The National Security Agency (NSA) has reportedly told the White House that it no longer sees its phone-surveillance program as worth the effort it requires.

It follows a report last month claiming that the NSA had in fact abandoned the program last year …

expand full story

The NSA spying program to analyze logs of the domestic calls and texts of US citizens is reportedly no longer in use, and the legislation which made it legal may not be renewed when it expires at the end of the year.

The National Security Agency’s mass monitoring of logs of phone calls and texts relating to US citizens first began in 2006, some five years after the 9/11 attacks. The program was revealed by Edward Snowden in 2013, and was later declared illegal by a federal appeals court …

expand full story

Update: Edward Snowden has tweeted that the code names are real and would only be known by a cleared insider. The BBC has reported that some of the iOS malware allows ‘the agency to see a target’s location, activate their device’s camera and microphone, and read text communications.’

Wikileaks claims that the U.S. Central Intelligence Agency has a specialized unit within its Center for Cyber Intelligence that is devoted to developing and obtaining zero-day exploits for iOS devices. A zero-day exploit is one unknown to Apple or security researchers, so cannot specifically be protected against.

Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.

Wikileaks further claims that the CIA recently ‘lost control’ of the majority of the malware used to attack iPhones and iPads …

expand full story

Retired General Michael Hayden, former head of both the NSA and CIA, told USA Today that while he “trends toward the government” on the ‘master key‘ approach to the San Bernardino case, he thinks Apple is right that there should never be a back door to encryption. His remarks were made as Tim Cook called for the government to drop its demands that Apple help the FBI break into an iPhone.

Hayden went so far as to specifically call out FBI Director Jim Comey in his comments.

In this specific case, I’m trending toward the government, but I’ve got to tell you in general I oppose the government’s effort, personified by FBI Director Jim Comey. Jim would like a back door available to American law enforcement in all devices globally. And, frankly, I think on balance that actually harms American safety and security, even though it might make Jim’s job a bit easier in some specific circumstances.

Comey has repeatedly attacked Apple’s use of strong encryption on iPhones …

expand full story

Apple is one of ten tech giants to once again call on the US Government not to reauthorize the Patriot Act in its current form. The Act expires on 1st June unless it is renewed by Congress. Apple was joined by AOL, Dropbox, Evernote, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo.

In an open letter to President Obama, NSA Director Admiral Rogers and other prominent government figures, the companies urge Congress to end the bulk collection of communications metadata–the logs that determine how and when ordinary citizens contact each other.

The letter says that mass surveillance must end, and that a revised bill must contain mechanisms to ensure that future government surveillance is both transparent and accountable …  expand full story

Update: One of the approaches suggested – modifying Xcode to inject malware – has now been used, though we don’t at this stage know who was responsible.

The Central Intelligence Agency has conducted “a multi-year, sustained effort to break the security of Apple’s iPhones and iPads,” claims The Intercept, referencing new Snowden leaks of a document from the CIA’s internal wiki system.

A presentation on the attempts, focusing on breaking Apple’s encryption of iOS devices, was said to have been delivered at an annual CIA conference called the Jamboree.

Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

One route reportedly taken by the CIA was to create a modified version of Xcode, which would allow it to compromise apps at the point at which they are created …  expand full story

We learned earlier this week that Tim Cook would be speaking at a White House cybersecurity summit today, and it now appears he will be the only tech CEO to do so. USNews is reporting that CEOs of other top tech companies all declined President Obama’s invitation, sending lower-ranking execs in their place.

Unlike Apple’s Cook, other top executives at key Silicon Valley companies declined invitations to the summit. Facebook’s Mark Zuckerberg, Yahoo’s Marissa Mayer and Google’s Larry Page will not attend amid the ongoing concerns about government surveillance. Facebook spokesman Jay Nancarrow said Zuckerberg is unavailable to attend and that Chief Security Officer Joe Sullivan will speak during a panel at the event.

It’s believed other CEOs consider refusing to take part to be the best way to express their objections to increased government surveillance of electronic communications, while Cook takes the opposite view: that it is important to speak up in defence of user privacy …  expand full story

Apple and the government have long been engaged in a bitter war of words over encryption and security practices employed in Apple’s iOS devices, but a new Wall Street Journal report indicates that the Department of Justice is really starting to take the rhetoric to the next level.

According to the Journal, a DOJ official actually told Apple executives during a meeting last month that in the future the Cupertino company could eventually be directly responsible for the death of a child. expand full story

Bloomberg reports that groups representing Apple, Google, Facebook and other high profile tech companies are lobbying to pass a new bill that attempts to limit NSA spying of email and communications of their users. The report says the groups are “pushing the Senate to pass legislation limiting National Security Agency spying before the Republican majority takes control of the chamber.” The news comes ahead of the Senate vote on the new bill scheduled for Nov. 18 and an upcoming Republican controlled Congress taking over in January: expand full story

Just as Apple published a new letter from Tim Cook and an update on privacy and security policies, a new report points to evidence the company has recently received new government demands for user data under the Patriot Act. GigaOM reports that language previously included in Apple’s Transparency Reports noting the company had “never received an order under Section 215 of the USA Patriot Act” has since been removed. That could signal, according to the report, Apple’s involvement with controversial National Security Agency programs that demand data from companies: expand full story

The first clip of part two of Tim Cook’s interview with Charlie Rose has posted tonight with a segment on Apple and privacy. In the interview, Cook discussed the privacy of user data using Apple services as Apple has mentioned in the past.

We’re not reading your email, we’re not reading your iMessages. If the government laid a subpoena on us to get your iMessages, we can’t provide it. It’s encrypted and we don’t have the key.

Cook also discussed how Apple’s approach to Apple Pay, its new mobile payment system, emphasizing that Apple is in the business of selling iPhones, not user information like other companies. Cook commented strongly that he is “offended” by the practices of some other companies. The shot at Google, which Cook stated is his idea of Apple’s competition in the part one with Charlie Rose, was mentioned similarly during last week’s iPhone event. Cook also discussed earlier privacy issues involving “server backdoors” and Edward Snowden. You can view the new clip below…

expand full story

Last month Apple confirmed that it would soon beef up encryption for iCloud email following a report detailing security flaws in major email services. While Apple previously encrypted emails sent between its own iCloud customers, now the company has enabled encryption for emails in transit between iCloud and third-party services for me.com and mac.com email addresses. 

The change is documented on Google’s transparency website that shows the percentage of emails encrypted in transit for both inbound and outbound email exchanges (pictured below): expand full story

The WSJ reports that the state-run China Central TV has described the iPhone as a “national security concern” due to its location-tracking capabilities.

In its national noon broadcast, state-run China Central Television criticized the “frequent locations” function in Apple’s iOS 7 mobile operating system, which tracks and records the time and location of the owner’s movements. The report quoted researchers who said that those with access to that data could gain knowledge of the broader situation in China or “even state secrets” …

expand full story

Apple’s association with the United States National Security Agency may once again put the company in the spotlight as Germany begins to investigate the agency’s recent activity. According to a report by The Wall Street Journal, members of a German parliamentary commission want the heads of a number of US-based tech companies, including Apple, to participate in their investigation of the NSA’s involvement in monitoring German officials.

Apple, for its part, has denied direct involvement with PRISM program and repeatedly said it has not allowed the government to have direct access to its servers. expand full story

Just a few days later after Apple CEO Tim Cook expressed his thoughts about the NSA and data collection transparency, Apple has posted an update to its website with new information regarding account data requests. The company’s press release comes as US Department of Justice comes to a settlement with technology companies over how they are allowed to disclose information about government data requests.

A statement from the DOJ explains the agreement will allow “detailed disclosures about the number of national security orders and requests issued to communications providers, and the number of customer accounts targeted under those orders and requests including the underlying legal authorities.” Due to these new guidelines, Apple has now been able to report FISA and National Security Letters separate from law enforcement requests as show in its graphics above and below.  It also notes the new data released today replaces the U.S. data from its Feb. 5 2013 Report on Government Information Requests.

New documents leaked by Edward Snowden and reported by The New York Times, The Guardian and ProPublica detail how the NSA and its British counterpart can collect users’ personal data through smartphone apps. The reports specifically mention popular apps like Angry Birds, Twitter, Google Maps and Facebook and claim the NSA is capable of intercepting information ranging from location, age, and sex of users to address books, buddy lists, phone logs, geographic data and more:

The N.S.A. and Britain’s Government Communications Headquarters were working together on how to collect and store data from dozens of smartphone apps by 2007, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, phone logs and the geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other services.

At least one of the app developers, Rovio, is not surprisingly unaware of any of the activity mentioned in the documents, but it will be up to the app developers, Apple, and Google to address the issue and clarify for users if their personal data is safe. In a recent interview with ABC, Apple CEO Tim Cook commented on the controversy over surveillance programs and promised he would press congress for more transparency: expand full story

Yesterday we posted some excerpts from an ABC interview with Apple CEO Tim Cook and other executives that officially aired on the network last night. In the interview, Cook is joined by Apple’s Apple Senior VP Craig Federighi and Apple software VP Bud Tribble to talk about the 30th anniversary of Mac, the new made-in-America Mac Pro, iWatch (iRing?), secrecy at Apple and the recent NSA surveillance controversies.

Cook on NSA surveillance programs:

Number one, we need to be significantly more transparent. We need to say what data is being given, how many people it affects, how many accounts are affected, we need to be clear. And we have a gag order on us right now so we can’t say those things… .Much of what has been said isn’t true. There is no backdoor. The government doesn’t have access to our servers. They would have to cart us out in a box for that, and that just will not happen. We feel that strongly about it.

Cook didn’t say much that we didn’t already see in the excerpts, but you can check out the full uncut interview from ABC above.

expand full story

Yesterday we reported on a presentation by security researcher Jacob Appelbaum that reportedly showed leaked NSA documents in which the agency claimed to have a “100 percent success rate” at installing spyware on iPhones. Following those accusations, Apple has officially responded in a statement provided to TechCrunch:

Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security.  Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements.  Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers.  We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.

The leaked NSA documents detailed in Appelbaum’s presentation above and first released on German news site Der Spiegel claimed an NSA program called DROPOUTJEEP allowed officials to access almost all data stored on an iPhone, including location, text messages, contact lists, and the device’s microphone and camera. The reports claimed the NSA needed physical access to devices to install the spyware– something it could accomplish by intercepting online shipments– but a version that could be remotely installed was reportedly in development. Apple’s statement today seems to address Appelbaum’s accusation (below) that Apple might have had prior knowledge of the program: expand full story

The NSA could access almost all data stored on an iPhone, including location, text messages and contact lists – including the ability to activate both microphone and camera, according to a presentation by security researcher Jacob Appelbaum at the Chaos Communication Conference in Hamburg, Germany.

Appelbaum showed what he said were leaked NSA documents in which the agency claimed to have a “100 percent success rate” at installing spyware on iPhones. The documents date back to 2008, at which point the NSA needed physical access to an iPhone to install the spyware, but a remotely-installable version was said at the time to be in development.

Even needing physical access to the phone was seemingly not a barrier to the NSA …  expand full story