When a federal court ordered the Apple computer company in February to craft a custom software utility that would be able to bypass the password protection on an iPhone formerly belonging to the late San Bernardino shooter Syed Rizwan Farook, Apple refused on the grounds that this would give the federal government carte blanche with regard to accessing the information on any iPhone in existence. Ultimately, the feds managed to hack the phone on their own, and they aren’t saying how.
If there’s a lack of trust between the federal government and tech companies these days, it is quite likely due to the fallout the latter received after many of them dutifully cooperated with the government in the aftermath of the September 11, 2001 terror attacks, only to be implicated years later when it was discovered that the government ran roughshod over the Constitution and Americans’ civil liberties in their efforts to “keep us safe.”
Commencing almost immediately after the attacks, President George W. Bush authorized the National Security Agency (NSA) to conduct surveillance activities inside the United States, which had been forbidden by law for decades. By the time the government’s multi-billion dollar data gathering and storage complex in Utah was ready to come online in 2013, it had become known that under Presidents Bush and Obama, the federal government had been engaging in all manner of illegal clandestine domestic surveillance. In addition to that, the Obama administration brazenly targeted members of the press for surreptitious electronic surveillance and harassment.
Yet, the government still thinks it merits Americans’ trust. Speaking to students at the University of Chicago this month, President Obama told his audience that the privacy expectations Americans have regarding private digital media and communications are unrealistic if they want to be protected from hackers and terrorists. Further, that they should be more open to government scrutiny of private digital media if they wish to be protected.
For the record, the government is under no constitutional obligation to protect citizens, corporations, or other private organizations from hackers, nor has there been a public outcry for such safeguards. Terrorists are obviously another matter entirely. Obama should be aware of this, since he once supposedly taught Constitutional Law at that very university.
Given the implications of Apple’s fight with the FBI over Syed Farook’s iPhone, the NSA domestic spying scandal, and ongoing concerns over all of the above, surveillance and communications security are uppermost in the minds of many Americans, particularly tech-savvy ones, and those who do business in sensitive and proprietary areas.
In fact, the makers of the world’s most popular instant-message app, WhatsApp, announced this month that it is now fully encrypted on all platforms for mobile devices. The encryption is so good, co-founders Jan Koum and Brian Acton said on April 5, that even they (the company) can’t break into encrypted messages. Koum, WhatsApp’s CEO, grew up in the USSR during communist rule and has a passion for preserving free speech. Lack of freedoms in his home country was a chief reason that his family emigrated to the United States. WhatsApp boasts over 1 billion users.
Personal communications security is a concern not only for private individuals, but for small businesses, corporations, and governments. One may recall that the NSA controversy also implicated the Obama White House in spying on high-level officials among our European allies.
As untold millions of consumers and those in the business world have noted, where there is sufficient demand, the market will always deliver, or a market will emerge as if from thin air.
Given the nature of the news and news analysis business, some of those therein are fortunate enough to occasionally become acquainted with individuals in the realm of security, military and intelligence operatives, the occasional government official, and of course, whistleblowers. By virtue of this phenomenon, at least one has become apprised of the fact that the market has indeed delivered according to the current demand for communications security.
A utility has been developed by former members of Western intelligence agencies and digital technology experts that promises to secure all forms of digital communications for its users, whether individual civilian end users, businesses, or governments. This utility has been tested amongst a small number of this group and some enrolled participants. It has also piqued the interest of investor groups and several governments.
This groundbreaking utility is currently called DEAF by its developers, which stands for Defense Enabling and Assisting Framework. An evaluation of DEAF and its efficacy was conducted by a third party security firm which had been enlisted by an unaffiliated agent. They were unable to circumvent nor hamper the operation of this utility, which is what they were tasked to do.
While it has been necessary to omit certain particulars concerning DEAF from this article for reasons of security (including the name of the third party firm which carried out the analysis), inclusion of this excerpt from the third party analysis was authorized by the developers:
“We thoroughly tested the DEAF platform security comprised of test cases that correspond to over twenty platform security protections, including but not limited to: root detection, secure boot, authentication, data encryption/ obfuscation, local/ auto wipe, device lock, remote wipe, activity monitoring and data retrieval, unauthorized dialing, SMS, unauthorized network connectivity (exfiltration or command & control), UI impersonation, system modification (rootkit, APN proxy config).”
- From DEAF third party analysis
Anyone who is familiar with digital security or who followed the Apple-FBI fracas is aware that encryption is the current standard for securing digital communications. Data is scrambled or encoded (encrypted) so that it is unrecognizable to receiving (or intercepting) devices, and unscrambled or decoded (decrypted) by authorized parties on the receiving end. The issue with encryption is of course that one has to have the correct software and codes to execute decryption at the other end, which usually necessitates collaboration of parties or uniformity of equipment at both ends.
Thus, for reasons germane to the Apple-FBI case and others, the legality of government agencies and others who might want to decrypt data against the wishes of the originators is a hot issue. Right now, Senators Richard Burr and Dianne Feinstein are working on a bill that would allow federal judges to order tech companies to provide encrypted data to law enforcement, among other things. Two weeks ago, the House Judiciary Committee and the House Energy and Commerce Committee created a bipartisan research group, and claimed primary jurisdiction over encryption. Whatever that means, it at least imparts an idea of how critical the legal disposition of encryption is to our government.
DEAF’s performance is not predicated upon encryption however, a fact that is likely to astound and distress security experts, hackers, tech gurus, and government agencies alike.
“When it comes to securing communication on your phone, DEAF offers a ground breaking innovation into the cyber security market place unlike anything the cyber security community has ever seen. DEAF moves beyond the standard SSL encryption that most services provide, as unencrypted versions of your data are kept by most companies… During our thorough testing of DEAF technology we were able to determine that this solution is not a simple or for that matter complex encryption system but rather a total breakthrough in data and voice obfuscation.”
- From DEAF third party analysis
When word got out about DEAF during the testing phase, the principal developer and business spokesman for the group (an American expatriate and former intelligence operative) was immediately deluged with queries and impressive offers from investor groups and over a half-dozen governments, not all of which are friendly to the United States.
Another interesting aspect to this story is that for some reason, the most prominent technology journals had no interest in reporting on the DEAF utility or how it came to be. Those that were approached did not even respond with a clear reason for passing it over.
How this eventually pans out, and who ultimately winds up with control over DEAF, whether for commercial, private, or government use, will be entirely contingent upon the offers made weighed against the needs and objectives of the group that created it. Obviously the implications are far-reaching, and the deal itself, whatever that may wind up entailing, could involve billions of dollars.
Consumers and businesses may soon see DEAF offered under some catchy brand name in a move that will again astound and distress security experts, hackers, tech gurus, and government agencies alike.
Or we may never hear about it again… but DEAF will be out there, rest assured.
It already is.