THE KEY

The tech press this week will be consumed by the new iPhones, AirPods and smartwatches Apple plans to unveil on Wednesday.  

But flashy new devices aren't the only things the tech giant has been working on: Apple is also going to unveil a new portal this year designed to make it easier for law enforcement to submit and track requests for its customers' data during investigations.

According to a letter the company sent to Sen. Sheldon Whitehouse (D-R.I.) obtained by The Washington Post, Apple will also form a dedicated team to train law enforcement on digital evidence, while also offering online training for investigators about how to submit their requests. 

“As more data ends up online and on our devices, we have to come up with new, smart ways for tech companies and law enforcement to unlock information that can solve crimes,” Whitehouse said in a statement. Whitehouse also said he was glad to see Apple launch the portal.

Since Facebook’s Cambridge Analytica scandal this past spring, much of the privacy debate is focused on the technology companies’ data practices — a shift from five years ago, when the Edward Snowden revelations put the spotlight on government agencies’ handling of citizens’ data.

In the five years since the Snowden documents were published, Apple has positioned itself as an advocate for user privacy — even in the face of legal challenges from law enforcement. The company has fought back against the FBI's demands it create a way around its encryption even when agents have a warrant,  saying any kind of "back door" into otherwise secure products would compromise the safety and privacy of all its consumers. 

This latest plan appears to be a rare olive branch to the law enforcement community. Apple seems to be trying to rewrite the common narrative that it is at odds with investigators by focusing lawmakers’ attention on the data it does share with them. 

Apple’s letter to Whitehouse, which was first reported by the technology news publication CNET, comes in the wake of a report issued by the think tank Center for Strategic and International Studies earlier this summer. The report found law enforcement’s day-to-day struggles with accessing digital evidence are much more mundane than the FBI’s fiery clashes with Apple. Often, the report found, law enforcement agents don’t know what data service provider to go to when they need information. Even when they do, the process for getting it is not clear-cut.

Previously, Apple required U.S.-based investigators to submit their requests via email. The portal will digitize that process and allow law enforcement officials to see the status of their request.

Jennifer Daskal, an author of the CSIS report on digital evidence, said from Apple’s perspective, the portal highlights how there are other means besides mandated access to encryption through which law enforcement can access evidence.

“Presumably this takes some of the pressure off of the encryption debate,” she said.

Many other technology companies are also stepping up their resources for law enforcement. Other technology companies such as Facebook and Google also have an online portal for law enforcement to submit requests and a team dedicated to helping them with digital evidence. Microsoft did not immediately respond to requests for comment.

These new initiatives could also make it easier for the companies, too. Technology companies are routinely flooded with requests from law enforcement. In the second half of 2017, Apple received 29,718 device requests. Daskal said it’s difficult for these companies to do training when they’re dealing with law enforcement at the local and state level, across many different geographies. She said “a single point of contact” is needed, and her report recommended that Congress authorize and fund a "National Digital Evidence Office" in the government that would be charged with developing a national policy on digital evidence.

As law enforcement grapples with many new kinds of digital evidence, pressure is growing on Congress to find ways to make it easier for them to make data requests. With the advent of Internet-of-Things devices -- in cities and in people's homes -- “there’s this whole ocean of new types of digital evidence law enforcement is being flooded with,” said Tommy Ross, BSA senior director of policy.

BSA members are engaged in discussions on how to improve law enforcement’s access to digital evidence without leading to policies that might undermine privacy considerations. The group has had conversations with lawmakers about some of the CSIS report recommendations, said Ross, including proposals for centralized organizations responsible for facilitating data requests and training law enforcement.

Because law enforcement at different levels and in different geographies have varied resources and forensic capabilities, Ross said the group is calling for an intensive congressional review of the current landscape of law enforcement training and capabilities.

PINGED, PATCHED, PWNED

PINGED: Homeland Security Secretary Kirstjen Nielsen has a message for election officials across the United States ahead of the November midterms: “Don’t underestimate the abilities of our adversaries. And don’t assume you won’t be affected by the next attempt” to interfere in elections. In prepared remarks Monday at a National Election Security Summit in St. Louis, Nielsen said the United States is in a better position to counter interference in elections this year than it was in 2016.

“The progress we have made is real, and the nation’s elections are more resilient today because of the work we are all doing,” Nielsen said, according to her prepared comments. “But to be frank — a great deal of work remains. The threat is still present, and we must remain committed to securing our democracy.” She said that by the time Americans head to the polls in the midterms, 90 percent of registered voters will live in an area where Albert sensors — a technology allowing DHS to monitor hacking attempts in election networks — are installed in election infrastructure.

Nielsen also urged election officials to strengthen the security of their systems, for instance by upgrading election technology. “We must have the ability to assure the American public that even if a disruption occurs, the results of the election are beyond question,” she said. “This means thoughtfully upgrading technology, knowing your vendors and ensuring that they are reliable and secure, and having the right personnel to bring it all together.”

PATCHED: “A federal judge could rule Wednesday on a far-reaching request to switch Georgia from electronic to paper ballots just eight weeks before November’s election,” the Atlanta Journal-Constitution’s Mark Niesse reported on Monday. “Changing the state’s voting system on short notice would be a dramatic change, but concerned voters and election integrity groups say it would eliminate the possibility the state’s touchscreen machines, which lack a verifiable paper backup, could be hacked.” Georgia is among five states relying exclusively on direct-recording electronic voting machines that do not include a verifiable paper backup. Plaintiffs in the case are seeking an injunction that would ban Georgia officials from using the electronic voting machines, according to the Journal-Constitution.

Georgia Secretary of State Brian Kemp, who is also the Republican nominee in the state’s gubernatorial race, is against switching to paper ballots before the November election. “Kemp, who supports a transition to paper ballots in time for the 2020 presidential election, said it would be irresponsible to force voters into an election crisis,” Niesse reported. “He warned that early-voting locations would close in Fulton County because of staffing shortages, paper ballots couldn’t be delivered in time in Cobb County and no county has budgeted for the expense statewide.”

PWNED: Researchers from KU Leuven university in Belgium say they have found a way to hack into Tesla's Model S cars by cloning key fobs.  “With about $600 in radio and computing equipment, they can wirelessly read signals from a nearby Tesla owner's fob,” Wired's Andy Greenberg reported Monday. “Less than two seconds of computation yields the fob's cryptographic key, allowing them to steal the associated car without a trace.” The researchers said that Tesla paid them $10,000 as a bug bounty after they alerted the company about the vulnerability in August 2017, according to Wired. However, Tesla just fixed the issue in June.

The researchers were able to pull off the hack because of the weakness of the key fobs' encryption, according to Wired. “The researchers found that once they gained two codes from any given key fob, they could simply try every possible cryptographic key until they found the one that unlocked the car,” Greenberg wrote. “They then computed all the possible keys for any combination of code pairs to create a massive, 6-terabyte table of pre-computed keys. With that table and those two codes, the hackers say they can look up the correct cryptographic key to spoof any key fob in just 1.6 seconds.”

PUBLIC KEY

— The White House changed its policy governing the use of phones after former White House aide Omarosa Manigault Newman released audio of Chief of Staff John F. Kelly that she said she recorded in the Situation Room as she was being dismissed, CNN’s Kaitlan Collins reported on Monday. “Going forward, staffers would not be allowed to leave their phones -- even the government-issued ones -- in lockers in the small entry area outside the Situation Room, as they had done for the previous 19 months of the administration,” Collins wrote. “Instead, staffers were directed to go back and put their White House-issued devices in their offices or alongside their personal phones in lockers stationed near the West Wing entrances before being buzzed into the Situation Room.”

— More cybersecurity news from the public sector:

The top IT officer at the Department of Homeland Security explained the different types of threats DHS faces.
Fifth Domain
More than 30 purported street gang members have been charged with stealing more than $1 million in what authorities said Monday was an unusually sophisticated credit card fraud scheme.
Associated Press
PRIVATE KEY
In July, a freedom of information activist dumped an unredacted cache of text messages allegedly hacked from Manafort's daughter's phone.
Motherboard
SECURITY FAILS
Security researchers have detailed how a criminal hacking gang used just 22 lines of code to steal credit card data from hundreds of thousands of British Airways customers.
Wired
THE NEW WILD WEST

— “In crossing the threshold of unmasking an alleged Lazarus Group member last week, the Department of Justice showed the efficacy of combining private digital forensics with the long arm of the law,” CyberScoop’s Sean Lyngaas reported Monday. “Yet if history is any guide, experts say outing the alleged hacker will do little to curb North Korea’s behavior. Instead, researchers believe the group will clean up its operational security and continue to evolve.

— “Many governments are neglecting or ignoring their duty to protect online encryption that helps ensure freedom of expression and privacy, the U.N. expert on digital privacy rights said on Monday,” Reuters's Tom Miles reported. “In many states including Russia, China, Iran, Turkey, Pakistan and Britain, citizens cannot count on keeping their online conversations private, according to a report prepared for the U.N. Human Rights Council by special rapporteur Joseph Cannataci.”

The strong suspicion that Russia was behind the alleged attacks is backed by signals intelligence, meaning intercepted communications, say U.S. officials.
NBC News
CHAT ROOM

— And in other cybersecurity news:

ZERO DAYBOOK

Today

Coming soon

EASTER EGGS

How Serena Williams has rewritten rules for women in tennis:

Capital Weather Gang's Hurricane Florence forecast:

Uganda's Museveni warns against foreign interference: