Jump to content

ACLU wants to keep your phone safe from sneaky government malware


Matrix

Recommended Posts

Not everyone can stand up to demands like Apple does. The ACLU wants to change that.

security-privacy-hackers-locks-key-6778

The ACLU has concerns that the US government could start demanding tech companies create software updates laced with surveillance tools.

 

The balance between security and law enforcement is often an issue for tech companies. The American Civil Liberties Union wants to tip the scales in security's favor.

On Thursday, the ACLU released its guide to developers on how to respond to government demands when the requests require companies to compromise their own security. It happens a lot more often than you probably think.

Two years ago, Apple famously fought off FBI demands to unlock an iPhone belonging to one of the San Bernardino terrorists, which would have required that the company create backdoor access, essentially installing a vulnerability that could extend across the iPhone line.

Officials in the US, Australia and the UK have also called for tech companies to build "responsible encryption," which security experts argue would create more openings for hackers to penetrate systems.

We see this as a public safety issue.

The ACLU anticipates a new threat from government requests: potentially forcing developers to install software updates with hidden surveillance tools, whether for tracking a phone's location or bypassing encryption and passcodes.

"As the engineering becomes better, and as the encryption becomes stronger, there's still always going to be this one channel into the device, which is the software update channel," said Brett Max Kaufman, an ACLU attorney. "In some sense, that's the hole that can never be closed."

As digital evidence becomes more important in investigations, governments are ramping up requests to tech companies, asking tech giants like Apple and Google to provide data that police wouldn't be able to get otherwise.

In 2017, both Apple and Google reported their highest number of government data requests ever, with Apple receiving 8,929 demands, while Google received 32,877 orders for information. Those numbers don't include government requests to weaken security, but the ACLU worries they could in the future.

A major consequence of tainted security updates, ACLU technologist Daniel Kahn Gillmor said, would be that you'd lose trust in necessary patches.

"People will likely stop wanting to run the automatic updates because they'll feel like they're under threats," Gillmor said. "We see this as a public safety issue."

The organization said the scenario was the digital equivalent of the CIA's fake vaccination drive in Pakistan, which led to public distrust of health workers and an increase in cases of polio.

If people don't trust security updates, it could lead to vulnerabilities allowing widespread malware, like the WannaCry ransomware attack that ensnared thousands of computers in hospitals, universities and financial institutions.

The ACLU's guide breaks down what developers should do across four sections, but here's the short version: understand the issue; implement privacy-minded policies; plan responses to government orders ahead of time; and lawyer up.

source

 

 

Link to comment
Share on other sites

  • 4 weeks later...
  • Replies 4
  • Views 272
  • Created
  • Last Reply

 I don’t trust anything that comes from the ACLU. ?

Link to comment
Share on other sites

I won't trust anything coming from ACLU, especially when I my phone to be safe :lol:

 

Coming from them, I'm surprised. Why would they tell us that...

 

Maybe their latest evil plan requires them to lure teach developers on to have more Privacy ?:gavel:

 

Probably trying to make developers adopt seemingly good practices that will later prove to be flawed / easier to breach.
 

Link to comment
Share on other sites

1 hour ago, Rekkio said:

I won't trust anything coming from ACLU, especially when I my phone to be safe :lol:

 

Coming from them, I'm surprised. Why would they tell us that...

 

Maybe their latest evil plan requires them to lure teach developers on to have more Privacy ?:gavel:

 

Probably trying to make developers adopt seemingly good practices that will later prove to be flawed / easier to breach.
 

Preach it my brother. ? Well Said.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...