2014’s Biggest Winners and Losers in Privacy and Security

1
The Year 2014s Biggest Winners and Losers in
Privacy and Security

• Presented By Golden locksmith

Survey by WIRED
2
The Winners

• Apple
• Florida Supreme Court
• Yahoo

• WhatsApp
• U.S. Supreme Court
• Googles Project Zero

3
Apple
If the NSA can be thanked for anything its for
the competitive race the spy agency helped spur
among tech companies scrambling to outdo one
another in the privacy realm. Apple took the lead
when it announced that the operating system,
iOS8, would encrypt nearly all data on iPhones
and iPads by defaultincluding text messages,
photos and contactsand that Apple itself would
not be able to decrypt it without the users
passcode.
4
WhatsApp
The mobile messaging app outdid even Apples own
messaging protections when it announced it was
implementing end-to-end encryption for its
hundreds of millions of users. WhatsApp
communication is now encrypted with a key that
only the user possesses and stores on his or her
mobile phone or tablet, which means that even
WhatsApp cannot read the users communication or
be compelled by spy agencies and law enforcement
to decrypt it.
5
Florida Supreme Court
In an important case closely watched by civil
liberties groups, Floridas top court ruled that
cops need a warrant to obtain cell tower data.
The court ruled that obtaining cell phone
location data to track a persons location or
movement in real time constitutes a Fourth
Amendment search and therefore requires a
court-ordered warrant. But the ruling would also
cover law enforcements use of so-called
stingraysdevices that simulate a legitimate
cell tower and force mobile devices in the
vicinity to connect to them so that law
enforcement agencies can locate and track people
in the field without assistance from telecoms.
6
U.S. Supreme Court
In another important case, the nations top court
ruled that cops cant search the cell phones of
arrestees without a warrant. U.S. prosecutors had
argued that an arrestees cell phone was
materially indistinguishable from any other
storage device, such as a bag or wallet, found on
an arrestee. But the justices werent buying that
claim. Modern cell phones, as a category, they
wrote in their decision, implicate privacy
concerns far beyond those implicated by a
cigarette pack, a wallet or a purse.
7
Yahoo!
The company launched the fight after receiving a
warrantless request for data in 2007. Its not
clear the extent of the data the government
sought, but Yahoo fought back on Fourth Amendment
grounds, asserting that the request required a
probable-cause warrant and that the request was
too broad and unreasonable and, therefore,
violated the Constitution. The battle came to an
end in 2008 after the Feds threatened the company
with a massive 250,000 a day fine if it didnt
comply, and a court ruled that Yahoos arguments
for resisting had no merit
8
Googles Project Zero
Vendor bug bounty programs have been around for
at least a decade, with software makers and web
sites increasingly upping the amount theyre
willing to pay to anyone who finds and reports a
security vulnerability in their program or
system. This year Google upended the tradition by
announcing it had built an in-house hacking team
to hunt for vulnerabilities not only in its own
software, but in the software of other vendors as
well. Project Zero aims to make the internet more
secure for everyone by focusing on uncovering the
high-value vulnerabilities, like Heartbleed and
Shellshock, that put everyone at risk.
9
The Losers

• Sony
• US Marshals
• Gamma International

• President Obama
• Verizon

10
Sony
Plenty of companies over the years have suffered
sensational hacks, but Sonys breach may turn out
to be the hack of the decadenot only because of
the nature of the breach and the information
stolen, but the way the pilfered data is being
rolled out in batches, prolonging the agony and
suspense for workers and executives. Some of the
disclosures have been lame and mundanefor
example, the pseudonyms celebrities use to check
into hotels. Others have been embarrassing, such
as the tasteless and racist exchange about
President Obama between Sony Co-Chairman Amy
Pascal and producer Scott Rudin.
11
President Obama
This year the U.S. government finally
acknowledged that it withholds information about
security vulnerabilities to exploit them, rather
than passing the information on to software
vendors and others to fix them. In making this
revelation, the White House announced it was
reinvigorating a so-called equities process
designed to determine when to withhold and when
to discloseoverseen by the presidents National
Security Council. Going forward, the NSA must
disclose any vulnerabilities it discoversunless
the hole would be useful for intelligence
agencies or law enforcement to exploit.
12
US Marshals
In a move so stunning that civil liberties groups
are still shaking their heads over it, the U.S.
Marshals Service in Florida made a Hail Mary to
seize public records about a surveillance tool
before the ACLU could obtain them. The civil
liberties group had filed a public records
request with the Sarasota, Florida, police
department for information detailing its use of
stingrays and had made an appointment to visit
the facility where the documents were being held.
But before they could get there, marshals swooped
in to grab the records and abscond with them,
claiming the police department didnt own them
13
Verizon
Consider it the digital cookie monster that
gobbles all your footprints. Verizon Wireless ran
into trouble when a technologist with the
Electronic Frontier Foundation noticed that the
telecom had been tracking its wireless users
online activity by subtly slipping a
permacookiea string of about 50 letters,
numbers, and charactersinto data flowing between
users and the websites they visited. Users got
the cookie whether they wanted to be tracked or
not, since Verizon revealed there was no way to
turn it off. ATT was testing a similar system
with its customers until the backlash prompted
the telecom to stop the practice.
14
Gamma International
In October, the UK civil liberties group Privacy
International filed a criminal complaint against
with the National Cyber Crime Unit of the
National Crime Agency alleging that the company
was criminally complicit in helping the Bahrain
government engage in unlawful interception of
communicationsa violation of UKs Regulation of
Investigatory Powers Act 2000and that Gamma was
not only aware of the surveillance but actively
assisted it. By selling and assisting Bahraini
authorities in their surveillance, the complaint
asserts, Gamma is liable as an accessory under
the Accessories and Abettors Act 1861 and is also
guilty of encouraging and assisting the unlawful
activity, a crime under the Serious Crime Act
2007.
15
Questions?

• Leave you questions in comments