Tag Archives: privacy

Lose Your iPhone…

Posted on by
Reply

…and lose your data, along with access to your financials. For instance,

thieves who stole [one man’s] iPhone 14 Pro at a bar in Chicago wanted to drain cash from his bank account and prevent him from remotely tracking down the stolen phone. They used his passcode to change [his] Apple ID password. They also enabled a hard-to-find Apple security setting known as the “recovery key.” In doing so, they placed an impenetrable lock on his account.

The thieves got his passcode by shoulder-surfing and watching him tap in his passcode before they stole his phone. And Apple can’t help him: without the recovery key, there’s nothing they can do. In addition to the money stolen, the man has lost the only copies of eight years of photos of his young daughters, which he was storing exclusively on his cell phone.

And this example:

After [a man’s] iPhone 13 Pro was stolen from a Boston bar in August, [he] said he spent hours on the phone with Apple customer support trying to regain access to over a decade of data.

Again, Apple was helpless to help without that now thief-altered recovery key.

The recovery key business is specific to Apple’s iPhones, and it’s irrelevant to my questions here. My questions apply to Android phones and other kinds of cell phones just as much.

My first question is this: when the cell phone owner was in any sort of public place—bar, office, park, etc, what was that cell phone doing anywhere but in the owner’s hot little hand or in an interior pocket? Leaving the cell phone out on a counter or a bar or a park bench, even if the owner is right there, is the same as taping a “Free for the Taking” sign on the phone.

My second question is this: convenience comes with a price, and these theft victims provide examples of the price to be paid for that convenience: the loss of those precious personal items, the loss of years of personally important data, or the loss of company or other business data and correspondence (whether text or email), the loss of the moneys in the various financial accounts to which the owner has given cell phone access, and on and on. Why are these data kept on cell phones at all? Why are they not, at the least, backed up on a separate device—a laptop, for instance, or the company’s desktop back at the office or in the home office?

There’s no excuse for the theft, but there’s no excuse, either, for the personal laziness that magnifies the outcome of the theft.

Data Protections

Posted on by
Reply

A couple of Letter writers in The Wall Street Journal‘s Letters section had concerns about a potential ban of People’s Republic of China-domiciled ByteDance’s TikTok.

I disagree with their concerns.

A TikTok ban isn’t the solution. It won’t protect our data privacy, it won’t protect children from the dangers of the internet, and it is a blatant violation of First Amendment rights.

No one is masquerading banning TikTok as the solution; that’s a strawman argument. Much more needs to be done to protect our data privacy and our children—and our intellectual and technology property—but banning TikTok is a useful step. Nor is banning it a violation of anyone’s 1st Amendment rights. No one’s speech would be barred, only a tool of the PRC would be barred.

TikTok can be an effective tool for fighting corruption within the government itself.

Not when it’s controlled by the PRC government.

…a communication tool that millions of Americans use….

Congratulations to this writer: he has successfully identified the breadth of the threat, just as TikTok’s CEO, Shou Zi Chew, (accidentally) did when he pointed out the 150 million American users of TikTok.

FISA Revamp

Posted on by
Reply

Congress may be moving to revamp the Foreign Intelligence Surveillance Act, which among other things, creates a secret Federal court that empirically allows the Federal government to spy on American citizens in the United States—one of whom was a representative of citizens of Illinois whom they had elected to Congress—without a warrant.

[Congressman Austin, R-GA] Scott said lawmakers on the committee want to address who in government can query the database, who can be targeted and who must sign off on such warrantless surveillance. He also suggested there is some support for adding lawyers to the secretive process to help defend the rights of Americans who are being surveilled without their knowledge.

The problem with those first three…suggestions…is that there already are limits on who can query, who can be targeted, and who must sign off, and each of those limits have been routinely violated by FBI and intelligence personnel. There’s no reason to believe that new limits won’t similarly be blithely ignored.

The problem with that last is even larger: the secret process still would be secret, the lawyers supposedly defending the targeted Americans’ rights would be secret, they would be appointed by the same government that has been abusing FISA surveillance powers right along, and there would be no way for us American citizens to assess the skill with which those “defense” lawyers defend, or even their level of zeal.

It’s promising that there is finally a recognition that the FISA process is flawed in some way.

However, what’s truly required is to abolish altogether the Star Chamber that is the secret FISA Court. Scott made the case for abolishment—although he didn’t intend that—when he told JtN that there was clear evidence that the law’s past safeguards have been breached by the FBI and intel agencies. Given that, there’s no reason to believe those FBI and intel agency personnel won’t “breach” any new safeguards, also.

Passcode Vulnerability

Posted on by
Reply

The subheadline of a Wall Street Journal article on cell phone security vulnerabilities presents the subject of my post.

The passcode that unlocks your phone can give thieves access to your money and data; “it’s like a treasure box”

The article then laid out the problem:

The thieves are exploiting a simple vulnerability in the software design of over one billion iPhones active globally. It centers on the passcode, the short string of numbers that grants access to a device; and passwords, generally longer alphanumeric combinations that serve as the logins for different accounts.
With only the iPhone and its passcode, an interloper can within seconds change the password associated with the iPhone owner’s Apple ID. This would lock the victim out of their account, which includes anything stored in iCloud. The thief can also often loot the phone’s financial apps since the passcode can unlock access to all the device’s stored passwords.
“Once you get into the phone, it’s like a treasure box,” said Alex Argiro, who investigated a high-profile theft ring as a New York Police Department detective before retiring last fall.

This image lays out the technique:There’s nothing magic about iPhones in this regard, though; Android cell phones are just as vulnerable to this sort of attack.

However, there are a couple of solutions to this, regardless of the type of cell phone you use. Each solution also works even better when done in concert with the other, and they rely on something old-fashioned: caution and concern for personal privacy.

One solution is to not use your cell phone to conduct any activity, not only financial, that you don’t want exposed to the public, much less to a thief. That way, if your cell phone is stolen, there’s nothing in it beyond your contact list that can be hacked. The potential cost of doing non-telephone things on your cell phone is far greater than the short-term convenience gained.

The other solution is to not store anything in the cloud. Keep your private material private by keeping it entirely within your home’s network, and ideally even more restricted: keep that information solely on your PC’s or laptop’s hard drive, or better, on an external hard drive that connects only via USB—and keep that external storage device separate from your PC/laptop.

Related, and subsidiary to all of that, don’t store passcodes or passwords on your PC/laptop, even via a passcode/word manager. In the unlikely event your laptop is stolen, or your PC is stolen via home break-in, that manager can be hacked at the thief’s leisure.

Dehumanizing Babies

Posted on by
Reply

Florida has a law (HB5, Reducing Fetal and Infant Mortality Act) banning abortions after 15 weeks of pregnancy. Florida’s Governor DeSantis (R) has characterized the law as

protect[ing] babies in the womb who have beating hearts, who can move, who can taste, who can see, and who can feel pain.

Planned Parenthood and the ACLU have sued, claiming that the ban violates the Florida Constitution. The Florida Constitution, Art I, Sect 23, grants a right of privacy to every natural person. The only part of the Florida Constitution that directly addresses abortion is Art X, Sect 22, which authorizes the State’s legislature to enact laws requiring notification of a minor’s parent or guardian prior to termination of the minor’s pregnancy.

Whitney White, a staff attorney with the ACLU’s Reproductive Freedom Project:

…we are dismayed that it has allowed this dangerous ban to remain in effect and to harm real people each and every day until this case is finally decided[.]

The State’s district-level judge, Leon County Circuit Court Judge John Cooper, siding with PP and the ACLU in issuing an injunction barring enforcement, wrote in part that (as cited by Fox News)

the Florida Constitution contains an explicit “right to privacy” that is “much broader in scope” than any privacy right under the United States Constitution. He further ruled that a 15-week cutoff for abortions is not supported by sufficient state interest.

Florida appealed the judge’s ruling and got the injunction lifted; the matter now is before the State’s Supreme Court.

It’s important to note that, both the ACLU’s and Cooper’s arguments can have legitimacy only by denying that unborn babies—especially after those 15 weeks—are not “real people,” are not natural persons. The only way in which the law’s abortion cutoff time is unsupported by sufficient State interest is by denying that unborn babies are not natural persons. After all, a core responsibility—a core duty—of the State government is to see to the safety and welfare of every “real” natural person in the State.

This is Planned Parenthood, the ACLU, and a Florida judge shamefully denying babies’ personhood, shamefully dehumanizing babies, just because they’re unborn.