News Article | January 26, 2016
Hess Corp. is planning a 2016 capital and exploratory budget of $2.4 billion, a 40% reduction from its 2015 actual spend of $4 billion and 20% below its preliminary 2016 guidance of $2.9-3.1 billion provided in October.
News Article | January 27, 2016
Chris Cox has been named head of exploration and production for Centrica PLC. Cox has worked for BG Group, Chevron Corp., and Amerada Hess in North Sea operating roles.
Amy Hess said that of the cell phones the FBI seized in the last six months as part of investigations, officials encountered passwords about 30 percent of the time and had "no capability" to access information "around 13 percent of that time." "We have seen those numbers continue to increase, and clearly that presents us with a challenge," said Hess, the executive assistant director of the FBI's science and technology branch. In her testimony to a subcommittee of the House Energy and Commerce Committee, Hess defended the Justice Department's use of a still-unidentified third party to break into the locked iPhone used by one of the two San Bernardino, California, attackers. But she said the reliance on an outside entity represented just "one potential solution" and that there's no one-size-fits-all approach for recovering evidence off a locked device. She said she did not think that path should be the sole solution for breaking open phones. "These solutions are very case-by-case specific," she said. "They may not work in all instances. They're very dependent upon the fragility of the systems, the vulnerabilities we might find," she said, adding that cooperation between the government, academia and private industry was needed to come up with more solutions. Asked about the FBI's reliance on a third party to get into the phone, and its inability to access the device on its own, Hess said the work requires "a lot of highly skilled specialized resources that we may not have immediately available to us." "We live in such an advanced age of technology development. And to keep up with that, we do require the services of specialized skills that we can only get through private industry," she said. Representatives from local law enforcement agencies echoed Hess's concerns. Thomas Galati, chief of the intelligence bureau at the New York Police Department, said officials there have been unable to break open 67 Apple devices for investigations in 44 different violent crimes—including 10 homicide cases. Still, despite anxieties over "going dark," a February report from the Berkman Center for Internet and Society at Harvard University said the situation was not as dire as law enforcement had been warning about and that investigators were not "headed to a future in which our ability to effectively surveil criminals and bad actors is impossible." The hearing comes amid an ongoing dispute between law enforcement and Silicon Valley about how to balance consumer privacy against the desire by police and federal agents to recover communications and eavesdrop on suspected terrorists and criminals. It also comes as the Senate considers a bill that would effectively prohibit unbreakable encryption and require companies to help the government access data on a computer or mobile device when a warrant is issued. Bruce Sewell, Apple's general counsel who also testified, touted the importance of encryption particularly in light of devastating breaches of sensitive government information—including at the IRS and the Office of Personnel Management. "The best way that we, and the technology industry, know how to protect your information is through the use of strong encryption. Strong encryption is a good thing, it is a necessary thing. And the government agrees," Sewell testified. "Encryption today is the backbone of our cybersecurity infrastructure and provides the very best defense we have against increasingly hostile attacks," he added. In response to questions raised at the hearing, Sewell said that the Chinese government had asked Apple for its source code within the last two years—and that Apple declined. The long-simmering dispute escalated in February after a judge in California directed Apple to help the FBI break into the phone used by Syed Farook, who along with his wife killed 14 people in San Bernardino on Dec. 2 before dying in a shootout with police. The Justice Department last month said a third party had approached it with a way into the phone, effectively ending that court case. Another legal fight over a phone in a separate drug case is still pending in Brooklyn. Explore further: Apple has 'obligation' to protect users: Cook
News Article | April 22, 2016
For anyone paying attention, the Department of Justice’s approach to getting information out of encrypted iPhones is starting to look like a tangled mess. In March, the Department of Justice's highly-publicized legal battle with Apple over an encrypted iPhone belonging to a mass shooter in San Bernardino, California ended with a deus ex machina. Thanks to the efforts of an “outside party,” law enforcement were able to break into the phone using a secret hack that cost the FBI upwards of $1 million, according to FBI Director James Comey, who quipped that the hackers-for-hire made more than he will in his remaining seven years as FBI director. If you ask Apple, which refused to break into the San Bernardino phone on behalf of the FBI, this is how things should work: Rather than compelling Apple to dedicate substantial time and resources into hacking into its own products, the government turned to the market to solve its problems. The government apparently disagrees, however, because the DOJ is still going all in on the All Writs Act—the 1789 statute cited in the San Bernardino case—in a case in New York, over a meth dealer’s iPhone 5s, running iOS 7. It’s really weird. iOS 7 predates the controversial enhanced security that Apple brought to the iPhone with iOS 8, which inflamed the “going dark” debate in 2014. Logically speaking, if the government could hack the San Bernardino phone, it can hack the New York phone. And in fact, there’s a $200 hack it could use—but for some reason, won’t. Between the mysterious hack that ended the San Bernardino case, and the government’s bizarre disavowal of a widely-available tool in the ongoing New York case, it looks less and less like the All Writs Cases are about the government’s fear of “going dark,” and more about what the government perceives as its right to keep hitting up Silicon Valley like its own personal IT department. United States v. Shu Yong Yang, et al, in which the government busted a meth dealing ring in New York, is an iPhone encryption-cracking case that's still actively being pursued by both the government and Apple. The street-level dealer who owns the iPhone in question has already pleaded guilty and will be sentenced in May, yet the government is still arguing that a judge should use the All Writs Act of 1789 to compel Apple to unlock his phone. The phone in question runs iOS 7, which is means it’s less secure than the phone the FBI paid to break into in San Bernardino, which was an iPhone 5c running iOS 9. Breaking into the San Bernardino phone meant creating custom software that would take 10 to 12 engineers working full time for four to six weeks, according to Apple. But breaking into the phone in Shu Yong Yang, et al would be trivial. In fact, until the magistrate judge in this case forced the issue, Apple was ready and willing to act as the government’s Genius Bar, with a specialist telling the Department of Justice that once the prosecutors got the court order approved (with specific wording suggested in a very helpful manual Apple put out for law enforcement), it could expect a turnaround time of one to two weeks. It’s a piece of cake for Apple to bypass the lock screen on this phone, but this cuts both ways. If it’s so easy for Apple, why does the government need the company’s assistance in breaking into the phone? If DOJ managed to find a workaround hack in the much more technically challenging San Bernardino case, what’s stopping it in the New York case? Not much, it looks like. While the case was still in front of Magistrate Judge Orenstein, Orenstein questioned the necessity of Apple’s assistance given that the government had, in other cases in that very jurisdiction, used forensic tools to extract data from iPhones. The judge specifically cited United States v. Djibo—a criminal case against an alleged heroin smuggler. When Adamou Djibo was detained at New York's JFK airport in February 2015, Customs and Border Protection asked him to provide the passcode to his iPhone 5, running iOS 8.1.2. He complied. After CBP finished searching his belongings, he was arrested. Later, as the criminal case proceeded against him, his attorneys made a motion to suppress the iPhone as evidence, saying that Djibo should have had his Miranda rights read to him before he provided the passcode to his own phone. The government disagreed, citing a whole host of reasons (for one thing, civil liberties always get a little dicier at the border). But the important thing is that the government also argued that the contents of the iPhone would have been “inevitably” discovered—meaning that even if the iPhone was illegally seized, since investigators would have gotten into it legally eventually, it should not be suppressed at trial. Even if Djibo hadn’t volunteered the passcode, the government argued, it would have gotten into the phone with the help of Homeland Security Investigations, using a “forensic technique” in HSI’s possession. Sounds ominous, right? Except the “forensic technique” in question is a $200 hack-in-a-box called IP-BOX that has been blogged about all over the internet, including by Motherboard in early 2015. “In Djibo, the result of that morass of conflicting statements was a finding that the government had failed to establish that it would inevitably have succeeded in bypassing the passcode security on Djibo's iPhone,” wrote Judge Orenstein in his ruling denying DOJ an order to compel Apple to break into the New York meth dealer’s iPhone. “That result does not remotely establish the proposition the government supports here—namely, that it is impossible for it to bypass the security of an earlier operating system without Apple's help," he continued. "What it does establish is simply that the government has made so many conflicting statements in the two cases as to render any single one of them unreliable.” Once called out by Judge Orenstein, the government claimed IP-BOX was “not a forensic tool’ but rather a ‘hacking tool,’” that it was “very finicky,” that using it would “run the risk of activating the auto-erase feature regardless of the risk of data destruction.” Forensic scientist and iOS security expert Jonathan Ździarski says it's true that the IP-BOX is better characterized as a hacking tool rather than a forensic tool, but that it's "gained wide acceptance in the law enforcement community." “The IP-BOX calls home to China whenever the software is run, its design is not documented, its software is obfuscated, its firmware to my knowledge has never been reverse engineered, and we really know little more about it than it is a ‘box’ with a bunch of hardware add-on ‘shit’ that has been gradually added to it as Apple started to patch against it,” he said in an email. “I’ve referred to it as 'forensic dumpster diving.'” Ździarski said that a forensic tool should be judged by “repeatable and predictable results, its attention to preservation of evidence, its quality assurance and testing, and the reputation of the company.” Because IP-BOX isn’t “properly documented,” he said, its usefulness as a forensic tool, in his opinion, was suspect. But despite his litany of complaints against the IP-BOX, he said that it had become popular with law enforcement, so much so that there was even a manual on how to use it written by a detective at the police department in Madison, Wisconsin. “The IP-BOX has been used quite widely by many law enforcement agencies, including some federal level agencies that I know of firsthand,” said Ździarski. “I’ve spoken to numerous investigators who’ve used IP-BOX in cases, and also see frequent chatter in various online forums and mailing lists from LE who are using it.” Ździarski also seemed to disagree with the government’s characterization of IP-BOX as unreliable, saying that it “is generally a very reliable technique,” so long as you enter the correct configuration—which, given how widely-shared the configurations are among investigators, shouldn't be an obstacle. So in one case, the government found a third party to hack into an encrypted iPhone. In another case, the government said evidence from an encrypted iPhone shouldn't be suppressed because it would have gained access to the phone anyway using IP-BOX. And in another case, the government is saying that the under the All Writs Act, which allows for a court order to compel a third party to assist with a warrant if it is “necessary,” Apple must help law enforcement crack the company’s own encryption. So, does the government really need Apple's help? In a legal filing on Friday in the still-pending New York meth dealer case, Apple cited the Djibo case, saying that the government “offered no evidence that it had consulted with any other agencies or third parties to determine that Apple’s assistance was actually necessary,” nor had it exhausted “traditional investigative tools that were suggested to the government by Apple.” That reasoning was echoed in a congressional hearing on Tuesday, when Rep. Diana Degette (D-CO) asked the FBI’s Amy Hess, “If third party individuals can develop these techniques to get into these encrypted devices, why can’t we bring more capabilities in-house to the government to be able to do that?” Hess demurred, saying that such solutions “require a lot of highly-skilled, specialized resources that we may not have immediately available to us.” When Degette asked if those could be developed with the “right resources,” Hess replied, “No, ma’am.” In February of this year, the FBI requested an additional $38 million in its budget to fight the “going dark” problem. The New York iPhone case is currently on appeal, and the government is set to respond to Apple’s filing by Friday this week.
Apple's general counsel Bruce Sewell, appearing at a congressional hearing on encryption's impact on law enforcement, defended the company's toughened encryption which can sometimes make data unreadable to authorities, even with a warrant. "The best way we, and the technology industry, know how to protect your information is through the use of strong encryption," Sewell told a House panel. "Strong encryption is a good thing, a necessary thing. And the government agrees. Encryption today is the backbone of our cybersecurity infrastructure and provides the very best defense we have against increasingly hostile attacks." Sewell added to his prepared remarks, seeking to clarify Apple's position after comments from law enforcement officials at the same hearing. "We have not provided source code to the Chinese government," he said. "We did not have a key 19 months ago that we threw away. We have not announced that we are going to apply passcode encryption to the next generation iCloud. These allegations have no merit." Earlier in the hearing, Indiana State Police Captain Charles Cohen told the panel that he had read news reports indicating Apple had turned over its source code—which could be used to break encryption—but that he had no first-hand knowledge of this. Sewell subsequently was asked whether Beijing had asked for the source code. "We have been asked by the Chinese government. We refused," he said, adding that this had happened "within the past two years." The hearing was called to discuss how strong encryption is hampering law enforcement and how technology firms should respond to legitimate law enforcement requests to break encryption. The issue hit a boiling point earlier this year when Apple refused to help the FBI weaken the operating system of an iPhone used by one of the shooters in last year's San Bernardino killing spree. The government eventually withdrew the request, but similar cases are pending in the courts. An FBI official at the hearing repeated concerns that unbreakable encryption may help criminals and terrorists evade detection. "We have seen case after case—from homicides and kidnappings, to drug trafficking, financial fraud, trade secret theft, and child exploitation—where critical evidence came from smart phones, computers, and online communications," said FBI executive assistant director Amy Hess. "Increasingly, some technologies are prohibiting law enforcement from having access to that critical evidence." Explore further: US lawmakers call Apple, FBI to encryption hearing