Snowdon is a dummy

May I ask who is the poster who's soooo obsessed about me that he or she needs to thumb down each and every one of my posts, including such lame factual questions as: "did you really spilled ink?"

Some people...

I remember that we had this discussion ... already when this feature was introduced ages ago.

The positive of it was (then) that you could collapse a post.
I never saw it that way and disregard this feature from the start. (Leaving aside a certain "test period" in the first days )

May I ask who is the poster who's soooo obsessed about me that he or she needs to thumb down each and every one of my posts, including such lame factual questions as: "did you really spilled ink?"

Could Snowden come to Berlin?
German opposition members appealed to the country's highest court to allow former NSA contractor and whistleblower Edward Snowden to testify at a parliamentary inquiry in Berlin.

A German parliamentary inquiry looking into US National Security Agency (NSA) spying in Germany initially decided it would not invite whistleblower and former NSA contractor Edward Snowden, who leaked the documents revelaing the US intelligence agency's massive spy programs, to testify in Berlin.

The Green and Left opposition parties on Friday requested that the German Constitutional Court, the country's highest legal institution, to rule on whether Snowden should testify in front of the inquiry committee in Berlin to provide a "global overview of the technical conditions of mass surveillance," according to Greens lawmaker Konstantin von Notz.

Although the German government appears not to want to risk harming its relationship with the US by allowing Snowden to speak in Berlin, inquiry committee members from Germany's governing parties have said they also want to hear from Snowden. They, however, want to do it via video link or in Russia, where Snowden currently lives in exile, rather than in the German capital.

Snowden has requested Germany ignore a standing US extradition request and provide him with security guarantees if he were to travel to the country. Snowden is wanted by the United States for theft of government property and unauthorised communication of classified intelligence. The German government has argued that allowing Snowden into the country would endanger national security by threatening German-American relations. For his part, Snowden has refused to testify from Russia.

Now it is up to the justices of Germany's Constitutional Court to decide "whether we, as parlimentarians, can exert our oversight function or whether the federal government and intelligence services control oversight," said Martina Renner of the Left party. She called for the inquiry's hearings to be made completely open to the public.

The opposition parties leveled their suit at the German government and its party members in the parliamentary inquiry as a constitutional dispute between government institutions for the Constitutional Court to rule on. But a final ruling could take years, according to attorney of record Astrid Wallrabenstein, a law professor at Frankfurt University.

Exactly what is in the suit has not yet been announced. Greens politician Christian Ströbele said the court should have time to become acquainted with the material before taking it to the public.

The opposition parties hope the court will rule that the government did not provide adequate evidence to backup their claim that Snowden's testimony in Berlin would endanger national security.

"You have to take a stand," the Left party's Andre Hahn said, explaining the lawsuit's short-term purpose. "This can't continue the way it has - as it stands, we cannot clear up anything."

The government on Friday referred questions to a statement it made in May that the conditions necessary to grant Snowden asylum in Germany had not been met. This statement will likely also make up part of the evidence the Constitutional Court will have to evaluate.

I am curious as to why Snowden will not testify from Russia? Has he said?

Hasn't he done interviews and even called in once on some kind of call in show?

So, do you think there is a slim possibility Snowden will come to Germany in the next year or so or however long it takes to work out the legal stuff?

http://www.dailyherald.com/article/20140927/business/140928707/


By Matthew Green
Slate
Last week Apple released its new iOS 8 operating system for iPhones, iPads, and iPod Touch devices. Most of the coverage of iOS 8 focuses on visible features that users can interact with. But there's one major change in iOS 8 that most users probably won't notice unless they find themselves in a great deal of trouble. Specifically, Apple has radically improved the way that data on those devices is encrypted. Once users set a passcode, Apple will no longer be able to unlock your device -- even if ordered to do so by a court.

While privacy advocates have praised Apple's move, it has drawn fire from some notable legal scholars. Writing in The Washington Post on Sept. 19, Orin Kerr referred to Apple's new policy as a "dangerous game," one that "doesn't stop hackers, trespassers, or rogue agents" but "only stops lawful investigations with lawful warrants." While Kerr has moderated his views since his initial post, his overarching concern remains the same: By placing customer interests before that of law enforcement, Apple is working against the public interest. If you interpret Apple's motivations as Kerr does, then Apple's recent move is pretty surprising. Not only has the company picked a pointless fight with the United States government, it's potentially putting the public at risk.

The only problem is that Kerr is wrong about this. Apple is not designing systems to prevent law enforcement from executing legitimate warrants. It's building systems that prevent everyone who might want your data -- including hackers, malicious insiders, and even hostile foreign governments -- from accessing your phone. This is absolutely in the public interest. Moreover, in the process of doing so, Apple is setting a precedent that users, and not companies, should hold the keys to their own devices.

To see why this is the case, you need to know a bit about what Apple is doing with its new technology. The first time you power up a new iPhone or iPad, you'll be asked to set a passcode for unlocking your phone. This can be a full password or just a 4-digit PIN (though the former is certainly stronger). On devices with a Touch ID sensor, you'll also be allowed to use your fingerprint as a more convenient alternative.

A passcode may look like flimsy security, but it's not. The minute you set one, Apple's operating system immediately begins encrypting your phone's sensitive data -- including mail, texts, photos, and call records -- using a form of encryption that the U.S. government uses to protect classified military secrets. The key for this encryption is mathematically derived by combining your passcode with a unique set of secret numbers that are baked into your phone.

If all goes well, you'll never notice this is happening. But the impact on data raiders is enormous. Even if someone cracks your phone open and attempts to read data directly off the memory chips, all she'll see is useless, scrambled junk. Guessing your passcode won't help her -- unless she can also recover the secret numbers that are stored within your phone's processor. And Apple's latest generation of phones makes that very difficult. Of course, your would-be data thief could try to get in by exhaustively trying all possible combinations, but according to an iOS security document, Apple also includes protections to slow this attack down. (In the same document, Apple estimates that a 6-digit alphanumeric password could take upward of five years to guess.)

The encryption on Apple devices is not entirely new with iOS 8. What is new is the amount of data your phone will now encrypt. Apple has extended encryption protections to nearly all the data you produce on a daily basis and will also require you to enter the passcode (or fingerprint) each time you reboot your phone. In addition, if you purchase a recent iPhone (5S, 6, or 6 Plus), Apple will store your keys within a dedicated hardware encryption "coprocessor" called the Secure Enclave.

Taking Apple's recent privacy announcements at face value, even Apple itself can't break into the Secure Enclave in your phone. While it may seem "natural" that the designer of a system -- in this case Apple -- can break its own encryption, the truth is that such a capability is hardly an inevitable design outcome. For Apple to maintain such a capability with its newer security processors, it can't just be more knowledgeable than its customers. It would have to literally design in a form of "skeleton key." In computer security circles this mechanism is generally known as a "backdoor."

Designing backdoors is easy. The challenge is in designing backdoors that only the right people can get through. In order to maintain its access to your phone, Apple would need a backdoor that allowed them to execute legitimate law enforcement requests, while locking hackers and well-resourced foreign intelligence services out. The problem is so challenging that even the National Security Agency has famously gotten it wrong.

To dive into the technical weeds, any backdoor Apple might design would likely require the company to store some sort of master access key -- or even a whole database of such keys, one for every phone it sells. In the worst case, these keys might need to be carefully transported from the factory in China, to a locked and guarded room at Apple HQ in Cupertino, California. They would be kept isolated from the Internet to protect them from hackers, and Apple would have to constantly monitor its own employees to prevent abuse. None of this is cheap, and the stakes are high: A data breach involving Apple's master keys could catastrophically harm the company's reputation, particularly in the security-conscious enterprise market.

Much of the Apple criticism thus far stems from the perception that Apple is primarily targeting the U.S. government with its new encryption features. But this is shortsighted. Apple currently has retail stores in 14 countries and sells its phones in many more. The United States is not the only government with law enforcement, or with an interest in its citizens' data.

Fortunately we don't have to speculate about what those interests might be. Back in 2012, rumors swirled that the Indian government had threatened to ban BlackBerry's messaging services and had even forced BlackBerry to hand over the encryption keys to that service. BlackBerry denied handing over the keys, but eventually admitted it had built a "lawful intercept" mechanism for the Indian government.

If Apple holds its customers' keys (or maintains a backdoor into your phone), then the same calculus will soon apply to Apple. That's the problem with keys. Once you have them, sooner or later someone will expect you to use them. Today those requests originate from police in the United States. Tomorrow they may come from the governments of China or Russia. And while those countries certainly have legitimate crime to prosecute, they're also well known for using technology to persecute dissidents. Apple may not see either public interest or shareholder value in becoming the world's superintendent -- meekly unlocking the door for whichever nation's police ask them to.

Apple's new encryption may not solve this problem entirely -- foreign governments could always ban the sale of Apple products or force Apple to redesign. But by approaching the world with a precedent that customers, not Apple, are responsible for the security of their phones, Apple can at least make a credible attempt to stay above the fray.

(Disclosure: I have served as an expert witness in court cases that involve Apple technology, though I have neither worked for Apple nor do I have access to any nonpublic information about Apple's encryption technology.)

• This article is part of Slate's Future Tense, a partnership of Slate, New America, and Arizona State University. Matthew Green is a research professor of computer science at Johns Hopkins University. His research focuses on applied cryptography and computer security.

A reminder to iPhone owners cheering Apple’s latest privacy win: Just because Apple will no longer help police to turn your smartphone inside out doesn’t mean it can prevent the cops from vivisecting the device on their own.

On Wednesday evening Apple made news with a strongly-worded statement about how it protects users’ data from government requests. And the page noted at least one serious change in that privacy stance: No longer will Apple aid law enforcement or intelligence agencies in cracking its users’ passcodes to access their email, photos, or other mobile data. That’s a 180-degree flip from its previous offer to cops, which demanded only that they provide the device to Apple with a warrant to have its secrets extracted.

In fact, Apple claims that the new scheme now makes Apple not only unwilling, but unable to open users’ locked phones for law enforcement. “Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access [your personal] data,” reads the new policy. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”

But as the media and privacy activists congratulated Apple on that new resistance to government snooping, iOS forensics expert Jonathan Zdziarski offered a word of caution for the millions of users clamoring to pre-order the iPhone 6 and upgrade to iOS 8. In many cases, he points out, the cops can still grab and offload sensitive data from your locked iPhone without Apple’s help, even in iOS 8. All they need, he says, is your powered-on phone and access to a computer you’ve previously used to move data onto and off of it.

“I am quite impressed, Mr. Cook! That took courage,” Zdziarski wrote in a blog post. “But it does not mean that your data is beyond law enforcement’s reach.”

Just after Apple’s announcement, Zdziarski confirmed with his own forensics software that he was still able to pull from a device running iOS 8 practically all of its third-party application data—that means sensitive content from Twitter, Facebook, Instagram, web browsers, and more—as well as photos and video. The attack he used impersonates a trusted computer to which a user has previously connected the phone; it takes advantage of the same mechanisms that allow users to siphon data off a device with programs like iTunes and iPhoto without entering the gadget’s passcode.

“I can do it. I’m sure the guys in suits in the governments can do it,” says Zdziarski, who has trained law enforcement in iOS forensic techniques in the past. “And I’m sure that there are at least three or four commercial tools that can still do this, too.” Zdziarski said he has yet to test those commercial forensics tools to know which ones might still be capable of the data-siphoning trick, but he speculated that software from the firms Cellebrite and Oxygen were likely candidates.

The data siphoning trick has important limitations: it requires a “pairing record,” a unique key that can only be found on a computer with which the target device has shared data in the past. That means cops, intelligence agents, or hackers hoping to use the technique would have to either plant malware on a user’s machine to access the pairing record or simply grab the target’s computer along with his or her mobile device. The targeted user would also have to have unlocked his or her iOS device since last turning it on—freshly restarted devices aren’t vulnerable to the attack, Zdziarski says. Even using the siphoning trick, aside from photos, none of the data that Zdziarski managed to retrieve contradicts Apple’s new promises of protection. He couldn’t access emails, call records or other native iOS applications.

“I can do it. I’m sure the guys in suits in the governments can do it,” says Zdziarski.

Still, he posits that the data-dumping method could be used by cops who seize all of a suspect’s electronics from his or her home, or by airport security agents who grab the user’s phone and laptop and extract their data with commercial tools. To actually receive the benefit of iOS 8′s new resistance to law enforcement data dumps, he suggests users should encrypt their hard drives to protect their pairing record and power off their phone and PC before going through airport checkpoints.

Apple deserves credit for serious security improvements in iOS 8, Zdziarski says. He points to a talk he gave at the HOPE hacker conference in June about multiple vulnerabilities in the iPhone that allowed someone with physical access to offload its data. With iOS’s updates, Apple has quietly killed all of those techniques—except the ability to pull third party data, photos, and video with a pairing record. He says Apple likely neglected to fix this last hole because it would have complicated iOS devices’ interactions with programs like iTunes and iPhoto. “They’ve fixed so many different security holes, but this one is still there,” Zdziarski says.

Apple didn’t immediately respond to a request for comment on the remaining data vulnerability Zdziarski describes.

To be fair, Apple didn’t claimed in its new privacy statement that its phone was impervious to law enforcement data extraction—only that the company wouldn’t unlock iPhones and iPads on the government’s behalf. And that’s already a far bolder stance than Google takes, willingly unlocking any device for law enforcement that uses its pattern-based unlock mechanism, says Chris Soghoian, principle technologist for the ACLU. He argues that Apple’s new focus on privacy has likely been driven by a year of pressure following the revelations of Edward Snowden, capped off by the embarrassing iCloud hack that revealed a trove of celebrities’ nude photos earlier this month.

“It seems clear that Apple is trying to compete on privacy and security…Android is looking worse and worse by comparison,” he says. “This is Apple’s way of saying they’re drawing a line in the sand.”

But Zdziarski warns that despite that strengthening line, Apple users shouldn’t become complacent. “The biggest mistake consumers can ever make in this situation is to assume that the information on their device is completely safe from the police,” he says. “Even with iOS 8’s big improvements, assume the data on your mobile device could potentially be accessed, and act accordingly