Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

India Mobile Handset Backdoor Memo Probably a Fake

samzenpus posted more than 2 years ago | from the upon-further-investigation dept.

Apple 151

daveschroeder writes "In the wake of previous coverage alleging that Apple, Nokia, RIM, and others have provided Indian government with backdoors into their mobile handsets — which itself spawned a US investigation and questions about handset security — it turns out the memo which ignited the controversy is probably a fake designed to draw attention to the "Lords of Dharmaraja." According to Reuters, "Military and cyber-security experts in India say the hackers may have created the purported military intelligence memo simply to draw attention to their work, or to taint relations between close allies India and the United States." Apple has already denied providing access to the Indian government."

cancel ×

151 comments

Or maybe not... (3, Insightful)

Ethanol-fueled (1125189) | more than 2 years ago | (#38670382)

It's not a backdoor if it's "by accident..." [theregister.co.uk]

Re:Or maybe not... (5, Insightful)

Anonymous Coward | more than 2 years ago | (#38670428)

You can never prove a conspiracy false, because any evidence against it is dismissed as disinformation planted by the conspiracy.

Re:Or maybe not... (5, Funny)

Anonymous Coward | more than 2 years ago | (#38670476)

No, that's just what they *want* you to think.

Re:Or maybe not... (1)

ajo_arctus (1215290) | more than 2 years ago | (#38671982)

Or is it....? *wink*.

Oh wait, that wouldn't work. Doh.

Bazinga... (1)

fred911 (83970) | more than 2 years ago | (#38670390)

n/t

I'll just be right here... (2, Insightful)

NiceGeek (126629) | more than 2 years ago | (#38670396)

patiently waiting for everyone who was Apple-bashing to recant their statements.

Re:I'll just be right here... (2)

Jetsurf (2484066) | more than 2 years ago | (#38670438)

Apple bashing? On slashdot? I don't believe it! :P

Re:I'll just be right here... (4, Interesting)

bonch (38532) | more than 2 years ago | (#38670458)

Won't happen. Bashers really believe that Apple just sits around, inventing absolutely nothing, selling overpriced shiny baubles. In their view, all technology is the same, and Apple just makes products whose ideas are all entirely obvious, despite the fact that no one did things that way before. They hate Apple for being popular and widely credited for industry trends.

Re:I'll just be right here... (4, Insightful)

Anonymous Coward | more than 2 years ago | (#38670498)

I have to give Apple credit for the Apple II. That was awesome. Hurray for Wozniak.

Is there any other Apple product of which you can say "no one did things that way before"?

Re:I'll just be right here... (1, Insightful)

bonch (38532) | more than 2 years ago | (#38670606)

Android phones originally looked like this [imgur.com] . Jobs-era Apple spent its existence putting out products that do things in ways others didn't do before. It doesn't really matter if some cross-armed haters don't want to admit that. The history of the last 15 years speaks for itself.

Re:I'll just be right here... (3, Informative)

Kenja (541830) | more than 2 years ago | (#38671002)

Apple phones originally looked like this [boingboing.net] . Not sure what your point is.

Re:I'll just be right here... (4, Informative)

Anonymous Coward | more than 2 years ago | (#38671030)

N800 [wikipedia.org] , bitchez!

(Seriously, why does everyone think Android is/was the only competitor to Apple?)

Re:I'll just be right here... (1)

Guy Harris (3803) | more than 2 years ago | (#38671404)

N800 [wikipedia.org] , bitchez!

(Seriously, why does everyone think Android is/was the only competitor to Apple?)

They're probably looking at U.S. smartphone market share [comscore.com] ; Symbian is way down at the bottom and Maemo/Meego/whatever isn't listed. In world smartphone market share [gartner.com] , Symbian is slightly ahead of iOS but is well behind err, umm, Android.

Re:I'll just be right here... (1)

CheerfulMacFanboy (1900788) | more than 2 years ago | (#38671656)

N800 [wikipedia.org] , bitchez!

(Seriously, why does everyone think Android is/was the only competitor to Apple?)

Funny thing - that's not a phone. It only works on WiFi or Bluetooth-tethering.

Re:I'll just be right here... (1)

GameboyRMH (1153867) | more than 2 years ago | (#38672518)

Since apparently VoIP doesn't count as phone capability to you, I guess I shouldn't mention the WiMax version either.

Well then would you accept the Treo 180g [pdadb.net] or Visorphone? [pencomputing.com]

Re:I'll just be right here... (2, Interesting)

ozmanjusri (601766) | more than 2 years ago | (#38671150)

Android phones originally looked like this [imgur.com].

Ah, it wouldn't be Slashdot without sly misdirection and deceptive practices.

There are TWO Android prototypes, one the image you've liked to, the other a (still ugly) candybar touchscreen device. Anyone who's used the emulator in the SDK will be familiar with the touchscreen version http://i.zdnet.com/blogs/android-emulator.jpg [zdnet.com] .

And since I've seen postings where this has been pointed out to you before, I can only conclude you're deliberately lying to mislead anyone who reads your posts. Most likely to persuade people to believe Google didn't plan on touchscreens from the start.

What's your motivation for this? Can you explain why it's so important for you to repeatedly lie in a public forum?

Re:I'll just be right here... (2, Insightful)

CheerfulMacFanboy (1900788) | more than 2 years ago | (#38671714)

Android phones originally looked like this [imgur.com].

Ah, it wouldn't be Slashdot without sly misdirection and deceptive practices.

There are TWO Android prototypes, one the image you've liked to, the other a (still ugly) candybar touchscreen device. Anyone who's used the emulator in the SDK will be familiar with the touchscreen version http://i.zdnet.com/blogs/android-emulator.jpg [zdnet.com] .

Wow, there actually was an Android touchscreen emulator less than a year after the iPhone was announced? And that the actual prototypes that were shown later all lacked the touchscreen is actually a fluke?

What was that again about sly misdirection and deceptive practices again?

Re:I'll just be right here... (0)

Anonymous Coward | more than 2 years ago | (#38671428)

Oh, bonch you dumb douche bag, there were two prototype Android phones and the other looked like this:

http://www.youtube.com/watch?v=1FJHYqE0RDg#t=03m

Quit spreading misinformation you low life worm.

Re:I'll just be right here... (3, Informative)

jo_ham (604554) | more than 2 years ago | (#38672190)

You might want to point out that that was released *after* the iPhone, but you go kid! On your truth crusade!

Re:I'll just be right here... (1)

gmanterry (1141623) | more than 2 years ago | (#38670968)

I'll second that. The Woz was/is a genius. Both as a programmer and as a hardware engineer. I still have Apple IIs and still play with them. The Apple II got me into computers. I gave one to my then 5 year old son in 1980 and now he works in IT and make a six figure salary. I figure the Apple II is directly responsible for the success of both of us.

Re:I'll just be right here... (3, Informative)

harperska (1376103) | more than 2 years ago | (#38670604)

There really is a sort of sublime irony in a poster blatantly ripping off a blog post which defends the idea that certain companies are ripping off Apple.

http://macjournals.com/blog/2012/01/10/dan-lyons-showing-self-awareness-what-self-awareness/ [macjournals.com]

Unless, of course, bonch really is Matt Deatherage of MacJournals, in which case, congratulations on quoting yourself.

Re:I'll just be right here... (1, Informative)

bonch (38532) | more than 2 years ago | (#38670640)

Looks like I'm outed.

Re:I'll just be right here... (2)

artor3 (1344997) | more than 2 years ago | (#38670466)

You'll be waiting a long time. Most of them won't even read this story, and will continue to believe that lie for the rest of their lives. They'll even casually bring it up in conversation, causing other people to believe it. "A lie will go round the world while truth is pulling its boots on."

Re:I'll just be right here... (4, Informative)

Anonymous Coward | more than 2 years ago | (#38671306)

Probably because we already know Apple spies on iOS users?

If you remember, CarrierIQ is baked into iOS. It can't be uninstalled by users, because it's part of the OS. Even with jailbreaking it involves removing kernel modules.

Not to mention that if you actually bothered to read your iCloud TOS, you'll discover that Apple reserves the right to continuously monitor and record your current location. They even get access to your email through iCloud.

Basically, everything that the memo says Apple allowed India to do Apple claims the right to do in their TOS!

So even if the memo is fake, the ability for Apple to spy on iOS users most certainly is NOT.

Re:I'll just be right here... (2, Informative)

jo_ham (604554) | more than 2 years ago | (#38672202)

So, turn off those features.

Switch off location services, don't use iCloud (a claim that can be put to any cloud service, not just Apple's).

It also doesn't say "continuously monitor" - you're just trying to use weasel words to make it sound worse. What it talks about is occasionally collecting anonymous location data to improve it's location-aware apps.

Re:I'll just be right here... (3, Interesting)

DJRumpy (1345787) | more than 2 years ago | (#38670490)

You may be waiting a while as these sorts of things tend to take on a life of their own regardless of the facts presented. The meat of the linked article basically says the docs are questionable but well done. They also throw in a possible link to Anonymous which is a curious twist:

Technology blog Infosec Island said on Wednesday it had seen more data obtained by the Lords of Dharmaraja, including dozens of usernames and passwords for compromised U.S. government network accounts.
Infosec Island blogger Anthony Freed said the hacker group claimed to have taken the data from servers belonging to India's Ministry of External Affairs and the Indian government's IT organization, among others.
Officials in India declined to comment on the document's content or authenticity.
The alleged memo (http://bit.ly/zYze7w), which had a number of inconsistencies, including the letterhead of a military intelligence unit not involved in surveillance, claimed India had been spying on the USCC using know-how provided by Western mobile phone manufacturers.
While the memo looks dubious, the U.S.-China Economic and Security Review Commission has not denied the veracity of the email cache, and U.S. authorities are investigating the matter.
The emails include conversations between U.S. embassy officials in Tripoli, DHL and General Electric about delivering medical equipment to Libya, as well as concerns that GE was helping China improve its jet engine industry.
"ANONYMOUS"
It is unclear whether Lords of Dharmaraja got the emails from Indian military intelligence servers, as they claim, but they first mentioned the documents in November, at the same time as they announced they hacked India's embassy server in Paris.
That breach was confirmed at the time by India's foreign ministry, and some experts believe the cache of U.S. emails was taken from the same source, raising the question of how they ended up there in the first place.
"An individual could have hacked someone's personal computer and handed it over to the embassy. There are so many means and measures," said Saini, who himself was charged with leaking secrets to Washington in 2006. He proclaims his innocence.
"There may be cooperation between India and the United States, the United States may have shared them, or India could have done the hack ... or a third country may have handed it to India," said Saini.
It is also unclear how Symantec's source code ended up with the Lords of Dharmaraja, whose public face goes by the name Yamatough on a Twitter feed.
Yamatough, whose profile picture shows a Tibetan painting of Dharmaraja, the Hindu god of death and justice, follows many members of the "Anonymous" hacking collective, and Symantec attributes the hack to that group.

Re:I'll just be right here... (2)

bruno.fatia (989391) | more than 2 years ago | (#38670598)

It is also unclear how Symantec's source code ended up with the Lords of Dharmaraja, whose public face goes by the name Yamatough on a Twitter feed.
Yamatough, whose profile picture shows a Tibetan painting of Dharmaraja, the Hindu god of death and justice, follows many members of the "Anonymous" hacking collective, and Symantec attributes the hack to that group.

I never knew you could follow someone Anonymous.

Re:I'll just be right here... (1, Informative)

uvajed_ekil (914487) | more than 2 years ago | (#38670632)

We've still got PLENTY of reasons to bash Apple. Don't hold your breath, this was not our hoax.

Re:I'll just be right here... (2)

CheerfulMacFanboy (1900788) | more than 2 years ago | (#38671766)

Don't hold your breath, this was not our hoax.

Yeah, you just A) fell for it, and B) still ignored that the document said all major device makers had installed the backdoor and focused on Apple.

Re:I'll just be right here... (0)

Anonymous Coward | more than 2 years ago | (#38671844)

A) Yes, considering Symantec and RIM are already known for it, it was plausible, B) All major device makers explicitly named in the document were RIM, Nokia and Apple. With RIM's history of cooperating with governments and Nokia being mostly irrelevant in US, which part of this do you think was news for /.'s largely US auditory? And anyways, comments was mostly about corporation and government bashing, not Apple bashing. Confirmation bias much?

Re:I'll just be right here... (1)

CheerfulMacFanboy (1900788) | more than 2 years ago | (#38671904)

A) Yes, considering Symantec and RIM are already known for it, it was plausible, B) All major device makers explicitly named in the document were RIM, Nokia and Apple. With RIM's history of cooperating with governments and Nokia being mostly irrelevant in US, which part of this do you think was news for /.'s largely US auditory? And anyways, comments was mostly about corporation and government bashing, not Apple bashing. Confirmation bias much?

No, the All major device makers explicitly named in the document were "ALL major device makers" including Android phone makers.

Re:I'll just be right here... (2)

whosdat (2551450) | more than 2 years ago | (#38671978)

explicit adj. (comparative more explicit, superlative most explicit) Very specific, clear, or detailed.

Quiz time! Q: Which parts of "major device makers, RIM, Nokia, Apple etc." are explicit by this definition and which are implicit? Q2: Can't you keep your martyrdom complex down after seeing there was no group Apple bashing in the discussion thread?

Re:I'll just be right here... (0)

CheerfulMacFanboy (1900788) | more than 2 years ago | (#38672010)

Q2: Can't you keep your martyrdom complex down after seeing there was no group Apple bashing in the discussion thread?

If you actually believe that, you have again proven that the only people affected by a RDF are the Apple haters.

Re:I'll just be right here... (1)

whosdat (2551450) | more than 2 years ago | (#38672056)

Dude, what?

- "There was no group Apple bashing in there" (it's easy to check, just follow the link in "Related" up there)
- "You're an Apple hater because you deny Apple bashing"

You just demonstrate my point on martyrdom.

Re:I'll just be right here... (0)

CheerfulMacFanboy (1900788) | more than 2 years ago | (#38672376)

Dude, what?

- "There was no group Apple bashing in there" (it's easy to check, just follow the link in "Related" up there) - "You're an Apple hater because you deny Apple bashing"

You just demonstrate my point on martyrdom.

There was - and you just proved MY point. Again. But wait, you only read the paranoid rambling parts of the discussion, right? Well that would be an excuse for completely missing the Apple bashing - if the paranoid rambling parts didn't also bash Apple. So no excuse for being an Apple Hater I'm afraid.

Re:I'll just be right here... (1)

whosdat (2551450) | more than 2 years ago | (#38672438)

LOL, right. I just asked jQuery to count and there's exactly 66 comments out of 580 on that page that contain "Apple". Only tiny part of them are mindlessly anti-Apple - with most of them getting no replies or only "what" replies, with the rest mentioning Apple together with other corporations, mentioning Apple in unrelated contexts, asking why only RIM/Nokia/Apple are in the title and defending Apple. So, all in all it's no more than 11% of all comments, with actual number of hate comments probably somewhere in 2-5% range. But noooo, it's all about Apple, you see. And I'm an Apple hater for seeing the facts and not your preferred "Y'all hate Apple, you applehaters" victim stance.

recant. i recant it all (1, Troll)

decora (1710862) | more than 2 years ago | (#38670652)

apple does not use foxconn as a supplier.

foxconn doesn't collude with state security to torture people who lose apple prototypes.

foxconn has great relations with its employees and they have great working conditions

apple products dont pollute the environment

apple does not abuse its monopoly nor bully competitors with patent lawsuits

all of apple's IP claims are legitimate and represent true innovation

we have always been at war with eurasia

and also apple never gave backdoor access to the government to its systems. even though under CALEA it is required to for all US products.

Android phones are made in the USA, out of hemp, (4, Funny)

Brannon (221550) | more than 2 years ago | (#38670802)

with union labor.

Re:recant. i recant it all (3, Insightful)

NiceGeek (126629) | more than 2 years ago | (#38670882)

Find me a computer of any brand that doesn't use Foxconn parts. Take your time :)

Re:recant. i recant it all (3, Interesting)

fatphil (181876) | more than 2 years ago | (#38671792)

Pretty sure my Nokia N900 and N9 (consumer version) weren't.
My N950 (developer edition) wasn't either, but that was from a small run, and might be considered a prototype.

A handy hint for finding counter-examples is looking for companies who still maintain their own manufacturing facilities. A lot of the new kids on the block have never had such facilities, they're clearly more likely to be customers of foxconn and their ilk.

Re:recant. i recant it all (1)

GameboyRMH (1153867) | more than 2 years ago | (#38672576)

You have an N950!? Ugggh JEALOUSY OVERLOAD x_x

Yeah my home server has a Foxconn mobo and my work PC (which I didn't buy) has some Foxconn bits in it, but that's it. Gaming PC, laptop and phone are all made in South Korea and Taiwan.

Re:recant. i recant it all (1)

Guy Harris (3803) | more than 2 years ago | (#38671458)

and also apple never gave backdoor access to the government to its systems. even though under CALEA it is required to for all US products.

I guess that depends on what "backdoor" access means. CALEA is not exactly some Deep Dark Secret - it is, after all, U.S. Public Law 103-414. At least in theory, mechanisms required by CALEA are supposed to be used only with a court order or other lawful authorization, although I wouldn't treat that as an indication that it can't be, or isn't ever, used illegally. I suspect many other countries impose similar requirements, and, again, there's no guarantee that those countries' spooks never ever use those capabilities for their own purposes.

Re:I'll just be right here... (1)

Overly Critical Guy (663429) | more than 2 years ago | (#38670672)

The people you are referring to will just say nothing and pretend this submission doesn't exist, because it challenges an anti-Apple mindset that they're emotionally invested in.

Re:I'll just be right here... (0)

Anonymous Coward | more than 2 years ago | (#38671576)

bonch, just a little hint: cheering sockpuppets work best when nobody yet knows those are sockpuppets [slashdot.org] .

Re:I'll just be right here... (1)

thsths (31372) | more than 2 years ago | (#38671552)

Why, because Apple said that they didn't do it? Come on, any secret service would attach a clause to the contract that keeps the content of the contract confidential. And that is not even paranoid, that is just a fact of live - think about the way the NSA works, the "secret" illegal wire-tapping, super-injunctions... misinforming the masses is fair game.

Meanwhile in the US... (3, Insightful)

Darkness404 (1287218) | more than 2 years ago | (#38670432)

Meanwhile in the US, telecom companies and every other industry is bending over backwards for our police state. I find it rather funny that this accusation gets press but you rarely find mention of people actually wanting to stop warrantless wiretaps. After all, both Microsoft and Skype have quietly complied with allowing eavesdropping by the government. So honestly it wouldn't surprise me one bit that handsets have backdoors given to the US government which are then figured out by other oppressive governments to spy on their citizens.

Re:Meanwhile in the US... (0)

Camael (1048726) | more than 2 years ago | (#38670668)

This ^

The Indian government's action is no different from the US government's previous attempt to get access to private telephone conversations through the <a href="http://en.wikipedia.org/wiki/Clipper_chip">Clipper Chip [wikipedia]</a> project.

Mind you, I believe the actions of both government's are despicable and wrong. It it horrifying and appalling the great liberties governments try to take in the name of justifying the fight against terrorism. 

Doesn't matter (4, Insightful)

93 Escort Wagon (326346) | more than 2 years ago | (#38670454)

The Slashdot community already convicted Apple of this and have moved on.

And yes, I realize it's about Nokia as well as RIM, too - but in the original story discussion very few people paid any attention to those players.

Re:Doesn't matter (1)

Darkness404 (1287218) | more than 2 years ago | (#38670482)

Doesn't matter in the US where the ISPs, cell service providers, heck, even Skype and Microsoft have been bowing down to the government to allow them to continue their war on US citizens. Chances are, Apple has already built in some backdoor for the US government, which is much, much more worrying than Apple building a backdoor for India/China/Russia/etc.

Re:Doesn't matter (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38670506)

Of course you don't have any evidence. It's funny how conspiracy-theorists are just as faith-based as any religion.

Re:Doesn't matter (1)

Formalin (1945560) | more than 2 years ago | (#38670548)

Are you forgetting about Room 641A so soon? Don't remember Bush getting flak for illegal wiretaps?

Those are just the things we know about, surely there are more.

Re:Doesn't matter (2)

schnikies79 (788746) | more than 2 years ago | (#38670582)

Maybe there is more and maybe not; probably more. We don't know either way so it's nothing more than useless speculation.

Re:Doesn't matter (0)

Anonymous Coward | more than 2 years ago | (#38670656)

Well, when you find two mice in your house, usually it is a good idea to assume there are more, and apply political pressure... err, set some traps - as opposed to debating whether there are or are not more mice and doing nothing, right? At least be prepared that there may be more.

Re:Doesn't matter (2)

AHuxley (892839) | more than 2 years ago | (#38671072)

The Room 641A wiretapping (recall the AT&T San Francisco office and internet traffic been split to the NSA?) went to court, with paper work and the US gov had to offer retroactive immunity to make it all go away in July 2008.
Then the US gov had to use its state secrets privilege.
In Dec 2011 the case came back http://www.wired.com/threatlevel/2011/12/dragnet-surveillance-case/ [wired.com]
All we know is every packet from Asia and within the US that fed a west coast telco office where split and collected.
The collection point was not near the landing of the Asia link, the split was at point where US domestic and the Asia link could be split. The idea that your US or international cell phone data/voice/VOIP would be left out seems rather strange...

Re:Doesn't matter (1)

daveschroeder (516195) | more than 2 years ago | (#38672500)

And, as I said on the Wired piece:

Traffic metadata (things like email "envelope" information, source and destination IPs, etc.) has long been fair game without a warrant as the digital analogue of a "pen register" under Smith v. Maryland 442 US 735 (1979), and is part of the provision that supports lawful NSA data collection under the FISA Amendments Act of 2008 and other law, in conjunction with telecommunication operators like AT&T. The content of traffic of US Persons is NOT fair game, without a properly adjudicated warrant.

The FISA Amendments Act of 2008, passed by a two-thirds majority in both houses of Congress, allows for foreign intelligence collection on non-US Persons without a warrant, no matter where the collection occurs. The longstanding Smith v. Maryland allows for the collection and examination of communications metadata without a warrant. The FISC ruling explicitly finds legal such collection under the now-sunset Protect America Act and the current FISA Amendments Act of 2008.

In order to determine which traffic content may be collected for foreign intelligence purposes, the traffic metadata must be examined. Even when a target in question is a specific non-US Person of foreign intelligence interest, traffic metadata must first be examined in order to target that person! Because examining traffic metadata was found explicitly legal and Constitutional three decades ago by the United States Supreme Court, doing so in order to target legitimate foreign intelligence collection is a legal application in the digital world.

The major issues for foreign SIGINT were twofold:

- A lot of traffic is now digital versus analog, and cannot be targeted by aiming a directional antenna at a particular geographic locale. It is now traveling largely via things like fiber optic cables, intermixed with all manner of other communications. In order to target the collection, it is no longer a case of tapping a single landline telephone, or sitting on a Navy vessel offshore from some area of interest between individuals talking on two-way radios; it's finding that traffic in a sea of global digital communications.

- Foreign communications of non-US Persons physically outside of the US was increasingly traveling through the US. Previously fair game for foreign intelligence collection throughout the history of such collection in the United States, it suddenly became off-limits without a warrant because it was incidentally routed through locations in the United States. Foreign intelligence collection on non-US Persons outside of the US does not require a warrant, and fundamentally still shouldn't simply because their traffic happens to enter the US.

This was a case of changing technology necessitating an update to a law. A supermajority of both houses of Congress agreed. Some comments:

Sen. Dianne Feinstein:

"This bill, in some respects, improves even on the base bill, the 1978 Foreign Intelligence Surveillance Act. It provides clear protections for U.S. persons both at home and abroad. It ensures that the Government cannot conduct electronic surveillance on an American anywhere in the world without a warrant. No legislation has done that up to this point."

Then-DNI Mike McConnell:

"Now here's the other thing that most Americans don't appreciate, haven't been exposed to. When we redid that law, the law now says any U.S. person, any U.S. person, that's targeted for foreign intelligence must be protected by a warrant anywhere on the globe. So we actually have a much more stringent law today protecting Americans and civil liberties."

"The debate and the dilemma for us is how do you modernize that law for the modern age? And we debated. For two years we debated and we finally came to closure. The good news is when it was finally voted, two-thirds of the House and two-thirds of the Senate voted for it and here's what it says today: if it's a U.S. person anywhere in the globe, you must have a warrant."

Unfortunately, this discussion is so mired in politics, personal grinding of axes, confusion about early NSA programs (like the so-called Terrorist Surveillance Program, or TSP, which was not renewed after January 2007), and isolated examples of legitimate abuse or misconduct, that not many seem interested in having any real discussion about how foreign intelligence can be reasonably conducted in the digital age. Instead it is a sea of frantic arm-waving and breathless blogging about how the Constitution is being shredded, when the mechanisms of law and judicial oversight have explicitly established the activities as legal.

The cornerstone of the current law and the FISC decision is the protection of the privacy and rights of United States persons. The current law is even more stringent with respect to US Persons than previous law: an individualized warrant from FISC is required to target a US Person anywhere on the globe; before, US Persons did not enjoy the same explicit protections under the law outside of the US.

What monitors this? The same oversight and processes that we trust, by proxy, to monitor the activities of the Intelligence Community. Namely,

- The intelligence oversight committees of both houses of Congress
- Legal counsel for all Intelligence Community components
- The Foreign Intelligence Surveillance Court
- The Department of Justice
- The Executive Branch

In fact, FISA Modernization is listed as the number one major milestone of the Office of the Director of National Intelligence under the tenure of Mike McConnell.

In sum:

1. A warrant is not required to collect intelligence when the target is not a US Person, regardless of where the collection occurs, including within the US.

2. A warrant is always required to collect intelligence when the target is a US Person, whether inside or outside of the US (more strict than previous law).

3. This requires determining which traffic content can be lawfully collected without a warrant, sometimes with the assistance of telecom operators in the US. In order to determine which traffic can be lawfully collected without a warrant, basic information about the traffic, such as its source and destination, must also be examined. Such examination of traffic — a "pen register" — also does not require a warrant.

The job of our foreign intelligence services is to collect information on the activities and plans of US adversaries. This activity has never required a warrant, because non-US Persons outside of the US are not protected by the Constitution of the United States.

The path traffic takes shouldn't prevent us from doing this job.

The real issue is the questionable legal landscape that existed from 2001 to 2007 and briefly again in 2008 after the expiration of the Protect America Act.

These are questions which may never be answered. Namely, the President's authority under Article II of the Constitution in conjunction with the Authorization for the Use of Military Force (AUMF). NSA and the Community had a legal opinion about the legality of the activity - there is always a legal opinion. Our current Attorney General agrees that the President has inherent, intrinsic authority under Article II that cannot be impinged upon by any statue; whether the above activity is explicitly one of those authorities is a legal question that may never be answered, because the programs in question (e.g., TSP) ceased.

Right now, collection may occur within the United States without a warrant, as long as the target is not a US citizen. This activity is explicitly legal under:

- The temporary Protect America Act of 2007, which was in force from August 5, 2007 to February 17, 2008,
- The FISA Amendments Act of 2008, which became Public Law 110-261 on July 10, 2008, and is in force at present,
- The August 2008 FISC ruling.

The hallmark of the FISA amendments are judiciously protecting US persons, while removing restrictions on where and how foreign intelligence on non-US Persons can be collected simply because it's traveling through a glass pipe in San Francisco instead of over the air on the streets of Yemen - and that includes warrantless monitoring of identified foreign intelligence targets, and the technical mechanisms via which their communications can be located, targeted, and extracted from data streams within the US.

The paradigm has been shifted from something (a collection point, a person) being physically within the US to the legal status of the person or entity itself. This is a higher standard, but it is one that enables foreign intelligence services do do their jobs, particularly with regard to SIGINT.

Former NSA and CIA director General Michael Hayden summed up the situation quite succinctly: "We're pretty aggressive within the law. As a professional, I'm troubled if I'm not using the full authority allowed by law."

I wonder if anyone in the media is interested in having this discussion, or if it's all going to be accusations from whistleblowers, with no consideration of the associated challenges for foreign SIGINT in a digital world?

I know no one on Slashdot is!

Re:Doesn't matter (0)

Anonymous Coward | more than 2 years ago | (#38671472)

I've been on the engineering side of both POTS and Internet tech in the US for about 20 years. By engineering I mean "I have or have had root on Lots Of Things That Matter," and I've reviewed an awful lot of Code That Matters. Skepticism is certainly a healthy attribute, but access to private sector systems is much deeper and broader than you might think. I'm not going to play politics here and get into a philosophical debate over whether that's good, bad, or somewhere in between. I'm simply stating a fact.

Re:Doesn't matter (4, Informative)

Darkness404 (1287218) | more than 2 years ago | (#38670584)

Lets see here, there's this law in the US called the CALEA called the "Communications Assistance for Law Enforcement Act" which states in part:

Sec. 103. Assistance Capability Requirements. (a) CAPABILITY REQUIREMENTS.â" Except as provided in subsections (b), (c), and (d) of this section and sections 108(a) and 109(b) and (d), a telecommunications carrier shall ensure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable ofâ" (1) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities, or services of a subscriber of such carrier concurrently with their transmission to or from the subscriber's equipment, facility, or service, or at such later time as may be acceptable to the government; (2) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to access call-identifying information that is reasonably available to the carrierâ" A before, during, or immediately after the transmission of a wire or electronic communication (or at such later time as may be acceptable to the government); and B in a manner that allows it to be associated with the communication to which it pertains, except that, with regard to information acquired solely pursuant to the authority for pen registers and trap and trace devices (as defined in section 3127 of title 18, United States Code), such call-identifying information shall not include any information that may disclose the physical location of the subscriber (except to the extent that the location may be determined from the telephone number); (3) delivering intercepted communications and call-identifying information to the government, pursuant to a court order or other lawful authorization, in a format such that they may be transmitted by means of equipment, facilities, or services procured by the government to a location other than the premises of the carrier; and

Combine that with the PATRIOT act which basically allows the government to screw with US citizens at its leisure, means that the government can basically tap your phone for any reason that it sees fit.

And the (as you would put it since you obviously don't have a clue what is going on in the world) conspiracy theory website The New York Times reported in 2010 about a bill that the US government was considering that takes CALEA further by mandating that all encryption be able to be decrypted by the government (in CALEA encryption was left up to the government to decrypt on its own) https://www.nytimes.com/2010/09/27/us/27wiretap.html [nytimes.com]

Also, according to Slashdot, quoting US laws are "lame".

Re:Doesn't matter (1)

uvajed_ekil (914487) | more than 2 years ago | (#38670692)

Of course you don't have any evidence. It's funny how conspiracy-theorists are just as faith-based as any religion.

Right, because corporate espionage among multi billion dollar corporations, government corruption, greed, and the existence of the CIA, the Mossad, the KGB, and terrorist groups are all just figments of our over-active imaginations. I suggest that most mishaps are not a result of wide-ranging conspiracies (government-perpetrated or otherwise), but such conspiracies do pop up on occasion. And you have to consider that the most successful conspiracies are the few that are never uncovered as such. So don't take anyone who ever cries conspiracy and automatically lump them together with steadfast creationists who ignore huge bodies of evidence.

Re:Doesn't matter (2)

artor3 (1344997) | more than 2 years ago | (#38670782)

Please explain how "the existence of the CIA" means that the United States is at war with its citizens (since that is what you are responding to, after all). Show your work.

Re:Doesn't matter (2)

Overly Critical Guy (663429) | more than 2 years ago | (#38670678)

10 posts in, and there are already guys like you completely missing the point and going right back to baselessly accusing Apple of things. Slashdot never changes.

Re:Doesn't matter (1)

Darkness404 (1287218) | more than 2 years ago | (#38670738)

So let me get this right:

Apple (along with many other handset manufacturers) are accused of building back doors in for the Indian government.

Apple denies these claims.

Meanwhile, under the provisions of various US laws and policies your iPhone on a US network can still be wiretapped and information accessed.

So I'm supposed to say good job to Apple for standing up against the Indian government (which is really no concern of mine) while bowing to the slightest pressure of the US police state? Sure if I lived in India or if the Indian government detaining me indefinitely without cause was a legitimate concern I might be praising Apple. But as it stands there is no victory for privacy or liberty. Instead, we must still pressure Apple, RIM, Nokia, and every other business and citizen of the US to stop this encroachment of our rights.

Re:Doesn't matter (2)

dissy (172727) | more than 2 years ago | (#38671384)

Meanwhile, under the provisions of various US laws and policies your iPhone on a US network can still be wiretapped and information accessed.

https://www.eff.org/issues/nsa-spying [eff.org]

You said it yourself, the US NETWORK is what is tapped. Apple is not a phone network in the US or anywhere else.

The wiretaps are done at the phone company. AT&T even admitted such and it was covered on slashdot multiple times. You trolled that thread too so you are well aware of it.

The US government doesn't need a backdoor in any phones, the data is intercepted and logged at the phone company, and the government has retroactively indemnified them of any wrong doing.

So I'm supposed to say good job to Apple for standing up against the Indian government (which is really no concern of mine) while bowing to the slightest pressure of the US police state?

No you are supposed to say good job Apple for for not bowing to anything you have claimed. But you're too pissed off at their success to bother with pesky facts and the truth, as normal.

Re:Doesn't matter (1)

subreality (157447) | more than 2 years ago | (#38671206)

"Never let the facts get in the way of a good story"

Re:Doesn't matter (1)

bill_mcgonigle (4333) | more than 2 years ago | (#38671250)

And yes, I realize it's about Nokia as well as RIM, too - but in the original story discussion very few people paid any attention to those players.

I'm not sure about Nokia, but we already knew that RIM was working with the Indian government on intercepts.

Re:Doesn't matter (2)

fatphil (181876) | more than 2 years ago | (#38671882)

Well, I can assure you that at the kernel level, Nokia's linux phones have no such back doors in. You don't have to take my word for it, I'm only the gatekeeper who vets every patch that gets included in the kernel, you can freely grab the source and diff it against upstream and check for yourself.

Of course, there would be ways of adding back doors to the phone subsystem which is a separate core running its own OS. But all communication to the modem goes via the AP, so you could easily modify our kernel and sniff all communication between userspace and modem.

Plenty of stuff in userspace is open source too, and again such claims can be easily disproved. Even if you don't have the source, most of the inter process communication is via dbus, all of that can be sniffed trivially.

Were there really to be backdoors in Nokia's linux phones, then it would be trivial to point to the actual source code, or show traces where it happens. The lack of such evidence highlights the emptiness of the claims.

Re:Doesn't matter (0)

CheerfulMacFanboy (1900788) | more than 2 years ago | (#38671920)

Well, I can assure you that at the kernel level, Nokia's linux phones have no such back doors in. You don't have to take my word for it, I'm only the gatekeeper who vets every patch that gets included in the kernel, you can freely grab the source and diff it against upstream and check for yourself.

Wow, if you are the guy responsible for putting the backdoors in, we have to trust you when you say there are no backdoors.

X-Files Episode (4, Funny)

Proudrooster (580120) | more than 2 years ago | (#38670544)

This reminds me an X-files episode where you are left not knowing what to believe. Do you believe the convincing evidence or the "official denial" of the convincing evidence. Hmmmmm..... I guess I just won't carry around one of those personal tracking devices until I know the truth.

Re:X-Files Episode (2)

bruno.fatia (989391) | more than 2 years ago | (#38670608)

Maybe you should get yourself a tinfoil hat while doing so, won't hurt :) I know I do!

Re:X-Files Episode (1)

Darkness404 (1287218) | more than 2 years ago | (#38670614)

Sure, Apple might not give a backdoor to the Indian government, but chances are it (or your cell phone service provider) is giving a backdoor to the US government, pursuant to CALEA and other laws. And Skype is mandated to put in backdoors too...

Personally, its a whole lot more worrying for information to be sent to the US government than to the Indian/Chinese/Russian/Iranian/North Korean government.

Re:X-Files Episode (3, Insightful)

onefriedrice (1171917) | more than 2 years ago | (#38670954)

Sure, Apple might not give a backdoor to the Indian government, but chances are it (or your cell phone service provider) is giving a backdoor to the US government, pursuant to CALEA and other laws. And Skype is mandated to put in backdoors too...

It's cute that you think the US government needs handset manufacturers to include backdoors in order to wiretap. It's much easier to just control the networks. \tinfoil

They certainly aren't tracking you; because you (2)

Brannon (221550) | more than 2 years ago | (#38670816)

don't matter. Now you know the truth.

Re:X-Files Episode (1)

Ethanol-fueled (1125189) | more than 2 years ago | (#38670860)

I came upon Slashdot, visited 4chan, and now it seems it's "opposite day" on both. Today on 4chan, pro-Israel propaganda reigned supreme with little opposition to their ridicule of Ron Paul while on Slashdot, the incestuous relationships between telecoms and national intelligence agencies is dismissed as "Conspiracy theory nuttery" and not adequately challenged.

The establishment must be really afraid if they're implementing their real-time internet semantic-shaping in an attempt to pull the rug of sanity out from under us. in response to the trigger of Ron Paul finishing second in New Hampshire. It's like in Metal Gear Solid 2, when the GW AI starts fucking with Raiden's head, then Snake tells Raiden, "Don't believe anything you hear, just shoot the fucking bad guys."

And we all know who the bad guys are.

Re:X-Files Episode (0)

Anonymous Coward | more than 2 years ago | (#38670932)

Awww, the poor Rontard has gotten their panties in a wad. Fucking paranoid kook, you're Paul's prime audience.

Re:X-Files Episode (1)

Ethanol-fueled (1125189) | more than 2 years ago | (#38670972)

Eh, it's the internet. Let's hope there's better trolling here tomorrow evening. The toady-trolls here (bonch, DCtech, etc. ) really need a lesson on being offensive.

Jocktroll [slashdot.org] should be modded up to permanent excellent karma so he can smack some sense into the fuckin' place.

Am I missing something? (2)

Luke727 (547923) | more than 2 years ago | (#38670550)

So the United States and Indian governments are claiming the memo is a fake, and we are supposed to believe them? Right...

Re:Am I missing something? (0, Funny)

Anonymous Coward | more than 2 years ago | (#38670568)

You conspiracy nuts are hilarious. Please, keep going.

Re:Am I missing something? (0)

Anonymous Coward | more than 2 years ago | (#38671084)

So - you have seen all the source code of the involved software and can honestly claim all story's are bogus?

Hmm - you must be very high in the rank to have access to all that information. If you don't mind I have to say I have a very hard time to believe this. And unless someone can actually without any doubt prove to me these story's are absolute and undeniable bogus I do not reject the possibility there is truth in it.

I mean - we still remember the the things Sony did do we? Imagine what could happen if Sony designed a OS. Or someone else just did a "Sony" with their OS without telling their users - just like Sony did? Bogus? Tin-foil hat? Really?

Re:Am I missing something? (1)

thsths (31372) | more than 2 years ago | (#38671578)

> So the United States and Indian governments are claiming the memo is a fake

It may be a fake, and I think that is quite possible indeed. But does that make it wrong? I am much more sceptical there. Remember how Skype has given access to just about any government?

Punk'd (0)

uvajed_ekil (914487) | more than 2 years ago | (#38670570)

Haha, Apple, RIM, Nokia, Slashdot, and others got Punk'd.

Good news. (3, Insightful)

Voline (207517) | more than 2 years ago | (#38670636)

As the submitter of the original story, I'll be relieved if the leaked memo is a fake. It gives me an excuse to put off migrating from Mac OS X to Linux, which was going to be a good deal of work.

But the earlier case of RIM agreeing to provide in-country servers [cnet.com] to enable government surveillance in the UAE, India and Saudia Arabia shows the leverage that governments can wield over companies that operate within their territory. Vigilance is warranted.

Re:Good news. (1, Insightful)

cheaphomemadeacid (881971) | more than 2 years ago | (#38671214)

Well, thats kinda what happens when you run untrusted/unchecked source code on your device. No matter if the memo is real or not, and no matter how many times the US/india/apple and so on says its not true, we still won't know [fsf.org]

Re:Good news. (1)

Voline (207517) | more than 2 years ago | (#38671320)

Good point.

Re:Good news. (1)

IrrepressibleMonkey (1045046) | more than 2 years ago | (#38671738)

I just don't have the skills/knowledge/patience to check the source code of my mobile phone's OS. So I'll be relying on a third party in any event.
Trust no one, right? Damn, now I need to dump my phone...

Getting tired (0)

Anonymous Coward | more than 2 years ago | (#38670812)

Show up here once again to find another 'opps it was a fake' after you swallow another hysterical turd of a story.

Wizard's First Rule (1, Insightful)

Loopy (41728) | more than 2 years ago | (#38671006)

People will believe something because they want it to be true, or because they're afraid it is true. This holds in spite of evidence to the contrary or the absence of any corroborating data.

Doubly unfortunate is that assertions like this ask the accusee to prove a negative, knowing full well that proving it would necessarily reveal source code and/or trade secrets and/or secret agreements with governments.

Re:Wizard's First Rule (2)

Hentes (2461350) | more than 2 years ago | (#38672412)

This holds in spite of evidence to the contrary or the absence of any corroborating data.

A simple denial is far from evidence of the contrary.

Doubly unfortunate is that assertions like this ask the accusee to prove a negative, knowing full well that proving it would necessarily reveal source code and/or trade secrets and/or secret agreements with governments.

And why exactly revealing those is unfortunate?

CALEA (3, Interesting)

bl968 (190792) | more than 2 years ago | (#38671028)

What these companies have done is grant the same access the CALEA law gives the US Government to other countries. Other countries have taken this authority and used it for espionage. Thus these companies statements that "We didn't build a back door for India" then is correct. They built it for the U.S. Government.

Re:CALEA (1)

Guy Harris (3803) | more than 2 years ago | (#38671522)

What these companies have done is grant the same access the CALEA law gives the US Government to other countries. Other countries have taken this authority and used it for espionage. Thus these companies statements that "We didn't build a back door for India" then is correct. They built it for the U.S. Government.

...which is probably not correct; the EU, for example, has a council resolution concerning requiring capabilities for "lawful interception of communications" [europa.eu] and I suspect the Member States have implemented laws for that. I.e., they built it for all countries that require lawful interception capabilities, which probably covers most countries in which they sell mobile phones.

Re:CALEA (2)

CheerfulMacFanboy (1900788) | more than 2 years ago | (#38671864)

What these companies have done is grant the same access the CALEA law gives the US Government to other countries. Other countries have taken this authority and used it for espionage. Thus these companies statements that "We didn't build a back door for India" then is correct. They built it for the U.S. Government.

...which is probably not correct; the EU, for example, has a council resolution concerning requiring capabilities for "lawful interception of communications" [europa.eu] and I suspect the Member States have implemented laws for that. I.e., they built it for all countries that require lawful interception capabilities, which probably covers most countries in which they sell mobile phones.

What both of you are missing is that all of these laws are about wiretapping at the network level, not at the device level.

"allies"? (0)

Anonymous Coward | more than 2 years ago | (#38671128)

to taint relations between close allies India and the United States

"allies" has an element of equality to the relationship.
India is still basically the colonial puppet that it has been for a few hundred years, still under the thumbs of the neo-imperialist west.

Symantec source hack reveal Indian surveillance (1)

Anonymous Coward | more than 2 years ago | (#38671196)

http://www.h-online.com/security/news/item/Did-Symantec-source-code-hack-reveal-Indian-phone-surveillance-1406612.html

Let us not forget that not only did we get source to Symantec revealed, Symantec confessed it had been stolen, but said it was an old version. So we already have confirmation that Indian military DOES get the source to products, however there may be disinformation spread for commercial gain here.

Also be aware that if India got Symantec's code then most likely other nations (e.g. Israel) known for their cyber attacks on foreign countries also likely got the source too.

Also let us not forget CarrierIQ the USA pre-installed surveillance software that can record pretty much everything, if CarrierIQ just send a 'profile' down telling it what to record.

Re:Symantec source hack reveal Indian surveillance (1)

CheerfulMacFanboy (1900788) | more than 2 years ago | (#38671896)

http://www.h-online.com/security/news/item/Did-Symantec-source-code-hack-reveal-Indian-phone-surveillance-1406612.html [h-online.com]

Let us not forget that not only did we get source to Symantec revealed, Symantec confessed it had been stolen, but said it was an old version.

Ooooh, scary, they got the source code of anti-virus software - what evil things did the Indian military plan to do with AV software?

Re:Symantec source hack reveal Indian surveillance (0)

Anonymous Coward | more than 2 years ago | (#38672136)

You mean that same AV software that runs with admin privileges, has parts in kernel space, gets automatical updates pushed from Internet and can access anything on the system without making user suspicious?..

Gee, why would I want and what could I do with access to such software, I can't imagine.

Re:Symantec source hack reveal Indian surveillance (1)

AHuxley (892839) | more than 2 years ago | (#38672218)

Re evil things http://en.wikipedia.org/wiki/Anti-Sikh_riots [wikipedia.org]
If you know your history of India the result from the 1970-80's would be a lot.
The code of AV tools seems to be of interest to many http://en.wikipedia.org/wiki/Magic_Lantern_(software) [wikipedia.org] to hide key loggers with vendor cooperation.

Re:Symantec source hack reveal Indian surveillance (1)

CheerfulMacFanboy (1900788) | more than 2 years ago | (#38672360)

Re evil things http://en.wikipedia.org/wiki/Anti-Sikh_riots [wikipedia.org] If you know your history of India the result from the 1970-80's would be a lot. The code of AV tools seems to be of interest to many http://en.wikipedia.org/wiki/Magic_Lantern_(software) [wikipedia.org] to hide key loggers with vendor cooperation.

So did they kill Sikhs with Anti Virus Software or with key loggers? Did you even understand what I wrote?

According to Reuters (0)

Anonymous Coward | more than 2 years ago | (#38671500)

"Reuters has obtained a large digital cache appearing to contain emails that were posted by the group but were quickly blocked by file-sharing sites."

Reuters is owned by the banking cartel of Rothschilds which would make it as credible as a whore with pennies in her ass.

So some "experts" say that it could be fake... (0)

Pecisk (688001) | more than 2 years ago | (#38671748)

And suddenly everyone in Slashdot believes it? :) Come on, your Apple cravings are THAT bad? Guess it's time to look for treatment :)

I don't know, I think it still sounds legitimate to me. Not because Apple or Nokia would cave in, no. Because it sounds like current India government. There's serious political rivalry between groups and some of them want to stick to power because of nice corrupt binds they have created. I have hard time to believe that no one would be happy to spy on enemies at so high level.

Carrier IQ (0)

Anonymous Coward | more than 2 years ago | (#38672178)

Normally, I'd be inclined to agree that the memo was a fake.
But in light of all of the carrier iq facts we're presented with;
this is why I'm not one of the idiots who paid $600.00US for the insult.

Don't kid yourself, India is not a democracy - you are guilty until proven innocent.

Apple said it (0)

Anonymous Coward | more than 2 years ago | (#38672444)

So it must be true. After all, companies never lie, and always have the public's best interests at heart.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...