Privacy/Security

With Apple, The Government Is Overstepping Its Boundaries

By: Tim Sparapani

What we’re seeing right now with Apple AAPL -1.92% is a classic case of law enforcement overreach. The FBI is putting extraordinary (and unprecedented) pressure on Apple AAPL -1.92% in the wake of the San Bernadino shooting which left 14 dead and 22 wounded. The U.S. government has filed a court motion to press Apple to rewrite its operating software so that it can investigate whether the shooter used his phone to communicate and plan with others.

That might appeal to some people who are looking for a quick fix for the threat of terrorism. But the truth is there are no quick fixes and the government’s move is an extraordinary threat to liberty. It also won’t work. A backdoor won’t stop terrorism, it will only weaken phone security with no likelihood of any kind of public benefit. The public, and policymakers, should help Apple resist the FBI’s pressure. The FBI’s proposal is dangerous for at least these three reasons:

It Won’t Prevent Terrorism

The government wants Apple to build an after-the-incident forensic tool to figure out what may have happened. But that will not actually deter or prevent terrorism. Terrorists will simply switch to using encrypted phones from other countries. At the same time, the government’s move will weaken security for all U.S. consumers. This cannot and will not stop committed terrorists.

It Sets A Terrible International Precedent

If the U.S. government forces this technology on Apple, it’s also giving this technology to the rest of the world. That means rogue regimes, dictatorships and oligarchs will have access to the same security busting technology as the U.S. government. One nation’s terrorist is another’s journalist, reformer, freedom fighter or human rights advocate. Limiting security on iPhones could put these people, who are often on the frontlines of fights against oppression, in grave danger.

Read the full article here.

We Need To Talk About Security On The Internet Of Things

By: Tim Sparapani

Some horrifying stories surfaced recently about glaring data security vulnerabilities for the Internet of Things. A company called Shodan, which is a search engine for connected devices, has had no trouble pulling up video camera feeds of sleeping babies, marijuana plants and schoolrooms. The site found insecure connections for everything from traffic lights to ice rinks. Those gaps are a hacker’s playground, and they should worry consumers and companies hoping to capitalize on the market for Internet-connected devices of all kinds.

By collecting data from things like lightbulbs, factories and home appliances, engineers will be able to design endless apps to make things work more efficiently, saving energy and water while preventing equipment failure. That’s the essential promise of the Internet of Things (IoT) era. Thanks to the burgeoning IoT economy, we’re on the verge of having self-driving cars and appliances that tell us that their parts are about to fail.

But right now, that bright future looks a little dim. Security is paramount, and if manufacturers don’t take steps to assure the public that their devices are secure, that revolution will be delayed.

Perhaps because IoT devices are to date opaque — after all, there’s no interface for a lightbulb with sensors embedded in it — consumers haven’t been overly concerned about safety issues. Since this is still a relatively new industry, things like price and convenience have taken priority. We are in a type of technology limbo where we are learning that securing the data collected by these devices is essential, yet too few manufacturers have implemented robust data security protections for these devices.

But it will take just a few high-profile hacks to change that. Say, for example, all of the traffic lights in a big city suddenly went red at the same time and stayed that way. Or all of the lightbulbs linked to a given system went on in the middle of the night. An event like that would be enough to potentially scare people away from the IoT.

Read the full article here. 

Risks in Forcing Apple to Comply With Order to Unlock Phone Linked to San Bernardino Attack

By: Tim Sparapani

A federal judge’s order to help the Justice Department unlock a phone used by a suspect in the San Bernardino, Calif., shootings has put unprecedented pressure on Apple. In a letter to customers detailing the company’s opposition, Apple CEO Tim Cook noted that there are “implications far beyond the legal case at hand.” Yes, the owner of the phone–Syed Rizwan Farook‘s former employer–has given permission to search the device. But those who view the case as a potential means to combat the threat of terrorism are missing its threat to liberty, its potentially dangerous precedent, and the fallout to technological security. Consider:

Apple has said it complied with government search warrants and subpoenas. The Justice Department’s motion for Apple to disable particular security features on the phone presses the company to reformulate its operating software so that U.S. investigators can learn whether Mr. Farook used the iPhone to communicate with others about the November shootings. Forcing companies to create technologies to break their operating systems or override security features creates an after-the-incident forensic tool to figure out what may have happened. This does not actually deter or prevent terrorism. People determined to carry out attacks will continue to do so. They will simply use the encrypted products and devices sold by companies based outside the U.S. or other countries whose governments pry open their devices. At the same time, security protections for all consumers of those products will be weakened.

Such a move would set a dangerous international precedent. If the U.S. government forces Apple to undermine its technology there will be no means for companies to take a principled stand when rogue regimes, dictatorships, oligarchs, and other bad actors around the world make a similar request. One nation’s terrorist is another’s journalist. Or reformer, or freedom fighter, or rights advocate. In the wrong hands, the implications could extend to instances regarding human life, free speech, privacy, and other fundamental human rights around the globe.

In the immediate and long term, there is also a malware risk. Forcing Apple to reformulate its operating system is all but asking for the introduction of a bug, flaw, or defect–those forced upon companies by governments and those introduced through the vulnerabilities created by criminal hackers, identity thieves, and the government-sponsored spies of foreign nations.

Read the full article here. 

Will two privacy cops on the same block be one too many?

By Tim Sparapani:

Late last year in Washington something of consequence happened: Two federal agencies decided to jointly regulate consumer privacy issues. And just this week, dozens of consumer and privacy advocates are pushing one of those agencies – the Federal Communications Commission – to vigorously enforce consumer privacy rights.

Given the turf-conscious nature of Washington, the success of last year’s unusual agreement is deserving of critical review. There are high stakes for American consumers who expect privacy violations to be policed properly. For businesses in the converging communications, Internet, and app spaces that rely on their ability to use customer data, doubling the number of privacy cops could create significant headaches.

Traditionally, the Federal Trade Commission (FTC) has been the lead agency for consumer privacy issues. The U.S. has a handful of consumer privacy laws that are sector- or industry-specific. For example, there are statutes on the books that provide authority to regulate the data of health care patients, students and minors. For nearly everything else the FTC has a sort of catch-all consumer privacy enforcement authority not authorized by statute but built up principally over the last 25 years through a series of policy pronouncements and enforcement actions against companies. The FTC uses its core power to police unfair or deceptive trade practices when companies do not live up to their own statements concerning, and promises regarding, their collection, sharing, usage and protection of their customers’ personally identifiable information. Unless a separate privacy statute grants regulatory authority to a different federal agency, the FTC has assumed it is the privacy cop on the beat.

Read the full article here.

Two Is Not Better Than One: The FTC And FCC Join Forces On Privacy

By Tim Sparapani:

At the recent Consumer Electronics Show (CES) in Las Vegas, there was plenty of high-tech gadgetry on display — from virtual-reality goggles to the latest incarnation of the hoverboard. But one of the hottest tickets was an hour-long conversation with a couple of D.C. wonks.

CES President Gary Shapiro hosted back-to-back fireside chats with Federal Communications Commission (FCC ) Chairman Tom Wheeler and Federal Trade Commission (FTC) Chairwoman Edith Ramirez to discuss consumer privacy. It’s a topic that has tech executives grinding their teeth in frustration.

Thanks to a recent memorandum of understanding triggered by the Open Internet Order (“Order”) and signed by the two agencies, there are now two cops on the privacy beat.

The order redrew privacy turf when the FCC finalized it this spring. The main purpose of the order was to classify the Internet as a utility under Title II of the Communications Act in the interest of cementing net neutrality. What most of the mainstream press didn’t pick up on at the time was that the order also greatly expanded the FCC’s authority to investigate and enforce perceived privacy violations by broadband companies.

Read the full article here.

Fox & Hounds: Rideshare Companies Don’t Need TrustLine In Order To Protect Consumers

There’s no question that when it comes to ridesharing, especially when children are in the car, safety is paramount. Customers need to trust that their drivers are committed to keeping them safe and that the drivers are thoroughly and properly investigated before they’re allowed behind the wheel. There can be no compromise on public safety.

This is something that everyone understands, whether you’re a parent like me, or a company offering rideshare services to the public. The question for rideshare companies is: “How do we protect the public at large while still fostering a culture of efficiency and innovation?”

The answer is that private sector background checks and the use of real-time driver-rating systems ensure the highest degree of consumer safety and security. There is little to gain from adopting additional state-imposed background check requirements for rideshare drivers, especially when the requirements being proposed won’t actually make riders safer.

Read the full article here.

DiFi takes on the Pirates

The Internet is being flooded with pirates that put Californians’ intellectual property at risk.  I don’t have to tell you, but the entertainment industry itself employs hundreds of thousands in California, and it’s not just in LA.  Emeryville hosts the creative geniuses behind Toy Story 3 at the Pixar Animation Studio and George Lucas spent an estimated $350 million for his digital arts studio in the Presidio.  Not to mention the up-and-coming studios and production facilities that are in the City employing multitudes of producers, editors and actors.

So what, beyond Pirates of the Caribbean 4, do pirates have to do with California’s entertainment industry?  Plenty.  As you read this, pirated copies of new movies will have virtually flooded the Internet.  For example, Cisco predicts that by 2014 it will take more than two years to watch the video that will cross the global IP network every second. Of this mind-boggling amount of video, a large part of it is unauthorized video content stolen from California studios. In fact, the Motion Picture Industry of America estimates that it loses over $25 billion a year to piracy.

What does this mean for California?  In its most simplistic terms, it means lost opportunity for jobs and investment.  The studios are faced with a tough recession, and, the popular wisdom that the industry is recession proof is being challenged in light of studio consolidations and release numbers.  If the industry is bleeding billions of dollars to pirates, that’s money it could be otherwise investing in movie-making, and, consequentially job-making.  The Internet marketplace has provided opportunity like we could never have imagined for the entertainment industry and innovators across the state but it also has created an opportunity for very costly mischief.  As a state, and as a nation, we need to arm the federal government with the tools it needs to take on those who seek to unfairly and unlawfully profit from the labors of California’s best and brightest.

Senator Patrick Leahey recently sponsored a bill, S.3804, the “Combating Online Infringement and Counterfeits Act” that was co-sponsored by our own Senator Dianne Feinstein that will do just that.  It gives the feds an expedited means to take on rogue websites whose business model it is to facilitate the digital theft of copyrighted works.  Last week, a large, and diverse cross-section, of the Internet marketplace wrote a letter to Senator Leahey supporting swift passage of S.3804, including Sony Music Entertainment, Disney, NBC Universal, and Major League Baseball (Go Giants!).   CALinnovates would like to echo their support on behalf of our membership of California innovators and specifically to thank Senator Feinstein for her support of California innovation against the very real, and not very cute, threat of piracy.

Hollywood vs. Pirates

In honor of the Oscars, we at CALinnovates thought we’d go all Hollywood on you and bring attention to the policy making emanating out of Lalaland.

In January, the Screen Actor’s Guild (SAG) joined the American Federation of Television and Radio Artists (AFTRA), Directors Guild of America (DGA), International Alliance of Theatrical Stage Employees, Moving Picture Technicians, Artists and Allied Crafts of the United States, Its Territories and Canada (IATSE) and issued a response to the FCC’s request for input on it’s proposed Net Neutrality regs.  Hollywood is concerned with pirates – and not the Johnny Depp type of pirate (as clearly we can’t get enough of that) – but the web based variety.

View Source