'Encryption will make life very easy for criminals and terrorists'
Plus: 'Clooney burner phone tactics are beyond the budget for most of us'
QuoTW This was the week when the US Attorney General jumped on the bandwagon and took Apple and Google to task for improving encryption on mobile devices.
Eric Holder said tightening security on their ecosystems was actually a bad thing, as it could allow child predators to evade authorities and hide illegal images and content on their devices. He said, without naming names:
We would hope that technology companies would be willing to work with us to ensure that law enforcement retains the ability, with court-authorisation, to lawfully obtain information in the course of an investigation, such as catching kidnappers and sexual predators.
It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy. When a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those who abuse children.
His comments came after FBI director James Comey said last week that stronger encryption would make the Feds job of collaring crims that much harder.
There will come a day – well it comes every day in this business – when it will matter a great, great deal to the lives of people of all kinds that we are able to, with judicial authorisation, gain access to a kidnapper's or a terrorist's or a criminal's device.
I just want to make sure we have a good conversation in this country before that day comes. I'd hate to have people look at me and say, 'Well how come you can't save this kid?,' or 'How come you can't do this thing?’.
I am a huge believer in the rule of law, but I am also a believer that no one in this country is above the law.
What concerns me about this is companies marketing something expressly to allow people to place themselves above the law.
You’d think two top officials moaning about how tech firms were making it harder for them to easily access private information would be enough. But then Europe decided to get in on the act. Rather than focusing on kidnapped children and paedophiles, EU top cop Troels Oerting was a tad more measured. But he still warned that privacy that veers into anonymity risks making life easy for criminals and terrorists:
The problem right now is, there seems to be a confusion between anonymity and privacy. We all want and need privacy, but this doesn't mean anonymity.
Irreversible encryption will make it very difficult — maybe even impossible — for law enforcement to obtain evidence, and I am not sure this reality is clear to all.
In any democratic society we need to provide law enforcement with a right to obtain information authorised by a judge, based on a clear suspicion, in cases involving serious crime or terrorism. This applies to the offline world and should also apply to the online world.
Full encryption of communication and storage online will make life very easy for the criminals and terrorists and very difficult for law enforcement and law abiding citizens. We have to find the right balance between security and freedom — and this balance has to be set by citizens in a political and ethical discussion on the trade-offs.
Meanwhile, everyone’s been trying to convince everyone else that upstart start-up social network Ello is the next brightest thing on the web. The currently invite-only network is trading on that old internet chestnut “no ads” to rake in the new users. Instead, the company wants to succeed where so many have failed before and go from being free, to charging users for “advanced features” in order to make money. According to the site:
Virtually every other social network is run by advertisers. Behind the scenes they employ armies of ad salesmen and data miners to record every move you make. Data about you is then auctioned off to advertisers and data brokers. You're the product that's being bought and sold.
Collecting and selling your personal data, reading your posts to your friends, and mapping your social connections for profit is both creepy and unethical. Under the guise of offering a 'free' service, users pay a high price in intrusive advertising and lack of privacy.
We also think ads are tacky, that they insult our intelligence and that we're better without them.
Naturally, as soon as it drifted into the public eye, someone knocked it offline with a DDoS attack. The site had to go dark to fend off the distributed denial-of-service, saying:
Investigating - We are undergoing a potential denial of service attack.
The site is currently unavailable while we conduct some necessary maintenance. Follow along for any updates on our status page.
Ello recovered quickly though, coming back up in 30 minutes. Whether it can succeed in becoming the new Facebook without succumbing to the lure of advertising remains to be seen.
In Britain, the UK government’s attempt to go digital with car tax discs stumbled at the first hurdle, when the website collapsed under the hefty weight of Brit drivers. The new site couldn’t keep up with the service demands as thousands rushed to renew their car tax following the retirement of the 90-year-old paper disc system. The Driver and Vehicle Licensing Agency (DVLA) tweeted:
Unprecedented demand tonight. We built to scale but 6000 a minute is causing slow response. Around 250K have taxed tonight so keep trying— DVLA (@DVLAgovuk) September 30, 2014
We are currently experiencing high volumes of traffic to our online vehicle tax service please keep trying. Sorry for the inconvenience.— DVLA (@DVLAgovuk) October 1, 2014
Frustrated taxpayers were annoyed, but not terribly surprised by the outage:
@sudoash It's a government agency. There is no load balancing. Or estimation of load. Or planning. Or strategy. Politicians like it though.— Brian North (@brizinorth) October 1, 2014
Even once the site was up, it wasn’t working completely, failing to offer drivers the option to pay by direct debit:
In other Blighty glitches, EE has admitted that some of its customers have ended up paying more for data because of a screw-up with its My EE app. Reg readers reported that they were being charged for data they weren’t using and the problem had been going on all summer. Matt said:
EE is in denial and blaming customers’ poor tracking of their data use, use of third-party counters, or use of counters on their phones. Many users have conducted controlled tests with test files which show the EE data counters report double what is actually downloaded.
Many users lose their internet connection when their allowance is used early as a result, and are forced to pay for add-ons to get back online. How many don't realise it's not their fault?
Now the firm has copped to the error, saying there’s a snag in its data usage measurement system that’s been affecting customers. The mobile operator came clean on community forums – the same day El Reg asked it for comment. Community manager Ed_H said:
We can confirm that some customers are seeing inflated data usage appearing in My EE and/or My Account and it appears some of you are experiencing this error.
First of all, we'd like to stress that customers seeing this disparity are not using or being charged for the extra data usage that is appearing in My EE and My Account. This is a display issue only.
We are working on resolving the issue right now and we expect to have a fix installed soon.
Also in Blighty, internet aristocracy Sir Tim Berners-Lee has called again for a digital bill of rights to protect Brits against government snooping. He said:
A trusted web is crucial to the UK’s future — our tech sector has led the way out of recession, creating more jobs than any other industry in recent years. A Britain in which people no longer trust the web as a safe and private place will be a Britain that is less free, less creative and ultimately less prosperous.
The 2015 General Election is an opportunity for party leaders to reverse this worrying trend by committing to end indiscriminate online surveillance and enact a new digital bill of rights.
And finally, celebs are resorting to spook tactics to get a little privacy, as George Clooney and Amal Alamuddin handed out “burner phones” to guests at their wedding to avoid photos and other info leaking from their online accounts. Security veteran Graham Cluley said:
How were George Clooney and Amal Alamuddin to know if the celebrities they had invited to their three-day wedding party hadn’t already had their accounts compromised, and might be unwittingly leaking information and snaps? But the precautions taken by the newlyweds wasn’t enacted purely because of hackers, but because the couple are said to have sold the rights to the wedding photographs to a magazine [American Vogue], in return for a charitable donation.
Tactics like this might work for a three-day party, but are sadly impractical and beyond the budget for most of us. ®