Latest in Gear

Image credit: German

ACLU urges devs to safeguard users with anti-snooping measures

The union believes software updates are vulnerable to government misuse.
333 Shares
Share
Tweet
Share
Save
German

Apple recently announced that it was closing the loophole that allows authorities into iPhones via the charging and data port. The company said it wasn't trying to defy police, but rather deter criminals and spies who aren't bound by privacy laws. However, the American Civil Liberties Union (ACLU) believes that government requests for personal data still represents a significant security risk to users, and is launching a guide for software developers to help them make more informed decisions about protecting the integrity of software update channels.

According to ACLU, Apple received 8,929 demands for user information from the government in 2017, while Google received 32,877 -- allegedly just a fraction of the demands made public. A blog post by the union claims that, "in light of companies closing technological loopholes, law enforcement continues to search for alternate vulnerabilities to exploit. As other backdoors in encrypted devices are closed, the software update system will be an increasingly appealing option to law enforcement."

The guidance urges software developers to consider what will happen if the ACLU's concerns are realized and authorities demand these kinds of updates, and includes tips on how to prepare and implement privacy-minded technical designs that limit the possibilities of what can be done, even with a government order.

"Software developers are users' first line of defense against unlawful government encroachment into their devices," says Abdullah Hasan, communications strategist with the ACLU. "And if users lose trust in software updates due to fears that the government is using software updates to break into devices, vulnerabilities won't be patched. This will endanger entire networks."

From around the web

ear iconeye icontext filevr