Apple will now alert you when the NSA wants your data.

spying-privacy-peeping-tom-peeping-through-keyhole
The data-hungry tentacles of the NSA have managed to choke America’s top tech firms into silent submission on data requests, but after months of demanding more transparency, Apple is ready to defy authorities and let you know when the NSA wants your data.

Prosecutors warn that such a move will undermine investigations by tipping off criminals and allowing them to destroy sensitive data, but according to the Washington Post, Apple and others have already changed their policies.

“Later this month, Apple will update its policies so that in most cases when law enforcement requests personal information about a customer, the customer will receive a notification from Apple,” company spokeswoman Kristin Huguet said.

Facebook, Google and Microsoft are also in the process of updating their policies to let users know in advance when their data has been swept into an investigation, giving users the option to fight disclosures in court.

Alerts to data requests won’t affect those approved by the secret Foreign Intelligence Surveillance Court which are automatically sealed by law, or subpoenas from the FBI that carry binding gag orders.

Apple and others say the new policies come with some exceptions, like if a potential victim is in imminent danger, especially if a child’s safety is vulnerable, but they argue the exceptions should be decided by a judge, rather than a company lawyer or investigator.

Source: Cult of Mac.

UGH! Even When You’re Offline, The NSA Can Access Your Computer!

It’s been said that the only way to keep your computer safe is to keep it offline. But, a New York Times report says that won’t keep you safe from the prying eyes of our friends at the NSA.

NSA_Offline_access

Citing leaked documents, the paper claims that the NSA has developed “a secret technology” which taps into radio waves to access computers and hardware, even those that are offline.

The ploy requires a radio-transmitting device – say a USB or other type of peripheral – to be connected to the computer. This could be done by an agent, the manufacturer, or even the user themselves. Such devices could be disguised as a standard USB cable, flash drive, or other common peripheral.

The gleaned information can then be sent to a briefcase-sized relay station that can be set up miles away from the target.

While there is no evidence the technology has been used inside the United States, it is another worrisome development for those concerned with keeping their hardware safe from the prying eyes of spies, both “friend” and foe.

Source: MacTrast.

NSA Spyware Allegedly Gives Backdoor Access to iPhones.

woman-talking-on-iphone-reuters-635

The U.S. National Security Agency has spyware designed to grant backdoor access to the iPhone specifically, according to leaked documents shared by high-profile security researcher Jacob Appelbaum and German publication Der Spiegel.

While speaking at the Chaos Communication Congress in Germany, Appelbaum shared his knowledge of “DROPOUTJEEP,” a top-secret NSA program that can intercept an iPhone’s SMS messages, contacts, location, camera, and microphone.

Appelbaum, who has close ties to Wikileaks and NSA whistleblower Edward Snowden, prefaced his presentation at the conference by saying that his findings are ”wrist-slitting depressing.” A 50-page catalog from the NSA reveals the organization’s backdoor tools for a host of companies, including well-known names like Cisco and Dell.

The iPhone’s backdoor is explained in a leaked NSA document:

“DROPOUT JEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.”

S3222_DROPOUTJEEP

What is perhaps more alarming than the hack itself is the NSA’s claim that it will always succeed with installing the spyware on any iPhone. Physical access is needed now to install the spyware, but a version that can be remotely installed is in the works. It has been reported that the NSA has covertly intercepted hardware shipments before they arrive to their destinations in order to implant spyware.

“Do you think Apple helped them build that?”

“Do you think Apple helped them build that?” asked Appelbaum during his talk. “I don’t know. I hope Apple will clarify that… Here’s a problem: I don’t really believe that Apple didn’t help them. I can’t really prove it, but they [the NSA] literally claim that anytime they target an iOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write shitty software.”

To be clear, this news doesn’t mean that Apple has indeed worked with the NSA on a backdoor for the iPhone like Appelbaum implies. But the NSA is confident it has a foolproof backdoor that gives a scary amount of access to someone’s iPhone.

After The Washington Post exposed the NSA’s PRISM program, Apple joined a group of other tech companies seeking for the NSA to be more transparent about its surveillance tactics. Tim Cook recently a joined a number of other executives to discuss the issue with President Obama.

You can watch Appelbaum’s full talk below, but the iPhone-related stuff doesn’t come up until about 44 minutes in:

We’ve reached out to Apple for comment on its knowledge of DROPOUTJEEP and will update this article if we get a reply.

Apple: No, we can’t read your iMessages.

The QuarksLab research explains how since Apple controls the encryption keys for iMessage, it could theoretically perform a “man-in-the-middle attack” and read or alter the communications between two people, either for nefarious purposes or for the government.

Apple spokesperson Trudy Miller sent a statement to AllThingsD about the research, saying “iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”

AllThingsD’s John Paczkowski sums up his story about Apple’s declaration with a good comment about the state of surveillance these days, saying “perhaps in today’s world iMessage’s encryption is only as good as your trust in Apple.” With other companies being asked by the NSA to enable methods of intercepting messages, one security researcher told AllThingsD that “it would be naive to think that Apple wasn’t at least approached by the government at some point.”

The Full Letter Apple, Google, And Others Sent To U.S. Government Over NSA Transparency.

It's about time.

In response to the public’s outcry that tech companies are working with the NSA to pilfer personal info on targets of interest, Apple, Google, Microsoft, Facebook, Twitter and others announced an alliance with civil liberties groups today demanding for more transparency by the U.S. government concerning wiretapping.

The coalition sent a letter today to President Obama and other leaders in Congress, urging for greater transparency around national security-related requests. Portions of the letter were published last night,

Source: Cult of Mac.

How Microsoft Willingly Helped the NSA Spy on Private Skype Conversations, SkyDrive, and Outlook Accounts.

Skype has long ben a popular way to hold an audio or video chat with one (or several) people, and has typically thought to be far more secure from snooping than other forms of communication – until now, at least. According to a report from The Guardian, based on new documents provided by NSA whistle-blower (and American hero, IMO) Edward Snowden, it appears that Microsoft “worked closely” with the NSA, willing allowing them to tap into private Skype conversations, as well as Outlook.com web chats, and a private SkyDrive cloud storage accounts.

Skype logo

Access was granted for audio, video, and text chat that took place through Skype, and Microsoft was apparently all-too-eager to fork over the keys to their customers’ private data.

From the report:

Microsoft has collaborated closely with US intelligence services to allow users’ communications to be intercepted, including helping the National Security Agency to circumvent the company’s own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email onOutlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in Outlook.com that allows users to create email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSAboasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI andCIA, with one NSA document describing the program as a “team sport”.

Microsoft has responded to issuing an official statement on the matter – without actually denying their involvement: 

We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues.

First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.  Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid.  Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate. To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product.

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely.  That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.

While Microsoft allegedly provided the information only when it was “ordered by a court,” the fact is that they didn’t put up any traces of resistance – as they probably should have (and as many other companies have). What a shame. Big Brother is listening to your Skype calls now – and there’s apparently not a damn thing you can do about it.

Source:  MacTrast.

PRISM got you worried? Seecrypt app promises secure calls and texts.

Want to hide your data from the prying eyes of the US government and its information-gathering program PRISM? A team of South African developers may have an encrypted-communications solution for iOS that’ll let you call and text in complete privacy.

As noticed by the Daily Caller, the Seecrypt group recently updated the Seecrypt app which lets you “make and receive unlimited, secure voice calls and text messages between Seecrypt Mobile-enabled devices, anywhere in the world.” It works over any carrier’s data network and uses end-to-end, military-grade encryption to protect all your VoIP calls and text messages. Because all the calls and texts are transmitted as an encrypted data stream, any snooping programs will only know that you sent some data and cannot detect when or how long you made a call or exchanged messages.

The service is available for US$3 per month and comes with a free three-month account trial. The Seecrypt app is available for free from the iOS App Store. It’s also available for Android.

Source: TUAW.