The Year 2014’s Biggest Winners and Losers in Privacy and Security

PRESENTED BY: GOLDEN LOCKSMITH

SURVEY BY: WIRED

The Winners

Apple

Florida Supreme Court

Yahoo

WhatsApp

U.S. Supreme Court

Google’s Project Zero

Apple

If the NSA can be thanked for anything it’s for the competitive race the spy agency helped spur among tech companies scrambling to outdo one another in the privacy realm. Apple took the lead when it announced that the operating system, iOS8, would encrypt nearly all data on iPhones and iPads by default—including text messages, photos and contacts—and that Apple itself would not be able to decrypt it without the user’s passcode.

WhatsApp

The mobile messaging app outdid even Apple’s own messaging protections when it announced it was implementing end-to-end encryption for its hundreds of millions of users. WhatsApp communication is now encrypted with a key that only the user possesses and stores on his or her mobile phone or tablet, which means that even WhatsApp cannot read the user’s communication or be compelled by spy agencies and law enforcement to decrypt it.

Florida Supreme Court

In an important case closely watched by civil liberties groups, Florida’s top court ruled that cops need a warrant to obtain cell tower data. The court ruled that obtaining cell phone location data to track a person’s location or movement in real time constitutes a Fourth Amendment search and therefore requires a court-ordered warrant. But the ruling would also cover law enforcement’s use of so-called “stingrays”—–devices that simulate a legitimate cell tower and force mobile devices in the vicinity to connect to them so that law enforcement agencies can locate and track people in the field without assistance from telecoms.

U.S. Supreme Court

In another important case, the nation’s top court ruled that cops can’t search the cell phones of arrestees without a warrant. U.S. prosecutors had argued that an arrestee’s cell phone was “materially indistinguishable” from any other storage device, such as a bag or wallet, found on an arrestee. But the justices weren’t buying that claim. “Modern cell phones, as a category,” they wrote in their decision, “implicate privacy concerns far beyond those implicated by a cigarette pack, a wallet or a purse.”

Yahoo!

The company launched the fight after receiving a warrantless request for data in 2007. It’s not clear the extent of the data the government sought, but Yahoo fought back on Fourth Amendment grounds, asserting that the request required a probable-cause warrant and that the request was too broad and unreasonable and, therefore, violated the Constitution. The battle came to an end in 2008 after the Feds threatened the company with a massive $250,000 a day fine if it didn’t comply, and a court ruled that Yahoo’s arguments for resisting had no merit

Google’s Project Zero

Vendor bug bounty programs have been around for at least a decade, with software makers and web sites increasingly upping the amount they’re willing to pay to anyone who finds and reports a security vulnerability in their program or system. This year Google upended the tradition by announcing it had built an in-house hacking team to hunt for vulnerabilities not only in its own software, but in the software of other vendors as well. Project Zero aims to make the internet more secure for everyone by focusing on uncovering the high-value vulnerabilities, like Heartbleed and Shellshock, that put everyone at risk.

THE LOSERS

Sony

US Marshals

Gamma International

President Obama

Verizon

Sony

Plenty of companies over the years have suffered sensational hacks, but Sony’s breach may turn out to be the hack of the decade—not only because of the nature of the breach and the information stolen, but the way the pilfered data is being rolled out in batches, prolonging the agony and suspense for workers and executives. Some of the disclosures have been lame and mundane—for example, the pseudonyms celebrities use to check into hotels. Others have been embarrassing, such as the tasteless and racist exchange about President Obama between Sony Co-Chairman Amy Pascal and producer Scott Rudin.

President Obama

This year the U.S. government finally acknowledged that it withholds information about security vulnerabilities to exploit them, rather than passing the information on to software vendors and others to fix them. In making this revelation, the White House announced it was “reinvigorating” a so-called equities process designed to determine when to withhold and when to disclose—overseen by the president’s National Security Council. Going forward, the NSA must disclose any vulnerabilities it discovers—unless the hole would be useful for intelligence agencies or law enforcement to exploit.

US Marshals

In a move so stunning that civil liberties groups are still shaking their heads over it, the U.S. Marshals Service in Florida made a Hail Mary to seize public records about a surveillance tool before the ACLU could obtain them. The civil liberties group had filed a public records request with the Sarasota, Florida, police department for information detailing its use of stingrays and had made an appointment to visit the facility where the documents were being held. But before they could get there, marshals swooped in to grab the records and abscond with them, claiming the police department didn’t own them

Verizon

Consider it the digital cookie monster that gobbles all your footprints. Verizon Wireless ran into trouble when a technologist with the Electronic Frontier Foundation noticed that the telecom had been tracking its wireless users online activity by subtly slipping a “permacookie”—a string of about 50 letters, numbers, and characters—into data flowing between users and the websites they visited. Users got the cookie whether they wanted to be tracked or not, since Verizon revealed there was no way to “turn it off.” AT&T was testing a similar system with its customers until the backlash prompted the telecom to stop the practice.

Gamma InternationalIn October, the UK civil liberties group Privacy International filed

a criminal complaint against with the National Cyber Crime Unit of the National Crime Agency alleging that the company was criminally complicit in helping the Bahrain government engage in unlawful interception of communications—a violation of UK’s Regulation of Investigatory Powers Act 2000—and that Gamma was not only aware of the surveillance but actively assisted it. By selling and assisting Bahraini authorities in their surveillance, the complaint asserts, Gamma is liable as an accessory under the Accessories and Abettors Act 1861 and is also guilty of encouraging and assisting the unlawful activity, a crime under the Serious Crime Act 2007.

Questions?LEAVE YOU QUESTIONS IN COMMENTS