“Privacy is dead,” has been a mantra, for different reasons, for generations. In the cybersecurity community, it has been conventional wisdom for at least a decade. But Edward Snowden and Andrew “bunnie” Huang apparently think they can revive it a bit, at least if you own an iPhone 6.
Their goal, they say in a white paper titled, “Against the Law – Countering Lawful Abuses of Digital Surveillance,” is to create an add-on hardware component that will protect “front-line journalists” in repressive regimes where governments have demonstrated the capability to track people through their smartphones even if the devices are set to “Airplane Mode.”
Indeed, on iPhones with iOS 8.2 and later, GPS remains active in Airplane Mode.
They did not address in their paper whether that kind of privacy could also be irresistibly attractive to terrorists and other criminals.
Snowden, the famous (or infamous) former NSA contractor who leaked a trove of classified documents proving, among other things, that the U.S. government was conducting surveillance on its own citizens, is much better known to the masses than Huang. But in hacking circles, it is Huang who has both a bigger name and more credibility to deliver such a device.
So it was Snowden, now director of the Freedom of the Press Foundation and still a fugitive from U.S. justice living in Russia, who presented the political rationale for their proposal on livestream video last month to the "Forbidden Research" conference at the Massachusetts Institute of Technology’s Media Lab – an “invitation only” event, although archived video is available.
And it was Huang, in person, who presented the technical elements of the prototype they hope to build within the next year.
It would not surprise anyone to hear that Snowden believes that just because something is legal doesn’t make it right or moral. He noted in his talk that everything from slavery to segregation, discrimination, torture, indefinite detention and extra-judicial killings have been conducted, “under frameworks that said they were lawful as long as you abide by the regulations.”
He said the same is true of, “lawful abuse of digital surveillance,” which he said is now turning the tools of journalists’ trade against them. He said that since January 2005, “more than 1,070 journalists or media workers have been killed or gone missing.” The bulk of those deaths, he said, were not war-zone combat casualties but outright murder.
One of the more recent was Marie Colvin, a reporter for the Sunday Times in Britain, who was killed in Syria in 2012 by government artillery fire on the apartment building being used as a makeshift media center in the city of Homs.
She had reported just hours earlier that government claims that they were not shelling civilian targets were false. Her family filed a wrongful death lawsuit against the Syrian government last month.
According to Snowden, “Her family has evidence that the radio frequency (RF) communications she used to file her reports were intercepted by the Syrian army. They used direction-finding capabilities to track and locate this illegal, unlawful media center” – unlawful because of a government news blackout.
Another much more recent example of the risk is Nour Al-Ameer, a former vice president of the Syrian National Council and now a refugee activist, who received what looked like a legitimate email with a PowerPoint attachment purporting to contain details of “Assad Crimes.”
She didn’t open it, and turned it over to Citizen Lab, which determined it contained spyware with a remote access Trojan called “Droidjack” that would allow a remote attacker to control her mobile device – to turn on the microphone and camera, remove files, read encrypted messages, and send spoofed instant messages and emails. Obviously, if her phone had been compromised, she and her family would have been in mortal danger.
So the goal of the hardware Snowden and Huang hope to develop, he said, would let the smartphone’s owner know if the device, “starts breaking the rules” and broadcasting any kind of locational information through RF.
As Huang put it, “the question is, can you trust the gatekeeper – can you trust the UI (user interface)?”
This will not be a simple add on, however. It is complicated enough that the two decided to build it for just a single phone – the iPhone 6 – since that model is, “what we understand to be the current preferences and tastes of reporters,” although Huang said in his presentation that once the module is a reality, “it should be extendable to other makes and models of phones.
As he explained and the paper illustrates, the installation of what they are calling an “introspection engine” will require a skilled technician to open the device and go through the SIM card port to attach sensors at multiple points, to monitor anything that might emit RFs – the cellular modem, WiFi, Bluetooth and GPS. Their plan is to disable entirely near-field communication (NFC), which is used for Apple Pay, since they don’t think front-line journalists will be doing that kind of shopping.
The two say they plan for the module to be open-source (“You don’t have to trust us.”), user-inspectable, field verifiable and to operate independently of the phone’s operating system or CPU, which could be compromised. Huang added that they want the module to be essentially invisible to the operating system and not to have a signature that could be detected, since governments would then be likely to target those using it.
The stakes are high – very high – Snowden said, because, “one good journalist, in the right place at the right time, can change history,” including possibly changing the outcome of an election or of a war. “That makes them a target,” he said.
But, of course, every tool for the good guys could be attractive to bad guys as well. If terrorists or other criminals got access to such a module, they could “go dark” more effectively as well.
The Department of Homeland Security had nothing to say on the matter. Spokeswoman Marsha Catron said, “we wouldn’t comment on pending matters.”
But privacy experts note that any technology can be used for good or bad purposes. “It is dangerous to impugn the ethics of a project like this,” said Dan Cornell, CTO and principal at the Denim Group. “Pretty much any useful technology will have applications that are both ‘good’ and ‘evil.’ Google Maps provides tremendous benefits but could also be used by terrorists to help plan attacks.”
Parker Higgins, director of copyright activism at the Electronic Frontier Foundation (EFF), has a similar view. “It's possible for bad actors to use infrastructure, but that doesn't stop us from building it,” he said.
Higgins added that he doubts that a module like this would be widely used by criminals or terrorists. While the perception may be that they are highly sophisticated, he said, “in practice, those groups tend not to be very advanced in their communications technology.”
Still the effort by Snowden and Huang to monitor a phone’s RF emissions raises the question of why the makers of the phones don’t deliver what they essentially promise – that if the phone is in Airplane Mode, it is not broadcasting location data.
Cornell said putting public pressure on phone manufacturers to give users more control over whether their device is communicating, “is a more interesting approach.” He likened it to how relatively easy it is to block the camera on a laptop with a piece of tape, but not so easy to block the microphone from being turned on without the user’s knowledge.
“A better approach for laptops would be to have a hardware ‘off’ switch’ for privacy impacting sensors like the microphone and camera that would physically break the connection and make it impossible for the sensor to operate,” he said.
“If this approach were applied to smartphones, then the various antennas on the phones could have similar physical controls made available.”
He added that if such controls were built in, it would be more likely to work than, “some sort of aftermarket-modified phone with a voided warranty.”
Cornell said it is also important for users to recognize that the proposed module, even if it works as intended, “doesn’t provide protection. It provides awareness.”