Welcome to this week’s edition of Liberty Nation TecWeek, a weekly column that will catch you up on all things tech related — specially designed for those who do not consider themselves tech savvy. TecWeek focuses on news stories and topics that affect you, like digital security, government and corporate surveillance, privacy, and much more.
In this week’s column:
- Police get a warrant to search the Dakota Pipeline Protest Facebook page
- Supposed end-to-end encrypted text messenger gets caught being…well, not encrypted
- An update on the case regarding the Amazon Echo warrant
- Fallout from Wikileaks’ Vault 7
On February 11, 2017, a “protest” against the Dakota Access Pipeline (DAPL) in Bellingham, Washington, blocked Interstate 5 for more than an hour, backing up already-legendary traffic for miles. In an effort to investigate the incident, the Whatcom County Sheriff’s Department got a warrant for “messages, photos, videos, wall posts, and location information” for the #NoDAPL Facebook page. Police officials say they need the information to figure out who planned and executed the interstate block; the American Civil Liberties Union, however, filed a motion to quash the warrant. According to their motion, page administrator Neah Monteiro should not be forced to give up the data from the page.
As the creator, and one of the 14 administrators, of the [No DAPL] Facebook group, Ms. Monteiro has constitutional rights that are plainly implicated by the execution of the County’s warrant, which seeks her and her associates’ private content including “messages, photos, videos, wall posts and location information.” The warrant substantially burdens Ms. Monteiro’s First Amendment right to free association, as well as that of the group’s other members.
The ACLU pointed out that the sheriff is asking for not only public posts, but private messages from parties who may have expressed political opinions, asked for information, or other activities protected under the First Amendment. There is a hearing to decide the matter next week in county Superior Court, and while the case may be local to Washington State, its ramifications could reach far past the state’s borders.
This type of situation is exactly why many activists use encrypted messaging programs, such as Signal. One of these apps, called Confide, is apparently nowhere near as safe as it claimed to be — and U.S. government officials were using it. From ars Technica:
Current versions of Confide…don’t provide true end-to-end encryption at all, at least as that term is commonly defined. Unlike competing secure messaging app Signal—which prevents even authorized insiders from accessing the keys needed to decrypt messages—Confide engineers, or people who hack the Confide service, can easily create keys that can be used to decrypt messages as they’re sent in real time.
Well, that’s awkward. If you’re looking for a solid encrypted messaging app, use Signal…but keep Vault 7’s disclosures regarding hardware compromise in mind.
Speaking of warrants, we explained the story of the Amazon Echo that may have recorded a murder last week. Now, it looks like much ado about nothing, because the defendant gave permission for Amazon to release the device data to law enforcement. Because he did so, however, as David Kravets points out, “the novel and vexing questions this case poses—such as what is the legal standard for when data from an Echo or other Internet of Things devices can be used in a court of law—won’t be answered.”
And just in case you thought Amazon was actually defending the man’s Constitutional rights to privacy, think again. Memesis Law has the story.
On February 8, 2016, Amazon partially complied with the warrant by producing subscriber information and purchase history for the defendant’s Amazon account. Amazon has not yet produced any recordings or transcripts.
So much for the whole Amazon-cares-about-you idea.
Finally, we come to one more topic about the huge cyber elephant in the room; Vault 7, the recent Wikileaks dump on the CIA, has become an entity of its own. as what seems like the entire internet endlessly debates the depth, meaning, and future of the disclosures. We couldn’t possibly deal with it all in one column, but Electronic Frontier Foundation did point out one very large problem — the fact that the CIA was supposed to disclose vulnerabilities so that manufacturers could fix them — not hoard the security holes for themselves, leaving American devices wide open.
As these leaks show, we’re all made less safe by the CIA’s decision to keep — rather than ensure the patching of — vulnerabilities. Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans.
That’s it for this week! Tune in next Friday for more tech news that matters.
(Editor’s Note: Another resource regarding this topic can be found here.)