There is a good article on TechRaptor about alleged Chinese intrusions into iCloud.
Greatfire.org, a website dedicated to monitoring and combating online censorship in China, has provided technical evidence to substantiate these allegations. Apple was already facing some heat after pulling anti-censorship apps from it’s iStore and also it’s recent decision to move iCloud storage of Chinese user data to centers within mainland china.
And just in case you think China is the only Bad Guys we need to worry about…
Of course, no one should pretend that this kind of spying only goes on in repressive countries like China. In comparison to the NSA use of ‘fiber-optic splitters’ to copy and filter data directly from the telecommunications backbone, a MITM attack seems rather quaint. Furthermore, it was reported earlier this year that the NSA had capitalized on the Heartbleed bug to steal passwords and other sensitive information.
Big Brother has many guises.
Apple and Google recently stated that they intend to encrypt-by-default in future mobile phones, and the FBI does not like it one bit. Interesting.
But then again, I asked a highly skilled technical chum of mine about this a few days ago:
What is your technical take on this? Is this a welcome development or bullshit?
And his reply was:
Somewhere between. Trust in closed-source product is hard to build.
Still… the fact the FBI is bleating is heartening. But it is true that we need to keep in mind that these are indeed closed-source products, thus we really do only have Apple and Google’s word for it that they will be as secure as they say they will be.
I found this interesting:
Apple Inc has begun storing personal data for some Chinese users on servers provided by China Telecom, marking the first time that the company has stored user data on mainland Chinese soil. Apple attributed the move to an effort to improve the speed and reliability of its service. It also represents a departure from the policies of some technology companies, notably Google Inc, which has long refused to build data centres in China due to censorship and privacy concerns.
Now I can certainly see why making it easy for the ghastly Chinese authorities to spy on people would be undesirable, but I wonder… where to locate the data centres then? Presumably not in the USA or UK if state access to people’s data is the big problem right, right?
If you read the catalogue of spy tools and digital weaponry provided to us by Edward Snowden, you’ll see that firmware on your device is the NSA’s best friend. Your biggest mistake might be to assume that the NSA is the only institution abusing this position of trust – in fact, it’s reasonable to assume that all firmware is a cesspool of insecurity courtesy of incompetence of the worst degree from manufacturers, and competence of the highest degree from a very wide range of such agencies
– Mark Shuttleworth
For any who have not seen it already, there is a very good interview with Edward Snowden on the Guardian website.
My understanding is there was an argument inside government between the two halves of the coalition and that argument has gone on for three months. So what the coalition cannot decide in three months this House has to decide in one day. This seems to me entirely improper because of the role of Parliament – we have three roles:
One is to scrutinise legislation, one is to prevent unintended consequences, and one is to defend the freedom and liberty of our constituents.
This undermines all three and we should oppose this motion.
– David Davis MP
…he is the one the Stupid Party rejected for Cameron.
Suddenly we’re told there’s a brand new bill that looks like it was written by the National Security Agency that has to be passed in the same manner that a surveillance bill in the United States was passed in 2007, and it has to happen now. And we don’t have time to debate it, despite the fact that this was not a priority, this was not an issue that needed to be discussed at all, for an entire year. It defies belief.
– Edward Snowden
As the rest of the world becomes more skeptical about mass surveillance, there is one country where it is seldom ever mentioned, except to babble about the need for more of it. The country that the romantic conservative Daniel Hannan says “invented freedom“: Britain.
The latest symptom of the “polite and commercial people” of Britain’s complacent unconcern with freedom and privacy is emergency legislation to be passed through all parliamentary stages early next week, the Data Retention and Investigatory Powers Bill or Act, as we shall have to call it almost immediately. There is little doubt this will happen. All three major parties are agreed they will drive it through.
The “emergency” is a confection. It is ostensibly because of a legal challenge to regulations under an EU directive which was invalidated by the European Court of Justice – which took place in April. So obviously it has to be dealt with by hurried legislation to be passed without scrutiny and not even adumbrated in public till Wednesday. This is the order of events:
- 8th April – ECJ declares Data Retention Directive 2006/24/EC invalid – in theory telcos and ISPs no longer required to gather certain data
- …wait for it…
- 7th July – Rumours surface in the press that “something will be done”
- 9th July – The Sun in the afternoon carries a “security beat privacy” piece boosting the scheme as the only way to beat terrorists and paedophiles.
- 10th July, 8am – Emergency cabinet meeting briefs senior ministers.
- 10th July, 11.18am – Bill becomes available on gov.uk website (still not available via parliament), Home Secretary makes statement in parliament.
- 11th July (Friday), 4pm – Draft regulations to be made under the Bill as soon as it is enacted made available.
- 15th July (Tuesday) – All House of Commons Stages of the Bill (normally about 4 months).
The pretext, reinstating these regulations (which the Home Office has claimed are still subsisting in the UK anyway) is hard to accept as “vital”. Other countries manage fine without them, and they only existed at all because of some bullying by the UK of other EU states after the 7th July 2005 bombings. I covered this background in an article for City AM written on Thursday. But since then we have had a chance to read what is proposed.
Reinstating the regulations – or anchoring them against legal challenge, since they are still operating – would be simple. The new Bill need only say that parliament enacts the content of the regulations as primary Act of the UK parliament. I wouldn’t be pleased. But it would be doing what was required by the ostensible emergency. That however is not what is happening. The new Bill would broaden the regulations and the scope of the Regulation of Investigatory Powers Act under which most state snooping in Britain is conducted and give the Home Secretary powers radically to expand the data required, by further regulations. It is a move in the direction of the supercharged surveillance regime set out in the Communications Data Bill, which was dropped as too controversial ante-Snowden. The clearest detailed analysis is by David Allen Green in the FT, he says:
The removals of civil liberties, and the encroachments of the state, are rarely sudden and dramatic. It is often a subtle change of legal form here, and the deft widening of legal definitions there. And before one knows it, the overall legal regime has changed to the advantage of officials and the otherwise powerful, and all we have done is nod-along as it happens.
I fear it is worse than that. Politicians and press have been so comprehensively suckered that some who would normally stand up for civil liberties are burbling about how “it offers [the] chance to bring rise of surveillance state under democratic control”. DRIP.
The Liberal Democrat politicians who have been most reliable n this topic all appear to have been bought off with a sunset clause and the ludicrous promise of “a review”, even though they have now had several years of experience of arrant avoidance of their questions by the intelligence services. DRIP
Even this cannot persuade them that the security state (sometimes called the “deep state”, though that flatters its dysfunctional smugness) is mocking them. DRIP.
Our permanent establishment in Whitehall treats ministers with condescension, and mere parliamentarians with the same contempt it reserves for ordinary citizens. But those in public life need to believe the state is their honest servant. DRIPS!
Oliver Stone, a man who is nothing less than a fountain of lies and inanities, is looking to make a movie about Edward Snowden. Frankly even that later day Ed Wood, Uwe Boll, would be preferable.
Hopefully Barbara Broccoli would do a better job… though as the Snowden story is very much still ‘a work in progress’ I cannot help thinking it is a tad premature to be trying to tell a tale whose outcome is far from obvious.
The United States Government, feeling that it does not have a sufficient worldwide reputation for completely lacking self awareness, has decided to indict members of the Chinese PLA for conducting computer based espionage against US commercial targets.
Note that the Snowden releases have revealed that the US has engaged in precisely the same behavior, including numerous attacks against Chinese equipment maker Huawei.
Indeed, we currently lack evidence that the Chinese state has conducted wholesale interception of calls from entire countries, but the NSA has done precisely that. We have no evidence that the Chinese have intercepted US equipment shipments and sabotaged them, but the NSA has done precisely that. We have no evidence that the Chinese have systematically undermined internet standards or bribed security companies to sabotage their own software to make communications less secure, but the NSA had done precisely that. Indeed, I could reiterate dozens of Snowden revelations here, but I won’t waste everyone’s time by doing so. (Note that I do not claim the Chinese government has not done such things, only that we do not have evidence of it, while we know for certain that the US government has done such things.)
Today’s rhetorical question is therefore this: if foreign countries begin indicting and arresting US officials for espionage and industrial sabotage, will the US government protest?
The government lost the crypto-wars. Crypto is now freely available, but in a sense they won because there are so many ways at people’s data that bypass the cryptography. What we’re learning from the Snowden documents is not that the NSA and GCHQ can break cryptography but that they can very often render it irrelevant… They exploit bad implementations, bugs in hardware and software, default keys, weak keys, or they go in and break systems and steal data.
– Bruce Schneier
What are the odds that the NSA, GCHQ, etc. do not spy on the elected officials that oversee them?
What prevents subsequent blackmail of said officials by said agencies, other than policies that would be utterly trivial for agency officials to violate at whim?