Wired

American law enforcement has long advocated for universal “kill switches” in cellphones to cut down on mobile device thefts. Now the Department of Justice argues that the same remote locking and data-wiping technology represents a threat to police investigations -- one that means they should be free to search phones without a warrant.

In a brief filed to the US Supreme Court in the case of alleged Boston drug dealer Brima Wurie, the Justice Department argues that police should be free to warrantlessly search cellphones taken from suspects immediately at the time of arrest, rather than risk letting the suspect or his associates lock or remotely wipe the phone before it can be searched.

The statement responds to briefs made to the court by the Center for Democracy and Technology and the Electronic Frontier Foundation arguing that warrantless searches of cellphones for evidence represents a serious violation of the suspect’s privacy beyond that of a usual warrantless search of a suspect’s pockets, backpack, or car interior.

When ex-government contractor Edward Snowden exposed the National Security Agency’s widespread efforts to eavesdrop on the internet, encryption was the one thing that gave us comfort.

Even Snowden touted encryption as a saving grace in the face of the spy agency’s snooping. “Encryption works,” the whistleblower said in June 2013. “Properly implemented strong crypto systems are one of the few things that you can rely on.”

But Snowden also warned that crypto systems aren’t always properly implemented. “Unfortunately,” he said, “endpoint security is so terrifically weak that NSA can frequently find ways around it.”

Since the Heartbleed bug has existed for two years, it raises obvious questions about whether the NSA or other spy agencies were exploiting it before its discovery. Now that caveat has hit home -- in a big way -- when researchers revealed Heartbleed, a two-year-old security hole involving the OpenSSL software many websites use to encrypt traffic.

“It would not at all surprise me if the NSA had discovered this long before the rest of us had,” Matt Blaze, cryptographer and computer security professor at the University of Pennsylvania says. “It’s certainly something that the NSA would find extremely useful in their arsenal.” So far, though, there’s no evidence to suggest this is the case. For one thing, the bug did not affect every website.

The biggest US Internet wiretapping program outside the National Security Agency may be headed to the Supreme Court. Google is asking the high court to rule on the legality of the company’s past sniffing of unencrypted Wi-Fi traffic in neighborhoods around the country as part of its Street View program. If the Supreme Court hears the case and eventually rules that unencrypted Wi-Fi sniffing is legal, that might be seen as a boon to criminals who eavesdrop on public access points to sniff out passwords or credit card numbers. But Google ingeniously argues that the 9th Circuit’s ruling is actually bad for computer security, because it could bar legitimate security scanning.

The National Security Agency’s global spy operation may seem unstoppable, but there’s at least one target that has proven to be a formidable obstacle: the Chinese communications technology firm Huawei, whose growth could threaten the agency’s much-publicized digital spying powers.

An unfamiliar name to American consumers, Huawei produces products that are swiftly being installed in the Internet backbone in many regions of the world, displacing some of the western-built equipment that the NSA knows -- and presumably knows how to exploit -- so well. That obstacle is growing bigger each year as routers and other networking equipment made by Huawei Technologies and its offshoot, Huawei Marine Networks, become more ubiquitous. The NSA and other US agencies have long been concerned that the Chinese government or military -- Huawei’s founder is a former officer in the People’s Liberation Army -- may have installed backdoors in Huawei equipment, enabling it for surveillance. But an even bigger concern is that with the growing ubiquity of Huawei products, the NSA’s own surveillance network could grow dark in areas where the equipment is used. For that reason, as the latest Snowden revelations showed, the spy agency reportedly hacked Huawei as part of an operation launched in 2007. The plan involved stealing source code for some of Huawei’s products in the hope of finding vulnerabilities. Such security holes could allow the NSA to exploit the products and spy on traffic in countries where Huawei equipment is used -- such as Iran, Afghanistan, Pakistan, Kenya, and Cuba. “Many of our targets communicate over Huawei-produced products,” an internal NSA document obtained by Snowden noted in 2010, according to the New York Times. “We want to make sure that we know how to exploit these products … to gain access to networks of interest” around the world.

[Commentary] The US government announced, in a smart front-footed move, that it intends to release oversight of its long-treasured Internet Assigned Numbers Authority (IANA) contract under which the US Commerce Department contracts Internet Corporation for Assigned Names and Numbers (ICANN), a private US company, to perform key Internet administration tasks.

This prescriptive, carefully-limited announcement is the long-awaited fulfilment of a promise made 16 years ago when ICANN first came into being, and it would be the first time since the net's inception that the US government would abandon formal oversight. Of course, US vested interests in ICANN as a US-based company, subject to US law, and partial to US industry, remain, as does the almighty US technical and economic leverage over the digital ecosystem.

Contrary to reactions by US conservatives, this recent move barely diminishes that control, at least not immediately. Instead, it marks an early strategic play by the US to control future discussions of net governance. What it changes, to uncertain ends, is the balance of power between US public and private interests. We are moving inexorably towards a situation where enormous amounts of control are centered in private hands, often beyond the scope of effective regulation. This should be a matter of great concern.

[Powles researches and writes on law, science and technology at the University of Cambridge]