[LINK] US Gov: making a panic button app

Roger Clarke Roger.Clarke at xamax.com.au
Fri Apr 1 08:24:55 AEDT 2011 

At 7:57 +1100 1/4/11, Kim Holburn wrote:
>http://blogs.computerworld.com/18059/u_s_govt_to_thank_for_panic_button_app_to_wipe_phones
>>  U.S. Gov't to thank for panic button app to wipe phones

To resort to that fallback of security consultants, whether this idea 
is good or barmy 'depends on your threat model'.

Scenario A:
If the threat you're trying to cope with is use of the contents of 
the phone by the person who kidnaps you (and your phone), then it has 
some surface validity.  But in most cases such kidnappings happen 
unexpectedly, and hence there's no time to manually invoke the app.

Scenario B:
If the threat is the government, they already have access to all of 
the communications-related data that's flowed through the device - 
and hence can reconstruct most and maybe all of the address-book - 
either through taps, or retention, or Google's archives.  (And that's 
probably why they came to arrest you in the first place).

The benefits under scenario A are slim, and under B non-existent.

Scenario C:
The app creates a new vulnerability.  It won't take long for the 
first piece of malware to be delivered that enables remote invocation 
of the app.

So basically the idea's barmy.

Scenario D:
There's one thing that *could* usefully be done.
To the extent that the person's device contains data that was never 
transmitted, and is not otherwise accessible to the kidnapper or law 
enforcement agency, a 'zap all data' button might have benefits.

But note the fine print:  'it will wipe the cell phone's address 
book, history, text messages ...'.  No mention of non-communications 
data.

You've got to hand it to the US spooks.  They think these things through.

_______________________________________________________________________


At 7:57 +1100 1/4/11, Kim Holburn wrote:
>http://blogs.computerworld.com/18059/u_s_govt_to_thank_for_panic_button_app_to_wipe_phones
>>  U.S. Gov't to thank for panic button app to wipe phones
>>
>>  There's a new app being developed by the U.S. Government and it 
>>seems like everyone should want to add it to their phone for all 
>>kinds of different reasons. If a cell phone is confiscated by 
>>police or government agency, the panic button app will wipe the 
>>cell phone's address book, history, text messages and broadcast the 
>>arrest as an emergency alert to fellow activists.
>>
>>  Michael Posner, assistant U.S. secretary of state for human rights 
>>and labor, said, "We've been trying to keep below the radar on 
>>this, because a lot of the people we are working with are operating 
>>in very sensitive environments," MSNBC reported..."The world is 
>>full of ... governments and other authorities who are capable of 
>>breaking into that system." Posner added, the goal is "to protect 
>>people who are, in a peaceful manner, working for human rights and 
>>working to have a more open debate."
>>
>>  Since 2008, the U.S. has budgeted about $50 million to promote new 
>>tech to help out social activists. Secretary Hillary Clinton is 
>>behind the U.S. technology initiative to "expand Internet freedoms."
>>
>>  For example, China recently began tracking the location of more 
>>than 17 million Chinese users' mobile phones. AFP reported the 
>>purpose of the tracking system data is to "better control traffic 
>>and monitor the population." It seems surveillance traffic cameras 
>>could be used for that. Those surveillance cameras certainly had no 
>>problem capturing these horrifically gruesome wrecks. If I lived in 
>>China, I'd want the panic button app to zap data if needed.
>>
>>  Even in the United States, depending who you are and what you've 
>>been up to on your cell phone, you might want to plan to on adding 
>>the panic button app - activist or not. Ironically, depending upon 
>>what state you live in, it's entirely possible that your phone 
>>could be searched without a search warrant if you are arrested.
>>
>>  Cell phones are handy, many would claim a necessity, but can also 
>>be the very devil when it comes to collecting your information even 
>>without being used as a stalking tool. About every seven seconds a 
>>mobile phone checks in with the nearest tower in order to route 
>>calls. The NYTimes tried to find out more about cell phone carriers 
>>tracking people, but most American mobile phone providers declined 
>>to specify what all they collect and why.
>>
>>  The EFF laid out what location tracking looks like for German 
>>politician and privacy advocate Malte Spitz whose wireless carrier 
>>had 35,831 facts about his cell phone in only six months. "This 
>>profile reveals when Spitz walked down the street, when he took a 
>>train, when he was in an airplane. It shows where he was in the 
>>cities he visited. It shows when he worked and when he slept, when 
>>he could be reached by phone and when was unavailable. It shows 
>>when he preferred to talk on his phone and when he preferred to 
>>send a text message. It shows which beer gardens he liked to visit 
>>in his free time. All in all, it reveals an entire life."
>>
>>  Both the FBI and the DEA have a history of using cell phone 
>>records to find out more about suspects. In fact, CNET's Declan 
>>McCullagh reported, "Even though police are tapping into the 
>>locations of mobile phones thousands of times a year, the legal 
>>ground rules remain unclear, and federal privacy laws written a 
>>generation ago are ambiguous at best."
>>
>>  I'm all for the U.S. creating this app, but it's funny in a sad 
>>sort of way that the government is creating this panic button app 
>>to help activists in other countries, to promote democracy and 
>>freedom. Meanwhile in the USA, wireless providers are busy 
>>collecting data on us all and warrantless wiretapping is happening 
>>who knows for sure how often? Futhermore, although there are many 
>>reasons why we can't generally carry a smartphone into court, the 
>>most recent reason is terrorism. Threat Level's David Kravets 
>>wrote, "But thanks to Osama Bin Laden, or at least the fear of him 
>>and his cohorts, tweeting from the courtroom is largely considered 
>>an act of terrorism."
>>
>>  I haven't seen a panic button app release date yet, but even if 
>>you aren't an activist or don't plan on being arrested and having 
>>your mobile phone confiscated, the panic button app seems like a 
>>good idea.
>
>
>
>
>--
>Kim Holburn
>IT Network & Security Consultant
>T: +61 2 61402408  M: +61 404072753
>mailto:kim at holburn.net  aim://kimholburn
>skype://kholburn - PGP Public Key on request
>
>
>
>
>
>
>
>
>
>
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list