Apple and the FBI – TMO Daily Observations 2020-01-21

· Kelly Guimont · The Mac Observer's Daily Observations Podcast

TMO Daily Observations Podcast Logo

Bryan Chaffin and Andrew Orr join host Kelly Guimont to discuss Apple’s decision not to encrypt backups, and what data Apple can share.

FBI Wants Apple’s Help to Unlock iPhones Again

· Andrew Orr · News

The FBI is again asking Apple’s help to unlock iPhones. This time it’s part of an investigation into the shooting at the Naval Air Station in Pensacola, Florida.

ProtonMail Launches ProtonCalendar Beta

· Andrew Orr · News

ProtonMail logo

ProtonMail, a Swiss company that provides an end-to-end encryption email service, today announced the beta launch of ProtonCalendar.

Defense Department: We Need That Encryption You Want to Break

· Andrew Orr · Link

Everyone from the Department of Justice, the FBI, and politicians like Senator Lindsey Graham are attacking encryption, calling for backdoors for the “public good.” But people who understand security are cautioning against such a move. This week Representative Ro Khanna forwarded a letter to Lindsay Graham from the Defense Department’s Chief Information Officer Dana Deasy.

As the use of mobile devices continues to expand, it is imperative that innovative security techniques, such as advanced encryption algorithms, are constantly maintained and improved to protect DoD information and resources. The Department believes maintaining a domestic climate for state of the art security and encryption is critical to the protection of our national security.

Senator Lindsey Graham to ‘Impose His Will’ on Encryption Backdoors

· Andrew Orr · Link

Apple and Facebook representatives met with lawmakers today where senators pushed for the companies to compromise their users’ security by including encryption backdoors. In particular, Sen. Lindsey Graham said:

My advice to you is to get on with it. Because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.

“Encryption backdoors for thee, but not for me.”

DuckDuckGo Smarter Encryption will Serve You HTTPS Sites

· Andrew Orr · Link

DuckDuckGo logo

The DuckDuckGo Smarter Encryption feature will automatically give you the encrypted HTTPS version of websites as they are available.

It’s available on DuckDuckGo’s mobile browser for Android and iOS, and through the company’s desktop browser extension for Firefox and Chrome. DuckDuckGo is also open sourcing the code behind the feature so other sites and platforms can adopt it as well. First up? Pinterest.

I especially like how they’re open-sourcing it for others to use.

FBI Draft Resolution Calls for End-to-End Encryption Ban

· Andrew Orr · Link

An FBI draft resolution for Interpol calls for a ban on end-to-end encryption. It’s for Interpol’s 37th Meeting of the INTERPOL Specialists Group on Crimes Against Children.

A draft of the resolution viewed by Ars Technica stated that INTERPOL would “strongly urge providers of technology services to allow for lawful access to encrypted data enabled or facilitated by their systems” in the interest of fighting child sexual exploitation. Currently, it is not clear whether Interpol will ultimately issue a statement.

Remember when I mentioned the Four Horses of the Infocalypse? Terrorists, drug dealers, pedophiles, and organized crime. Four fears to use as a way to push their agenda. I know it’s a delicate issue. These groups are definitely ones that the majority of society would want to stop. But removing end-to-end encryption for everyone isn’t the way to do that.

macOS Mail Stores Encrypted Emails in Plain Text

· Andrew Orr · Link

Apple mail logo

IT specialist Bob Gendler found that macOS Mail was storing encrypted emails in plain text. He first notified Apple on July 29, but only got a temporary fix from the company 99 days later on November 5.

The main thing I discovered was that the snippets.db database file in the Suggestions folder stored my emails. And on top of that, I found that it stored my S/MIME encrypted emails completely UNENCRYPTED. Even with Siri disabled on the Mac, it *still* stores unencrypted messages in this database!

Mr. Gendler shard a fix in his blog post.

New Messaging Standard RCS Won't Have Encryption

· Andrew Orr · Link

Everyone is talking about a new messaging standard the Big Four carriers have agreed upon. It’s called RCS and it’s meant to replace SMS. But your RCS conversations won’t be end-to-end encrypted.

The CCMI neatly fixes both the first and the second problem. Garland says the carriers believe there are some implementation issues with the Universal Profile that the CCMI can address more elegantly, but it will follow the standard to ensure interoperability.

As for encryption, Garland wouldn’t commit. He emphasizes that the CCMI intends to make sure that the chats are “private” and that the app it’s making is “an experience [customers] can trust.”

Having Apple join the project would certainly legitimize RCS, but if it doesn’t have encryption I don’t think Apple will partake.

Encryption Hasn't Stopped the FBI From Fighting Child Porn

· Andrew Orr · Link

Despite arguments from governments that encryption would hinder their ability to fight criminals, this clearly isn’t the case. In a recent example one of the biggest child porn sites on the dark web was recently taken down.

No backdoors were needed to track down the owner of the server or hundreds of the site’s visitors. For that matter, the FBI didn’t even need a warrant. The FBI did not deploy its infamous NIT (Network Investigative Technique) to track down site users. The flaw was the payment system linked to the site. Users may have thought their Bitcoin transactions couldn’t be traced back to them, but they were wrong.

The Four Horsemen of the Infocalypse: Terrorists, pedophiles, drug dealers, organized crime.

Securely Store and Access Your Files with E2E Encrypted Cloud Storage: $99

· Bryan Chaffin · TMO Deals

We have a deal on a 1-year subscription to MEGA Cloud Storage PRO, a cloud storage platform using end-to-end encryption. The service encrypts what you upload before you upload it—and, you control the keys. You can store, access or share your files from within your web browser, or through dedicated Android, iOS, or Windows Phone apps. Our deal has three levels of storage, starting with 1TB at $99 per year.