Tuesday, March 22, 2016

IT'S OVER (For Now):
FBI/DOJ Vacates Court Date Against Apple


This evening, MacNN published that:

Tomorrow's iPhone 5c court hearing vacated by judge after request
A few hours ago, the US Department of Justice filed to vacate tomorrow's hearing, as it has apparently found another method to access the San Bernardino shooter's work-owned iPhone 5c. The filing says that on Sunday, an "outside party demonstrated to the FBI a possible method for unlocking Farook's iPhone" which "should eliminate the need for the assistance from Apple Inc. ("Apple") set forth in the All Writs Act Order in this case." . . . 

The government is planning to perform more testing on the iPhone 5c to determine suitability of the proposed procedure, and report back to the courts on April 5 with progress, which may yet result in Apple having to appear and defend its position.
DOJ Motion To Vacate Hearing

So, see you again April 5th! (?)

It is so easy at this point to speculate what is REALLY going on at the FBI and DOJ. But let's sit tight and take this forced break in the proceedings. I expect full well that there will be more attempts to wreck the First, Fourth and Fifth Amendments to the US Constitution ahead.


Sunday, March 13, 2016

Suggested Reading Re:
Apple Vs FBI Vs US Constitution


I find it a bit absurd to write an article sending someone to another article. But sometimes someone else's writing is so good that I have to help draw attention to it. I've been pouring through a deluge of articles, videos, podcasts... discussing aspects of the Apple Vs FBI Vs US Constitution case. This specific article is one of the best of the lot and provides an excellent summary of the core failings of the FBI's case, discussing the law involved in detail with very good reader comprehension. Please read this article by John Eden at TechCrunch:

Why Apple is right to resist the FBI
... Apple should do what is necessary to preserve our enduring constitutional values, including life, liberty and the pursuit of happiness. Those values also include the privacy and speech rights protected by the Constitution. The First Amendment famously protects an individual’s right to say what he or she thinks or feels, and the Fourth Amendment guarantees that Americans shall be free of unreasonable searches and seizure.

These values and constitutional ideals are not mere commodities to be traded away, but are instead regulative ideals that capture and define who we are. Such ideals must remain unmolested by the temporary whims of each and every government agency. That’s what it means to be a nation of laws that is guided by a constitution.

In this particular case, Apple has a responsibility to resist the FBI’s efforts to force the company to undermine the security measures in its mobile operating system. To understand what is at stake here, one has to think deeply about what the world would be like if Apple were to comply with the FBI’s demands.... 
In a nutshell, here’s where we are: A government agency is trying to force the world’s most valuable technology company to break its encryption technology despite (1) having no legal authority to do so and (2) being unable to articulate what they hope to achieve on behalf of the American people. Sounds like a grand bargain to me.
Thank you to John Eden for excellent writing and thank you to the folks at MacDailyNews for bringing the article to my attention.


Thursday, March 10, 2016

Adobe Critical Updates:
In-The-Wild Exploit!


Over the past few days, Adobe has provided critical security updates. Version numbers and download links:

Flash v21.0.0.182 --Active exploit in-the-wild
AIR v21.0.0.176 --Active exploit in-the-wild
Acrobat v15.010.20060
Reader v15.010.20060
Digital Editions v4.5.1

Here are the links to the various Adobe Security Bulletins:

Flash & AIR

Acrobat & Reader
Digital Editions

And here are the number of CVEs patched:

Flash & AIR: 18. 

 - CVE-2016-1010 is being actively exploited in-the-wild.
(CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1000, CVE-2016-1001, CVE-2016-1005, CVE-2016-1010)
Acrobat & Reader: 3
(CVE-2016-1007, CVE-2016-1008, CVE-2016-1009)
Digital Editions: 1 
So get updating kids! Adobe critical updates go on forever...


And remember: 
UNinstall the Java Internet plug-in and never install it again! 
Don't bother updating it. 
Just UNinstall it.
Never install it again.


Monday, March 7, 2016

Apple Provides A Web Page Of
Amicus Briefs in Support of Apple


I've been slowly slogging through Apple's provided 'Amicus Briefs in Support of Apple'. It's an extraordinary list of supporters with links to their court briefs, letters to the court and related statement pages on the web:

Apple Press Info: Amicus Briefs in Support of Apple

I'm giving a talk tonight at a local user group about Apple Vs FBI Vs US Constitution, so I'll simply suggest looking through the list. An amazing array of companies and organizations are supporting Apple's court case.

Meanwhile, I'm not seeing much more than desperation, rhetoric and hyperbole from my government in response. Today's comic over at Joy of Tech summarizes their loony desperation:

What bothers me, of course, is that this bumbling attempt at imposing totalitarianism in the USA will be followed up with more polished, manipulative, propagandist attempts that appeal to the ignorant and easy frightened among us. We've already seen the Director of the FBI post a highly emotion-oriented appeal on the net with little reference to the real legal issue. I expect more of the same in the future with the volume cranked up to 11.

Monday, February 29, 2016

Progress In Apple Vs FBI/DOJ:
NY Judge Backs Apple In Drug Case


Some progress has been made in the Apple debacle with the FBI. It turns out that Apple's objection to government requests for an iOS device cracking key began back in October, 2015. The ruling involves a drug case in Brooklyn, NY and the US Department of Justice.  The judge's decision is provided in an article over at Reuters:

N.Y. judge backs Apple in encryption fight with government
The U.S. government cannot force Apple Inc (AAPL.O) to unlock an iPhone in a New York drug case, a federal judge in Brooklyn said on Monday, a ruling that bolsters the company's arguments in its landmark legal showdown with the Justice Department over encryption and privacy. . . .
(Added emphasis, mine). 

I strongly suggest reading the entire article. This is the first precedent case in this debacle and is going to carry some weight as similar cases progress, especially Apple's Motion To Vacate from last week regarding the FBI obtained terrorist iPhone.

Here is a link to a PDF of the full judgement:



. . .

In deciding this motion, I offer no opinion as to whether, in the circumstances of this case or others, the government's legitimate interest in ensuring that no door is too strong to resist lawful entry should prevail against the equally legitimate societal interests arrayed against it here. Those competing values extend beyond the individual's interest in vindicating reasonable expectations of privacy – which is not directly implicated where, as here, it must give way to the mandate of a lawful warrant. They include the commercial interest in conducting a lawful business as its owners deem most productive, free of potentially harmful government intrusion; and the far more fundamental and universal interest – important to individuals as a matter of safety, to businesses as a matter of competitive fairness, and to society as a whole as a matter of national security – in shielding sensitive electronically stored data from the myriad harms, great and small, that unauthorized access and misuse can cause.

How best to balance those interests is a matter of critical importance to our society, and the need for an answer becomes more pressing daily, as the tide of technological advance flows ever farther past the boundaries of what seemed possible even a few decades ago. But that debate must happen today, and it must take place among legislators who are equipped to consider the technological and cultural realities of a world their predecessors could not begin to conceive. It would betray our constitutional heritage and our people's claim to democratic governance for a judge to pretend that our Founders already had that debate, and ended it, in 1789.

Ultimately, the question to be answered in this matter, and in others like it across the country, is not whether the government should be able to force Apple to help it unlock a specific device; it is instead whether the All Writs Act resolves that issue and many others like it yet to come. For the reasons set forth above, I conclude that it does not. The government's motion is denied.

Dated: Brooklyn, New York 
February 29, 2016 
JAMES ORENSTEIN U.S. Magistrate Judge


Saturday, February 27, 2016

Good On EFF At The 2016 Apple Stockholders Meeting!


I'm a supporter of the EFF, Electronic Frontier Foundation. Here's another free plug as thanks for their excellent work.

EFF to Apple Shareholders: Your Company Is Fighting for All of Us
. . . We’ve long warned that the FBI seeks to undermine the security for technology users, and have been warning that a showdown like this one was coming. Make no mistake, all of us have our security at stake here. There is no reliable way to build a pathway to undermine Apple’s security that will only let in good guys. And once it has built this path, there is no way that the law will limit Apple to using it on a single phone. Neither the technology nor the law supports this. As security expert Bruce Schneier said, either we all have security or none of us does.

So it's gratifying to see Apple take this stand to protect the security and privacy of its customers. We are supporting Apple publicly and will be filing a friend of the court brief siding with them because it’s wrong for the government to conscript Apple or any company or coder to write and certify brand new code that they believe, rightly, will undermine security features that protect us all.

This is about all of our safety and resisting government overreach. These are hard battles to fight—we know, we’ve been fighting them for many years. We’re proud of Apple for supporting strong encryption, which at its heart is supporting civil liberties. And we’re proud to stand with them on this fight.

- Cindy Cohn, Executive Director of the Electronic Frontier Foundation
Apple's Shareholders Offer Support for Stance Against U.S.
When Cindy Cohn, executive director of the Electronic Frontier Foundation, rose during the meeting at Apple headquarters in Cupertino, California, to praise the company, her words sparked a long round of applause from the audience, including Cook on stage.

~ ~


Friday, February 26, 2016

Additions To Your Reading List
Re: Apple Vs FBI Vs US Constitution


I'm heading out to coffee and lunch with a reading list about the Apple debacle with the FBI et al. So I thought I'd share. You're welcome, don't hit me! Ow! You can really thank Brian Krebs for inciting my list of Jonathan Zdziarski articles. Both of these fellows are remarkably insightful.

The Lowdown on the Apple-FBI Showdown
by Brain Krebs

Zdziarski's Blog of Things
by Jonathan Zdziarski
tl;dr Apple’s technical capabilities under FBI AWA order
Code is Law
Apple, FBI, and the Burden of Forensic Methodology
10 Reasons Farook’s Work Phone Likely Won’t Have Any Evidence 
On FBI’s Interference with iCloud Backups
The Dumpster of Forensic Science
On Ribbons and Ribbon Cutters 
Open List of Requested iOS Security Improvements  
Forensic “Weapons” and Ex Post Facto Burden

~ ~ ~ ~ ~

BTW: Last night I dreamed of trying to fit an unruly open roll of film into a camera. I believe this was a prescient abstract reference to the list of Zdziarski articles I discovered this morning. (Jonathan is an avid photographer). My brain does that on occasion. Some of these abstract dreams have been years ahead of reality. Why they're so frickin' abstract I don't understand. Perhaps it's for the purpose of plausible deniability, should my subconscious ever be confronted regarding the laws of time. No peeking, etc. ;-)