[LINK] US Gov: making a panic button app
Kim Holburn
kim at holburn.net
Fri Apr 1 09:02:25 AEDT 2011
On 2011/Apr/01, at 8:24 AM, Roger Clarke wrote:
> At 7:57 +1100 1/4/11, Kim Holburn wrote:
>> http://blogs.computerworld.com/18059/u_s_govt_to_thank_for_panic_button_app_to_wipe_phones
>>> U.S. Gov't to thank for panic button app to wipe phones
>
> To resort to that fallback of security consultants, whether this idea
> is good or barmy 'depends on your threat model'.
>
> Scenario A:
> If the threat you're trying to cope with is use of the contents of
> the phone by the person who kidnaps you (and your phone), then it has
> some surface validity. But in most cases such kidnappings happen
> unexpectedly, and hence there's no time to manually invoke the app.
>
> Scenario B:
> If the threat is the government, they already have access to all of
> the communications-related data that's flowed through the device -
> and hence can reconstruct most and maybe all of the address-book -
> either through taps, or retention, or Google's archives. (And that's
> probably why they came to arrest you in the first place).
In some US states and probably other places like Australia? UK? police can search your phone without a warrant, but to access all those other things and reconstruct what your phone might have had would take warrants and resources and time.
> The benefits under scenario A are slim, and under B non-existent.
>
> Scenario C:
> The app creates a new vulnerability. It won't take long for the
> first piece of malware to be delivered that enables remote invocation
> of the app.
Not to mention a slip of the finger. "Dad, what does this button do?"
>
> So basically the idea's barmy.
>
> Scenario D:
> There's one thing that *could* usefully be done.
> To the extent that the person's device contains data that was never
> transmitted, and is not otherwise accessible to the kidnapper or law
> enforcement agency, a 'zap all data' button might have benefits.
>
> But note the fine print: 'it will wipe the cell phone's address
> book, history, text messages ...'. No mention of non-communications
> data.
>
> You've got to hand it to the US spooks. They think these things through.
>
> _______________________________________________________________________
>
>
> At 7:57 +1100 1/4/11, Kim Holburn wrote:
>> http://blogs.computerworld.com/18059/u_s_govt_to_thank_for_panic_button_app_to_wipe_phones
>>> U.S. Gov't to thank for panic button app to wipe phones
>>>
>>> There's a new app being developed by the U.S. Government and it
>>> seems like everyone should want to add it to their phone for all
>>> kinds of different reasons. If a cell phone is confiscated by
>>> police or government agency, the panic button app will wipe the
>>> cell phone's address book, history, text messages and broadcast the
>>> arrest as an emergency alert to fellow activists.
>>>
>>> Michael Posner, assistant U.S. secretary of state for human rights
>>> and labor, said, "We've been trying to keep below the radar on
>>> this, because a lot of the people we are working with are operating
>>> in very sensitive environments," MSNBC reported..."The world is
>>> full of ... governments and other authorities who are capable of
>>> breaking into that system." Posner added, the goal is "to protect
>>> people who are, in a peaceful manner, working for human rights and
>>> working to have a more open debate."
>>>
>>> Since 2008, the U.S. has budgeted about $50 million to promote new
>>> tech to help out social activists. Secretary Hillary Clinton is
>>> behind the U.S. technology initiative to "expand Internet freedoms."
>>>
>>> For example, China recently began tracking the location of more
>>> than 17 million Chinese users' mobile phones. AFP reported the
>>> purpose of the tracking system data is to "better control traffic
>>> and monitor the population." It seems surveillance traffic cameras
>>> could be used for that. Those surveillance cameras certainly had no
>>> problem capturing these horrifically gruesome wrecks. If I lived in
>>> China, I'd want the panic button app to zap data if needed.
>>>
>>> Even in the United States, depending who you are and what you've
>>> been up to on your cell phone, you might want to plan to on adding
>>> the panic button app - activist or not. Ironically, depending upon
>>> what state you live in, it's entirely possible that your phone
>>> could be searched without a search warrant if you are arrested.
>>>
>>> Cell phones are handy, many would claim a necessity, but can also
>>> be the very devil when it comes to collecting your information even
>>> without being used as a stalking tool. About every seven seconds a
>>> mobile phone checks in with the nearest tower in order to route
>>> calls. The NYTimes tried to find out more about cell phone carriers
>>> tracking people, but most American mobile phone providers declined
>>> to specify what all they collect and why.
>>>
>>> The EFF laid out what location tracking looks like for German
>>> politician and privacy advocate Malte Spitz whose wireless carrier
>>> had 35,831 facts about his cell phone in only six months. "This
>>> profile reveals when Spitz walked down the street, when he took a
>>> train, when he was in an airplane. It shows where he was in the
>>> cities he visited. It shows when he worked and when he slept, when
>>> he could be reached by phone and when was unavailable. It shows
>>> when he preferred to talk on his phone and when he preferred to
>>> send a text message. It shows which beer gardens he liked to visit
>>> in his free time. All in all, it reveals an entire life."
>>>
>>> Both the FBI and the DEA have a history of using cell phone
>>> records to find out more about suspects. In fact, CNET's Declan
>>> McCullagh reported, "Even though police are tapping into the
>>> locations of mobile phones thousands of times a year, the legal
>>> ground rules remain unclear, and federal privacy laws written a
>>> generation ago are ambiguous at best."
>>>
>>> I'm all for the U.S. creating this app, but it's funny in a sad
>>> sort of way that the government is creating this panic button app
>>> to help activists in other countries, to promote democracy and
>>> freedom. Meanwhile in the USA, wireless providers are busy
>>> collecting data on us all and warrantless wiretapping is happening
>>> who knows for sure how often? Futhermore, although there are many
>>> reasons why we can't generally carry a smartphone into court, the
>>> most recent reason is terrorism. Threat Level's David Kravets
>>> wrote, "But thanks to Osama Bin Laden, or at least the fear of him
>>> and his cohorts, tweeting from the courtroom is largely considered
>>> an act of terrorism."
>>>
>>> I haven't seen a panic button app release date yet, but even if
>>> you aren't an activist or don't plan on being arrested and having
>>> your mobile phone confiscated, the panic button app seems like a
>>> good idea.
>>
>>
>>
>>
>> --
>> Kim Holburn
>> IT Network & Security Consultant
>> T: +61 2 61402408 M: +61 404072753
>> mailto:kim at holburn.net aim://kimholburn
>> skype://kholburn - PGP Public Key on request
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Link mailing list
>> Link at mailman.anu.edu.au
>> http://mailman.anu.edu.au/mailman/listinfo/link
>
> --
> Roger Clarke http://www.rogerclarke.com/
>
> Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
> Tel: +61 2 6288 1472, and 6288 6916
> mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
>
> Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
> Visiting Professor in Computer Science Australian National University
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list