Against the Law: Countering Lawful Abuses of Digital Surveillance

Discussions

Authors
Labels
Sort
Editorial decision for TJOE
Devin Berg
Dr. Huang and Mr. Snowden, After a review of your revised document submitted in response to the reviewers comments, we have decided to accept your article for publication in the Journal of Open Engineering. Thank you for your contribution to open engineering! Devin Berg Editor, TJOE
non-technical review
Matthew Jones
I was invited to review this important, timely, and sound article from a non-technical standpoint by TJOE. My comments focus on making more explicit the urgent current need for such a case and other technical solutions for end users, and not just in conflict areas or in illiberal states. TECHNICAL SOUNDNESS 1) The authors might want to underscore more explicitly at the beginning something they know very well: that targeting journalists with their phones is no mere theoretical possibility, but a rapidly expanding practice aided and abetted by offensive security corporations, such as Hacking Team, for governments in many shades of authoritarianism (here worth citing some of the fantastic work of Citizen Lab, such as https://citizenlab.org/2015/03/hacking-team-reloaded-us-based-ethiopian-journalists-targeted-spyware/ and the rest of their important reports; ( readers of TJOE would appreciate in particular the more technical forensic reports there). And as I needn’t tell the authors, it’s worth perhaps stressing explicitly this isn't simply a problem with so-called authoritarian countries: the targeting of journalists within liberal democracies appears, likewise, a growing concern, as the roiling controversy about Canada’s CSIS (from yesterday: https://www.thestar.com/news/canada/2016/12/14/csis-breaches-promise-to-report-on-past-media-surveillance.html). I know E.S. has spoken often about this, but worth including explicitly. 2) US probably led the way with the declaration that dialing information has no reasonable expectation of privacy in Smith v. Maryland, and the subsequent application of this precedent to metadata writ large (for the longer story of phone interception, might cite Landau and Diffie’s great book). But if US protections around metadata rather weak, they are considerably weaker in Five Eyes partners, notably the UK RIPA’s shockingly cavalier treatment of “communications data” and the Australian “telecommunications data,” all available with little legal friction to a broad range of domestic agencies, not just spooks and cops, e.g. at http://www.zdnet.com/article/61-agencies-after-warrantless-access-to-australian-telecommunications-metadata/ and in the text of RIPA itself. In other words, all sorts of quotidian domestic journalism and activism potentially affected now, in liberal democracies and illiberal polities alike: not just national security, but everyday domestic stories may be implicated. 3) Most importantly: I’d encourage the authors to outline briefly but a bit more thoroughly the diverse sorts of dangers posed by telephony metadata, better to explain the risk model focused on here: 1/ bulk collection generally, 2/ pattern of life analysis, and 3/ tracking of individual phones. This project, of course, cannot solve the larger problem of metadata associated with a particular sim or phone being accumulated and analyzed over time. But it would be extremely useful for 2/ and 3/. (A good citation for 2/ might be https://snowdenarchive.cjfe.org/greenstone/collect/snowden1/index/assoc/HASH01fd/9744a8b9.dir/doc.pdf ) CLARITY The article is quite clear. COMPLETENESS -The text does not cover anything about the updating process for the case and the attack surface this may provide; given that government seizure of phones at border crossings of US and others seems on the uptick, any sense of how to guarantee the integrity of the case’s software and hardware if seized even for a few minutes? -While the ability to switch sims would very convenient, perhaps the display should remind the user than changing sims doesn’t alter the IMEI—a point most security aware users should know, but may forget. Perhaps an explicit reminder of this on the screen. -Like the other reviewer, I’d urge the authors to address “why not a simple faraday” cage more forthrightly. - Some of the points here and above would benefit from some illustration. If need the perfect graphic for the article, two NSA slides perfect: “who knew in 1984…that the would be big brother” [picture of Jobs holding iPhone] (https://snowdenarchive.cjfe.org/greenstone/collect/snowden1/index/assoc/HASHc240.dir/doc.pdf ) OPENNESS AND REPRODUCIBILITY Little is said here about the software for the case’s independent cpu. Is there any envisioned auditing process to guarantee integrity of that software?
IMEI spoofing
Jeffrey Rhoades
Could IMEI spoofing be added to this device?
Vendors or skilled technicians?
Jeffrey Rhoades
Can you be more precise about what you mean by ‘phone vendors’? Would skilled enough technicians be capable of this mod, or does it need to happen at a factory level?
Discussion on Sep 20, 2016
Nathan Seidle
I was invited to review the article by TJOE:> TECHNICAL SOUNDNESSHaving low-level access to the radio control signals is a feasible method for user verification that the hardware is doing what the user expects. Bunnie and Edward's approach is very plausible.The manuscript is free of technical errors as far as I can tell. I cannot verify the assumptions about bus functions or test points but test points are common and I have faith that with appropriate documents (and I am confident I could get the tech docs in the Shenzhen repair market) I could find the test points they describe.Problem: The introspection method will only be feasible for a few years, maybe months. This method is only viable where the various radios are external to the main IC and there is a bus between GPS, BT, NFC, Cellular modems. As silicon manufacturers push costs down and integration up we will see less buses exposed, making this approach less effective. It's not many years (or months really) before a single IC does everything and no bus is exposed for 'introspection'.> CLARITYIt's very good.> COMPLETENESSIt's good. There will be many readers commenting about EMF sleeves or wrapping the phone in aluminum or tin foil. This creates a Faraday cage and completely isolates the phone from all RF reception. I think Bunnie/Ed could add to the article to address this argument before it is made. The case needs to be addressed: in what situation does a reporter need to use their phone but not any of the RF features (cellular, GPS, BT, NFC, etc)? All I can think of is maybe recording audio, like an interview. If I was a high-value target I would not have a phone on me and would rely on other technologies that don't have radios (ie, tape recorder, pen/paper, etc). The article could benefit from addressing this (maybe I missed it).> OPENNESS AND REPRODUCIBILITYI would ask Bunnie/Ed for higher res photos of their prototype to show the test point (TP) locations. This would help with credibility and confirmation. It would also open up the design (more open source/transparent).Their approach to gaining access to the TPs: Removing solder mask through abrasion is hard. Removing a SIM card holder is another level of difficulty. I could do it. 100s, maybe 1000s, of people could as well. I think TP access is feasible if someone was *really* motivated, and I think this is inline with the opening remarks about high-value targets.
Discussion on Jul 26, 2016
Josh B
Until this become feasible for everyday use, there's a company called Silent Pocket making Faraday cage cell phone sleeves. I have one, and use it every day, except for at work and home. It blocks cellular, GPS, wifi, gps, and bluetooth. I've tested it many times using 3 different cellular carriers and 8 different wifi spots with no issue to date. https://silent-pocket.com in case you're interested.
Discussion on Jul 26, 2016
M PR
The idea is genial - relatively simple and very efficient. And it can serve as a basis to implement additional features. In my thesis "Detection and countermeasures of attacks on smartphones" I described a possible solution with a so called Turbo SIM. Analyzing the communication of the SIM card can also be done with a WiFi- or NFC (Waver) Turbo SIM. That means you don’t have to connected the „battery case“ with the SIM Card slot. If people think this device looks to too obvious, it would be possible to place it inside a 2,5 HDD case for example. I am looking forward to this project - big respect!
"genial" means great!
Discussion on Jul 25, 2016
David Haahr
There will always be the "DE-BUNKERS" and "ILL-WISHERS" of the world because they did not come up with the idea first. I think That Huang and Snowden are onto something and it MUST BE PUT FORWARD, Not maybe or yea sounds good. Things like this are needed to protect you from "ALL PRYING EYES" and there are TO MANY OF THOSE EYES OUT THERE! Snowden popped the lid OFF the can...it is high time the PEOPLE OF THE WORLD take the world back and get rid of all the corrupt and inept politicians and GANG-LAND gunslinging police to say nothing of the people and gangs out to destroy us all. I say go for it, get it up and move forward with "OUR PROTECTIVE RIGHTS" as humans!
Discussion on Jul 23, 2016
John Schmidt
I get it. Having a recognizeable case (that says hey, I care about my security/anonymity) might not be very covert. I stand by the effort being put forth here. This is low level reverse engineering, expansion, etc.. all through SIM card, etc... to anyone already putting forward suggestions to the design, you should kinda STFU. Horse before the cart. First lets make this awesome idea come to life, see how it's limited by materialism and then hone it from there.
Discussion on Jul 23, 2016
OK Dokie
So it identifies when a broadcast is occurring, but doesn't actually stop it. At that point isn't it already too late for a high-risk endeavor?
Discussion on Jul 22, 2016
Jeff Flowers
Kickstarter, Indiegogo, Bitcoin, Litecoin, etc... How can we help make this a reality?
Discussion on Jul 22, 2016
Minnie Mouse, Mak Di, and Kodabar undefined
I have long held freedom of speech dear, however, I have to say that Mr Snowden has a childlike view of the modern world. I would like this device banned because it will work against our security services' constant struggle to keep us safe from terrorists and terrorist inspired maniacs. Our security services in the UK have been doing such a fantastic job, goodness knows they need our help to fight their quiet war against those who want to murder us and our children. A little self sacrifice to this end would not go amiss.
Naive Minnie
Far from naive, it's all about balancing risks and priorities. while I feel for people who risk their lives to fight brutal and repressive regimes, I have two beautiful children. Have you seen the pictures from Nice? We all know what the security services around the world get up to, but the vast majority of us live such boring lives that they are no risk to us. IS inspired nut jobs are a far greater risk. The enemy of my enemy is my friend (this doesn't mean I agree with all that they do) and so helping our security services fight IS is worth a considerable amount of self sacrifice. Grow up and live in the real world.
1 more...
Discussion on Jul 22, 2016
Ariel undefined
It will be hardened phone at the end of the day competing with other hardened phones that try hard to provide solutions to all types of eavesdropping as well. as it requires physical hacking connections inside the phone, porting this to any phone vendor is not realistic. also, what about other threats like SS7 snd MITM attacks based...
Discussion on Jul 21, 2016
Zach H, N D, and Thomas McLeod
While a fantastically conceived idea, I doubt the engineers are naive enough to not have considered the potential for such a cloaking device to fall into the hands of those with intentions more nefarious than altruistic journalists and activists. While an intention of such high-value targets is certainly to prevent becoming the recipient of unwanted and unwarranted attacks, could the same device not also be used by those looking to play the role of the aggressor? If individuals on no fly lists are still able to gain access to weapons, wouldn't those same or even more individuals find it beneficial to improve their ability to stay "off the grid" with this device? Perhaps even while visiting areas known to provide ways and means to train and assist atrocities on a global scale. Additionally, if companies such as Apple are already being taken to federal court over a reluctance to discern something as simple as a password what would prevent the insistence that hardware be laid out in a way so as to prevent the tap points necessary for this introspection device? Wouldn't such a cat and mouse game stymie the creativity we demand from our technology companies? Having said that, I find this a brave and encouraging push toward the inherent quest for privacy - a right we all deserve.
This device just tells you when the radios on your device are in use. That is all it does. It does not "cloak" anything. If you want to communicate with anyone, the radios must be on. What this device does do is it tells you if your phone is communicating with others at times that you don't explicitly want it to, which gives you an indication of if your phone is not acting entirely under your command.
A similar argument can be made for encryption, or really any privacy enhancing technology. Just because a technology could assist "nefarious" individuals doesn't mean that the technology shouldn't be made available to all.
Discussion on Jul 21, 2016
One Interested Individual and N Mindz
While the idea of a phone case-like design for a final product is a good idea, the presence of a screen might cause it to be visible to hostile regimes. With the display located on the back of a phone, wouldn't holding a phone up vertically (in the normal, touchscreen-facing-the-user position) mean the backside of the phone is visible to all? Anyone (such as, say, an officer) may be able to spot and identify such devices during a stop and confiscate the modified device, for example. For the final product, will there any mechanisms in place to hide the screen, make the modifications look like a normal phone case, or otherwise address this sort of visibility problem? Alternatively, this may not be in scope; one could argue that if an officer is close enough to see a modified device, the journalistic effort has already been detected. Either way, I'd love to hear thoughts.
Maybe the display could be masked in a flip-cover sort of case. Or, maybe, the case could cover all of the phone's back and the top part of it be a foldable display.
Discussion on Jul 21, 2016
keith comess and David Lieder
How will the public be notified that the case/blocker is commercially available?
To hide the back, the case should wrap around the entire phone, with the entry hole (to insert the phone in the case) at the top or bottom. This would imply an elastic body with the counter-measures mixed into the elastic substance (such as a blocking metal that can be added to the liquid rubber when cooling) or the counter-measures grafted into the elastic substance. It should be generic looking with no identifying brand or mark.