No mention of BB in all of this. I know their market share is small but given their niche market would be companies and goverments I thought they would be targets for this sort of thing too.
Cops and spies should blame THEMSELVES for smartphone crypto 'problem' - Hyppönen
Law enforcement and intel agencies have no right to complain about the improved security of smartphones because they brought the problem on themselves, according to security guru Mikko Hyppönen. Policing and government officials on both sides of the Atlantic have been vociferous in their complaints about Apple and Google's …
COMMENTS
-
-
-
Monday 13th October 2014 14:24 GMT Anonymous Coward
Obama's Snooping
This is another case of Obama having total disregard for people's privacy.
And before you fanbois get cranky, any U.S. social studies textbook will explain that the NSA, CIA, and FBI are all part of the Executive Branch which is headed by the President and operate under his direct and total control.
-
Monday 13th October 2014 15:06 GMT Anonymous Blowhard
Re: Obama's Snooping
"the NSA, CIA, and FBI are all part of the Executive Branch which is headed by the President and operate under his direct and total control"
Or could it be vice-versa? Politicians only have power if they get elected, and you can't get elected if your opponents get help from TLAs about your vices and indiscretions; democracy has more to fear from uncontrollable secret agencies that have huge resources and no accountability than it does from a relatively small number of terrorists with less fire-power than an NRA convention.
-
Monday 13th October 2014 18:32 GMT Anonymous Coward
Re: Obama's Snooping
"This is another case of Obama having total disregard for people's privacy.
And before you fanbois get cranky, any U.S. social studies textbook will explain that the NSA, CIA, and FBI are all part of the Executive Branch which is headed by the President and operate under his direct and total control."
And massive spying on the American people has been around since the Patriot Act signed by Republican president George Bush.
-
Monday 13th October 2014 20:47 GMT Anonymous Coward
Re: Obama's Snooping
And massive spying on the American people has been around since the Patriot Act signed by Republican president George Bush.
Massive spying? Not according to Snowden. It's Obama that has taken warrentless spying to an unheard-of level.
But still I have to ask, what is your point? Are you saying you approve of Obama continuing to do spying?
Tell me, what is more important to you, personal privacy, or politics? Do you think Obama is wrong to escalate the spying? Or would you rather just stick your head in the sand and pretend?
BTW, the PATRIOT Act (which was enthusiastically endorsed by Democrats when first introduced) was enthusiastically signed and renewed by President Obama. Twice. He even expanded the scope of the spying.
So what's your point? Please speak into the mic.
-
Monday 13th October 2014 22:42 GMT Anonymous Coward
Re: Obama's Snooping
The point is that it isn't solely Bush's or Obama's fault, it is institutional, and the next president, whether it is Hillary or one of the republican contenders, will do his/her best to further expand the spying. The government never voluntarily gives up power, and in the rare cases where it is forced to, it takes a big scandal (i.e. Watergate) to focus the public's attention long enough to make it happen.
Sadly, most people don't even pay attention to further disclosures from Snowden's cache. Unless he's been saving up a bombshell, it is all old news to the typical person, so the window for rolling back the clock has passed and the government knows it. They're probably already trying to figure out new and better ways to violate our privacy and novel ways of interpreting laws or creating secret EOs to get the FISA court's rubberstamp of approval.
Perhaps as a nod to the scandal they're shutting down to the old spying programs and replacing them, so they can say "we shut down RANDOMCODENAME as detailed by Snowden, yay us!" when it won't change anything as far as the privacy of citizens is concerned.
-
Tuesday 14th October 2014 04:18 GMT Anonymous Coward
Re: Obama's Snooping
The point is that it isn't solely Bush's or Obama's fault, it is institutional
I fail to see your point. It is Obama that that directly oversees these agencies. Spying of this magnitude can't happen without his approval which he has already admitted to doing.
Is it your point that Obama can't help himself?
The important question is, how do we stop this? Or do you just throw up your hands and decide that it's in Obama's nature to spy on everyone?
Remember, Obama can stop this with just one Executive Order. Why hasn't he? His own party has called on him to fire the head of the NSA. Why hasn't he?
A real Liberal would be outraged at how Barack Obama has betrayed his party, his principles, the U.S. Constitution. Obama fanbois (fake liberals) make excuses and turn away. Blame Bush? Guess what, he isn't President anymore.
Traditional Liberals, like me, are outraged at how Obama has betrayed the Democratic party. Why aren't you?
-
Tuesday 14th October 2014 12:10 GMT Mark 65
Re: Obama's Snooping
"The important question is, how do we stop this? Or do you just throw up your hands and decide that it's in Obama's nature to spy on everyone?
Remember, Obama can stop this with just one Executive Order. Why hasn't he? His own party has called on him to fire the head of the NSA. Why hasn't he?"
Surely a better question to ask is "just what hold do these agencies have over him?"
-
Tuesday 14th October 2014 14:26 GMT Anonymous Coward
@AC the "traditional liberal"
Well, the reason I'm not outraged by Obama's "betrayal" is because I'm not a liberal, and never said I was, so I don't know why you're faulting me on that. I consider myself a libertarian, so I find a lot of fault in both parties, and the spying program which both parties support is just the tip of the iceberg. I was never under the illusion Obama was going to keep his promises any more than I thought Bush was going to "reach across the aisle", or Clinton was going to do whatever stuff he claimed he would during the 1992 campaign.
The democrats had control of congress when Obama took office, and democrats like Feinstein (who few would accuse of being a "fake liberal") knew about the spying program. Why didn't she talk to her colleagues and say "I can't tell you the full extent of what we're doing, but its bad, let's make some laws that won't allow it to happen any more"? Because the democrats do support it, just like the republicans. You and your liberal friends might not, but you're too much into the "us against them" dialogue that both parties want and encourage to tell your nose from your ass, and don't see the democrats are every bit as corrupt as the republicans, and support anything that helps insure their continued power.
Yeah, there are some democrats who want to see it end, just as there some republicans who do. But not enough to make it happen. If you think Obama is so terrible in his support of this, who you are going to vote for in 2016? Certainly not Hillary, she'll support this stuff even more than Obama. Some fringe candidate like Kucinich? That'll just hand the election to the republicans, it would be the democrat equivalent of nominating Palin.
There's your problem, there isn't anyone who can reasonably win the democratic nomination who will stop this. Your best would probably be Rand Paul, though I think he's too much outside the orthodox republican view that the party machine will put a stop to him like they did McCain in 2000, and he'll either have to compromise his views like the new and disimproved McCain in 2008, or be called "crazy" and "dangerous" and relegated to fringe status like his father.
-
-
Tuesday 14th October 2014 12:09 GMT Mark 65
Re: Obama's Snooping
"so the window for rolling back the clock has passed and the government knows it"
Not entirely. With everything starting to move to encryption as a first though rather than an add-on what exactly will they now be hoovering up? They are their own worst enemy. If they'd kept it all nicely transparent and through the legal system they'd likely not have the problems they will shortly be facing. There are plenty of eyes now on the problem of creating greater security and anonymity. More than there would have been. I believe Tor use will start becoming more widespread and may well end up being baked in to linux distros in an easy-to-use fashion so that noobs can easily use it. What then?
Let's not forget they never stopped 9/11 despite all the things that they actually knew at the time. They didn't prevent the Boston bombings and the attacks in Madrid and London seemed to have gone quite well given the extra security the public are supposed to receive in return for the last vestiges of their privacy being shredded.
Stupid is as stupid does.
-
-
-
-
-
Tuesday 14th October 2014 04:38 GMT Daniel B.
FUD
BlackBerry Enterprise Service (BES) has been pretty much broken despite the encryption too.
Nope, BES isn't broken at all. In fact, that was one of the main reasons why BlackBerry (formerly RIM) ran into trouble with the Indian government, as they wanted access to both BIS and BES.
Now that BB10 devices are no longer tied to BIS, it's possible that they are now harder to tap than the old devices. Also notice that the NSA was able to h4xx0r Merkel's Nokia handset ... but they weren't able to do the same to her BB Z10. Quite interesting...
-
-
-
Monday 13th October 2014 12:57 GMT WonkoTheSane
2-part security?
Since Plod will take a phone immediately as evidence, but leave jewellery until a suspect is booked, auto-wiping might be achieved by pairing with an NFC ring ( http://nfcring.com/ ) or similar device.
If NFC ring <> connected then return phone to factory settings.
Placing the phone in an RF-shielded bag would obviously break the connection between phone & NFC device.
-
Monday 13th October 2014 15:06 GMT James 51
Re: 2-part security?
There was a story on the BBC about phones being remotely wiped after being taken suspects. Either someone already has an app for that or they aren't handling them properly after taking them. Opens a lot of ways a creative legal mind could exploit, for a suitable fee of course.
-
Monday 13th October 2014 16:55 GMT Stratman
Re: 2-part security?
www.windowsphone.com -> Select phone you want to wipe -> Find my Phone -> Erase -> Confirm
From the Windowsphone site
"To erase your phone
If you're certain that you can't get your phone back, or if you have sensitive information on it that you want to protect until you recover it, you can erase your phone remotely.
On your computer, go to windowsphone.com.
Point to the phone in the top-right corner, then click Find My Phone. If you're prompted, sign in with the same Microsoft account you used to sign in on your phone.
Click Erase.
If you're absolutely, positively sure, tick the I'm sure! Please erase my phone now checkbox, then click Erase."
-
Tuesday 14th October 2014 13:50 GMT Anonymous Coward
Re: 2-part security?
"There was a story on the BBC about phones being remotely wiped after being taken suspects."
The old bill are usually not the brightest and I'd assume they weren't always switched off or placed in RF shielded bags when they were taken, nor shielded when switched on again for examination. Since both ios and (I think) Android allow for remote wipe, and ios and Blackberry will wipe the device after X failed password attempts (again, I'd imagine android does this), it's easy to imagine a curious copper either switching it on or even having a go at the password. They get canned for far more brainless crap than that.
The almost scary thing about the story as presented on the BBC was that the cops seemed to be clueless about how it might happen.
-
-
-
Monday 13th October 2014 14:56 GMT Anonymous Coward 101
Re: Google has since promised to do something similar with Android smartphones.
"Then what does the Settings -> Security -> Encrypt Device on my Android 4.1 phone do?"
It makes Google send a message to plod that you are a paedophile or a terrorist, complete with GPS coordinates and full name and address.
-
Monday 13th October 2014 16:07 GMT WonkoTheSane
Re: Google has since promised to do something similar with Android smartphones.
"Eh? Then what does the Settings -> Security -> Encrypt Device on my Android 4.1 phone do? Or the Settings -> Security -> Encrypt external SD card ?"
Nothing unless you switch it on. Which is what Google will do in Android L (default ON instead of OFF).
-
-
Tuesday 14th October 2014 05:25 GMT John Tserkezis
Re: Google has since promised to do something similar with Android smartphones.
"It ensures that you get 5years unless you hand the password over to the plod."
Sometimes, the perps see this as a best of a bad situation. Especially if they're looking at more than a mere 5 years in the event the plods find out exactly how far and wide the illegal activity has gone.
-
Tuesday 14th October 2014 12:14 GMT Mark 65
Re: Google has since promised to do something similar with Android smartphones.
That's the stupidity of the "reveal your key" laws. Anyone who's a serious wrong-un will take the punishment for not revealing the key over that for revealing what is concealed. Terrorists and security being the weakest strawman - if you were accused of being in the final stages of planning an attack (and you were) it's highly unlikely you're going to hand over a fucking encryption key.
-
Tuesday 14th October 2014 13:54 GMT Anonymous Coward
Re: Google has since promised to do something similar with Android smartphones.
Except that as I understand it the (UK) two years for not handing over the password is recurring - two years inside, and if they're feeling mean, if they ask you again and you refuse, back to court, rinse and repeat ad nauseum.
-
Wednesday 15th October 2014 02:17 GMT Mark 65
Re: Google has since promised to do something similar with Android smartphones.
"Except that as I understand it the (UK) two years for not handing over the password is recurring - two years inside, and if they're feeling mean, if they ask you again and you refuse, back to court, rinse and repeat ad nauseum."
I'd like to see the rinse-repeat part pass the EU courts, Human Rights etc etc. That clearly counts as persecution.
-
Wednesday 15th October 2014 09:24 GMT James 51
Re: Google has since promised to do something similar with Android smartphones.
That's what happened in N.Ireland for decades. Suspects could be held for so many days but if they hadn't broken down and confessed to what ever they needed them to confess to, they were rearrested at the front door of the station.
-
-
-
-
-
-
-
-
Monday 13th October 2014 14:40 GMT Diskcrash
Misdirection
The real underlying complaint that the snoopers and their government handlers have is not that stronger encryption protects the evil but that it protects the average. Terrorists, criminals and paedophiles know and use technology in ways to protect what they are up to and are not bothered by limits or restrictions put in place by the government or the manufacturers, since after all they are evil.
What the snoopers want to achieve is the second, third and beyond level of contacts. The mothers, the brothers and friends are who they want to snoop on and they want to cast their net wide in order to come up with as many possible links as possible. The fact that many innocent people may be looked at and even incorrectly associated is not their concern.
Current police and investigation powers are more than adequate to target specific individuals but this is not what they want, they want the ability to snoop on everyone and everything. Except themselves of course.
The ever increasingly shrill cries sounds less like reasoned concern and more like a child caught with their hand in the cookie jar. The criminal made me do it, no the terrorist made me do it, no wait, wait think about the children the paedos made me do it. Waaaaaaaaaaaa.
-
Monday 13th October 2014 15:21 GMT Anonymous Coward
And then there is the big hindrance ...
I think it is appalling that the police are required to get a warrant, with evidence, before they can enter and search your house.
Clearly, the restrictions on searching private property, random pedestrians and the like play right into the hands of terrorists and criminals.
T. May is already thinking positively: arrest people who could be a danger before they do enough to be proved a terrorist or criminal or sympathiser with the wrong people.
Change language to heighten the impressions government and meida want, whether it is using extreme Americanisms or to vilify the less well-off just for expecting fair pay or to demonise those who do not fit the required mould.
Orwell was on the right lines (particularly read his appendix about language and New Speak or Anthony Burgess on the same theme); but he could have no conception in the 1940s of how the vast majority of people become avid, willing collaborators and adopters of the language, patterns of thought and behaviour foisted upon them.
A wonderful example: leaving the EU and so trapping British subjects within the most overcrowded islands in Europe is described as regaining "freedom", as opposed to the enormous restriction on freedom to live and work where one wants across the whole of Europe. The rights and freedoms of 2 million Britons living, working or retired, in mainland Europe are disregarded.
Yes, to safeguard our freedom, let any government apparatchic, plus private sector contractors with the government, have free access to your home, your pockets, your car, your mobile, your computer, what you read or write (perhaps a permit to read books or write anything), perhaps public burnings of the wrong books, removal of internet or telephone access. Actually, just adopt the old East German approach complete with their rather efficient Stasi. You know, control migration minutely, imprison or shoot illegal emigrants.(I mean EMigrants), as is already the case in some cases albeit with a sheen of legality.
-
Monday 13th October 2014 19:15 GMT Anonymous Coward
Re: And then there is the big hindrance ...
"I think it is appalling that the police are required to get a warrant, with evidence, before they can enter and search your house."
Do they? A solicitor once explained that when an investigation is not going where it should - then some UK police forces are apt to mount a "fishing expedition". This involves arresting second degree contacts in the hope that their computers etc will contain something incriminating.
The bit that surprises me is that apparently they don't have to get a magistrate to sign off a warrant for a dawn raid - which might be difficult with no evidence. It is my understanding that If they arrest the person on "suspicion of conspiracy to" - then that automatically confers the power of a search.
If they find nothing then they will claim that it was a lawful arrest - and leave the victim to be advised by their solicitor "off the record" about the personal risks in complaining or suing.
If it sounds like an abuse of power - then it must be remembered that "the end justifies the means" has always been the mantra of those whose jobs, and self-worth, depend on "getting results".
-
Monday 13th October 2014 15:51 GMT Schultz
Breaking trust
The true price of the boundless secret spying won't be evident for a long time and will be due to the loss of trust within and among states. We thought we lived in some kind of international utopia and could travel and trade without boundaries. Now the three letter agencies reminded us that you can't trust anybody -- not even the government of an apparently enlightened state.
If you ever wondered whether the next century belongs to the Chinese or US model of governing -- stop wondering, they nicely converge.
-
Monday 13th October 2014 17:32 GMT Stuart 22
It's all over now
Anybody watching The Code (BBC4) will have spotted the leak of pre-prepared embarrassing information on a cabinet minister.
Its hard to imagine that the Director of GCHQ doesn't already have a dossier of resign quality data on every minister (or potential minister). That's leverage that's hard to put down. Even the most honest/moral of us leave trails that, as Hyppönen claims, can be construed as 'awkward'.
As Ted Heath once asked "Who Rules Britain?" It sure ain't trade unions.
-
Monday 13th October 2014 19:26 GMT Anonymous Coward
Re: It's all over now
There was a TV drama serial many years ago - with Tom Bell? as a long-serving CID detective. He and his partner are deployed to investigate child prostitution. In the process they happen to recognise one of the customers as a very senior government minister. (Home Secretary?)
IIRC the end was very downbeat. The detective finally realised that his investigation had been a set up by the intelligence services wishing to bring down the politician - without being seen to do so.
-
-
-
Tuesday 14th October 2014 04:49 GMT Daniel B.
Re: What Freaks Me Out...
Everyone has always been looking for those backdoors. Remember NSA_KEY? The hacker community has been very suspicious since the early 2000s. We probably only need better SSL/TLS protocols or just use them for everything, as it seems that is spooking more the spooks.
-
Tuesday 14th October 2014 05:23 GMT Charles 9
Re: What Freaks Me Out...
Using them for everything won't work. The state has the resources to keep a quantum computer in a black project, store everything since the advent of the PC, and probably even be working on a way to break lattice and other post-quantum encryption. And you can't stop them OR convince them to stop since EVERY state and state leader behaves like Damocles: as if under perpetual existential threat. Under such an environment, NOTHING is taboo since the one that can destroy you can come from ANYWHERE at ANYTIME.
-
Thursday 16th October 2014 15:32 GMT intrigid
Re: What Freaks Me Out...
Governments aren't gods. Nobody will be brute-forcing AES-256. Someone figured out the theoretical minimum amount of *energy* required to *iterate* through a 256-bit sequence on a 100% energy-efficient computer, and all the energy stored in the sun wouldn't even come close.
-
-
-