Homeland Security’s big encryption report wasn’t fact-checked

If you watch Marvel’s Agents of S.H.I.E.L.D., Blacklist, or any other TV show with make-believe espionage, you probably hear the term “going dark” at least once a week.

In the real world, “going dark” has become FBI shorthand for when baddies can’t be spied on, or manage to vanish into thin internet, at the fault of encryption. And it’s at the heart of an oft-virulent tug-of-war between entities such as the FBI, Apple, civil liberties groups, conspiracy theorists, and lawmakers.

This past week, everyone’s been so focused on Hillary and Trump that few noticed that the Majority Staff of the House Homeland Security Committee finally released its encryption report — with some pretty big falsehoods in it. “Going Dark, Going Forward: A Primer on the Encryption Debate” is a guide for Congress and stakeholders that makes me wonder if we have a full-blown American hiring crisis for fact-checkers.

The report relied on more than “100 meetings with … experts from the technology industry, federal, state, and local law enforcement, privacy and civil liberties, computer science and cryptology, economics, law and academia, and the Intelligence Community.” And just a little bit of creative license.

The first line of the report is based on flat-out incorrect information.

“Public engagement on encryption issues surged following the 2015 terrorist attacks in Paris and San Bernardino, particularly when it became clear that the attackers used encrypted communications to evade detection — a phenomenon known as ‘going dark.'”

In the Paris attacks, they didn’t use encrypted apps, iPhones or encryption in general; the attackers used burner phones. Worse, the terrorists were known to French authorities before the tragedy. As you may recall, after the devastating attacks, US officials rushed to the press insisting that messaging apps using end-to-end encryption be “backdoored” for surveillance access — until the facts emerged, and they were called out for using scare tactics. All of which the “Going Dark” report seems to utterly ignore.

So clearly the problem here isn’t “going dark,” but rather a different kind of failure.

Similarly in San Bernardino. Encrypted communications or apps were not used by attacker Syed Farook; access to his work iPhone was what law enforcement screwed up, by fumbling around with an iCloud password reset and locking up the phone themselves. Then authorities made up crazy fantasies to other authorities and press, suggesting there was a “dormant cyber pathogen” on the phone and later retracting the false statement with an admission of guilt.

Clearly, the problems here aren’t about encrypted communications, or “going dark.” Rather, they are about law enforcement who themselves are in the dark about preventing and investigating digital crime scenes.

The same wee problems crop up when the guide attempts to explain how encryption has failed to protect healthcare data. We’re told that “since 2009, the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule has encouraged healthcare providers to secure their data through encryption by requiring those that suffer a data breach to notify their clients within 60 days.”

And this is true: It is encouraged. Just like it’s “encouraged” that people wear a helmet on their bike, but they technically don’t have to. Still, the “Going Dark” guide goes on, saying that, “despite this move, the American health system has fallen victim to a number of high-profile data breaches.”

Except there was no American healthcare “move” to encryption, even though there damn well should be. The HIPAA rule only suggests that healthcare institutions and providers use encryption — it is not required. The big-ass breaches this “ultimate guide to going dark” refers to have been happening at places that did not encrypt systems and files. Remember the Anthem hack? The records of 80 million people were snatched, and that data wasn’t encrypted. Many said that the disaster could have been mitigated had the data been encrypted. And in February, when the Hollywood Presbyterian Medical Center was famously held hostage by ransomware, its files were encrypted by the ransomware, not before.

Maybe what the report meant to say was that if everyone “went dark” with their data, our personal, private, and very sensitive records would be safe from attackers.

The 25-page guide put in a good effort. But thanks to its inaccuracies, I doubt it will do much to unite what have become diametrically opposed camps on the messy knot of encryption, security and public trust.

Right now the FBI, lawmakers and everyone with a horse in the encryption race seem to be wielding the term like a threat, in negative fantasies where all the terrorists (and only the terrorists) are using encrypted communications to hide, or “go dark.”

One side says it’s about preventing terrorism, another says it’s about privacy, and ultimately it’s about a security protocol that doesn’t have a “halfway” setting.

Like I’ve said before, regarding encryption in computer security: You either have it completely or you don’t. On some things, the room for passive-aggressive political maneuvers is effectively zero.

Worryingly, it’s hard to tell what lawmakers actually understand about the issue, especially when they seem to think everything around the issue is an equally black-or-white matter. On one hand, a bill called the ENCRYPT Act of 2016 (Rep. Ted Lieu, D-CA), in February, firmly proposed that no authorities should be able to prohibit the use of encryption or force it to be cracked.

The exact opposite was proposed in April, brought to us by the camp that basically thinks encryption is tech’s version of giving the middle finger to law enforcement. The Feinstein-Burr Compliance with Court Orders Act of 2016 would compel encryption to be crackable on demand, user privacy and security be damned.

For a work of historical fiction, the guide is fairly entertaining. But if these writers want to keep working, next time they should workshop the ending a bit before sending it off to the printer. Spoiler: It’s a cliffhanger.

At the end, we find out that the commission recommends … another commission.

“House Homeland Security Chairman Michael McCaul (R-TX) and Senator Mark Warner (D-VA) have proposed the formation of a National Commission on Security and Technology Challenges (hereinafter, ‘Digital Security Commission’) to bring these experts together to engage one another directly and, over the course of a year, develop policy and legislative recommendations to present to Congress.”

At least we have a guide to just how lost in the thicket of encryption and “going dark” our lawmakers really are.

Engadget RSS Feed

iOS 10 preview: Apple’s software takes a big step forward

Rumor has it that Apple isn’t going to reinvent the iPhone this year, but you definitely can’t say the same about its software. iOS 10 was unveiled to the world late in the company’s Worldwide Developer Conference keynote, and for good reason — there were many, many new software features to unpack.

And now it’s time to play. Assuming you have the guts to install unfinished software, you’ll be able to grab the iOS 10 public beta soon (as long as you’re part of the Apple Beta Software Program, anyway). As a quick reminder, the preview is compatible with the iPhone 5 and newer, the iPad mini 2 and newer, and the sixth-generation iPod Touch. Before you choose your sacrificial iDevice, though, read on to get a better sense of what works in the beta, what doesn’t and how Apple’s approach to software continues to evolve.

The caveat

I’ve been using the public beta build on an iPhone 6s for two days, and so far it’s been remarkably stable. Don’t get me wrong, I’ve already encountered a handful of hiccups and bugs, but I haven’t run into any full-blown showstoppers either. Still, if you’d prefer not to troubleshoot or restart your phone, you’re better off steering clear of the Apple Beta Software Program. But that goes without saying.

Here’s what you need to keep in mind: Not all the features Apple previewed at WWDC are live yet. In fact, some of the most interesting ones aren’t. (Same goes for Apple’s macOS Sierra preview, as a matter of fact.) Most of Siri’s improvements center on linking up with third-party apps to let you send money through Square Cash, for instance, or track runs with MapMyRun just by asking. Sorry! You can’t do that today; it’ll be a few months yet before developers get their SiriKit-enabled apps ready.

Ditto for applications like Skype and WhatsApp: When updated this fall, they’ll display calls on your lock screen as though they were regular phone calls. This version of iOS 10 also doesn’t consistently transcribe your voicemails either, or get lyrics for your songs, or let you use Apple Pay on the web. The list goes on. Suffice to say the software going live today is just a taste of the software Apple plans to ship in the fall.

The look

It’ll likely be a while yet before we see a redesign as thorough as what we got with iOS 7, but hey: iOS 10 still feels like a refreshing change of pace. Apple’s typeface is thicker by default and notifications and widgets are neatly contained in bubbles, all of which goes a long way toward making things feel cleaner. Speaking of notifications, you can use 3D Touch on supported iPhones to take action without even having to jump between apps. Think: giving a Facebook message a thumbs up or archiving emails in Outlook. Alas, you can’t do any of this while the phone is locked.

Those bubbly new widgets appear when you use 3D Touch on supported apps too, and from there it takes one more touch to add it to your Today feed. They can be a little temperamental, though: Only after two days of testing did the weather widget finally decide to display the outside temperature. (The answer: too darn hot.) Naturally, Apple redesigned lots of other bits and bobs for this release. The Control Center you invoke by dragging up from the bottom of the screen has been split into two pages, one of which is reserved for music controls.

Now, back to the big, bold aesthetic Apple is pushing this year: It can be hard to avoid. Perhaps the best example of this is the radically redesigned Music app, which is… divisive, to say the least. It’s all about punchy colors and extreme legibility. I don’t mind it, but others who have seen it are not thrilled. Pro tip: You can change the font size used in the Music app from the device’s settings. This new aesthetic carries over into other redesigned apps like Health (which now also lets you opt-in for organ donation) and the Clock app (which now has a bedtime mode to keep you well-rested).

The fun

Nearly all of the neat features in the updated Messages app work just fine. You can “handwrite” notes by turning the iPhone on its side, send heartbeats with digital touch, leave “tapback” reactions on things people send you, and more. My favorite so far: using bubble effects to basically yell at other people using iOS 10. Quickly sending GIFs with the included #images iMessage app is a close second; in case you forgot, Messages is one of those Apple-made apps that will soon benefit from third-party developer support. For now, though, the only other available iMessage apps let you share your recently played music or share animated images like the ones Apple uses on its Watch.

It’s also now dead simple to share a recent photo since you have a live camera preview as soon as you tap the photo icon. One touch snaps a shot and preps it for sending, though there’s a noticeable delay in this beta build. Oh, word to the wise: If you don’t want to get caught in flagrante delicto, hold off on sending racy messages. If you send a message obscured by invisible ink to someone who doesn’t have iOS 10, the message appears normally with a follow-up that says “sent with invisible ink.” The app sometimes says the secret message hasn’t been delivered to the non-iOS 10 device, but it almost always was.

Apple has added plenty to the traditional messaging experience, and it’s all pretty fun, but it sometimes feels like a bit much. Apple is facing stiff competition from Snapchat, Facebook’s Messenger and others, but with all that’s going on here, I can’t help but think the company is just throwing stuff against a wall to see what sticks.

It’s not strictly part of the upgraded Message app, but there’s a lot of fun to be had with the keyboard as well. By default, the keyboard suggests an emoji when it detects a word that matches it. If you switch to the emoji keyboard in that case, all the words that can be emoji-fied glow orange. Tapping any of them replaces the word with the pictograph. Too bad that other keyboard tricks, like free time suggestions based on your calendar, don’t seem to work all the time yet. For now, only specific phrasing (like “I am available at…”) seems to trigger the schedule suggestion.

The helpful

You’d be forgiven for thinking Apple didn’t do much with its Photos app; at first glance, there aren’t many obvious changes. (Your albums are now laid out in a grid instead of a list, so enjoy.) The biggest difference here is that iOS doesn’t just use your photos’ metadata to organize everything; it can organize them based on what’s depicted in them too. It’s a lot like Google Photos, except all of the machine learning magic happens on the phone itself. The downside? If you have a ton of photos like I do, it takes iOS a long time to initially scan them all. Side note: Don’t be shocked if this blows through your battery.

The results are usually great. You can now search for broad categories like “cat” or “drink” or “bikes” in addition to just places, and the results have been almost completely been right on the mark. One search result for “bikes” returned a photo from Barcelona where a moped lay at the bottom of the frame, shrouded in shadows. Not bad, Apple. Your photos automatically get bunched into Memories too, like “Best of the Year” and “Last weekend.” There’s more to memories than just an array of photos; you’ll get to see where the photos were taken and who’s in them.

It’s too bad the auto-created video montages Apple (“memory movies”) have never loaded properly for me. Maybe your luck will be better than mine. On the plus side, you can edit Live Photos now, and all the changes you make apply to the still and the video that surrounds it. Live Photos still aren’t my thing, but this is still a welcome move nonetheless.

Engadget’s parent company might own MapQuest (which is apparently still a thing), but I’m all about Google Maps. My devotion has been more or less unwavering, but Apple Maps in iOS 10 just scored major points with me thanks to the improved (and enlarged) navigation interface. Seriously, it’s so much easier to read at a glance than Google Maps that I can almost see myself switching. There’s also a little weather display in the corner, and the app is better about suggesting places you might want to go to and how to get there. You’ll eventually see other apps like OpenTable hook into listings you find in Maps, but we’ll have to wait a few months before that functionality becomes available.

The overdue

There’s a lot more going on with the Music app than just a new look: The whole flow has changed. By default, you’re dropped off in the Library upon launch, where you can access all the songs you’ve saved or downloaded. Simple enough. It’s the For You section that seems to have gotten the most attention. Instead of just giving you a bunch of random playlists you might like, Apple now does a better job of explaining why its choices might be up your alley. The Connect tab is gone this time, so posts from acts you follow are in For You as well. Thankfully, they’re buried at the bottom and easy to ignore if you find them as utterly pointless as I do. Perhaps the most important interface change is that search gets a tab of its own, making it easier to find your perfect summer jam.

Like Music, Apple News also received a facelift that’s big on bright colors and big text. And again, the biggest change is the For You section, which is to say it now actually works. The Top Stories were the same between devices running iOS 9 and the iOS 10 beta, but the update brings subsections of stories that seem better tuned to your interests. In my case, those subsections included the Middle East, currency markets, startups and technology — all things I dig, and have searched for recently. Throw in notifications for breaking news and we finally have an Apple News that feels like it’s worth using.

The odds and ends

Not everything fits neatly into a box, but here are a few changes to the iOS formula that you should definitely be aware of.

  • Yes, you can remove Apple’s first-party apps, and yes, it is glorious. Technically, it’s just user data that’s deleted; the app itself remains hidden on the device, but I’ll take that symbolic victory.
  • Raise to Wake does exactly what it says, and it works remarkably well for checking the time and your notifications
  • You can swipe left from the lockscreen to launch the camera. (It takes a little getting used to.)
  • I didn’t always love how fast the TouchID sensor worked on the 6s and 6s Plus. Coincidentally, Apple now requires you to push the home button to unlock instead of just laying a finger on it. No more inadvertent unlocks (though you can revert to the old way in settings)!
  • You can access Spotlight search from just about anywhere, since the search bar now appears at the top of the drag-down notifications shade.
  • Apple’s Home app is pretty (there’s that bold aesthetic again), but I couldn’t properly test it since I didn’t have any HomeKit gear on hand. Check back for our impressions in our eventual full review.

We can’t issue a verdict on iOS 10 until it launches this fall, but Apple has taken some significant steps forward here. iOS 9 built the foundation for a lot of these features, and with iOS 10 we’re seeing Apple try to figure out how they best work together. Sometimes that means rewriting the rules, and other times that means letting other people build on top of the existing platform. How well that will all work is the big question, and we should have our answer in a few months.

Engadget RSS Feed

Samsung’s highest profit in two years comes thanks to the S7

Samsung just had a great quarter, and it’s all because people are snapping up Galaxy S7s. The Korean chaebol has revealed that it’s expecting its second quarter operating profit to reach 8.1 trillion won ($ 7 billion), thanks to its smartphone business. That might be far from the 8.84 trillion won ($ 7.6 billion) operating profit it posted in January 2013, but it’s still around 17 percent higher than last year’s. It’s also the highest in two years since it notched a profit of 8.5 trillion won ($ 7.4 billion) back in the first quarter of 2014. The company expects its revenue to be up by three percent, from 48.5 trillion won ($ 42 billion) to 50 trillion ($ 43 billion), as well.

While Samsung won’t be releasing its detailed earnings until the end of July, Reuters believes the top earner this quarter is none other than the mobile division, which also topped the last one. The news source says the division’s profit could be up 54.5 percent from the same period last year. According to Yonhap News, Samsung shipped out around 15 million S7 and S7 edge units from April to June, with the latter beating out the basic S7 despite being more expensive.

The company hasn’t revealed the total number of phones it sold from April to June yet. Susquehanna Financial Group analyst Mehdi Hosseini told The Wall Street Journal, however, that Samsung might have shipped out around 78 million units. To note, it sold 81.18 million phones in all in the first quarter, mostly because it released the S7 in late March. Clearly, Samsung’s latest flagship device got its smartphone business out of the slump it experienced last year brought about by the iPhone 6. This time around, it’s Cupertino that’s hit a bump on the road, announcing the first ever year-over-year iPhone sales decline in April.

Source: Reuters, Yonhap News, The Wall Street Journal, Samsung

Engadget RSS Feed

‘Pokémon Go’ rolls out on Android and iOS

With all the news surrounding Pokémon Go‘s beta test and wearable, you’d be forgiven for thinking the full game was already out. Until recently, it wasn’t, but that’s changing if you live in the United States and have an Android device, as spotted by 9to5 Google. Rocking a handset designed in Cupertino? Well, only iPhone owners in Australia have access at the moment so a measure of patience is in order.

The game that brings Pokémon collecting into the real world via developer Niantic Labs’ augmented reality and GPS tech has been gestating for quite a bit. The intent, Niantic CEP John Hanke told us back in June, is to make you feel like you’re venturing out into the world and capturing the pocket monsters for yourself. “You can live the story of being a Pokemon trainer,” he said. Now it’s time to discover how quickly can you catch ’em all.

Via: 9to5 Google

Source: iTunes (Australia), Google Play

Engadget RSS Feed

Android malware from Chinese ad firm infects 10 million devices

The Android malware Hummingbad has infected 10 million devices so far, but what’s most interesting is where it comes from. First discovered by the security firm Check Point in February, the researchers have tied it to Yingmob, a highly organized Chinese advertising and analytics company that looks like your typical hum-drum ad firm. Once it successfully infects and sets up a rootkit on Android devices (giving it full administrative control), Hummingbad generates as much as $ 300,000 a month through fraudulent app installs and ad clicks. As Check Point describes it, Hummingbad is an example of how malware companies can support themselves independently.

“Emboldened by this independence, Yingmob and groups like it can focus on honing their skill sets to take malware campaigns in entirely new directions, a trend Check Point researchers believe will escalate,” the researchers say. “For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly-targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder.”

On top of its Hummingbad victims, Yingmob controls around 85 million devices globally. Naturally, the company is also able to sell access to the infected devices, along with sensitive information. And while its attack is global, most victims are in China and India, with 1.6 million and 1.3 million infected users, respectively. iPhone users aren’t safe from Yingmob either — researchers have also found that the group is behind the Yispecter iOS malware.

Via: CNET

Source: Check Point (1), (2)

Engadget RSS Feed

Walmart Pay arrives in 14 more states

When Walmart talked about a wide national release of its mobile payment service before the start of July, it wasn’t kidding around. Walmart Pay has launched in 14 more states on top of a slew of rollouts earlier in the month — it’s not quite ubiquitous (we count 33 states plus Washington, DC), but it’s close. This latest deployment includes heavily populated states like California, New York and Washington, so you’re far more likely to use your Android phone or iPhone to shop at the big-box retail chain.

As a reminder, Walmart Pay isn’t strictly a competitor for tap-to-pay options like Android Pay or Apple Pay. It’s more intended to streamline the checkout process using QR codes. With that said, it’s far too soon to tell how well it works in practice. Walmart’s service has only been available for about a month and a half in any state, and there just isn’t enough data to know whether or not customers will embrace it in earnest.

Source: Enhanced Online Newa

Engadget RSS Feed

US Senate finally dumps BlackBerry

The US Senate’s Sergeant at Arms (SAA) announced earlier this week that staffers would no longer be able to request new BlackBerry OS 10 devices for official work. That includes the Q10, Z10, Z30, Passport and Classic. In their place, the SAA is offering use of the Samsung Galaxy S6 on Android or the 16GB iPhone SE.

Existing BlackBerry users won’t be left high and dry, should they decline to transition to another OS. BlackBerry support will continue for the foreseeable future and replacement devices will be available for however the SAA’s current stock of 610 mobile devices last.

This is a significant moment in BlackBerry’s history. I mean, the company used to utterly dominate the mobile device market thanks to its focus on security, email (remember, this was before messaging and social media took off) and a physical keyboard (again, this was the era before Swiftkey).
iOS and Android did manage to catch up to the BlackBerry OS within a matter of years, resulting in the company’s precipitous decline and subsequent flirtations with bankruptcy.

But the wheels of government turn slowly — especially when it comes to the adoption of new technologies. Even after the general public — and the President himself — abandoned BBOS for competing systems, BlackBerry handsets persisted on Capitol Hill for more than a decade. But not anymore.

Source: Bomble

Engadget RSS Feed

US wiretap operations encountering encryption fell in 2015

The US government has been very vocal recently about how the increase in encryption on user devices is hampering their investigations. The reality is that according to a report from the Administrative Office of U.S. Courts, law enforcement with court-ordered wiretaps encountered fewer encrypted devices in 2015 than in 2014.

In regards to encrypted devices, the reports states: “The number of state wiretaps in which encryption was encountered decreased from 22 in 2014 to seven in 2015. In all of these wiretaps, officials were unable to decipher the plain text of the messages. Six federal wiretaps were reported as being encrypted in 2015, of which four could not be decrypted.”

This is out of 2,745 state and 1,403 federal for a grand total of 4,148 wiretaps, an increase of 17 percent over 2014. So while surveillance increased, the amount of times law enforcement encountered encryption decreased.

Earlier this year the Department of Justice and FBI were locked in a court battle with Apple over an encrypted iPhone used by San Bernardino shooter Syed Rizwan Farook. The government eventually dropped the case after finding a third party to help it bypass the phone’s security.

But it started a national debate about personal devices and encryption. Tech companies want their customers to be secure while law enforcement want backdoors or keys to encrypted devices for investigations. But it looks like when it comes to wiretaps, encryption isn’t as big a problem as many would suspect.

Via: The Intercept

Source: Administrative Office of US Courts

Engadget RSS Feed

Spotify: Apple is holding up app approval to squash competition

How do you catch up with the biggest music streaming service? Well, not approving app updates is one tactic, and Spotify says Apple is doing just that. The streaming service sent a letter to Apple’s legal counsel this week claiming that the company is rejecting an update to Spotify’s iOS app and it’s “causing grave harm” to users by doing so. The letter explains that Apple won’t approve the new version because Spotify doesn’t use the company’s billing method for in-app purchases and subscription services. Apple announced an changes to app subscriptions in iTunes just before this month’s WWDC.

Like other apps, Spotify had been getting customers to foot the bill for Apple’s App Store billing fees by charging an extra $ 3 a month. It recently launched a promotion for the second time that gave new users three months of service for a dollar, if they signed up on the web. As you can imagine, that didn’t make Apple too happy, and the company reportedly threatened to pull the app entirely unless Spotify stopped pushing the deal for iPhone owners. It complied with the request, but it also nixed the iTunes billing option in the iOS version which lead to the current dispute.

Sure, Spotify users can still sign up through its website to avoid paying the extra money every month. However, charging extra to pay through iTunes puts the streaming service at a disadvantage when it comes to competing with Apple Music. Spotify still has double the paying customers as Apple, but with exclusives and things like Beats1, the iPhone maker continues to gain ground. We’ve reached out to both Apple and Spotify on the matter and we’ll update this post when and if we hear back.

Source: Recode

Engadget RSS Feed

Global internet speeds are on the rise again

Yes, South Korea still has the fastest internet in the world. But, according to content delivery network Akamai, average global speeds are up overall from late last year, jumping to 6.3 Mbps. More than that, we’re seeing increases in increases in IPv6 adoption with Belgium leading the way and the older IPv4 slowly dropping off on a global scale. And if you were wondering what mobile speeds are looking like lately, guess no more: average connections were at 27.9 Mbps in the UK and dipped to 2.2 Mbps in Algeria.

Further on that note, Android’s stock browser and Chrome Mobile make up 58 percent of smart device traffic, with Safari on iOS lagging behind at 33 percent. A likely cause of that is just how widespread Android devices are versus those running Apple’s mobile OS, especially in developing countries where the price of admission for an iPhone is so high.

Via: TechCrunch

Source: Akamai

Engadget RSS Feed