases should it be given the authority to unilaterally seize data stored abroad. It would also place companies that provide online services in the untenable position of having to violate the laws of other countries in order to comply with warrants issued in the United States.”

The US often positions itself as the moral voice of the world, but only when that stance is consistent with domestic objectives. In this case, the US doesn’t seem to be bothered by the fact it would violate European data protection and privacy rules, because it has its own agenda and ambitions.

There are of course numerous objections which Privacy International has raised, but we feel this is one of the most important. Just because the process of storing information has changed does not mean a government has the right to impose its own standards and influence over citizens of other nations. Microsoft, irrelevant of its own drivers, is taking an important position against the government, which seems to want to head down the route of global Big Brother.

Naturally, there will be circumstances where such information will need to and should be handed over to the government, but there have been numerous examples over the last couple of months where governments are seeking a blank cheque to snoop. There is a fine line between safety and privacy, but it is crucial accountability and jurisdiction is maintained.

The US government should not be allowed to force cloud companies to hand over information when it violates the domestic regulations where the data has been sourced. Just because it has the biggest army, the biggest economy and the most expensive car, does not give it the right to judge whether laws in other nations are substandard to its own.

“Under principles of comity, courts determine how to apply US law without unreasonable interference with the sovereign authority of other nations,” the statement reads. “Since construing the Stored Communications Act to have extraterritorial application would conflict with the data protection laws of many governments around the world, comity principles militate against such an interpretation.”

We are encouraged by the Microsoft position and resistance to pressure, from a government which does occasionally present itself as a bully, and support from organizations such as Privacy International will only help the courts move to, what we believe, is the right decision.