Slashdot Mirror
Apple Is Building An Online Portal For Police To Make Data Requests (cnet.com)
In a letter last Tuesday to Rhode Island Sen. Sheldon Whitehouse, Apple said it is working on an online portal for law enforcement officials to submit and track requests for data and obtain responses from the company. Apple also said it's "creating a dedicated team to help train law enforcement officials around the world in digital forensics," reports CNET. From the report: The letter, seen by CNET, addresses recommendations made in a report issued earlier this year by the Center for Strategic and International Studies (CSIS) regarding cybersecurity and the "digital evidence needs" of law enforcement agencies. Apple said in the letter that it's eager to adopt the report's recommendations, including making upgrades to its law enforcement training program. This includes developing an online training module for police that mirrors Apple's current in-person training, according to the letter and to details on the company's website.
"This will assist Apple in training a larger number of law enforcement agencies and officers globally, and ensure that our company's information and guidance can be updated to reflect the rapidly changing data landscape," the site says. Apple also reiterated in the letter that it's "committed to protecting the security and privacy of our users" and that company initiatives and "the work we do to assist investigations uphold this fundamental commitment."
"This will assist Apple in training a larger number of law enforcement agencies and officers globally, and ensure that our company's information and guidance can be updated to reflect the rapidly changing data landscape," the site says. Apple also reiterated in the letter that it's "committed to protecting the security and privacy of our users" and that company initiatives and "the work we do to assist investigations uphold this fundamental commitment."
I mean, seriously, have we not learned anything about the government's, or any government's ability to abuse their power?
"Eve of Destruction", it's not just for old hippies anymore...
Most other SNPs have web portals for LE requests, this is to streamline it for Apple and for LE. The web portal doesn't give the requester the information, so no fear there, it serves a different purpose. In order to get the user data, judicial authorization still has to be provided and once they have that, it will be forwarded to the requesting Agency / Officer.
The potential to abuse X is persistent - it always exists. The risks to protect the public and aid LE with investigations outweighs any privacy concern... ultimately, it's pretty simple - if you didn't do anything, LE won't bother with your data as they have enough on the go with actual investigations. If you did do something and they have judicial authorization, then they should get to your data.
Why scare people? Because it has happened before. Cops looking up details of celebrities because they are bored, or details on their ex' new boyfriend to see if there's anything that can ruin that relationship, or in case of bent cops: details on cases having to do with their criminal friends. Some of these cops have been caught because there was good (fine grained) authorisation mechanism in place, a detailed audit trail, and alerts on suspicious activities. But a lot of these systems don't have any of that. So: we scare people so they demand that sufficient security and monitoring is put in place.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
"How they did it before? They have no idea how to work with the police?"
It's just a small script returning a line saying:
'Sorry, the data you want is encrypted and we don't have the password.'
It replaces 200 telephone operators reading that line from a monitor.
By default your phone backs up to iCloud. This is encrypted while "in-flight" but not encrypted on Apple's servers. All your text messages, voice mails, and phone records are included in this "backup." It's all available to the police immediately via a simple request. All searches you make in Apple Maps and all directions you take are also available from Apple.
Apple's "privacy stance" is all a joke. They claim that the phone is super-secure - and then use its always-on connectivity to ensure that it doesn't matter and everything is recorded in real-time anyway.
Try turning on airplane mode for a bit and then turn it off and watch as it generates a burst of network activity as it resyncs the Apple servers with what you've been doing while disconnected. It's pretty blatant.
The ownership and transfers of ownership of the phone, itself, would exist in Apple's customer records. So would customer information in their iTunes store, such as the date of purchases. That is not the same thing as copies of the data _on_ an Apple manufactured device, such as an iPhone. But along with Apple's customer tracking data, it's potentially quite useful for reporting customer location during the time of a crime under investigation.
That link "the company's website" is nothing more than an affiliate link: "https://www.apple.com/ ?afid=p231%7Ccamref%3A1011l7vU&cid=AOS-US-AFF-PHG"
Slashdot editors are getting dirtier every day.
I'm not a complete idiot... Some parts are missing.
Sherriff Joe wasn't crooked by my standards. Quite the opposite, he stood up for what he believed and felt was right in the face of legislation and lots of political pressure. Now I don't agree with his politics at all but I do admire his willingness to buck the system and make a stand even at the cost of his job and possible jail time for contempt. If only there were politicians with the same degree of integrity, what ever their political beliefs were the US would be a better place.
errr....umm...*whooosh* *whoosh* Is this thing on ?
I would like to suggest a system for Apple to implement. It would consist of a series of standardized steps to ensure police forces get all the help they deserve as they try to turn enterprises built and paid for by others to their own ends.
Completion of each stage of the process would initiate the start of the next, ensuring a seamless, orderly progression which would service the police most efficiently. These steps in the system I'm proposing, in order, would start with " B egin ", when the basic contact information from the requesting police officer is accepted, recorded and verified. Next would be " L earn ", which would include an extremely lengthy, comprehensive questionnaire allowing the officer to define the force's needs and expectations. When this questionnaire has been successfully completed, reviewed and verified, the next step, " O ffer " would be initiated. This is when the company would tell the police force what it was able to do to accommodate its needs. Then would come " W ork ", when the actual process of informing customers that the police needed some of their private information would commence, and the company would assemble all the data the thankful citizens provided.
After a pause to ensure all relevant information had been provided, the next phase, " M anage " would commence. This would consist of another lengthy questionnaire to be filled out by the police, when they would let the company know whether their needs had been met. If not, at this point an actual live interaction between a company official and a police representative might have to occur. Police expectations could be managed and redefined to ensure that they are reasonable and achievable within a democratic context. Finally there would be " E xit ", when the police force representative would fill out another questionnaire that would allow the company to judge its effectiveness at meeting the needs of the government's information-gathering initiatives.
For efficiency, and to let various security agencies know what they should expect, the first initial of each step of my process would form the acronym introducing the portal.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
1) Several years ago I worked at a company that did hosting for the police. Think Windows NT. They frequently asked to do a reset of our servers. To do this, they send a fax. One day the fax was not readable, so I called for verification.
The person that had signed the fax was not working at that department for a few years. So I asked them from then on they need to have the fax signed AND dated by the person sending the fax, otherwise it would be seen as fraude and falsification of forms. So yeah, I treatend the police.
2) A different department always tried to get data from us about customers without a warrent. Well, fuck you. No warrent, no info.
If they are doing this automatic, you can bet that the logins will be floating around and that they WILL find a way to get data. It also means that others will be able to get that data.
So to make this possible, the judge needs to make the warrent somehow available for Apple over a secure connection. Technically this could be done. I see this done for financial information in Belgium all the time. No issues.
However this should NOT be done for Apple or any company. This should be done for every company and accessible to every company that wants it AND it should be free or cheap with the absolutely needed chacks in place that no company can read the one from others.
Also that no other police department will have access to the data.
It would also mean that this is a nation wide system. That means that all judges and policedepartments and companies need to be connected to the same system.
Technically I see no issues. Bit of SSL and XML and you are done. To make it, I would forsee a failed system after 10 years of building and a few rich consultants.
And even then it will encourage rubberstamping and it will not be secure due to the fact that 90% of hacking is social enineering.
Don't fight for your country, if your country does not fight for you.
He violated the rights of inmates who were already in prison, leaving them in tents with temperatures up to 145F, feeding them only twice a day, fed them discarded food that couldn't be sold,
He closed 75% of sex crimes without proper investigation. The rapes of 13 and 14 year old girls were closed because the suspects didn't want to be questioned.
Another 13 year old who was repeatedly raped by her uncle had her case closed for four years after the officers lied about the rape kit results (semen was found, they told the parents it wasn't) and refused to get a blood sample that the lab asked for. After they were forced to re-open the case and get the blood sample, it was a match. The girl endured four more years of sexual assault that could have been prevented and the county settled that lawsuit for $3.5 million.
When given $600k to add more detectives to investigate child abuse, none were added and they couldn't explain where the money went.
He targeted political opponents and journalists repeatedly, filing false charges against them that were all either rejected by judges or dropped before the judges could reject them. This cost the county millions more in settlements.
He was found to have violated election law, but got away with just a $150k fine which his campaign paid.
He misspent over $100 million in a 5 year period, redirecting funds intended for detention facilities to pay for things like fishing trips and trips to Disneyland, stays at luxury hotels, a staff party at a local amusement park, etc.
And there are many, many more examples of Sherrif Joe being an absolute piece of shit.
And somehow that doesn't make him crooked by your standards? What does he have to do to seem croocked? Fuck a dead baby and eat its heart in front of you?