Andrew wrote that Apple scans uploaded iCloud content for child abuse imagery, and a search warrant reveals it scans emails too.
Inside a lab in New York worth US$10 million, specialists are trying to brute force their way into iPhones and iPads.
What’s going on in the isolation room is important, if silent, forensic work. All of the phones are hooked up to two powerful computers that generate random numbers in an attempt to guess the passcode that locked each device. At night, technicians can enlist other computers in the office, harnessing their unused processing power to create a local supercomputer network.
According to Apple’s Legal Process Guidelines, there is a lot of data that the company can provide to law enforcement.
Apple had plans to introduce end-to-end encryption for iCloud backups, but canceled it two years ago after the FBI complained.
In a long read from NYT, Kashmir Hill writes about a startup called Clearview AI that works with law enforcement on facial recognition.
You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared. The system — whose backbone is a database of more than three billion images that Clearview claims to have scraped from Facebook, YouTube, Venmo and millions of other websites — goes far beyond anything ever constructed by the United States government or Silicon Valley giants.
Starting January 20, 2020 Scotland police will use devices called cyber kiosks to analyze the contents of smartphones during investigations.
Police Scotland will only examine a digital device where there is a legal basis and where it is necessary, justified and proportionate to the incident or crime under investigation.
Cyber kiosks used by Police Scotland will not be enabled to store data from digital devices. Once an examination is complete, all device data is securely deleted from the cyber kiosk.
Cellebrite, a company specializing in hacking smartphones for law enforcement, has acquired BlackBag Technologies, a company specializing in hacking computers for law enforcement. This will let Cellebrite offer law enforcement an “all-in-one” forensic solution to cover smartphones, laptops, desktops, and cloud data.
It also means offering a broad array of field acquisition capabilities including consent-based evidence collection along with an integrated solution set that provides access, insight and evidence management to facilitate and control large-scale deployments and orchestrate the entire digital intelligence operation.
Cellebrite offers all of these capabilities to law enforcement, but the FBI still wants Apple to create a backdoored version of iOS.
When a company like Cellebrite or GrayKey use their devices to break into your iPhone, it’s not just your local data that can be accessed. Using various types of “cloud forensics” or cloud extraction technology, they can get your data in the cloud as well. It’s a long read but worth it.
Cellebrite’s UFED Cloud Analyzer, for example, uses login credentials that can be extracted from the device to then pull a history of searches, visited pages, voice search recording and translations from Google web history and view text searches conducted with Chrome and Safari on iOS devices backed-up iCloud.
A judge recently ruled that law enforcement have the ability to search through DNA database GEDmatch, overriding the choice of its over one million users.
In the wake of that attention-grabbing case, GEDmatch changed its policies in May 2018 to make it less easy for police to access their data. Users now have to opt in to having their data made available to police; information they upload is set to private by default. Rogers told the NYT that as of October, less than 15% of current users, 185,000 out of 1.3 million, have opted in to sharing their data with police.
Documents reveal that New York City law enforcement has a partnership with Cellebrite to hack iPhones.
Previously, if law enforcement wanted to get into newer devices, they had to send the phones to one of Cellebrite’s digital forensics labs, located in New Jersey and Virginia. But Cellebrite’s new UFED Premium program gave law enforcement the ability to “unlock and extract data from all iOS and high-end Android devices” on their own, using software installed on computers in their offices.
I’ve always wondered if eventually Apple will remove the Lightning port from the iPhone once wireless charging becomes the norm. Side effects may include better waterproofing and worsened hacking.
Ring, the Amazon-owned surveillance company that sells doorbell cameras, is partnering with 400 more police forces across the U.S.
The partnerships let police automatically request the video recorded by homeowners’ cameras within a specific time and area, helping officers see footage from the company’s millions of Internet-connected cameras installed nationwide, the company said. Officers don’t receive ongoing or live-video access, and homeowners can decline the requests, which Ring sends via email thanking them for “making your neighborhood a safer place.”
The Sarasota County Sheriff’s office compiled a list of 15 apps that they believe pose a danger to young children. Here are the apps on the list:
MeetMe, Grindr, Skout, WhatsApp, TikTok, Badoo, Bumble, Snapchat, Kik, LiveMe, Holla, Whisper, Ask.fm, Calculator%, Hot or Not.
An app called what3words saved a group of friends after they got lost. Police told them to download the app and they were quickly found.
A couple weeks ago I shared news that Amazon is requiring police to promote its Ring surveillance cameras. Not that bad, I thought, because at least the police had to have the owner’s permission. But I was optimistic, because Amazon is giving police talking points on how to persuade owners, and even seizing the video footage if the owner said no.
As reported by GovTech on Friday, police can request Ring camera footage directly from Amazon, even if a Ring customer denies to provide police with the footage. It’s a workaround that allows police to essentially “subpoena” anything captured on Ring cameras.
Things like government surveillance and hacking are precisely why I will never buy smart home products. Update: A Ring spokesperson emailed me a correction: The reports that police can obtain any video from a Ring doorbell within 60 days is false. Ring will not release customer information in response to government demands without a valid and binding legal demand properly served on us. Ring objects to overbroad or otherwise inappropriate demands as a matter of course.
iPhone smuggler Jianhua “Jeff” Li was sentenced to three years in prison after being convicted of smuggling 40,000 iPhones into the U.S.
As part of a secret agreement, Amazon requires that police “encourage adoption” of its Ring doorbell surveillance cameras.
Dozens of police departments around the country have partnered with Ring, but until now, the exact terms of these partnerships have remained unknown. A signed memorandum of understanding between Ring and the police department of Lakeland, Florida, and emails obtained via a public records request, show that Ring is using local police as a de facto advertising firm. Police are contractually required to “Engage the Lakeland community with outreach efforts on the platform to encourage adoption of the platform/app.”
Backpage.com was a website modeled after the classifieds section of print. People could use it to post ads, and it also had a thriving section for adult ads. But the Feds seized it and arrested the owners. Christine Biederman wrote all about it.
The government indictment that triggered Lacey and Larkin’s arrests, United States v. Lacey, et al, includes 17 “victim summaries”—stories of women who say they were sexually exploited through Backpage. Victim 5 first appeared in an ad on the platform when she was 14; her “customers” made her “perform sexual acts at gunpoint, choked her to the point of having seizures, and gang-raped her.” Victim 6 was stabbed to death. Victim 8’s uncle and his friends advertised her as “fetish friendly.” The indictment accuses Backpage of catering to sexual predators, of essentially helping pimps better reach their target audiences.
This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.
As part of its annual transparency reports, for the first time Apple has released data for App Store government removal requests from 2018.
A New York teen sued Apple, saying its facial recognition in a store led to his false arrest. But Apple says it doesn’t use that tech.
Google has a database called Sensorvault. It contains location data of users and shares it with law enforcement—if they have a warrant, of course. Apple honors lawful requests as well. But Jennifer Valentino-DeVries wonders whether the database is too broad.
Google would not provide details on Sensorvault, but Aaron Edens, an intelligence analyst with the sheriff’s office in San Mateo County, Calif., who has examined data from hundreds of phones, said most Android devices and some iPhones he had seen had this data available from Google…
“It shows the whole pattern of life,” said Mark Bruley, the deputy police chief in Brooklyn Park, Minn., where investigators have been using the technique since this fall. “That’s the game changer for law enforcement.”