Month: September 2013

[Andrea Peterson reporting on remarks by former NSA and CIA director, Michael Hayden][1]:

> “We built it here, and it was quintessentially American,” he said, adding that partially due to that, much of traffic goes through American servers where the government “takes a picture of it for intelligence purposes.”

*Sigh.*

[1]: http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/15/former-nsa-and-cia-director-says-terrorists-love-using-gmail/

[Dave Pell reacting to the new iPhone TouchID system (fingerprint scanner)][1]:

> In order to give us the promise of more security, companies will want to know even more about us. It feels like we’ve passed a point of no return. So much about us is stored in the cloud (our finances, our communication, our social lives) that we can’t turn back. The only way to protect what you’ve shared so far is to share some more. Protect your data with a password. Protect the password with some secret, personal questions. Protect all of that with your fingerprint or your heartbeat. Before long, you’ll have to give a DNA swab to access a collection photos you took yourself. It’s a trend worth watching. The last decade was about sharing. The next decade will be about protecting.

Pell’s thoughts are cogent, and while we know little about the day-to-day operation of Apple’s new Touch ID — there has thankfully been a mostly healthy debate around the workings of the device.

[Rich Mogull over at TidBITS has a very evenly written and well explained take][2] on Touch ID and how it works — I suggest you read it before we go any further.

[Cory Doctorow over at Boing Boing has this to say][3] (in response absurd reports that fingers are now going to get cut off):

> This is the paradox of biometric authentication. The biometric characteristics of your retinas, fingerprints, hand geometry, gait, and DNA are actually pretty easy to come by without your knowledge or consent.

He’s right, not only do we drip this information everywhere we go, we can’t ever change it. But I believe it is a wrong-headed assumption to assume that this is any more problematic than any passcode.

While you could lift my finger print from a pane of glass, who’s to say how time consuming it might be (and expensive) to create a copy of my finger which would allow you into my phone. Add to that: you also need possession of my phone. Then, if you get both of those, you would need your finger replica to work the first time so that I don’t remote wipe the device before you get a chance to read my data.

It would actually be *easier* to just cut off my finger (not that I advocate that). What would also be easier would be to take the zoom lens on a camera, follow me for 30 minutes and snag my four digit passcode — but that’s not inflammatory enough to drive blog post traffic, so…

[Over on Motherboard][4], Patrick McGuire makes the case that we have no reason to trust Apple that there is no NSA backdoor into the encrypted A7 chipset to get our fingerprint. I agree, there is no reason to trust Apple on this, but *yet again* I have to argue that this seems like more work (and risk of exposure) than the reward is.

To assume that the NSA is secretly working with Apple, or hacking iPhones, to get fingerprint data is also to assume that this would be the easiest way to get that information. Logically, thanks to Doctorow, we know that simply is not the case. Do you have a passport? Have you been arrested? Worked with children? Gotten a security clearance? Real Estate broker in Washington State? Then the NSA *has* your fingerprint already.

It’s stupid to assume the NSA would spend that much time to try and get fingerprint data when a good spy could covertly get it (spies they already have trained and paid for), or even just calling the local cops and asking them to pick up the suspect for a random reason.

Just use some logic here people.

*** 
Now, for something [actually troubling from Marcia Hofmann][5]:

> But if we move toward authentication systems based solely on physical tokens or biometrics — things we have or things we are, rather than things we remember — the government could demand that we produce them without implicating anything we know. Which would make it less likely that a valid privilege against self-incrimination would apply.

Essentially, the government has a harder time to compel you to give up a password, or combination, but it looks as though forcing you to use your finger to unlock something would not violate your rights.

This compels me to once again urge *all* apps to provide an option for passcode locks on the app. If your app contains content created by the user of the device, give us the option to add another layer of protection on that data. Then if compelled to unlock our phones, we can’t necessarily be compelled to turn over the passcodes for each app. All the government gets then is out contacts and call log — both of which they likely already got from the NSA.

[1]: http://nextdraft.com/current/
[2]: http://tidbits.com/article/14089
[3]: http://boingboing.net/2013/09/12/why-fingerprints-make-lousy-au.html
[4]: http://motherboard.vice.com/blog/the-iphones-fingerprint-scanner-is-an-exercise-in-trust
[5]: http://www.wired.com/opinion/2013/09/the-unexpected-result-of-fingerprint-authentication-that-you-cant-take-the-fifth/

It’s just that they don’t open them in the way that you think they do. WNC InfoSec has a post from *vintsurf* [about something he caught Dropbox doing with Word documents][1]:

> All .doc embedded HoneyDocs appear to have been accessed…from different Amazon EC-2 instance IPs.

Essentially what he found was that every time a *new* Word document is uploaded, it is opened on an Amazon server in libreoffice — it appears to only be opened once. Ok, so before we get too riled up we need to look at reasonable explanations for this behavior.

The most reasonable explanation is that this is done to render a preview of the file for the web interface. And that makes a lot of sense. [Hacker News][2] seems to agree with this notion as well.

Two weeks ago I would have given Dropbox the benefit of the doubt that, yes, this is likely *just* to render previews and that I was OK with that.

But this isn’t two weeks ago.

I have no reason to trust Dropbox — to trust that the NSA hasn’t subverted their systems some how. That’s unfortunate for Dropbox, and for me.

Dropbox has always held the encryption keys for user files, and has repeatedly said there is a vigorous security system in place to keep prying eyes from our files. Since making those statements here are a few things we know to be fact:

1. The NSA probably has a more vigorous security system in place, and Snowden stole so many documents that the NSA isn’t even sure what he has.
2. Dropbox clearly allows Amazon instances access to user files. At the very least to render previews.
3. The NSA is known to weaken cryptography and get backdoors installed for them, and there is simply no way to verify that this hasn’t happened at Dropbox *or* Amazon.
4. We know that Dropbox was/is a target for NSA’s PRISM program — there’s little reason to doubt that the NSA places a high value on getting access to user files stored in the cloud.

So, in light of all of this, as of 10:54am PT I cancelled my Dropbox account. I didn’t just stop using it this time, I deleted it.

For now the biggest bottle neck will be 1Password syncing, but more on that in a later post. *([You can see some of my alternative Dropbox solutions here][3].)*

I highly suggest you either get rid of your Dropbox account or encrypt every file on it that you wouldn’t want getting leaked into the public domain.

This sucks — for everyone.

[1]: http://www.wncinfosec.com/dropbox-opening-my-docs/
[2]: https://news.ycombinator.com/item?id=6374945
[3]: https://brooksreview.net/2013/09/goodbye-dropbox/

The title of the latest Guardian report by [Glenn Greenwald, Laura Poitras and Ewen MacAskill and sourced by Edward Snowden][1], would rightfully seem to say everything in the headline. That’s what I thought when I saw it, but that headline severely downplays how damning this latest article truly is.

Let’s get to some block quoting, as the title says, this is centering around a non-legally binding sharing agreement entered into between the U.S. and Israel. Here’s what is (essentially) shared:

> According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications. “NSA routinely sends ISNU the Israeli Sigint National Unit minimized and unminimized raw collection”, it says.

What’s important about that is the wording “minimized”. That’s what the NSA refers to as stripping information about non-targets and U.S. citizens. So effectively the U.S. is handing over raw data, without going through it first, to another country.

Ok, Ben, but that’s what the headline says and I am bored with this NSA crap. I’m bored with it too, but, it’s still important (like reading loan documentation).

It’s important because when you go through it you find out about stuff like the fact that the NSA may also be spying on the U.S. Government and elected officials, ((Cited in same article.)) but just asks that if Israel gets any info relating to U.S. Government officials that they, *you know*, delete it and pretend they never saw it.

##### Welcome to the Circle of Trust

Which is noble, but then you read (in the same article), this:

> In another top-secret document seen by the Guardian, dated 2008, a senior NSA official points out that Israel aggressively spies on the US. “On the one hand, the Israelis are extraordinarily good Sigint partners for us, but on the other, they target us to learn our positions on Middle East problems,” the official says. “A NIE [National Intelligence Estimate]() ranked them as the third most aggressive intelligence service against the US.”

So Israel is one of the top countries that spies on the U.S., and early in the article we learned that Israel is a top-three country for the U.S. to spy on, but hey — why not just share the raw data the NSA is snatched up with them?

I’m not done…

> In its statement, the NSA said: “We are not going to comment on any specific information sharing arrangements, or the authority under which any such information is collected. The fact that intelligence services work together under specific and regulated conditions mutually strengthens the security of both nations.

I think they forgot to add: by willfully infringing on the constitutional rights of U.S. citizens, while also turning over intelligence on innocent people to a foreign government. But hey, *terrorism*.

[1]: http://www.theguardian.com/world/2013/sep/11/nsa-americans-personal-data-israel-documents

[Kim Baldonado][1]:

> A TSA office near LAX was evacuated Wednesday afternoon after it received a suspicious package, believed to have been mailed by an ex-screener arrested for allegedly threatening the airport, according to the FBI.

I wasn’t going to link to this, but right before tossing it aside I caught the really funny part. You see the headline makes it sound like the TSA has been getting some naughty packages, and the above quote attributes the latest to an ex-TSA employee. That’s pretty bad, but really whatever. What makes this story great is the next paragraph:

> The delivery to the Century Boulevard offices marks the third suspicious package attributed to Nna Alpha Onuoha, 29, officials said.

You see, this *same* ex-TSA employee has sent all three of the packages. *Insert your own joke about how good the TSA is at screening employees, here.*

[1]: http://www.nbclosangeles.com/news/local/Nna-Alpha-Onuoha-LAX-TSA-Threats-Suspicious-Package-Evacuation-223387571.html

There are two really great things about the iPhone 5S that I can’t wait to have:

1. The new camera. Like every iPhone before it, the camera is much improved. This go around I think it is going to start giving cameras like the GX1 a run for their money. The new autofocus, flash, and burst modes are the kind of features you just don’t get out of a camera that compact.
2. The Touch ID systems lack of cloud storage. That is, the fact that the system works without transmitting your fingerprint to *any* server is a huge win for security. I’m personally not too worried about this system as my fingerprints have to be in “the system” in order for me to be a commercial broker.

There are undoubtedly tons of nice additions, but the two above are the ones that I am most excited about.

[Editorially has officially launched today.][1] I have been in on the beta of Editorially for quite a while, but really don’t know much about their product roadmap. So now the doors are open, and if you want to give it a go you can sign up and do just that.

For those that don’t know Editorially, it is an online writing app, where you can invite others to checkout, modify, comment on, and discuss your writing.

It’s a great tool for writing with other people.

I’ve been using it with my editor James for quite a while now and it has been great. I love being able to pop a document on there, still work on it privately, and then invite him to it. I can add a comment about the overall document, or highlight a specific section that I want him to see.

There’s still a lot missing and a lot that *could* be added to make this a great tool. Right now, it is the best tool I have found for working with an editor and I am, overall, happy with it. Now that the doors are open, I will also be adding it to the workflow for my day job for collaborating on long documents — it’s just leaps and bounds better than “track changes”.

[1]: https://editorially.com/

[Marcel Rosenbach, Laura Poitras and Holger Stark](http://www.spiegel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-blackberry-a-921161.html):

> According to the documents, it set up task forces for the leading smartphone manufacturers and operating systems. Specialized teams began intensively studying Apple’s iPhone and its iOS operating system, as well as Google’s Android mobile operating system. Another team worked on ways to attack BlackBerry, which had been seen as an impregnable fortress until then.
> The material contains no indications of large-scale spying on smartphone users, and yet the documents leave no doubt that if the intelligence service defines a smartphone as a target, it will find a way to gain access to its information.

First, let’s acknowledge how refreshing it is that *so far* the reports are that this is only being used for targeted individuals and not just randomly grabbing up all data. The iPhone is mentioned in this article, but from my reading of the article is seems as though iPhones are targeted through backups.

Not, as you might suspect, through iCloud backups, but backups on a user computers. This seems like a dubious assertion to me, because before iCloud backups even *I* wasn’t regularly backing up my iPhone. It would be my guess that iCloud backups are just as, if not more, vulnerable.

More telling is the hack into BlackBerry’s as it looks to be pretty far reaching — and may be the nail in the coffin for BlackBerry. It appears the NSA has a pretty good handle on the “secure” communication device, I can’t imagine it is a good day for Canada’s *only* company. ((Joking, or am I?))

No, actually, the most disturbing part of this report is this bit:

> In three consecutive transparencies, the authors of the presentation draw a comparison with “1984,” George Orwell’s classic novel about a surveillance state, revealing the agency’s current view of smartphones and their users. “Who knew in 1984 that this would be Big Brother …” the authors ask, in reference to a photo of Apple co-founder Steve Jobs. And commenting on photos of enthusiastic Apple customers and iPhone users, the NSA writes: “… and the zombies would be paying customers?”

The touting of creating a 1984 like state is very unsettling and is very telling. This is how these agencies view themselves: as the watchers. They were created to keep us safe, but see themselves as helicopter parents.

On a lighter note, the idea that these agencies can hack iPhones, but still use transparencies is, well, both confusing and ridiculous.

As recently as a couple of years ago ((Rough guess.)) I would have stood confidently before you and declared the Apple retail store experience to consistently be the best retail store experience, and perhaps the best shopping experience, I have ever had.

I’m not just speaking as an “Apple Blogger” or a tech-geek. I *do* speak as those things but also as a commercial property manager. What does a commercial property manager do? Well, I’m basically the landlord for office buildings, shopping centers, shopping malls, warehouses, etc. If someone doesn’t call the place “home”, then it’s something I manage for the owner of the property.

Needless to say I deal with retailers all day. I visit a ton of stores, many you would never want to set foot in. What I don’t manage, nor does my company, is any real estate with an Apple Store in it.

Keep that in mind as we continue…

***

What made the Apple Store one of the best retail experiences I have ever had, and all the more astonishing, was its *consistency*. No matter the day, time or location of the store, Apple retail always delivered a great experience. This was simply amazing to me: Like iPhone level quality mass manufacturing on a human retail employee level — something I didn’t think possible.

And then, at some point in the last couple of years, Apple changed the way their stores operated and fucked it all up.

Now I play a little game whenever I go to an Apple Store: “Avoid the iPad-Wielding-Apple-Rep”. You know who I’m talking about: the 2–4 Apple employees that hang out in Apple Stores greeting you and asking if you need any help, the ones with the iPads.

Sounds like these are really helpful people, right?

Wrong. These are the scourge of the Apple Store because they cannot actually *help* you. If you walk up and say: “I’d like to get an iPhone.” They say: “Sure, I will get someone to help you.” They are friendly, but why can’t *they* help you?

I understand that certain Apple retail employees specialize in certain products, which makes sense. I’m perfectly happy waiting for a knowledgeable representative when I have specific questions about the products. However, the single most annoying thing about iPad-Wielding-Apple-Reps is if you ask them: “Hey, could you ring this up for me?”, you get the response: “Let me get someone that can help you with that.” (“Duh, don’t you see I use this-here iPad to look official and nothing else?”, remains unsaid.)

One of the greatest things about the Apple Store used to be that there were only two employee types: Geniuses and non-Geniuses. You knew the difference because the former always had a line of people waiting for them. At this time you could grab any free non-Genius, pay for your wares and leave. This experience was so great that stores like Nordstrom Rack implemented it to make checkout easy, non-location specific, and personable.

To be fair, only the iPad-Wielding-Apple-Reps can’t check you out (Geniuses are still too busy for that). The problem is that in a typical Apple Store, the iPad-Wielding-Apple-Reps are the ones making eye-contact with you and are generally always available, just not available to really *do* anything.

Today at the Apple Store I saw a common scene unfold. Four to six retail employees standing around talking, a dozen or so people with broken iOS devices getting help, others looking at iPhone cases, etc. When it came time for me to checkout I turned to the first Apple Store employee and lost my own game — it was an iPad-Wielding-Apple-Rep.

*”Let me get someone that can help you with that.”*

The time it took waiting for her to get someone to help me check out, was greater than the time it took for me to actually check out. The iPad-Wielding-Apple-Rep could have just checked me out and saved us all time. It’s not like she would have helped anyone else during that time…

This starts to chip away at an outstanding retail experience. I hope the iPad-Wielding-Apple-Rep is a temporary thing, because I am starting to dislike visiting Apple Stores. I feel compelled to avoid these employees.

***
*A Note from Editor, James Martin:

I wonder if iPad-Wielding-Apple-Reps was a reaction to customers sometimes feeling, at busy times, that it was impossible to get anybody to help with anything. I’ve certainly experienced that phenomenon in Apple stores more than once (usually at the flagship retail locations: NYC, London UK, Sydney Australia).

Maybe for the frustrated, ignored customer *some* attention is better than nothing. Even if it’s only a placebo.

[Ellen Nakashima reporting on a secret (now-not-secret) court ruling expanding NSA powers][1]:

> Together the permission to search and to keep data longer expanded the NSA’s authority in significant ways without public debate or any specific authority from Congress. The administration’s assurances rely on legalistic definitions of the term “target” that can be at odds with ordinary English usage. The enlarged authority is part of a fundamental shift in the government’s approach to surveillance: collecting first, and protecting Americans’ privacy later.

Gee, wonder why this wasn’t debated in congress.

[1]: http://www.washingtonpost.com/world/national-security/obama-administration-had-restrictions-on-nsa-reversed-in-2011/2013/09/07/c26ef658-0fe5-11e3-85b6-d27422650fd5_story.html

[Matt Gemmell has written his take on the NSA scandal][1]. Gemmell is someone who I normally agree with, but in this case I am in disagreement. There is a chance that cultural differences (however slight) are at play here, but I still would like to respond to a couple statements he makes:

> If you didn’t already assume that all this was happening, I really have to wonder why not. It’s inevitable, and entirely in keeping with the goals and modus operandi of state-operated secret signals intelligence-gathering institutions. That’s what they do. That’s what they’ve always done, and what they’re designed to do.

I think there’s a few issues at play in this paragraph, but the only one I want to tackle right now is the notion that people should have assumed this was occurring. [I’ll point you to cryptographer Matthew Green, talking about an interview he did with ProPublica (wherein he didn’t know about what was to be released)][2]:

> I admit that at this point one of my biggest concerns was to avoid coming off like a crank. After all, if I got quoted sounding *too much* like an NSA conspiracy nut, my colleagues would laugh at me. Then I might not get invited to the cool security parties.

> All of this is a long way of saying that I was totally unprepared for today’s bombshell revelations [describing the NSA’s efforts to defeat encryption][3]. Not only does the worst possible hypothetical I discussed appear to be true, but it’s true on a scale I couldn’t even imagine. I’m no longer the crank. I wasn’t even close to cranky enough.

Gemmell thinks we should have all assumed this was going on, but even very smart cryptographers couldn’t imagine the scale of this. That’s what I take issue with. It’s fine to say that we perhaps should have thought more was going on than meets the eye, but to assume that *this* level of subversion was at play was something that only the most paranoid assumed. ((And I am pretty damned paranoid.))

Back to Gemmell:

> This current flap is about privacy from the state. Notionally, we’re protected by legislation, due process, reasonable cause, and so forth. More realistically, we must assume that the state knows (or at least *can* know, should it choose to) everything about our online lives, which in turn reveals probably almost everything about our offline lives.

I don’t know anything about laws outside of the U.S., so I will only comment on those that I know. But it is widely believe here in the U.S. that such programs violate our constitutional rights. It is with that in mind that Americans (at least) assumed that any spying done at this level was done in direct protection of the country and never on American citizens — this is looking to be a false assumption.

This is a big deal. It’s not just a matter of secret laws, it’s a matter of violating some fundamental truths that Americans hold near and dear. Namely being, as Gemmell so accurately notes, privacy.

There’s a lot of points I don’t like, but that doesn’t make them invalid. Gemmell has presented a very good argument, just one that I very much disagree with. Especially this point:

> So what do we do about it? Probably not a lot, if we don’t want to sacrifice effective national security, international relations, and global communications.

Say what now? That’s a weak sentiment — that nothing can be done so why bother — and anything that is done makes “us” woefully insecure. I couldn’t disagree with that more.

Terrorism is not as rife as news media and politicians make it sound, and while we certainly don’t know how much these programs have prevented, reining these programs in certainly wouldn’t lead to daily 9/11 attacks.

Lastly, international relations (from the US side at least), are already on thin ice. The U.S. makes a ton of the software the world runs on, and some of that software has most certainly been compromised in the name of **U.S.** interests — how does stopping that do anything *but* bolster international relations?

“All that is necessary for the triumph of evil is that good men do nothing.” –Edmund Burke

[1]: http://mattgemmell.com/2013/09/06/privacy/
[2]: http://blog.cryptographyengineering.com/2013/09/on-nsa.html
[3]: http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=0

[Jeff Shiner CEO of AgileBits][1]:

> It is impossible to absolutely prove that our answers to the easy questions above are truthful. But what I can do is provide a number of more verifiable claims, each of which makes it harder for us to lie about any of this. In combination, these should be enough to persuade you that there is no backdoor (deliberate weakness) in 1Password and that it would be very unlikely for one to be introduced.

Great post, and about as much as anyone can hope for. (I was glad to see this because I looked at some of the other 1Password like offerings and they are, erm, not good.) While the post doesn’t give me 100% confidence it gives me enough to feel comfortable staying with AgileBits products for the time being.

[1]: http://blog.agilebits.com/2013/09/06/1password-and-the-crypto-wars/