Leaked Memo Says Apple Provides Backdoor To Governments 582
Voline writes "In a tweet early this morning, cybersecurity researcher Christopher Soghoian pointed to an internal memo of India's Military Intelligence that has been liberated by hackers and posted on the Net. The memo suggests that, "in exchange for the Indian market presence" mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as "RINOA") have agreed to provide backdoor access on their devices.
The Indian government then "utilized backdoors provided by RINOA" to intercept internal emails of the U.S.-China Economic and Security Review Commission, a U.S. government body with a mandate to monitor, investigate and report to Congress on 'the national security implications of the bilateral trade and economic relationship' between the U.S. and China. Manan Kakkar, an Indian blogger for ZDNet, has also picked up the story and writes that it may be the fruits of an earlier hack of Symantec. If Apple is providing governments with a backdoor to iOS, can we assume that they have also done so with Mac OS X?"
Re:Awesome headline. (Score:4, Informative)
It's all just "Lawful Interception" . . . (Score:5, Informative)
Nothing new here: http://en.wikipedia.org/wiki/Lawful_interception [wikipedia.org]
You may not like that, but that's the way it is. Communications providers can be forced to provide back doors for "legal spying" by governments. All governments know this, and use other methods to protect "sensitive" communications. Any other stuff is, well, who cares?
Re:... well that's one reason open source is super (Score:4, Informative)
Unless you've personally verified every single line of code in the OS, you're not really better off.
Even if you do, you're not sure. Your compiler may be compromised. See: Reflections on trusting trust. [cmu.edu]
Re:The original dump (Score:3, Informative)
Re:... well that's one reason open source is super (Score:5, Informative)
I bought the OS. I bought the machine.
Technically, while you bought the hardware, you did not buy the OS.
With the machine, you've got the right to do whatever you please with. (Modify, lease ...) Not so with the OS you believe you purchased.
Typically with proprietary software, you only buy a license to use it as-is, and you are not even entitled to study how it works, or even look for backdoors.
IMHO, this is the major problem with proprietary software, and an outrage that such agreements have any legal stance in a free-market society.
Re:... well that's one reason open source is super (Score:4, Informative)
Nothing has to be understood, you didn't buy the software you are renting it and the license agreement says so... It also says that you have no comeback against the company providing it. If you didn't like those terms, then you shouldn't have accepted them.
Companies exist to make profit, its only logical that they would sell you (a small fry) out to a large government willing to pay a lot more money and open up a potentially huge market to them. This is what companies do, welcome to capitalism.
Re:How Not to be Seen (Score:4, Informative)
You only get thrown into federal prison for doing illegal things, in america, if your outside america you get drugs, stuck in nappies and an orange jumpsuit, abducted, flown to a foreign state know for torture, held and tortured then released in another country on the side of the road. all for having a name as come as Smith in the arab world. https://en.wikipedia.org/wiki/Khalid_El-Masri
And that was a citizen of a member of nato.
Re:How Not to be Seen (Score:5, Informative)
Hacking stuff you own is perfectly legal.
It is until the government makes it illegal. The number of federal crimes has ballooned from around 3,000 in the 1980s to an estimated 4,500 today. wsj.com [wsj.com] The Feds seem to make all kinds of things illegal today, so I wouldn't hang my hat on whether it's illegal or not. Where would one even look? Have you ever seen the United States Code? It's a nightmare. New bills that come up for a vote that amend an existing statute, for instance to add a crime to an existing statute, don't republish the whole statute, the bill shows the changes to the statute, and they show that they add a sub-paragraph here or remove a word there. It's really very difficult to figure out what's going on, even for our legislators.
Re:How Not to be Seen (Score:3, Informative)
Re:Manan Kakkar could be less of an idiot (Score:4, Informative)
"I think we can safely assume any closed operating system is backdoored."
http://opensource.apple.com/ [apple.com]
A.
ok. ok. i guess you MIGHT have a Conspiracy case (Score:5, Informative)
the two situations are not exactly the same. Manning is accused of giving information about the national defense to other parties. it would be very hard to argue that apple did that. they just gave instructions to India about how to backdoor their phones.
now the more accurate analogy would not be Bradley Manning, it would be the 'Cambridge Associates' who went under Grand Jury investigation in 2011 regarding their alleged assistance to Wikileaks (and are still under investigation). They are charged with Conspiracy to Commit Espionage. 18 USC 793 g.
now, the other law i think applies here would be the Computer Fraud and Abuse Act. why? the Espionage Act only applies to 'national defense information'. but the Computer Fraud and Abuse Act has its own sort of 'mini-espionage-act' inside of it... that applies to not just national defense information, but also "foreign relations" information. This is the only reason Manning could be sued on so many counts of violating the CFAA, for example the Reyjkavic 13 memo about Icelandic Bank Fraud - thats under the CFAA.
what you have here against Apple, could, theoretically, be Conspiracy to violate the Computer Fraud and Abuse Act, section (1) I believe is the Computer Espionage section.
--
another analogy would be George Hotz + FailOverflow, who published information about how to jailbreak the playstation 3. They were sued by Sony - but that was in civil court, not in criminal court. the DOJ never went after Hotz.
Re:How Not to be Seen (Score:5, Informative)
Sounds like you need a US Code Repository, with bills published as changesets, but retaining the ability to pull a complete version of the legal framework that is actually in use.
I really wonder why this hasn't been done years ago. Some svn+wiki could be hacked easily, with the whole changelog, the name of the senators/governors who voted on it and links to law cases that applied it.
Re:How Not to be Seen (Score:5, Informative)
In this case, Apple was aiding and abetting foreign intelligence services collecting against the US. Thats illegal.
BES still secure (Score:3, Informative)
I think this apply to BlackBerry devices connected with BIS only. For BES devices (you have own mail server with blackberry software on it) it's still secure. Remember some goverments to ban BlackBerry devices - obviously it means they can not have backdoor for BES devices.
Re:Not anymore (see NDAA) (Score:5, Informative)
Obama is Dubya V2.0. The folks who thought he was liberal got pwned.
The folks who thought Dubya was conservative got pwned too. Obama wants to sell us out to big government, Dubya was sold us out to big bussiness, somebody else is just as eager to sell up out to big religion; the only thing that stays the same is we get sold out to something big.
Re:Not anymore (see NDAA) (Score:5, Informative)
So let's see, in the past three years we've gotten:
*Health care extended to millions of people who wouldn't otherwise have it
*Honesty about how much the War on Terror is costing by putting it in the budget, rather than hiding it as Bush did
*Laws stopping credit card companies from abusing their customers through short notice due date changes and excessive default rates
*Limitations on outrageous fees charged to retailers by the card companies
*A Network Neutrality law (albeit not on mobile networks, but there are good technical reasons why wireless networks can't be as unfettered as wired ones)
*An end to the stop loss program wherein soldiers were forced to stay beyond what they signed up for
*Fixes to the abortion that was No Child Left Behind (e.g. funding it, helping low scoring school instead of punishing them, etc.)
*The Ledbetter Law, pushing back against a conservative SCOTUS ruling that made it virtually impossible for women and minorities to sue over pay discrimination
*An end to torture and extraordinary rendition
*An end to DADT, and no support for DOMA (he can't end it unilaterally, but he's refusing to defend it in court)
*A new START treaty to reduce the number of nukes in the world
Had it not been for Republican filibusters, we also would have gotten:
*EFCA, helping to fight back against the corporate driven destruction of unions
*Cap & Trade, a free market solution to global warming
*Public option health care, allowing people to buy health insurance direct from the government rather than a for-profit company
*The DREAM act, allowing illegal immigrants a path to citizenship through college or military service
That's just what's coming to mind right now. I'm sure there's a bunch of small stuff I've forgotten. Now, how many of those things would be supported by the GOP? Maybe the New START treaty, but I doubt it, and certainly none of the others.
Claiming that Obama is "Dubya 2.0" makes for a nice sound bite, but it is blatantly false. This whole myopic claim that Republicans and Democrats are the same is just an excuse for the lazy who don't want to be bothered trying to make a difference in the world, and prefer to just shrug off the whole system while hoping for a magic solution that will never come.
Re:How Not to be Seen (Score:4, Informative)
Re:Not anymore (see NDAA) (Score:4, Informative)
Please, please, PLEASE stop spreading this lie. We can't run a country based on false information.
The NDAA is a military spending bill. It gets passed every year. For several years it has allowed the military to detain members of Al Qaeda, and no one had a problem with this. In the latest version, this was expanded to cover members of other terrorists organizations, but it still states that it cannot be applied to United States citizens or immigrants.
What Section 1021, subsection (e), of H.R. 1540 as enrolled [loc.gov] says is
which doesn't explicitly say it cannot be applied to US citizens etc.. The question is what "existing law or authorities" say. Senator Carl Levin quoted the Supreme Court as saying "There is no bar to this nation's holding one of its own citizens as an enemy combatant." [csmonitor.com], which comes from the O'Connor/Rehnquist/Kennedy/Breyer opinion in Hamdi v. Rumsfeld [supremecourt.gov]. On the other hand, they also say "It is a clearly established principle of the law of war that detention may last no longer than active hostilities.", but if active hostilities continue until we've defeated "those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harbored such organizations or persons" [gpo.gov], who knows when they'll cease.
Re:How Not to be Seen (Score:4, Informative)
Just one point. Violating "patent law" isn't a criminal offense
Perhaps not; its worse, it makes me suspect you are a terrorist.
And that's way better than a criminal offense... as a criminal you still have rights... as terrorist suspect... you don't.
Aha... I saw you roll your eyes at this post... and then I felt a bit queasy... so you are cleary a witch too...
Re:Obama is OK in my book. (Score:4, Informative)
We could afford it at the time. We bought an "as is" house with numerous problems because it was the cheapest one on the market in an area we wanted to be in. We figured we'd just keep working, and fixing the problems as we saved our money along.
We didn't buy a house with 0 down either. My wife and I both cashed in stock options (that we had earned and vested at .coms) and had a $50k downpayment on a $500k house. So how dare you discredit the hard work we did getting to that point.
After 2001-9/11 it wasn't just the banks screwing people over. The counties lost a ton of funding (again, went to Iraq) Everyone's property taxes got raised sky high (we're at about $7k@year)
Let's face it man, with every city in the bay area suffering a deficit, from San Jose to Vallejo (who went bankrupt) everyone, everywhere lost funding. Inflation really hit hard. Gas prices skyrocketed.
Guys like countrywide home loans really set up a lot of hardworking folks to fail. We were with countrywide in the beginning.
I'm not the only one in this boat. I am the 99%.
Re:Not anymore (see NDAA) (Score:4, Informative)
According to Wikipedia, the text of the bill allows to detain anyone "who was part of or substantially supported al-Qaeda, the Taliban, or associated forces that are engaged in hostilities against the United States or its coalition partners ... without trial, until the end of the hostilities". That's pretty damn broad, especially the part without trial - it essentially leaves the definition of "substantially supporting" at the discretion of the executive.
Furthermore, there was to be a specific amendment to the wording this year that would clearly spell out that the above is not ever applicable to U.S. citizens. That amendment got thrown out. The wording as it stands is ambiguous on whether it permits indefinite detaining without trial of U.S. citizens or not; what matters is that Obama administration has already explicitly stated that they believe it to be permitted, so that's how they are going to operate. That is a police state, indeed, even if it will not apply in practice to most American citizens.
You are either sadly mistaken or cynically lying, (Score:0, Informative)
and I'm discouraged that you have been modded as informative by more than one person.
here is the relevant section. please point out the clause which provides exemption for american citizens.
SEC. 1021. AFFIRMATION OF AUTHORITY OF THE ARMED FORCES OF THE UNITED STATES TO DETAIN COVERED PERSONS PURSUANT TO THE AUTHORIZATION FOR USE OF MILITARY FORCE.
(a) In General- Congress affirms that the authority of the President to use all necessary and appropriate force pursuant to the Authorization for Use of Military Force (Public Law 107-40; 50 U.S.C. 1541 note) includes the authority for the Armed Forces of the United States to detain covered persons (as defined in subsection (b)) pending disposition under the law of war.
(b) Covered Persons- A covered person under this section is any person as follows:
(1) A person who planned, authorized, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harbored those responsible for those attacks.
(2) A person who was a part of or substantially supported al-Qaeda, the Taliban, or associated forces that are engaged in hostilities against the United States or its coalition partners, including any person who has committed a belligerent act or has directly supported such hostilities in aid of such enemy forces.
(c) Disposition Under Law of War- The disposition of a person under the law of war as described in subsection (a) may include the following:
(1) Detention under the law of war without trial until the end of the hostilities authorized by the Authorization for Use of Military Force.
(2) Trial under chapter 47A of title 10, United States Code (as amended by the Military Commissions Act of 2009 (title XVIII of Public Law 111-84)).
(3) Transfer for trial by an alternative court or competent tribunal having lawful jurisdiction.
(4) Transfer to the custody or control of the person's country of origin, any other foreign country, or any other foreign entity.
(d) Construction- Nothing in this section is intended to limit or expand the authority of the President or the scope of the Authorization for Use of Military Force.
(e) Authorities- Nothing in this section shall be construed to affect existing law or authorities relating to the detention of United States citizens, lawful resident aliens of the United States, or any other persons who are captured or arrested in the United States.
(f) Requirement for Briefings of Congress- The Secretary of Defense shall regularly brief Congress regarding the application of the authority described in this section, including the organizations, entities, and individuals considered to be `covered persons' for purposes of subsection (b)(2).