‘Double standards’: Apple implements MAC anti-tracking technique used by Aaron Swartz
Swartz, who faced criminal prosecution on charges of mass downloading academic documents and articles, was also accused of using MAC (Media Access Control) spoofing address technology to gain access to MIT’s subscription database.
At the time of his suicide at the age 26, Swartz was facing up to 35 years in prison, the confiscation of assets and a $1 million fine on various charges.
Now computer giant Apple is installing a MAC address randomizing system into its products. The company announced that in its new iOS 8, Wi-Fi scanning behavior will be “changed to use random, locally administered MAC addresses.”
MAC-address is a unique identifier used by network adapters to identify themselves on a network, and changing it could be regarded as an anti-tracking measure.
David Seaman, journalist and podcast host of “The DL Show,” told RT that a single technology cannot protect users from being spied upon and advised users to trust no one, particularly the companies that have been caught cooperating with agencies such as the NSA, or those who used to turn a blind eye toward governments’ illegal activities.
RT:Why is Apple suddenly becoming interested in boosting the privacy protection of its devices by spoofing MAC-addresses?
David Seaman: That’s one of the techniques that Apple has adopted to spoof these MAC-addresses and it’s just another step to make smart phones and other devices, other mobile devices a bit more secure. Of course you have to keep in mind that a smart phone is to begin with not all that secure, because there are so many different application developers, as well as the fact that you have to rely on whatever cell phone company is providing you with a signal. So this definitely doesn’t make phones completely secure, but I think it’s a step in the right direction.
RT: Some argue that Apple’s attempt to protect the privacy of its users is pretty much useless because there are many ways to see where the device is. Do you agree that what they are trying to give us is perhaps not really the full picture?
DS: There are a number of other hardware identifiers, aside from the MAC-address that your cell phone is still emitting, and which, using cell towers, they can still find your exact location. So this definitely doesn’t restore total privacy to the user, it’s just one band aid. And I think if you’re injured, you should use as many band aids as possible.
But there’s also a larger thing here which is that governments are spying on us and these cell phones are not designed to be all that secure from day one. And there are a number of private companies that, I wouldn’t say spying, but eavesdropping on what you’re doing to make money out of you. And this is a growing problem as we spend more and more of our lives online and on our phones and we expect these things to be secure.
RT:Why is Apple doing this? Are they really concerned about the privacy issue?
DS: I think any time a tech company implements things that make us safer, even if it’s not a complete solution, that’s again a step in the right direction. I’d like to see a lot more done. I’d like to see end-to-end encryption of pretty much everything that people do online and I think we’re headed in that direction anyway. But knowing what we know now, that’s like the bare minimum.
RT:Aaron Swartz was accused of spoofing Mac-addresses as the US court said it was a criminal act. Why this change? Why can Apple do this legally and Swartz was not allowed to do that?
DS: It’s interesting you’ve brought that up. Clearly, there is a double standard out there. If you are a large tech company, the government will turn the other way. Which by the way this is not anything illegal, spoofing MAC-addresses. It is something that has been done by a number of people. But Apple does it, of course they are not going to prison.
But Aaron Swartz, one of the things they used against him was spoofing MAC-addresses apparently. And this just goes to show you that there are people within this government who use some of these outdated laws and use an incomplete understanding of Internet technology to pretty much go after whoever they don’t like and make that person’s life a lot more difficult with hard-to-fight charges. I mean these are people who, in some cases, some of the prosecutors, even some of the members of the Supreme Court, as it came recently, don’t understand basic internet technology. I believe it was the IFF (Identification Friend or Foe technology) that pointed out some of the Supreme Court’s blindness when it comes to things that the rest of us have known for the last decade or more; they are still grappling with the basics of the internet. So I think definitely there is a double standard but I would not expect Apple to face any kind of scrutiny for doing this.
RT:Are the other makers of cell phones likely to follow in Apple’s footsteps to protect people’s privacy?
DS: Sure, I believe that privacy is becoming more and more of a selling point post-Edward Snowden. Now everybody in the US and certainly people in other countries are concerned about their data being slurped up either by the NSA, or the GCHQ, or a number of other agencies, and then sitting on a server somewhere. So I think security and privacy are coming back into fashion and you are going to see a number of offerings, many of them a lot more advanced than this MAC-address thing. This is just the beginning.
RT:In terms of consumers, what do we do? What should we be looking out for in order to protect us better?
DS: A great question. The first thing you can do is to make sure that your e-mail is secure. There are a number of secure e-mail services you can look into using. You can look into encrypting your email using something like PGP. These things sound complicated, but they are really extremely easy to use. If you just google “secure email account” or “encrypted email,” you can start to read about it and get yourself on the road to at least communicating online in a safer way and just make things a little bit more difficult for those who are trying to spy on us.
RT:Do you think that technology is sort of taking away human relations that rely on it, with all the privacy issues we have to deal with? Is it helping us or hurting us even more?
DS: I think, on the whole, that technology has done a tremendous amount of good and the great thing about technology is once something new is out there – it cannot be un-invented, we cannot go back in time. Is the internet or a smart phone good? I tend to believe that the answer is yes.
It’s giving us access to news and information at all times. Now everybody has what is basically an HD camera in their pocket. So if they see police brutality or anything else that’s crazy, they can record it and send to a news network or post it on YouTube. And before you know, the whole world knows about it. So it has been a lot harder for the governments, criminals and all kinds of people to keep their secrets.
The downside of that is that it exposes all of us to data theft and things like that. Again, I think that technology is getting better in this area. It’s something most of us were not even focused on until the NSA revelations. So now that we know it is a problem, companies are going to try to make money off of providing a solution for us.
And you also see a growth of social media, which really was responsible for the Arab Spring.
You see the growth of digital currencies, which might be able to push out some of the governments’ influence over our economies. So definitely, I think that technology on the whole is providing us with a lot more freedom and information.
RT:Can we trust these tech companies that are trying to sell us privacy protection? Or will the information continue to slip out to end up in places like the NSA?
DS: At this point we cannot trust anyone, especially not these companies who for years were essentially cooperating with the NSA or were at least oblivious to what they were doing. I would say don’t trust anybody, especially within the security field.
If you look into an open source technology – that’s maybe your best bet, because it’s being reviewed by a number of experts around the world, whereas a company that just releases some product, you cannot necessarily review its code and see exactly how it is working under the hood.