For more than a year, the intense debate surrounding data access and control has raged on. After the San Bernardino massacre in December 2015, Apple and the FBI feuded about access to data on the iPhone 5C used by one of the attackers. Several other court cases touched on the subject of digital privacy throughout last year, including one we covered in our blog in December 2016 in which the Florida Court of Appeals bucked the trend of siding on behalf of protecting users by ruling that the government can force an iPhone user to release the passcode to unlock his/her phone. This week, privacy proponents have been dealt another blow.
On Friday, Feb. 4, a U.S. magistrate ruled against Google, ordering the tech giant to cooperate with FBI search warrants demanding access to user emails stored on servers outside of the United States. Given a recent ruling in favor of Microsoft in a similar case, the battle is likely far from over.
U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure.
The judge said this was because there was â€śno meaningful interferenceâ€ť with the account holderâ€™s â€śpossessory interestâ€ť in the data sought.
â€śThough the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States,â€ť Rueter wrote.
Google and others had been hoping that the Microsoft ruling would create some legal guidance for similar cases, as the laws on the books pertaining to such issues, including the Stored Communications Act of 1986, are outdated and insufficient. As abstract property in the form of data continues to be a bone of contention, intervention by Congress or the Supreme Court may be necessary to help put an end to the data access debate. In fact, Judge Susan L. Carney who presided over the Microsoft case highlighted this in her ruling:
â€śWe recognize at the same time that in many ways the [Stored Communications Act] has been left behind by technology. It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose.â€ť
In the meantime, companies are encouraged to take steps to protect the data on company-owned and BYOD devices through enterprise mobility management to help avoid unnecessary conflict that continues to surround this critical issue. Contact our team for help determining the right solution for your organization.
At Tech Orchard, weâ€™ve spoken with clients and written about the importance of taking precautionary security measures to protect mobile devices. For most users, the first step is setting a password to lock their smartphone or tablet. PINs and thumbprints are options available on devices from various manufacturers, while pattern lock is widely used as a mechanism for authentication and authorization on Android devices. Unfortunately for pattern lock users, this security method may be anything but secure.
Researchers from Lancaster University in the United Kingdom presented findings at The Network and Distributed System Security Symposium 2017Â of a study indicating that video and computer vision algorithm software can typically crack a pattern lock in fewer than five attempts. Whatâ€™s worse, it can do so without even seeing the screen itself. Tests of video-based attacks were successful in reconstructing Android lock patterns from video footage filmed using a mobile phone camera 95% of the time, and 97.5% of the time when more complex patterns were used.
Using footage of a user inputting his or her Android pattern lock, computer vision algorithm then analyzed the fingertip movements to infer a pattern. Researchers tested 120 patterns collected from 215 users and found that more complex patterns are even more vulnerable because they limit the number of working possibilities. AÂ Phys.org articleÂ detailing the research indicated that mobile video can produce accurate results from up to 2.5 meters (or just over 8 feet) away, or up to 9 meters (nearly 30 feet) away using SLR footage. Though researchers only discussed these two types of video, the application for security camera footage could indicate the potential for more serious, widespread threats in the future.
The research paper suggests that users consider covering their hands when entering their pattern lock to avoid making their fingertip patterns traceable, or to set the screen brightness to change quickly to throw off any recording.
â€śSince our threat model is common in day-to-day life, this paper calls for the community to revisit the risks of using Android pattern lock to protect sensitive information,â€ť researchers stated.
Ultimately, Android users may want to consider an alternative form of device lock, or implement two-factor authentication to better protect themselves from potential adversaries. Businesses leveraging enterprise mobility may want to keep these recommendations in mind when developing policies and procedures for employees who are using mobile devices as part of their jobs. If you need help identifying ways to keep your organizationâ€™s devices safe regardless of operating system or device type, contact our team for help.
Early this year, we all watched the legal battle between Apple and the FBI unfold about access to the iPhone 5C used in the 2015 San Bernardino massacre. The feud ended, at least temporarily, on March 28 when the FBI withdrew its case from the courts after a third-party managed to unlock the device. With no real resolution provided, additional court cases have popped up surrounding the critical issue of digital privacy, and this month, the Florida Court of Appeals ruled that the government can force an iPhone user to release the passcode to unlock his/her phone.
After thorough research performed by our mobile threat prevention (MTP) partner, Check Point, a new and alarming type of malware campaign has been identified. Known as Gooligan, this malware is used to generate ad revenue on the Android platform. Check Point noted that as of the end of November, Gooligan had breached the security of more than one million Google accounts, with an additional 13,000 devices being impacted each day.
Protecting your privacy and keeping data secure on a computer, whether running a Windows, Mac or other operating system, is more important than ever in todayâ€™s internet and cybersecurity environment.Â Many Apple users assume that the Mac OS is more secure and less prone to exposure. While partially true, the reality is no OS is totally immune from phishing attempts, man-in-the-middle attacks, malware-infected applications, or internet and email links to unsafe web pages. However, you can do more than you think to protect yourself and your Mac by taking control of some key system settings and paying attention to your computing habits.
As part of a comprehensive mobile strategy, many companies today choose to use one of a number of popular cloud-based file storage solutions, like Box, Dropbox or Google Drive. These tools provide users anytime access to the data they need from any device with an internet connection. Recently, Dropbox announced that its Dropbox Business product would be entering into a partnership with security vendor Symantec as part of a broader update to enhance its enterprise security credibility.