'58 Million Names And Addresses, Please' - Tech Giants Reveal Wild Government Requests for D
Law enforcement agencies across the world are bombarding tech giants like Apple, Facebook, Google and Microsoft with thousands of requests for customer data every week, insiders revealed at a private security briefing in London earlier in March.
The data requests ranged from online fraud to terrorist investigations but also revealed government overreach and push back from tech companies. One global technology company was presented with a demand to hand over the names and addresses of 58 million users of a single app by a government trying to trace a suspected terrorist cell plotting a suicide bomb attack.
The users of the unnamed app doubled the population of the country making the request, which was rejected, according to a security expert from the company, who was speaking at the International Communications Data and Digital Forensics event in March. The event saw major Silicon Valley firms talking with major law enforcement bodies from the U.S. and the U.K. about how they can work together. It was held under Chatham House Rules, press were not permitted entry and guests were allowed in by invitation only. Forbes isn’t revealing the names of the speakers or their employers.
Chris Calabrese, vice president of policy at digital rights body the Center for Democracy & Technology, described the 58 million request as "astonishing" and "unusual."
"There are a lot of over broad requests here and it seems like it makes sense they pushed back," he added, talking about other cases revealed during the event. "We're glad they're doing this... There's so much info out there about all of us and we're really relying on third parties to push back for us."
Big data grabs
Security experts working for big tech companies also outlined other attempted data grabs by investigators. Police asked for CCTV from within a tech provider's store covering a whole month, which amounted to a massive 1.2 terabytes of information, as part of an investigation into pick pocketing at the outlet.
The tech company involved decided that because most of the footage was of innocent people simply browsing the store, it wouldn’t hand over the video feed. Instead, it handed over less than a gigabyte of information and the police solved the crime, according to the employee.
Whilst it’s rare for tech companies to disclose specifics on data requests, most do offer transparency reports. Apple, for instance, revealed in its most recent transparency report that in the first six months of 2018 it received 8,000 requests from the U.S. alone. Google, by comparison, received nearly 30,000.
Closer to the cops than you think
Encryption of phones and communications apps has been a flashpoint between tech companies and security agencies in recent years but outside of the headlines there are closer ties between the organisations than is widely assumed.
Apple is one tech company that has employed a number of ex-cops to man its law enforcement response team and lead training sessions to help police understand how best to acquire data relevant to their investigations. Forbes last year detailed training sessions delivered by Apple to San Francisco police. And in the coming months, Apple will have a new portal for law enforcement to make data requests and learn about training courses.
Speakers at the London event also outlined how police could obtain data without reaching out for assistance. Investigators could bypass the security protecting locked phones by tapping the Smart TVs or car entertainment systems linked with them, according to the tech employees.
For instance, it's well acknowledged that iPhones and the data on them can be mirrored on Apple TV or CarPlay, neither of which require a passcode or other authentication to open the device by default. If cops were quick enough when carrying out a search, they could turn on the TV or car infotainment system and acquire useful evidence.
Courtesy : Forbes