Wednesday, February 24, 2016

I got hacked mid-air while writing an Apple-FBI story

“I don’t really need to worry about online privacy,” I used to think. “I’ve got nothing to hide. And who would want to know what I’m up to, anyway?”
Sure, I’m a journalist, but I’m not an investigative reporter, not a political radical, not of much interest to anyone, really.
That was last week, when the standoff between the FBI and Apple seemed much more about principle than practice to me. That’s when I thought I’d write a column on whether this legal fight matters to regular folk — people like my mother, a retired social worker; my best friend, who works in retail; or even my 20-year-old niece in college. That was before I found out — in a chillingly personal way — just why it does matter. To all of us.
Just before midnight last Friday, my plane touched down in Raleigh after a three-hour flight from Dallas. As usual, I’d spent much of the flight working, using American Airlines GoGo in-flight Internet connection to send and answer emails. As I was putting on my jacket, a fellow in the row behind me, someone I hadn’t even noticed before, said: “I need to talk to you.” A bit taken aback, I replied, “It’s late … need to get home.”
“You’re a reporter, right?”
“Um, yes.”
“Wait for me at the gate.”
[I didn’t answer, but I did wait.]
“How did you know I was a reporter?” I asked while we started walking.
“Are you interested in the Apple/FBI story?” he responded, ignoring my question.
“Kind of. Why are you asking me that?” I thought he was some kind of creepy mind reader.
Then he dropped the bombshell.
“I hacked your email on the plane and read everything you sent and received. I did it to most people on the flight.” 2. He had verbatim detail of a long email that he repeated back to me essentially word for word.
In fact, as Steve Nolan, GoGo’s vice president of communications, told me, the service is “public” and “operates in the same ways as most open Wi-Fi hotspots on the ground.” He cautioned against “accessing sensitive materials while in fligh
One of my emails was pretty explicit about the focus of my story and I had emailed Bruce Schneier, a security expert who had previously written in theWashington Post about this very issue.
"The current case is about a single iPhone 5c, but the precedent it sets will apply to all smartphones, computers, cars and everything the Internet of Things promises," Schneier wrote.
"The danger is that the court’s demands will pave the way to the FBI forcing Apple and others to reduce the security levels of their smart phones and computers, as well as the security of cars, medical devices, homes, and everything else that will soon be computerized. The FBI may be targeting the iPhone of the San Bernardino shooter, but its actions imperil us all."
That’s what my privacy-busting stranger had read. Back to my conversation:
“That’s how I know you’re interested in the Apple story,” he continued. “Imagine if you had been doing a financial transaction. What if you were making a date to see a whore?” My mind raced: What about my health records? My legal documents? My Facebook messages?
And then the kicker:
“That’s why this story is so important to everyone,” he told me. “It’s about everyone’s privacy.”
Then he headed down the escalator and I headed out the front door. I may have been wearing my jacket, but I felt as exposed as if I’d been stark naked.
With a newfound personal interest in the topic, the following day I called Alex Abdo,an attorney in the ACLU's Speech, Privacy and Technology Project, to talk about why ordinary Americans should care about the Apple case. At first he told me some of what I knew. If the government wins it would set a “dangerous legal precedent … that would force companies to build back doors into their products. It will be used hundreds and hundreds of times if it becomes lawful.”
Abdo made it clear why this matters to ordinary consumers like me — to all of us. “The risk is that it makes it more likely that individuals’ devices with no connection to any investigation will become less secure because companies will have established back doors …. that will fall into the wrong hands.” For emphasis, he added: “No back door is secure.”
But really, I pushed him, who is in actual danger here? The answer, apparently, is pretty much all of us. “Anyone who relies on the security of their devices,” he told me.
It should be up to each of us to decide what to make public, and what to keep private, he continued. For me, I felt as though the stranger on the plane had robbed me of my privacy—as was explicitly his intent. He took the decision of what to share out of my hands. He went in through the back door of the GoGo connection.

No comments:

Post a Comment