Connect with us

Android

Law enforcement needs to protect citizens and their data

Judhajeet Das

Published

on

Over the past several years, the law enforcement community has grown increasingly concerned about the conduct of digital investigations as technology providers enhance the security protections of their offerings—what some of my former colleagues refer to as “going dark.”

Data once readily accessible to law enforcement is now encrypted, protecting consumers’ data from hackers and criminals. However, these efforts have also had what Android’s security chief called the “unintended side effect” of also making this data inaccessible to law enforcement. Consequently, many in the law enforcement community want the ability to compel providers to allow them to bypass these protections, often citing physical and national security concerns.

I know first-hand the challenges facing law enforcement, but these concerns must be addressed in a broader security context, one that takes into consideration the privacy and security needs of industry and our citizens in addition to those raised by law enforcement.

Perhaps the best example of the law enforcement community’s preferred solution is Australia’s recently passed Assistance and Access Bill, an overly-broad law that allows Australian authorities to compel service providers, such as Google and Facebook, to re-engineer their products and bypass encryption protections to allow law enforcement to access customer data.

While the bill includes limited restrictions on law enforcement requests, the vague definitions and concentrated authorities give the Australian government sweeping powers that ultimately undermine the security and privacy of the very citizens they aim to protect. Major tech companies, such as Apple and Facebook, agree and have been working to resist the Australian legislation and a similar bill in the UK.

Image: Bryce Durbin/TechCrunch

Newly created encryption backdoors and work-arounds will become the target of criminals, hackers, and hostile nation states, offering new opportunities for data compromise and attack through the newly created tools and the flawed code that inevitably accompanies some of them. These vulnerabilities undermine providers’ efforts to secure their customers’ data, creating new and powerful vulnerabilities even as companies struggle to address existing ones.

And these vulnerabilities would not only impact private citizens, but governments as well, including services and devices used by the law enforcement and national security communities. This comes amidst government efforts to significantly increase corporate responsibility for the security of customer data through laws such as the EU’s General Data Protection Regulation. Who will consumers, or the government, blame when a government-mandated backdoor is used by hackers to compromise user data? Who will be responsible for the damage?

Companies have a fiduciary responsibility to protect their customers’ data, which not only includes personally identifiable information (PII), but their intellectual property, financial data, and national security secrets.

Worse, the vulnerabilities created under laws such as the Assistance and Access Bill would be subject almost exclusively to the decisions of law enforcement authorities, leaving companies unable to make their own decisions about the security of their products. How can we expect a company to protect customer data when their most fundamental security decisions are out of their hands?

phone encryption

Image: Bryce Durbin/TechCrunch

Thus far law enforcement has chosen to downplay, if not ignore, these concerns—focusing singularly on getting the information they need. This is understandable—a law enforcement officer should use every power available to them to solve a case, just as I did when I served as a State Trooper and as a FBI Special Agent, including when I served as Executive Assistant Director (EAD) overseeing the San Bernardino terror attack case during my final months in 2015.

Decisions regarding these types of sweeping powers should not and cannot be left solely to law enforcement. It is up to the private sector, and our government, to weigh competing security and privacy interests. Our government cannot sacrifice the ability of companies and citizens to properly secure their data and systems’ security in the name of often vague physical and national security concerns, especially when there are other ways to remedy the concerns of law enforcement.

That said, these security responsibilities cut both ways. Recent data breaches demonstrate that many companies have a long way to go to adequately protect their customers’ data. Companies cannot reasonably cry foul over the negative security impacts of proposed law enforcement data access while continuing to neglect and undermine the security of their own users’ data.

Providers and the law enforcement community should be held to robust security standards that ensure the security of our citizens and their data—we need legal restrictions on how government accesses private data and on how private companies collect and use the same data.

There may not be an easy answer to the “going dark” issue, but it is time for all of us, in government and the private sector, to understand that enhanced data security through properly implemented encryption and data use policies is in everyone’s best interest.

The “extra ordinary” access sought by law enforcement cannot exist in a vacuum—it will have far reaching and significant impacts well beyond the narrow confines of a single investigation. It is time for a serious conversation between law enforcement and the private sector to recognize that their security interests are two sides of the same coin.

Tech Passionate and Heavy Geek! Into Blogging world since 2014 and never looked back since then :) I am also a YouTube Video Producer and a Aspiring Entrepreneur. Founder, MyDroidDoes

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Android

The consumer version of BBM is shutting down on May 31

Judhajeet Das

Published

on

It might be time to move on from BBM. The consumer version of the BlackBerry Messenger will shut down on May 31. Emtek, the Indonesia-based company that partnered with BlackBerry in 2016, just announced the closure. It’s important to note, BBM will still exist and BlackBerry today revealed a plan to open its enterprise-version of BBM to general consumers.

Starting today, BBM Enterprise will be available through the Google Play Store and eventually from the Apple App Store. The service will be free for the one year and after that, $2.49 for six months of service. This version of the software, like the consumer version, still features group chats, voice and video calls, and the ability to edit and retract messages.

As explained by BlackBerry, BBMe features end-to-end encryption.

BBMe can be downloaded on any device that uses Android, iOS, Windows or MAC operating systems. The sender and recipient each have unique public/private encryption and signing keys. These keys are generated on the device by a FIPS 140-2 certified cryptographic library and are not controlled by BlackBerry. Each message uses a new symmetric key for message encryption. Additionally, TLS encryption between the device and BlackBerry’s infrastructure protects BBMe messages from eavesdropping or manipulation.

BBM is one of the oldest smartphone messaging services. Research in Motion, BlackBerry’s original name, released the messenger in 2005. It quickly became a selling point for BlackBerry devices. BBM wasn’t perfect and occasionally crashed, but it was a robust, feature-filled messaging app when most of the world was still using SMS. Eventually with the downfall of RIM and eventually BlackBerry, BBM fell behind iMessage, WhatsApp, and other independent messaging platforms. Emtek’s partnership with BlackBerry was supposed to bring the service into the current age, but some say the consumer version ended up bloated with games, channels and ads. BlackBerry’s BBMe lacks a lot of those extra features so consumers might find it a better platform for communicating.

Continue Reading

Android

Alibaba will let you find restaurants and order food with voice in a car

Judhajeet Das

Published

on

Competition in the Chinese internet has for years been about who controls your mobile apps. These days, giants are increasingly turning to offline scenarios, including what’s going on behind the dashboard in your car.

On Tuesday, Alibaba announced at the annual Shanghai Auto Show that it’s developing apps for connected cars that will let drivers find restaurants, queue up and make reservations at restaurants, order food and eventually complete a plethora of other tasks using voice, motion or touch control. Third-party developers are invited to make their in-car apps, which will run on Alibaba’s operating system AliOS.

Rather than working as standalone apps, these in-car services come in the form of “mini apps,” which are smaller than regular ones in exchange for faster access and smaller file sizes, in Alibaba’s all-in-one digital wallet Alipay . Alibaba has other so-called “super apps” in its ecosystem, such as marketplace Taobao and navigation service AutoNavi, but the payments solution clearly makes more economic sense if Alibaba wants people to spend more while sitting in a four-wheeler.

There’s no timeline for when Alibaba will officially roll out in-car mini apps, but it’s already planning for a launch, a company spokesperson told TechCrunch.

Making lite apps has been a popular strategy for China’s internet giants operating super apps that host outside apps, or “mini-apps”; that way users rarely need to leave their ecosystems. These lite apps are known to be easier and cheaper to build than a native app, although developers have to make concessions, like giving their hosts a certain level of access to user data and obeying rules as they would with Apple’s App Store. For in-car services, Alibaba says there will be “specific review criteria for safety and control” tailored to the auto industry.

alios cars alibaba

Photo source: Alibaba

Alibaba’s move is indicative of a heightened competition to control the operating system in next-gen connected cars. For those who wonder whether the e-commerce behemoth will make its own cars given it has aggressively infiltrated the physical space, like opening its own supermarket chain Hema, the company’s solution to vehicles appears to be on the software front, at least for now.

In 2017, Alibaba rebranded its operating system with a deep focus to put AliOS into car partners. To achieve this goal, Alibaba also set up a joint venture called Banma Network with state-owned automaker SAIC Motor and Dongfeng Peugeot Citroen, which is the French car company’s China venture, that would hawk and integrate AliOS-powered solutions with car clients. As of last August, 700,000 AliOS-powered SAIC vehicles had been sold.

Alibaba competitors Tencent and Baidu have also driven into the auto field, although through slightly different routes. Baidu began by betting on autonomous driving and built an Android-like developer platform for car manufacturers. While the futuristic plan is far from bearing significant commercial fruit, it has gained a strong foothold in self-driving with the most mileage driven in Beijing, a pivotal hub to test autonomous cars. Tencent’s car initiatives seem more nebulous. Like Baidu, it’s testing self-driving and like Alibaba, it’s partnered with industry veterans to make cars, but it’s unclear where the advantage lies for the social media and gaming giant in the auto space.

Continue Reading

Android

Waymo launches robotaxi app on Google Play

Judhajeet Das

Published

on

Waymo is making its ride-hailing app more widely available by putting it on the Google Play store as the self-driving car company prepares to open its service to more Phoenix residents.

The company, which spun out to become a business under Alphabet, launched a limited commercial robotaxi service called Waymo One in the Phoenix area in December. The Waymo One self-driving car service, and accompanying app, was only available to Phoenix residents who were part of its early rider program, which aimed to bring vetted regular folks into its self-driving minivans.

Technically, Waymo has had Android and iOS apps for some time. But interested riders would only gain access to the app after first applying on the company’s website. Once accepted to the early rider program, they would be sent a link to the app to download to their device.

The early rider program, which launched in April 2017, had more than 400 participants the last time Waymo shared figures. Waymo hasn’t shared information on how many people have moved over to the public service, except to say “hundreds of riders” are using it.

Now, with Waymo One launching on Google Play, the company is cracking the door a bit wider. However, there will be still be limitations to the service.

Interested customers with Android devices can download the app. Unlike a traditional ride-hailing service, like Uber or Lyft, this doesn’t mean users will get instant access. Instead, potential riders will be added to a waitlist. Once accepted, they will be able to request rides in the app.

These new customers will first be invited into Waymo’s early rider program before they’re moved to the public service. This is an important distinction, because early rider program participants have to to sign non-disclosure agreements and can’t bring guests with them. These new riders will eventually be moved to Waymo’s public service, the company said. Riders on the public service can invite guests, take photos and videos and talk about their experience.

“These two offerings are deeply connected, as learnings from our early rider program help shape the experience we ultimately provide to our public riders,” Waymo said in a blog post Tuesday.

Waymo has been creeping toward a commercial service in Phoenix since it began testing self-driving Chrysler Pacifica minivans in suburbs like Chandler in 2016.

The following year, Waymo launched its early rider program. The company also started testing empty self-driving minivans on public streets that year.

Waymo began in May 2018 to allow some early riders to hail a self-driving minivan without a human test driver behind the wheel. More recently, the company launched a public transit program in Phoenix focused on delivering people to bus stops and train and light-rail stations.

Continue Reading

Trending Now!