EFF: Apple’s iMessage most secure “mass-market” messaging, lacks complete protection from targeted surveillance

EFF-Secure-Messaging-Scoreboard-01

The Electronic Frontier Foundation (EFF) today released a report examining three dozen messaging services and ranking them based on what it deemed are seven “security best practices.” While Apple scored the best among what the EFF called “mass-market options”, it didn’t do as well when compared to all 36 messaging services included in the report. Specifically, EFF noted Apple’s iMessage and FaceTime services failed to offer “complete protection against sophisticated, targeted forms of surveillance.” Read more

Apple: We’ll ‘soon’ begin encrypting iCloud email in transit between providers

Screen Shot 2014-06-13 at 1.54.17 PM

Following the publication of an NPR article detailing the security of major email services, Apple has informed the network that it is working on an update to its iCloud Mail service that encrypts emails in transit from other providers. As of right now, iCloud emails are solely encrypted in transit from one iCloud email account to another, but an email sent from iCloud to Gmail or Yahoo (as examples) or vice versa is not currently encrypted. This is what will change:

Apple encrypts e-mail from its customers to iCloud. However, Apple is one of the few global email providers based in the U.S. that is not encrypting any of its customers’ email in transit between providers. After we published, the company told us this would soon change. This affects users of me.com and mac.com email addresses.

The enhancement will come into effect “soon,” but Apple is not more specific than that on the timeframe. While the quote above oddly does not specify icloud.com addresses, that newer Apple email domain likely falls into the same category as me.com and mac.com. The lack of end-to-end iCloud Mail encryption with Gmail, for example, is shown on Google’s data protection transparency website:

Read more

EFF marks Apple’s ‘remarkable improvement’ in protecting customer data from governments

Screen Shot 2014-05-15 at 3.26.29 PM

The Electronic Frontier Foundation (EFF) today published its annual “Who Has Your Back?” report that rates and compares how major corporations deal with government data requests. The EFF’s ranking of technology company data request transparency is notable because the organization is the “leading nonprofit organization defending civil liberties in the digital world.” The report ranks companies based on six categories: requires a warrant for content, tells users about data requests, publishes transparency reports, publishes law enforcement guidelines, fights for users’ privacy in courts, fights for users’ privacy for rights in Congress. This year, Apple received a star for each of the six categories. 

This compares to many other technology companies, including Google, Yahoo, and Facebook, that received stars across the board:

Read more

EFF clarifies (somewhat) legality of unlocking and jailbreaking in the US

EFF

With a likely new iPhone jailbreak coming this Superbowl Sunday and unlocking phones’ DMCA exemption expiring this weekend, a lot of us don’t know where they stand with regard to the law. If you are in Canada, for example, the government is moving toward passing laws that require carriers to unlock phones and cap early termination fees. Must be nice.

In the ‘Home of the Free’, things got a lot murkier with the expiration of the DMCA exemption last weekend. So, does that mean you can jailbreak? How about carrier unlocking? The Electronic Frontier Foundation says:

First, the good news. The legal shield for jailbreaking and rooting your phone remains up – it’ll protect us at least through 2015. The shield for unlocking your phone is down, but carriers probably aren’t going to start suing customers en masse, RIAA-style. And the Copyright Office’s decision, contrary to what some sensational headlines have said, doesn’t necessarily make unlocking illegal.

So, Jailbreaking is cool. At least for another few years. Enjoy your Superbowl jailbreak.

Carrier unlocking is murky, but it appears that phones bought before last weekend are fair game for unlocking. Go nuts!

But, new phones? It sounds like the risk is on the “unlockers” or the people who do the unlocking.

More likely, wireless carriers, or even federal prosecutors, will be emboldened to sue not individuals, but rather businesses that unlock and resell phones. If a court rules in favor of the carriers, penalties can be stiff – up to $2,500 per unlocked phone in a civil suit, and $500,000 or five years in prison in a criminal case where the unlocking is done for “commercial advantage.” And this could happen even for phones that are no longer under contract. So we’re really not free to do as we want with devices that we own.

What’s interesting is a cottage industry has formed around unlocking done by actually getting the carriers to unlock your phone. For instance, friend of the site, ChronicUnlocks is still in operation in the United States, and we’re hearing nothing but good things from readers who’ve bought unlocks. The site says:

Read more

Apple joins other tech firms in Digital Due Process group

As the Electronic Frontier Foundation notes, Apple (and Dropbox) have joined up with the Digital Due Process group which seeks to modernize digital surveilance laws.

In April we launched “Who Has Your Back”, a campaign calling on major Internet companies like Google, Amazon and Microsoft to stand with their users when it comes to government demands for users’ data. Today, we’re pleased to see that two of the thirteen companies highlighted in our petition, Apple and Dropbox, have agreed to one of our requests: that they stand up for user privacy in Congress by joining the Digital Due Process coalition.

Digital Due Process is a diverse coalition of privacy advocates like EFF, ACLU and the Center for Democracy & Technology and major companies like AT&T, eBay and Comcast that has come together with the shared goal of modernizing surveillance laws for the Internet age. The DDP coalition is especially focused on pressing Congress to update the woefully-outdated Electronic Communications Privacy Act or “ECPA.”

The timing of the announcement would seem to coincide nicely with Apple’s iCloud release in the coming days. Now that Apple is a Cloud vendor (OK MobileMe, .mac, eworld were all Cloud too), it would be good to hear where they stand on giving private data to law enforcement or foreign governments.
Read more

Apple makes statement on Lodsys patent claims, says developers are covered under its license

Apple has finally made a public statement on the Lodsys matter.  According to the Loop, Apple says that Lodsys has no claim to patent infringement because Apple has already purchased indemnity from Lodsys.

“Apple is undisputedly licensed to these patents and the App Makers are protected by that license,” wrote Bruce Sewell, Apple Senior Vice President and General Counsel.

While it is good to hear Apple finally come out with a statement on the matter, it doesn’t seem like the end of this case for everyone involved.  Interestingly, we’ve been hearing that Apple is offering to help protect indy developers with representation against Lodsys.

In fact, it wouldn’t surprise me if Apple and Lodsys haven’t been negotiating behind the scenes for a long time now.  Lodsys probably only went to indy developers when Apple decided it didn’t owe Lodsys any more money and negotiations broke off.

Full text of the email to Lodsys (via Macworld) below:

Read more