Tag Archives: Harvey Anderson

Why Can’t Apple Just Give the FBI What it Wants?

Recently the FBI obtained a court order that compels Apple to create and install a backdoor into its iPhone software to intentionally disable certain security measures. Although benign on the surface, this raises serious and pressing questions about the relationship between the government and technology companies, public safety, and user security. These concerns are so pressing that the tech industry, device manufacturers, and civil rights groups have nearly unanimously registered their opposition to the FBI’s actions to force Apple to weaken and alter its software for the FBI’s criminal investigation.

Given the importance of this issue and the high stakes, we, like others have articulated our opposition in publications and through media channels. Today, we took an extraordinary step of filing an amicus brief, prepared by Andrew Bridges and Tyler Newby, leading tech attorneys at the firm of Fenwick & West. The brief is intended to further educate the court on the adverse consequences of the order and the proper application of the relevant laws to the facts in this specific case.

At issue is how much authority we, as citizens, are truly willing to cede to the government in the name of national security and public safety. We think this order goes too far. Strong technical security fosters strong public safety. In a world where everyone’s digital footprint is a potential point of physical vulnerability, strong public safety in fact isn’t even possible without strong technical security.

This case won’t change that, regardless of who wins. A secure product, digital network, and device ecosystem improves safety by making it harder for criminals and those with malicious intent to compromise users’ security and privacy. We understand this may make it harder for law enforcement at times, but we made that decision when we signed the Bill of Rights 225 years ago this December.

The Vice Chairman of the United States Joint Chiefs of Staff Admiral James A. Winnefeld, agrees, having recently remarked, “I think we would all win if our networks are more secure. And I think I would rather live on the side of secure networks and a harder problem … on the intelligence side than very vulnerable networks and an easy problem [for our intelligence agencies].” The benefits of strong security outweigh the costs.

This debate is not new; it has been going on with the tech industry since at least the 70s, in various forms. The tech industry has also largely cooperated with law enforcement in the past, as did Apple in this case. But to cooperate here asks too much. To do so would be to take an action most companies would never willingly take—one that is antithetical to their very business.

Regardless of what happens in this case, we foresee that the tech industry response will be to adopt even more rigorous security measures, including ones they themselves cannot even exploit, balanced only by the business need to provide users data-based services. We are committed to continuing these vital conversations with fellow tech companies, legal experts, consumer advocates, and anyone else affected by this issue, one whose importance we cannot overstate and whose ramifications we likely cannot even yet conceive.

By Harvey Anderson, Chief Legal Officer and Justin Olsson, Product Counsel

The Fight for Privacy– Apple vs. the Federal Government

AVG’s Chief Legal Officer, Harvey Anderson recently sat down with Marty Gonzalez from San Francisco’s Kron 4 Morning News Weekend to discuss why Apple is fighting back against privacy disclosure.

Over the last few weeks the entire country has been discussing the court order enforcing Apple to unlock data security from the iOS device used by one of the alleged terrorists in the San Bernardino shooting.  Whether talks of support were in favor of the Federal government or for the tech giant, the larger issue that continues to rise to the surface is how this could jeopardize the privacy of millions of iOS users.

Recently, AVG’s Chief Legal Officer, Harvey Anderson sat down with San Francisco’s own Marty Gonzalez from Kron 4 Morning News Weekend, to discuss the severity of Apple complying with the ruling and unlocking the door to privacy.

VIDEO: Chief Legal Officer discusses Apple vs Federal Government

Gonzalez: ….So far it’s been a stalemate between the FBI and Apple. What would be the long term range impact of Apple refusing this court order to crack the code?

Anderson: I think it’s dangerous what’s happening right now…You’re essentially asking a company to introduce a vulnerability, a bug, a security flaw into its system. Once that happens, there’s not a lot of confidence that this bug will only be used for this case. Suppose an authoritarian government gets it, suppose a malicious hacker gets it. Will it also be used the next time you want to get data….?

Gonzalez: Let’s say people are, people are thinking, wait a minute, why doesn’t Apple just give the FBI the phone, Apple cracks the code and gives it back to the FBI and it’s just a one-time deal. Is that not plausible?

Anderson: Not really. Actually, what happened in this case is that Apple was working very closely with the FBI and right after the phone was taken into custody it appears that we just learned is that the Apple ID password was reset. So Apple has a very easy way to do an iCloud backup of this phone. The phone could have been brought to a trusted network, the network would have recognized the data, and then the government could have gotten the data from Apple’s Cloud which it has access to. But someone within the San Bernardino county officials recently tweeted that the FBI asked them to reset the passwords, which prevented this easy method to get the data.

Gonzalez: Apple and the Federal government have been arguing the whole topic about encryption for years. This is just the latest step. Where do you think this issue goes from here?

Anderson: It’s so unknown. It’s such a dangerous precedent. If this order is upheld. As you know this order was actually an ex parte order. Apple has not had a chance to oppose it legally but I think it’s such a dangerous to force a company to introduce a security flaw. The problem is that there is no privacy without security. That’s the underlining paradigm that exists here. Once you start to take away security, it starts to compromise people’s privacy. It’s not privacy against the proper judicial use of disclosure and discover it’s against others.

Gonzalez: Apple is arguing that once it’s gone, it’s gone.

Anderson: Exactly.

Teaching the Next Two-Billion Smart Users How to “Drive” on the Internet

When you got behind the wheel of a car for the first time, you probably underestimated the power of the vehicle in your hands. Most likely, you had someone teach you how to drive and educated you on the good and bad that can come of it, preaching that your chances of having a safe and enjoyable experience are best if you know the rules of the road and learn how to practice a little defensive driving.

It’s really no different when teaching kids how to navigate the Internet.

According to recent findings out of Common Sense Media, online media use is at an all-time high and when we give our children access to the Internet; be it through a smartphone, tablet, PC or any other connected device, we are really giving them access to a powerful vehicle. It’s the job of parents, educators and other influencers to teach safe and responsible Internet use.

Last year I first introduced the Smart User initiative in which AVG vowed to make meaningful strides in educating Internet users from its dangers with the right content at the right time. One year and multiple partnerships later, the Smart User mission is well on its way. While it’s everyone’s job to keep kids and those new to the Internet informed, here are some things you can do as a parent to help your child successfully and safely use the Internet.

  1. Have your child sit in the passenger’s seat while you drive
    If you think your kids are ready for the Internet, next time you’re using it, have them sit and watch how you safely navigate. Make sure to point out signs of danger and things to avoid clicking. Describe what you’re doing, and why.
  1. Have your child lean over and grab the wheel
    Now that they’ve seen firsthand how the Internet works, have your child lean over your shoulder and do a bit of safe clicking.
  1. Switch seats; it’s time for them to take the driver’s seat
    With you at a safe distance but not hovering over them, let your child use their connected device. If they run into trouble they can always rely on you to be nearby.

Finally, don’t forget to continue your education on the Internet’s latest threats and risks by visiting our blog regularly at now.avg.com. For more information on #SmartUser, visit smartuser.com.

It’s Cyberattack Season: Did You Get Your Immunization Shot?

There’s a term in public health known as “herd immunity.” The idea is that when a critical number of people are immunized against a contagious disease, most members of that community become protected against the disease, whether or not they received an inoculation.

Breaking the chain of a disease’s transmission enables us to interrupt the ability of the pathogen to set in at a broader scale in our community. In this way, vaccinations protect people who have and haven’t been vaccinated.

The same principle applies to our digital lives which are just as connected, if not more connected, to digital threats and “pathogens” that steal our data and identities, disrupt our productivity, and mar our public profiles.  We spend a great deal of time and energy investing in firewalls and the technical parts of our infrastructure to protect data and privacy, but what about our behavioral practices?

Do we take the time to inoculate ourselves against habits that could risk the digital wellbeing of our family and friends? Or do we, for example, still ask family members for Social Security numbers via email? Or send credit card information and/or passwords insecurely?

“The important principle here is that there are things I can do to help ensure a safer online world for you, and vice versa.”.

If, for example, you posted a compromising photo on social media, I can opt to not re-post it, protecting you from further harm. And if everyone who comes across the photo does the same, we’ve inoculated you from damage even though you had failed to protect yourself.

This is the mindset that we need to adopt in being good digital citizens and embodying the characteristics of a “smart user.” By doing so, we can create an entire network and community of safety and protection.

Most of us, especially the youth and others around the world who are coming online for the first time, are particularly vulnerable. We were all the same at some time. When I worked at Netscape, for example, and got my first email message from a friend “stranded in Thailand,” asking for money – I almost fell for it! On the exposure curve, I was just like a lot of new users today.

Let’s take a page from the herd immunity playbook and create a safer and more private digital world for all of the new users coming online, in addition to helping these users become more educated in smart online behaviors.

AVG has committed to a smart user digital citizenship initiative to build a better web. Please join us or see how you can support this initiative. Because after all, the more you do to help make the web a safer place, you do so not only for yourself but for the whole herd.

To learn more, please visit smartuser.com.

Kids safety online depends on us being better role models

We lock our doors and activate security systems to keep intruders out. We place parental controls on TV channels to manage what our children watch. We keep our kids out of R-rated movies until we feel it’s appropriate. We monitor the violence of their videos games. All of this to keep them shielded from explicit content. Except this time, the violence was very real and readily available on social media.

The recent shootings in Virginia created an unprecedented situation for parents. The incident was caught on camera during a live broadcast of a television newscast, producing a graphic video of the shooting, violence that wasn’t in a video game or TV show but a real murder. That clip, along with video of shocked expressions during the newscast, circulated the Internet available for children to stumble upon. The shooter also recorded the murder from his phone and uploaded it onto social media, making the video widely available. And people viewed it and shared it.

This also raises larger questions: How many people viewed these videos online? Should we have sought out and viewed these videos? Is there a social responsibility to take ownership of our online behaviour? Is our own behaviour demonstrating to our kids how to responsibly use the internet?

The children we try so hard to protect could have seen these videos online. Children’s introduction to the Internet often happens before they’re educated in online safety skills. An AVG Technologies survey found 66 percent of children ages three to five stated that they can play a computer game, but only 14 percent can tie their own shoes.

Much of the online crises that can occur to youth today—from teen sexting to identity theft to cyberbullying—can be mostly avoided if they understand the consequences of their actions. According to the same survey from AVG, nearly one in three teenagers said they regret posting something online and 32 percent have had to ask someone to remove content posted online about them.

When technological development outpaces society’s sense of responsibility and understanding of that technology, it can create unintended consequences in our lives and in the lives of our children. The answer is not only to encourage a society-wide attitude of responsibility for our impact as digital citizens, but also to empower the leadership of organizations to work together and create new solutions that allow innovation to continue while taking responsibility for our own digital lives.

For more information about the Smart User Initiative, go to www.smartuser.com.

Why you should celebrate Data Protection Day 2015

So what is Data Protection Day? It’s a holiday proclaimed by the Council of Europe on January 28, 2007. The goal is to raise awareness and promote privacy and data protection best practices.

It is globally celebrated and in the U.S. often referred to as Data Privacy and Protection Day, but it’s still a holiday! So tell your boss, and take a day to yourself. In the words of Madonna, rather the spirit, perhaps we should “Celebrate.”

If we took a data day, took some time to celebrate,
Just one data out of life
It would be, it would be so nice

Everybody spread the word… We’re gonna have a celebration
All across the world, In every nation

It’s time for the good data practices… Forget about the bad, oh yeah…
We need a holiday…

 

On this anniversary of Data Protection Day, the promise is matched only by the tension. In the past year, we’ve seen unprecedented data hacks, continued instances of government surveillance, and an ongoing tide of commercial data collection and use practices that don’t always bode well for consumers.

Data Protection Day 2015

 

This is amplified by real concerns for people’s safety, life, and liberty. Criminal enterprises continue to engage in identity theft and financial fraud.  Terrorist attacks, like those recently in France, further fuel our fears and heighten the impulse to use more invasive state surveillance techniques.

Add to this the sea-change in the landscape created by mobile devices, which will look like nothing compared to the changes ushered in by the Internet of Things. We have more data, more collection points, more providers, more sensitive information, and growing commercial and state appetites to use the data that define our lives.

So why celebrate? Well, a set of forces seems to be converging that indicates a corresponding change in attitude to better protect consumers and change the pH of the ecosystem so it’s more habitable for businesses and users alike.

The FTC released a thoughtful report on IoT that gives us a framework to get ahead of the changes. President Obama recently proposed new cyber-security and data breach legislation that is promising, provided the voices of civil society advocates like CDT and the EFF remain engaged.

The EU continues to work on updating the data protection act to address both the technological and societal changes that have occurred since it was first drafted. More importantly though, the heat in this space has been turned up. There is more debate.  More industry leaders are devoting increasingly more mind share.  Notions of choice, transparency, control, and reasonable defaults – the very threads that weave the fabric of trust that we depend upon – are no longer dirty words.

While these may seem like concepts beyond your desktop, there is a lot each of us can do to take back some of our privacy. Today, I actively managed my privacy settings in iOS. I disabled location services for all those apps where it didn’t make sense.  Why for example do the camera or ADP (payroll) apps need to use my location in the background when I’m not using them? Something doesn’t seem right.

Google Maps Sharing

 

Some apps, I was pleasantly surprised to find, like Google Maps and ESPN’s SportsCenter, do give me the option to turn location services on only “while using.” This makes sense to me and is an example of privacy forward design that gives users better and more refined choices.  The fact that the interface exists at all is an example of transparency that didn’t exist in earlier versions of iOS, and a good sign that things are changing.

All this is to say – the tide is shifting. In this transition, there is more opportunity than we can imagine. We don’t believe that users have to trade privacy and security to benefit from the wealth of data-enabled services available now and soon to come.

Today there is growing interest in shaping a future that is more people-centric than device-centric, and that properly reflects the human rights that we expect. I am optimistic that there is more future than there is past. That’s something to celebrate.

Creating the Next 2 Billion Smart Users

The smartphone will be the on-ramp to the Internet, if not the only ramp, for the next wave of new users – largely because it’s the easiest way for them to get there and broadband isn’t available. For one, the mobile Internet can reach places that wired connections can’t (and likely never will). Moreover, the price is right. The cost of owning a smartphone is decreasing as manufacturers and carriers alike compete for new users. Soon millions of people will hop online for the first time, all thanks to the smartphone.

It’s terrifically exciting, and it’s also a terrific challenge.

 

New Skills for a New World

Think of it this way, more than half of the human population is ready to dive into the digital world with little to no instruction. It’s like getting behind the wheel of a car for the very first time and heading right onto the highway. Just like driving, getting around safely in this new world demands a new set of skills. Every one of those new users will need guidance on any number of things, like how to prevent identity theft, how to protect their personal privacy, and even how to build a business online. The list goes on.

But who’ll be there to teach them those skills? After all, nothing like that is covered in an owner’s manual. Whose responsibility is it anyway? I believe it’s everyone’s responsibility and I’m far from the only one who feels this way.  It’s about changing social norms and learning how to care for yourself and the welfare of others on the Internet.  We’re familiar with the stories of teen sexting, over disclosure, identity theft, cyberbullying – much of which could be curtailed if we, as users, understand the consequence and knew how to avoid them.

Our core assumption is that the content exists but it’s not presented to the users at the right time in an engaging fashion at a point when choices are made.

 

The Smart User Mission

This September, I was privileged to attend the annual Clinton Global Initiative, where industry and world leaders gather to create innovative solutions that take on the world’s most pressing challenges. One of the topics AVG rallied around was “Digital Citizenship,” a growing movement based on the belief that everyone on the Internet is responsible for making it a better place. As a result, I’m pleased to announce AVG’s Smart User mission, which is our Commitment to Action as a member of the Clinton Global Initiative.

The objective of the Smart User mission is to create the next two billion smart users on the mobile Internet. Along with carriers, device manufacturers, developers, content providers, and organizations across the globe, our aim is to provide two billion mobile Internet users with the tools and information they need to be safer, happier, and more productive online.

The mission’s approach is to engage these mobile users right from the start – the very moment they start using their phones. It begins with the “Smart User” app, which will launch when users first set up their phones. Right away it will provide fun and engaging content to help users make educated choices about their security and privacy. From there the Smart User mission will provide users with continuous guidance as they spend more and more time online. We’ll be partnering with mobile carriers, device manufacturers to get the Smart User app into people’s hands, and a wealth of partners like design agencies and celebrities will help contribute content along the way.

We’re very lucky to have Common Sense Media already signed up as a partner. Their history of advocating for children, families, and schools is a natural fit. The content and guidance they’ll provide will be invaluable, and this partnership will help us accomplish the Smart User mission.

My hope is that you share the growing point of view that we’re all responsible for a better Internet, and that everyone can take an active role in making it happen—from technology providers and manufacturers to content creators and consumers. If you’re interested in joining us on this mission, please get in touch. There are plenty of avenues to partner up, get involved, and build the next wave of two billion Smart Users.Email [email protected].

Photo Courtesy of Barbara Kinney, Clinton Global Initiative

You can find more information on the Clinton Global Initiative at http://www.clintonfoundation.org/

The Net Neutrality Battle Is Like Gangs .. It Never Dies

Today companies and public interest organizations across the country are protesting to urge the U.S. Federal Communications Commission to maintain the principle of net neutrality on the Internet. This battle has been going on for many years as different interests try to create public policies that best serve their own business goals. This isn’t inherently bad except when if it’s at the expense of users and broader public interests. ISPs and cable providers are proposing a scheme that would allow web sites and services providers to pay more so their sites could be accessed faster by users online, effectively creating a “fast lane” and a “slow lane” on the Internet. This is a fine idea if you can pay and you’re in the fast lane, but unfortunately for those that can’t pay, their users (perhaps you and me) will likely get a degraded and slower Internet experience. It will also make the web sites and services for those that can’t pay less competitive and further accelerate the digital divide.

Net neutrality is a core principle that’s made the Internet work for a long time. It ensures that all content is treated equally and without discrimination by those that pass the bits along. For example, imagine if Comcast, the largest ISP, concludes the proposed merger with Time Warner, the second largest ISP (and which also owns HBO), could make online access to their own HBO content faster than other video content provided by their competitors like Apple, Netflix, Roku. Suppose they didn’t like editorials that were critical of their organization, and they made it harder for people to access it by making it slow. The Internet wouldn’t work and we wouldn’t have the robust market of ideas that the Internet affords us. Of course there are reasonable network management requirements that may impinge on the ideological goal, but net neutrality as a principle enables the Internet to fulfill its potential as an information medium that provides a rich, uncensored, although sometimes messy, diverse set of ideas and information.

Today, AVG joined many others in the “Internet Slowdown” campaign to encourage the FCC to take a stand and reject policies that would undermine net neutrality. And just like in the movie “Colors” unless you take action, this issue will never die. You can learn more in this nifty infographic called A Guide to the Open Internet or find out how to let your voice be heard at Fight for the Future.