Hey, Beltway Denizens: Spies Are Tracking Your Phones, So Maybe Don't Ruin Encryption
The FBI is looking for a back door to your phone. So are some snoops in the FBI's back yard.
The Department of Homeland Security has acknowledged that there are unauthorized devices in our nation's capital that crooks or foreign governments may be using to track and possibly even access the contents of people's phones.
They're talking about "Stingray" devices, cell site simulators that law enforcement agencies have used to secretly track location data of cell phones in the possession of crime suspects.
The news that there are devices in the U.S. not under domestic government control came in the form of a letter to Sen. Ron Wyden (D-Ore.), who sent a bunch of questions to Homeland Security to find out what the agency knows.
You'd have to be an idiot to work in D.C. and not assume that this is going on, and the Associated Press coverage does not assume people are idiots. The letter confirms what everybody knows is happening. But it's good to see this information publicly acknowledged as the media report that the Department of Justice is once again trying to require tech and communication companies to provide them with ways to work around encryption.
From The New York Times:
Justice Department officials are convinced that mechanisms allowing access to the data can be engineered without intolerably weakening the devices' security against hacking.
Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms. The Trump White House circulated a memo last month among security and economic agencies outlining ways to think about solving the problem, officials said.
Even those solutions that don't utterly destroy our cybersecurity altogether come fraught with risks. One approach involves a separate key in the phone itself that only the manufacturer would be able to access and use with a court order. But employees at each of these companies would be able to access the keys, increasing the potential for theft or abuse or just getting your out into the public somehow. (We've already seen this happen with Microsoft.)
This push to force access into phones comes at odds with the cybersecurity needs of everyone in D.C. who works in politics. You'd think their own sense of self-preservation would put a damper on these efforts, but no.
In fact, the Associated Press notes that the feds don't seem that interested even in doing something about the cell tower simulators being operated in their own backyard by people or governments unknown. Why? Because "there was no political will to tackle the issue against opposition from the intelligence community and local police forces that were using the devices 'willy-nilly.'"
That's the encryption fight in a nutshell. Cops and spies don't care about your data security if it makes it harder for them to access whatever they want. And that position seems implacable, even if it increases the likelihood that Americans will become victims of criminal hacking.
Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.
Please
to post comments
“‘Cops and spies don’t care about your data security if it makes it harder for them to access whatever they want.”‘
Our true masters
I’m making over $7k a month working part time. I kept hearing other people tell me how much money they can make online so I decided to look into it. Well, it was all true and has totally changed my life.
This is what I do..look here more
http://www.richdeck.com
I’m making over $7k a month working part time. I kept hearing other people tell me how much money they can make online so I decided to look into it. Well, it was all true and has totally changed my life.
This is what I do… http://www.onlinecareer10.com
Is this another viral Reason article about The Americans final season?
Is this the Links thread? Very well, then i shall link.
That is, bar none, the happiest mug shot I have ever seen.
Evans was taken to the Trumbull County Jail, where he was told to “stop boxing the wall multiple times,” according to the report.
Somebody had a lot more fun last night than i did, apparently.
That was my first impression. My second was “Heeeere’s Johnny!!!”
Police said the house was trashed, with the couch upside down against the wall.
At my house, this is called Saturday morning.
Zelda
We need common sense pizza laws
even if it increases the likelihood that Americans will become victims of criminal hacking.
Better a million innocent people get hacked than one criminal suspect’s data be safe.
Can the right to privacy discovered in Roe v. Wade cover my right to encrypt my data? Asking for a friend.
No one is coming for your data
Just because you are paranoid, that doesn’t prove that no one is out to get you.
You can keep your data.
Speaking of, I found this adorable article.
Oh yeah, this story, read about this earlier this morning.
My first thought was, someone doesn’t like the competition. I figured they discovered the devices were competing with their own. Then there was the bit about how cell phone companies upgrading their equipment would stop the ‘2g’ loophole– where if you force a cell phone down to 2g, it goes unencrypted by default. They talked about how expensive it was to upgrade all the towers… then they helpfully added that it would stymie the government’s stingray program, so…
Woman sends DNA test to Ancestry.com and finds out that her real father was her parents’ fertility doctor.
That’s a weird fetish.
Why pay some grad student for their product when you have plenty of your own on the shelf? I am sure he passed on the cost savings to his customers to undercut his competitors. Genius!
/sarc
Who wouldn’t want to use a successful doctor as a sperm donor?
He is a dumbass for being on ancestry.com.
But, what are the actual damages? They consented to using a sperm donor and they did not select a specific sample.
Did he sign an agreement that he wouldn’t use his own? Does he not meet the desired specs? Is the woman really going to claim that she wishes she were never born?
I think the judge should insist she commit suicide to prove her case.
He is a dumbass for being on ancestry.com.
Brilliant observation!
Justice Department officials are convinced that mechanisms allowing access to the data can be engineered without intolerably weakening the devices’ security against hacking.
OK, then, require these Justice Department officials to engineer such a mechanism. And have it by the end of the week, it’s so simple!
This happened.
I guess it takes one to know one.
Unless all this “fake news” stuff is bullshit being peddled by mainstream media afraid that they’re losing their feel for actual news.
Oh. Well I mean he makes some good points. Maybe he’s repented?
Pppfft
They’re talking about “Stingray” devices, cell site simulators that law enforcement agencies have used to secretly track location data of cell phones in the possession of crime suspects.
I truly suspect that one branch of the government doesn’t know what the other branches are doing, and that ultimately this whole thing is actually the United States spying on itself. I mean, we already know the government is spying on us, so what’s so surprising about the government spying on itself?
Shh, the ears have walls.
I thought that and assumed it was Trump doing it and yes I’m aware of my prejudice.
Cliiiiipper Chip, they’re calling you!
“One approach involves a separate key in the phone itself that only the manufacturer would be able to access and use with a court order.”
The manufacturer? Why not the owner? Or does the manufacturer still own the phone despite having sold it to someone.
Why not the court? After all, it’s who’s ordering the access.
Why should the court go to the previous owner of the phone instead of the current owner? Or do you believe the manufacturer is still the owner of the phone despite having sold it?
Many companies now assert that they still own the software after the product is sold and cannot be modified by the device’s owner or designated repairman. For example, John Deere asserts it owns the software in the tractors they sell and no modifications can be made. The problem for the farmer is that they can no longer repair the equipment they bought as only John Deere OEM parts can be used and it has to be installed by John Deere dealers as the equipment’s software has to recognize the registration number of the replacement part. Small parts, like filters are okay to replace. Can you imagine the frustration when you $250k harvester breaks down in the field and you to hire someone to transport the harvester to the dealer who is a couple of hours away at a cost of thousands (think oversized load)? And then pay whatever the dealer wants to charge you for the part and the labor? Needless to say farmers are not happy including me.
It has made opportunities for Ukrainian hackers who have developed software that hacks the JD software. It does void the warranty.
Or assume that your phone is completely vulnerable at all times and don’t be a dumbass.
When it comes to phone security, we’re all dumbasses.
I am making $85/hour telecommuting. I never imagined that it was honest to goodness yet my closest companion is acquiring $10 thousand a month by working on the web, that was truly shocking for me, she prescribed me to attempt it. simply give it a shot on the accompanying site.
+_+_+_+_+_+_+_+_+ http://www.Jobpost3.tk
Mengapa pengadilan harus pergi ke pemilik sebelumnya dari ponsel alih-alih pemilik saat ini? Atau apakah Anda percaya pabrikan masih menjadi pemilik ponsel meskipun telah menjualnya?
bocoran sgp