TechByter Worldwide

Speak softly and carry a large microphone

 

March 27, 2016

FBI Overreach Nipped

Maybe Tim Cook overreached, too. The FBI attempted to use an antique law to force Apple programmers to write code that would allow the government agency to have access an Iphone used by one of the San Bernadino terrorists, but it would also expose every other Iphone in the world. As this story spins out, it's not looking good for anyone who's involved.

Apple has worked with law enforcement in the past, but resisted the FBI's "request" (aka "order") to help unlock the Iphone of a terrorist after the FBI mishandled the phone. This week, a "third party" offered to help the FBI crack the encryption on the Iphone and, when any other option exists, the government is required not to use the all writs legislation from the 1700s.

Apple and the FBI were in court because the FBI wants Apple to write code that would unlock an Iphone belonging to a dead terrorist. Apple is refusing because it says privacy is more important that security.

Then the Justice Department said a "third party" had offered a new way to unlock the Apple phone. This is bad news for both sides. For Apple, it's an indication that their unbreakable encryption isn't really unbreakable. For the FBI, it means that the government can't set a precedent that would put Apple and others under their thumb.

The government is expected to file a status report with on April 5, but this phase of the case is over if the government can gain access to the phone without Apple's help.

But what was this case really about? The FBI already had metadata from the phone and knows that the California terrorist didn't make any international calls. What could be in the phone? Maybe some contact information. It's clear (at least to me) that the government has some right to gain access to some phones at some times and under some conditions. But it's equally clear (at least to me) that the government needs to provide a compelling reason to gain access to any particular phone.

Creating "back door" access to the phone isn't really in anyone's best interest.

Some pundits say Apple won the first found in its battle with the FBI, but it looks to me like nobody won and there really shouldn't be a "winner" here anyway. What's needed is an accommodation that finds a middle ground between privacy and security.

So the FBI wants Apple to unlock a phone used by one of the San Bernadino terrorists. The owner of the phone, the shooter's employer, has given the government permission to extract data from the phone and privacy issues don't matter because the shooter is dead. The phone is a newer model and Apple has no means of breaking its own encryption.

Under terms of a law from the 1700s, the FBI wants Apple to write code to break the encryption. This week, an unidentified third party said that it could unlock the phone and the All Writs law that the FBI has used to order Apple to comply specifies that it cannot be applied if any other means exists to achieve the government's objective.

So now the court case is on hold until early in April when the FBI will report whether the third party was successful or not.

This week, the FBI told the court "On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook's iPhone. Testing is required to determine whether it is a viable method that will not compromise data on Farook's iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc."

I referred to this earlier as an FBI "overreach". That's because it seems that the Department of Justice was attempting to use this case to create a back door that could be used on any phone even though the court order specified a single phone. This week's events must be a disappointment.

But it doesn't make Apple look very good, either. The company maintains that its phones are uncrackable, but here's a third party offering the FBI a break -- in all meanings of the term.

The FBI already has the phone's meta-data and apparently knows that no calls were made to foreign numbers.

Apple wants to be able to assure buyers of its products that they are secure while government agencies say encryption endangers national security. Cryptologists know that no system is completely secure and that, given enough time, any encryption can be broken.

So this isn't the end of the battle, but it's probably the end of the first phase of the battle. It seems unlikely that the government will continue to pursue the case in court and will, instead, wait for another opportunity.

In the meantime, perhaps technology companies and government security agencies will try to find a middle way that addresses both security and privacy. That would be the best outcome for everyone.

How Much Is That Disk Drive in the Window?

If you're really old, you might remember 8" floppy disks. Not so old? Do you remember 5¼" disks? Well, then, maybe 3½" disks. Those little non-floppy floppy disks were introduced by Apple and then Apple was the first company to drop floppy disks entirely. I thought they made the move a year or two before the market was ready, but today it's nearly impossible to find a computer with any kind of removable magnetic disk.

Now computers can boot from hard drives, solid-state drives, USB sticks, and CDs or DVDs. You may think that the mechanical hard drive is here to stay, but its days are numbered. Whether the disk drive spins at 5400 RPM, 7200 RPM, or 10,000 RPM, it's still slower than a solid-state disk drive.

Yes, once floppy disks were this large and they held 80 KB to 1,212 KB of data. Image from OldComputers.net.

The merger of Western Digital and SanDisk shows where the future is.

Many people already have solid-state drives as the boot disk in their computer or, for some notebook computers, as the only drive in the computer. Cost is still a problem, though. A half-terabyte boot drive is affordable, but if you store a lot of photos or videos, you might find 10 or 15 terabytes to be just a bit pricey.

The cost is coming down, though, and it's clear the solid-state drives will be the future. Computer manufacturers are keeping a close watch on the cost. SSDs are fast, quiet, and virtually impervious to physical shock. Disk drives with rotating platters are still popular because their cost is so low, but their days are numbered. Punch cards, paper tape, cassettes, magnetic tape, and floppy drives are now just memories in our rear-view mirror. Hard drives will join them, but when?

Gamers and high-end corporate systems have already switched to solid-state drives because of their speed. Tablets, phones, and a lot of notebook systems no longer have rotating-disk drives. If you have a Chromebook or an Ipad or a Surface tablet, you won't find a mechanical drive inside.

In 2015, the computer industry sold just under 290 million units. Most still had rotating disk drives because SSDs are too expensive. The cost per megabyte of solid-state storage is dropping though and while it will probably never drop to the level of mechanical drives, it's expected to decline to the point that many computer buyers will consider it to be low enough for at least some of the computer's storage.

Hard drives have also become much smaller while gaining the ability to hold vast amounts of data. Image from VideoHelp.com.

Eventually all storage will probablby be solid-state. There was a time when we thought that floppy disks would be around forever. Today you can't find them. Even optical disk drives are becoming rare and you won't find one in many notebook computers or in any Chromebooks or Surface tablets.

Optical drives and rotating magnetic drives are endangered. Much of our storage is now on cloud-based devices. Ironically, most of those services still use rotating magnetic drives. The capacity-to-cost ratio of SSDs will eventually approach that of rotating drives and that's when we'll see the real change.

Size is no longer a factor, either. Samsung plans to offer a 15-terabyte SSD. So far, the price hasn't been released, but expect to to cost $8000 or more. Compare that to the cost of 4 4-TB hard drives, about 1/10th the price of the SSD.

Hard drives offer faster access when they spin faster, but the current maximum rotational speed is 15 thousand RPM. Those drives run hot and they're noisy. Western Digital tried building some drives that spin at 20 thousand RPM, but access speed didn't increase enough for them to be worthwhile.

The end game, at least for now, is solid state.

Short Circuits

Kentucky Hospital Hit by Ransomware

Krebs on Security reports that Methodist Hospital in Henderson, Kentucky, was infected by ransomware recently. The hospital's website noted that the hospital was operating in an "internal state of emergency". Whether the hospital has recovered is unclear, but the warning is no longer on its website.

According to Krebs, the malware is known as "Locky". It encrypts documents and images and then deletes the originals. Data can often be recovered from backup or by paying ransom to the thieves.

The ransomware attempted to infect the entire internal network and the hospital shut down all desktop and mobile computers and devices. Each device was then scanned before being put back on-line.

In the on-line report, Krebs says the attackers were asking for $1,600. Last week a California hospital paid $17,000 to un-encrypt its files.

The best way to avoid these kinds of attacks involves keeping protective applications and Web browsers up to date. Most ransomware exploits known vulnerabilities in old browsers. "Old" in this case means anything but the most recent version of the browser.

Malware-laced e-mails are also used to inject the hostile code and that apparently is how the Kentucky hospital was infected.

Brian Krebs writes "It’s a fair bet that as ransomware attacks and attackers mature, these schemes will slowly become more targeted. I also worry that these more deliberate attackers will take a bit more time to discern how much the data they've encrypted is really worth, and precisely how much the victim might be willing to pay to get it back."

Read the full report on Krebs on Security.

Only the Paranoid Survive

That's one of Andy Grove's most memorable quotes. It's also the name of a book he wrote. Grove, who served for many years as Intel's CEO, died this week at 79.

The obituary in the New York Times is the best I have read and it describes his birth in Budapest before World War II, how his father was sent to a labor camp by the Nazis, and how Grove and his mother changed their surname from Grof to Grove to escape attention by the German occupiers.

At the end of the war, the Soviet Union controlled most of eastern Europe and Soviet troops invaded Hungary in 1956. That's when Grove decided to leave the country and he managed to evade Russian soldiers, slip across the border into Austria, and then travel to the United States.

Like most leaders, Grove made mistakes. One cited in the article was Intel's first foray into microprocessors. The first one the company developed didn't work very well. "Part of the problem, Mr. Grove conceded in a 2001 interview with Wired magazine, was that he initially failed to take microprocessors seriously enough. 'I was running an assembly line designed to build memory chips,' he said. 'I saw the microprocessor as a bloody nuisance.'"

Grove was known as a ruthless and highly effective manager who recognized when the business was in trouble and found a way to make it survive.

See the full obituary in the New York Times.

Well, That Was (Not Exactly) a Surprise

About 2 years ago, stock photo company Fotolia started an inexpensive service called Dollar Photo. All images could be licensed for just one dollar. Techbyter Worldwide has used images from the service. Then Adobe acquired Fotolia for its $10 per image program. It was only a matter of time until Dollar Photo would be discontinued.

That time has come, but Adobe is doing the deed in a classy way: Dollar Photo subcribers can transfer any existing credits to Adobe Stock and they'll be good for a year. The $10 per month subscription fee includes bargain-priced Adobe Stock images at well under the normal price. They're maintaining the $1/image price for a year.

Adobe says "Please note that unused downloads transferred to Adobe Stock will be valid for 1 year, and that after 1 year, unless cancelled, your subscription will be billed at the standard subscription rate."

Users don't get a lot of warning. Late in March, Adobe notified Dollar Photo Club members that the service will terminate on April 15th. Users will be transferred to Adobe Stock on a "voluntary basis, offering them a better and more streamlined service, with a deep integration within Adobe Creative Cloud applications."

Beware, though. If you don't open an Adobe Stock account or use your downloads before tax day, you'll lose your remaining Dollar Photo downloads.

If you already have an Adobe ID, the process is easy. If not, you'll need to create one. Adobe Stock's portfolio is based on the Fotolia collection and that of Dollar Photo Club, so users have access to the existing Dollar Photo images as well as videos, including 4K to license on demand.

But ... "videos are not included in the offer. However they are available to license on-demand: $79.99 for HD, $199.99 for 4K." Users who don't migrate to Adobe Stock will not be able to access any unused downloads after April 15th.

There's some good news, though, in addition to the fact that Adobe is giving users a year to sort things out. "The image library on Dollar Photo Club is the same as is available on Adobe Stock – 50 million high-res photos, illustrations and vectors. There are also more features on Adobe Stock including video (HD and 4K)."

The US Treasury Has Filed Suit Against Me!

That's what the recorded voice told me. If I didn't call 321-301-1105 right away, I was going to be in trouble. BIG TROUBLE! The caller just wanted to help me, he said.

The following audio uses an HTML5 audio player. It may not work in older browsers.

Well, guess what ...

  • Area code 321 is in Florida.
  • The US Treasury Department is in Washington, DC (area code 202).
  • The Treasury Department doesn't call people regarding enforcement matters.
  • Conclusion: The call is bogus.

Calls such as these would be amusing if not for the fact that they interrupt people and apparently some of us are so uninformed that we take the bait and call the scammer.

Lisa Weintraub Schifferle, an attorney with the US Federal Trade Commission discussed calls like these on the FTC website. The caller may claim to be from the IRS or some other agency, but Schifferle explained calmly and clearly:

  • When you have a tax problem, the IRS will first contact you by mail, not by phone.
  • The IRS won’t threaten arrest, deportation, or loss of a driver’s license. 
  • The IRS won’t demand that you make payment right away.
  • The IRS won’t ask you to wire money, pay with a prepaid money card, or ask you to share credit card information over the phone.


Don't fall for the fraudster's scam. Report it!

So just relax and do the right thing. What is the right thing? Here's Lisa Weintraub Schifferle again: Write down the phone number so you can report the call to the FTC and the Treasury Inspector General for Tax Administration (TIGTA). If I’d been concerned that maybe I owed money to the IRS, I knew that I could check with the IRS directly by calling 1-800-829-1040.