The Justice Department and Apple have been locked in a bitter fight for years over the company’s encryption system, which allows consumers to prevent anyone —including law enforcement—from opening their devices without permission. That’s why a security story this week should be getting more attention than it has.
Titled “Yup: The Government Is Secretly Hiding Its Crypto Battles In The Secret FISA Court,” the story appeared on the well-regarded security blog EmptyWheel, and suggests the Justice Department is using a legal backdoor to force open software backdoors at companies like Apple.
The details are complex and require some familiarity with the FISC, a closed court that oversees top secret intelligence operations, and with Section 702, an amendment to the Patriot Act that permits certain forms of warrantless surveillance. But the gist of the story is this: The Justice Department may be relying on an annual approval process at the FISC to compel “technical assistance” from Apple and others, and this assistance may include the breaking of encryption.
The EmptyWheel speculation is based on a Section 702 amendment, proposed by Sen. Ron Wyden (D-OR), a noted privacy hawk. The amendment appears intended to check the government’s use of “technical assistance” as an end-run around due process:
Wyden’s bill makes it clear he’s concerned that the government would (or is) making technical demands without even telling the FISC it is doing so. His bill would explicitly require review of any technical demands by the court […]
I suggested the most likely use of such a “technical assistance” demand would be requiring a company (cough, Apple) to back door its encryption.
This is significant because Apple threw down with the FBI last year in a highly-publicized court case about an encrypted iPhone belonging to a dead terrorist. That case fizzled out after the FBI found another way to break into the phone, but the issue has bubbled up again over an iPhone owned by the Texas church shooter—the second iPhone has newer software the agency reportedly can’t crack.
The upshot is that, even as the FBI battles with Apple in public over iPhone encyprtion, other agencies like the NSA may be forcing Apple to break its encryption in secret through Section 702 orders. Even though Section 702 orders are notionally aimed at foreigners, there are numerous loopholes that can sweep in Americans.
The over-arching issue raised by EmptyWheel is not whether citizens should have the right to deploy unbreakable encryption (there are good arguments on each side), but instead that the government may be settling the debate in secret. The issue of encryption is too important to be stuffed into secret court proceedings. Let’s hope the Justice Department finds a way to debate this in the open.
Jeff John Roberts
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Creepy cameras still on: In 2014, the government chewed out the manufacturers of widely-used security cameras for offering easy access to attackers. Three years later, and the cameras are still filming, allowing anyone who obtains a camera’s IP address to gain remote access.
Spies in your dashboard: The “infotainment” systems being built into today’s cars represent a new attack surface for hackers. Researchers showed how a phone’s “call histories, contacts, text messages, email messages … that had been synchronized with the car, were being stored persistently.”
Forever hacked: Fast fashion retailer Forever 21 joins the long list of retailers to suffer a credit card breach. Initial accounts suggest the attacks took place from March to October, and that the hackers exploited unencrypted point-of-sale terminals.
Deeper down the Kaspersky rabbit-hole: The U.S. government and BestBuy, concerned over Kasperksy’s coziness with the Kremlin, are stripping its anti-virus software as fast as they can. This week, Kaspersky pushed back with a report to refute allegations it passed around NSA software.
Fooling the iPhone X…or not: A Vietnamese security firm made a mask that appears to trick Apple’s vaunted Face ID system. But the firm is being cagey about how they did it, so it’s hard to know what it means. As Ars Technica wrote, this “may be significant, it may be little more than a stunt with few real-world consequences, or it could possibly be something in the middle.”
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
“We’re seeing early indications of it now,” [Huang] adds. “Generative adversarial networks, or GAN. I think over the next several years we’re going to see a lot of neural networks that develop neural networks. For the next couple of decades, the greatest contribution of A.I. is writing software that humans simply can’t write. Solving the unsolvable problems.”
—Fortune’s CEO of the Year, Nvidia’s Jensen Huang, waxes on the future of computing and AI.
Google’s Job Search Tool Now Lets You See Salary Information by Jonathan Vanian
Not Even Pokemon Costumes Can Fool Amazon’s Cashier-Less Stores by Don Reisinger
Boston Dynamics Humanoid Robots Can Now Do Backflips by Tara John
Avoid These 4 Hackable Children’s Toys, Consumer Groups Says by Hallie Detrick
ONE MORE THING
Robert last week raised the problem of traumatic kids videos all over YouTube. The good news is the company has started to respond: YouTube is banning channels like “Toy Freaks” where parents pulled pranks on kids that many people saw as child abuse.