Page 1

Who watches the watchmen? Apple vs. The FBI

The confrontation between the FBI and Apple over decrypting an Apple iPhone 5C used by Syed Rizwan Farook, one of the San Bernardino terrorists, who murdered fourteen and injured twenty two more on December 2, 2015, is a very interesting story.

At first blush the story seems quite simple. The FBI clearly wants to know what is on Farook’s phone, as it could potentially tell them if the terrorists had accomplices, as well as if they were in touch with other potential terrorists before the attack. Everyone involved (other than perhaps their accomplices if they exist) wants the FBI to get the information on the phone.

In fact, Apple assisted the FBI in getting all the information backed up to iCloud, and offered advice on how to retrieve the data from the locked iPhone. That advice was simply to plug in the phone in the presence of a known WiFi network, which might have triggered an automatic backup to iCloud of the more recent data. This would not have been affective if Farook had disabled backups, but otherwise would have sent a backup to iCloud that Apple would have been able to provide the FBI.

The reason this method didn’t work for the FBI was that they had the Farook’s employer, the San Bernardino County Department of Public Health, change the iCloud password for Farook’s phone “in the hours after the attack”. That action prevents the iPhone from automatically backing up to iCloud. In this case, it means that the most recent six weeks of data is not backed up, and now cannot be accessed without the user’s screen lock passcode. As part of the iPhone’s security, Apple automatically disables the phone is too many wrong passcodes are entered into the phone. That means the FBI cannot just enter the 10,000 possible passcodes sequentially until they get the correct one. It is this security feature – the disabling of the phone for repeated passcode attempts – that the FBI wants Apple to remove from the phone.

Let’s take a step back. Apple offers very clear guidelines to law enforcement, explaining what data Apple can provide them with with a proper warrant. The guidelines provide the exact text which they say needs to be in the search warrant for Apple to be able to comply, which is the following:

“It is hereby ordered that Apple Inc. assist [LAW ENFORCEMENT AGENCY] in its search of one Apple iOS device, Model #____________, on the _______ network with access number (phone number) _________, serial3 or IMEI4 number __________, and FCC ID#_____________ (the “Device”), by providing reasonable technical assistance in the instance where the Device is in reasonable working order and has been locked via passcode protection. Such reasonable technical assistance consists of, to the extent possible, extracting data from the Device, copying the data from the Device onto an external hard drive or other storage medium, and returning the aforementioned storage medium to law enforcement. Law Enforcement may then perform a search of the device data on the supplied storage medium.

It is further ordered that, to the extent that data on the Device is encrypted, Apple may provide a copy of the encrypted data to law enforcement but Apple is not required to attempt to decrypt, or otherwise enable law enforcement’s attempts to access any encrypted data.

Although Apple shall make reasonable efforts to maintain the integrity of data on the Device, Apple shall not be required to maintain copies of any user data as a result of the assistance ordered herein; all evidence preservation shall remain the responsibility of law enforcement agents.”

Note that Apple writes in the text that they “may provide a copy of the encrypted data to law enforcement but Apple is not required to attempt to decrypt, or otherwise enable law enforcement’s attempts to access any encrypted data.”

The FBI clearly already had such a search warrant issued, and Apple clearly already complied with it and provided them with the data that was more than six weeks old from the iCloud backup. Now the FBI wants that encrypted data, which Apple is fighting. Why is Apple fighting this? If they could access the data, then why wouldn’t just hand it over to the FBI like they did the iCloud backups? The answer is complicated. The short version is they have never done it, and if they do it now, they’ll be opening up the floodgates to probably thousands of iPhones in the possession of law enforcement that they want hacked.

The long version is that Apple looks at this as a civil rights issue. Apple has worked hard to make their devices secure for their customers. People trust their phones with all kinds of personal information, and don’t want that information available to the outside world. In addition, the FBI has used the All Writs Act of 1789 to pursue their unprecedented request for Apple to break into the iPhone in question. Apple feels that this is an attempt by the FBI to expand its powers using the 1789 law in a way that was never intended.

Apple responded with a letter to it’s customers, as well as a letter to it’s employees, outlining its opposition to creating such a backdoor to the iPhone.

Now begins the real battle. I think a few scenarios are worth taking a look at here.

  • Recently there have been a number of articles written wondering what would have happened if the phone in question had been an Android phone. The general consensus seems to be that the security of Android isn’t as strong as the iPhone’s, and it’s likely the phone would have been able to be broken into by the FBI without any help from the manufacturer. Part of the problem is that Android phones are not updated as regularly as Apple devices. Many Android phones get stuck at a certain Android version and never get updated. Apple has a much better record of getting their older phones updated with newer operating systems. In fact, the iPhone 5C in question here was released with iOS 7, which did not offer the level of encryption that is dogging the FBI right now. Only when the phone was updated to iOS 8 did the stronger encryption features kick in that are at the center of this case.
  • The cost of Apple to create an alternate version of their OS that is hackable is never really discussed. How many people work on iOS? How many people would be needed to implement this change? How much would it cost to keep such a version secure from other users cost? Apple wouldn’t have any problem doing any of this, but what if the device in question had been created by a startup? What if complying with the request would make them miss a market window (perhaps shipping in time for the holidays) and that could potentially send them into bankruptcy?
  • What would happen in the hacked version of iOS got out into the wild? Apple could build all kinds of safeguards into the software, such as only enabling it to work on Apple’s internal network, needing to get permission from a central server to operate, being linked to specific hardware, etc. but all of those things could be circumvented. It’s also clear that if it did get out into the wild, the people using it would be criminals, not the FBI. Criminals pay a lot better than the FBI.
  • The WSJ is reporting that the Justice Department already has a dozen iPhones it wants cracked by Apple, and none of those phones have anything to do with terrorism. This is the crack in the dam that Apple wants to make sure gets plugged. Apple knows they cannot offer to crack the phone in this case, and not crack the others if their requests are all based on the same All Writs Act.
  • This out out there, but worth considering. What if this is all an act? What if Apple already agreed to crack the phone, but wants cover from the FBI to insure their customers don’t know they’ve done it? In this stream, criminals and terrorists would probably switch to iPhones over Android phones, knowing Apple had fought the FBI successfully to prevent access. If Apple was secretly providing the data to the FBI, then this would be a great way to encourage switching to the devices that the FBI already has access to via Apple. If it seems the FBI and Apple are both making too big a deal of this issue, dragging into the public sphere what is usually very discrete, then this makes a lot more sense. For the record, I don’t believe this is the case, but in some ways it makes a lot more sense.

In light of the above, I thought it curious timing when I plugged in my iPhone to my computer and was presented with the following pop-up:

Apple Encryption Pop-Up

Now it’s possible this is coincidence. I don’t always have an iPhone cable in my office to connect to my computer. Maybe I haven’t plugged in my iPhone to my computer in a long time. The timing does make me wonder if other people have been asked by iTunes if they want to turn on backup encryption since San Bernardino entered the news. Have you seen this message recently? What are your thoughts on the Apple, FBI, and encrypted data?


An infographic for the keyboard-obsessed

The web site Go Mechanical Keyboard just released the results of their semi-annual keyboard survey in the form of a very nice infographic, which I’ve displayed below. You can view the raw data online if you want. 950 people responded from 49 different countries.

You need to be a bit obsessed with keyboards to understand everything in the infographic, although if you’ve been following my other posts on keyboards you should get most of it. Form factor? See my post “How many keys are there on a keyboard?“. Switch types? See my recent post “A keyboard with swappable switches” where I change the switches that came with the keyboard.

What do you think about the infographic?



Charles Brockden Brown on obsession

All men are, at times, influenced by inexplicable sentiments. Ideas haunt them in spite of all their efforts to discard them. Prepossessions are entertained, for which their reason is unable to discover any adequate cause. The strength of a belief, when it is destitute of any rational foundation, seems, of itself, to furnish a new ground for credulity. We first admit a powerful persuasion, and then, from reflecting on the insufficiency of the ground on which it is built, instead of being prompted to dismiss it, we become more forcibly attached to it.
Charles Brockden Brown, early American novelist


A keyboard with swappable switches

It started out with a post to Reddit that linked to a series of photos on Imgur of a new keyboard the user had ordered from the Chinese e-commerce site Taobao. Taobao, for those who don’t know, is a Chinese-language-only e-commerce site run by Alibaba Group that caters to residents of China and nearby countries where people speak Chinese. Many sellers on the site, even if you could navigate the site in Chinese, won’t ship outside of China. To meet demand, a whole crop of sites have sprung up just to help foreigners order products from Taobao. These ‘Taobao agents’ will order the product for you, receive the product in China, and then re-ship it to you wherever you are in the world. Of course, that service comes with a price, and in many cases that eliminates any cost savings you might get from ordering from Taobao. Occassionally, however, there are products on Taobao that are not available elsewhere. In this case, the user (redditsavedmyagain) ordered a keyboard that was in fact quite unique.

The keyboard is called the Team Wolf Zhuque+. I had never heard of it and before that post on Reddit most other people had never heard of it either. The keyboard was made of Aluminum, had folding feet on the bottom that could be used to angle the keyboard, and had LED backlights. Most interestingly, the keyboard was configured to allow switches to added without soldering (and removed without desoldering). The keyboard comes with blue Gaote Outemu switches, made special for the SMD LED underneath the switch. Most LEDs in keyboards go on the top of the switch, with the wires going through holes in the switch and then soldered to the circuit board underneath. Since this keyboard allows the switches to be removed, the LEDs are surface-mounted to the circuit board and have no connection to the switch. This is nice, but presents some problems. For one, the light is below the switch instead of on top of it, meaning the switch itself needs to either be transparent or have a hole to allow the light through. Also, since most switches are not designed with SMD LEDs in mind, they may not have enough room at the bottom for the LED. The Gaote switches used in this keyboard are specially designed for these kinds of LEDs, and are recessed at the bottom to leave room for the LED, have an extra large hole to allow light through, and while the bottom of the switch is white plastic, the top is transparent. This allows the light lots of room to shine.

Two things about the keyboard got users excited on Reddit. First, the swappable switches. It’s not the first keyboard to have swappable switches, but it definitely is one of the first. The second reason was the price. The keyboard cost only about $30-$40. That’s more or less unheard of for a metal-frame mechanical keyboard, especially one including Cherry MX-compatible switches. While lots of people on Reddit wanted to order the keyboard, they ran into a problem – there was no easy way to order it without speaking Chinese and probably having a shipping location in China. Some managed to do it, but most could not. Instead, something interesting happened. Users recruited representatives of Massdrop on Reddit to look into putting together a group buy on their site. That came together very quickly. Massdrop contacted the manufacturer, and offered two versions of the keyboard, the same TKL version shown on Reddit, and a Full Size keyboard as well (if you don’t know the difference between TKL and Full Size, see my article How many keys are there on a keyboard?). In addition to the keyboard, Massdrop allowed the user to bundle Gateron switches that were similarly configured to the Gaote switches, designed for use with SMD LEDs. The Gateron switches similarly had a gap for the LED, larger holes above the LED, and transparent tops. Massdrop offered the switches in a variety of types (brown, red, black, etc.) for $30 for a set. The price of the TKL keyboard was $59 (and an extra $20 for the Full Size) and while shipping in the US wasn’t too expensive, outside the US the shipping came to $30. That brought the price of the keyboard that was somewhere around $30-$40 on Taobao to $89 to people outside the US. A lot of people were annoyed at the big price hike. Of course, most people couldn’t order on Taobao, and certainly couldn’t get SMD LED compatible switches to go with the keyboard (specialist switches like this are incredibly hard to find in small volumes).

Another option popped up at the same time. Chinese site also followed the post, and offered the same TKL version from the original post for $59 on their site, including shipping anywhere in the world. While the Massdrop deal might be better in the US considering it could be bundles with extra switches and you could get the Full Size version, the Banggood deal was better for most people outside the US as the price was the same and the shipping was free.

One big difference between Massdrop and Banggood in terms of this keybaord, is that Massdrop sold a set amount, and now you need to wait until Massdrop decides there’s enough interest to have another group buy for the keyboard. Banggood is a normal e-commerce site, and you can still buy the keyboard from them for $59. As long as there is interest in it, presumably they’re continue to replenish stock.

So I bought a keyboard through BG. It’s true that I can’t find the special SMD LED switches myself, but I read that other switches could work. I happened to have a bag of normal Gateron switches, and figured I could make them work. If not, I could always use the keyboard with the Gaote switches it came with.

This is what the keyboard looked like on arrival:

Close up of Team Wolf keyboard with original keycaps

For more (and better) images see the original photos on Imgur linked to from Reddit, as well as another review on Imgur (I can’t find the post that linked to this review).

So a few things about the stock appearance. Note the white keycaps with translucent legends. The stencil-like appearance of the legends is, how do I put this, not very appealing. I I like the FN (function) key that lets me use all the secondary functions, such as the media keys and the backlight controls.

The keyboard comes with a keycap remover, and a switch remover. The keycap remove wasn’t particularly good, but I had a different one which made it easier to remove all the keycaps:

Team Wolf keyboard close-up with keycaps removed

The switches are blue tactile clicky Gaote Outemu switches. Note the bottom half is white plastic, and the top is transparent. The first thing I noticed when I removed the keycaps was that the switches are mounted upside down. It took me a few moments before I realized all the keycaps I had removed had their legends on the top half of the keycap. The switches were mounted upside down so the opening for the LED underneath the switch would be underneath the legends. Normally the LEDs that are mounted on top of a switch are on the lower half of the switch, so in order to have the light on the top half of the keycap they needed to be upside down.

The next step was removing the switches from the keyboard. In a normal mechanical keyboard, you would need to desolder the switches from the circuit board, and then remove the switches. A normal switch has two contacts that would have to be desoldered. If there were LEDs, depending on the type, you would need to desolder either two or four contacts. That’s per switch. These LEDs have two contacts, so four contacts per switch, times 87 keys, is 348 contacts to desolder to replace all the switches in a normal mechanical keyboard of this size. I’m okay with soldering, but let me say that I hate desoldering. That’s one of the reasons this keyboard appealed to me. Here’s the switch removal tool that comes with the keyboard. It takes all of a couple of seconds to remove the switches:

Removing a switch

Removing the switches leaves you with an empty space in the top plate over the circuit board. Below you can see the four arrow key switches removed, with one of them flipped over so you can see the bottom of the switch. Note the two contacts, and the receiving point in the circuit board those would go into. You can also see the LED mounted on the circuit board, and the big hole in the switch which goes over that LED. The big circle in the middle of the switch is there to help hodl the switch in place, and you can see the corresponding hole in the circuit board where that goes.

Switches removed with one upside down

A look at the keyboard with all the switches removed. You might notice that the LEDs for some key locations are different than others. That’s because the LEDs are different colors. The letters and the right-side keys all have blue backlighting. The modifier and function keys all have white backgrounds, while the number keys have green backgrounds. The stabilizers, the white plastic pieces on either side of the large key locations (Backspace, Return and Shift) are not a type of stabilizer that I had ever seen before, but luckily they worked just fine with the other set of keycaps I wanted to use.

Team Wolf keyboard with switches removed

Before putting in new switches, I wanted to see what was on the back of the circuit board. I removed all the screws and removed the top plate and circuit board, and then flipped it over. You can clearly see the black units that receive the switch contacts:

Bottom of Team Wolf circuit board showing switch receivers

Here you can see the side of the circuit board that sits underneath the right side of the keyboard, where everything that makes the keyboard tick is placed:

Bottom of Team Wolf circuit board showing resistors

Once I took a look I put everything back together, and put all the screws back. The next step was preparing the switches. I didn’t have the special SMD LED switches, only plain Gateron brown switches. The switches I had were actually made for use directly on a PCB, so they had two extra small posts coming out of the bottom of the switch that would normally fit into matching holes in the PCB. Since I was plate-mounting these switches, and the PCB didn’t have matching holes, I had to do a little switch circumcision and snip the two posts off each switch:

Switch circumcision

The next step was to deal withy the fact that these switches were not designed to be used with SMD LEDs. The goal of those switches is to allow more light through the switch, both by having a larger hole above the LED and by having transparent switch tops. Standard Gateron switches like the ones I had are slightly translucent white plastic, but not fully transparent. Luckily I had a bag of transparent switch tops, and just needed to swap out the tops of each switch. For that purpose I have a 3D-printed switch opener that does the trick nicely:

Switch opener

It’s a little hard to tell from the picture, but basically you lower the switch on to the black plastic opener, and small wedges in the opener pry open four connection points on the switch and allow the top to be pulled up from the switch. After swapping the switch cover you can see the difference in the switch appearance:

Switch cover comparison

I also considered making a larger hole in the bottom of the switch to try to match somewhat with the switches that came with the keyboard, but I figured it didn’t matter too much since the Gateron bottoms were somewhat translucent, and the light would shine through the whole switch.

Here’s a look at the bottoms of the two switches. On the left is the Gaote switch that came with the keyboard. Note the opaque white plastic, and the large hole for the LED. It’s a little hard to see but the hole sits above a small gap that allows more room for the LED. The Gateron on the right, however, is made of translucent plastic, and has very small holes for the LED (because for these switches the LED would normally be on top, and the two contacts from the LED would pass through those tiny holes).

Bottom of Gaote and Gateron switches

One other minor modification was for the switch to be used for the space bar. It’s normal for the space bar to have a stronger spring than the other keys. I started out with a clear Gateron switch, and removed the cover, spring, and plunger from the switch. I then inserted the gold spring shown with a much higher resistance, and reinserted the plunger and added a transparent cover. I knew the space bar I was going to use didn’t have any opening for light, so putting the transparent cover on it was sort of a waste, but I figured I might as well keep it consistent.

Replacing the switch spring

This is what the switches looked like in place:

Team Wolf keyboard with brown Gateron switches close-up

They look pretty good, it’s almost a shame to cover them up with keycaps. Note that I had no trouble inserting these switches into the keyboard, event though the switches were not designed to work with SMD LEDs. It’s possible I’ll run into problems at some point because the switches are resting directly on the LEDs, although LEDs don’t generate a lot of heat, so it really should be too much of a problem.

I tested out the backlights before adding the keycaps, just to make sure they were all working:

Testing the backlights

Now that I knew all the switches were working I needed to add the keycaps. Before I could do that, however, I needed to get the stabilizers installed. Stabilizers are used by keys that are at least twice the width of a standard key. At that point the key can have problems without a stabilizer to keep the pressing of the key consistent. You don’t want there to be a problem when pressing the side of the key where the key just bends instead of pressing down the plunger on the switch. As I mentioned, I had never seen these kinds of stabilizers before, but they seemed fairly simple.

You start by removing the little plastic inserts from the old keys. Most keys have two stabilizers. Note the metal wire on either side of the stabilizer in the keyboard. You lift up the wire which is actually one U shaped wire, and position the plastic inserts onto those wires. The inserts fall into the stabilizer spaces, and when you push the keycap down all three plus-shaped pieces get pushed into the keycap (the two stabilizers and the switch itself in the middle):

Team Wolf keyboard stabs

After getting all the stabilized keys installed, started adding all the other keycaps:

Team Wolf keyboard half keycaps

These keycaps are Vortex Double-Shot PBT/POM keycaps. The black material is PBT, a higher-quality plastic than the standard ABS plastic used in most keycaps. The legends are injection-molded separately (the double-shot) out of POM, which is translucent.

Team Wolf keycaps with PBT keycaps

You can see that the legends are not the most readable. Here’s what they look like when the keyboard is plugged in:

Backlight test corner

Backlight test middle

Since these keycaps were not designed for this keyboard, the backlighting isn’t perfect. The biggest problem is that for numbers, the backlight is lighting up the shift value for each key instead of the primary value. Note how the !, @, #, etc. are all green while the numbers are not lit up at all. Here’s the full view:

Final keyboard Team Wolf

While not perfect, I’m definitely enjoying the Gateron brown switches, and I like the appearance of the Vortex PBT keycaps over the keycaps that came with the keyboard. The lack of backlight under the numbers is a bit distracting, however. It’s the same with any keycap that has two symbols on it, like the comma and period keys. You can understand now why the keycaps that came with the keyboard made the unusual design decision to put multiple symbols next to each other at the top, instead of the more standard one on top of the other. While I worked hard to maintain the backlighting, in the end it’s possible I’ll switch to regular keycaps that don’t support backlighting, to get a more consistent look for the keyboard. Maybe I’ll just switch the alphanumeric keys to standard keycaps, and leave everything else backlit. I’ll have to see if I can find keycaps that match the appearance of these Vortex keycaps, which may not be easy since these are PBT and any other keycaps I have, and most made, are ABS. One thing that bother me about the keyboard is the placement of the cable right in the middle of the case. I would have preferred to have it off to one side since I mostly work with a laptop and the cable gets in the way. A nice feature would have been to offer more than one exit point for the cable, and let the user decide which one to use.

I’m kind of amazed how much interest was generated for this keyboard by a single post in a forum. I hope Team Wolf is at least sending redditsavedmyagain some swag.

PRISM E-mail Data Collection

E-mail security stinks, and that makes hackers (and the NSA) happy

The Better Mousetrap

Making the perfect e-mail client seems like the build-a-better-mousetrap challenge of our day. Every year or so it seems there’s another amazing e-mail client released by a startup, that says it has ‘reimagined’ or ‘reinvented’ e-mail and how to use it. Some examples include Sparrow (launched in 2011, bought by Google and discontinued in 2012) and Mailbox (launched in 2013 and bought a month later by Dropbox, and announcement of its imminent retirement just this month). This is kind of ironic considering the move away from e-mail to other messaging services, particularly real-time services, such as Slack and Whatsapp.

Recently, perhaps due in part to the imminent shut down of Mailbox, another e-mail app called Polymail has been receiving a lot of hype. It is already the fourth most up-voted product on Product Hunt, and it hasn’t even launched yet. Seeing the latest e-mail-mousetrap launch reminds me about one of the inherent security problems all of these applications encourage.

A Question of Protocol

All of these apps rely primarily on the IMAP e-mail protocol (short for Internet Message Access Protocol). That makes a lot of sense as it keeps most of the e-mail management on the server, and allows app developers to release both desktop and mobile clients that can both share the same e-mail, including read status and folder structure. Many of the largest e-mail providers like Gmail, Yahoo, iCloud, and (the service formerly known as Hotmail) support IMAP, so these e-mail accounts are generally supported by these new e-mail clients.

In the old days, most e-mail was served up using a different protocol, POP, short for Post-Office Protocol (technically it is POP3, and IMAP is actually IMAP4). The truth is that both POP and IMAP date back to the 1980s. POP is only a couple of years older than IMAP, although IMAP received more ongoing attention in the 1990s. There are a lot of differences between POP and IMAP, but the main difference is that when you use POP, all of your messages are downloaded to your e-mail client, and then deleted from the server, while IMAP downloads a local copy, but leaves all the e-mail on the server.

Keeping e-mail on the server has many advantages, such as having a backup of your e-mail on a remote server, and allowing your phone, tablet and desktop to all access your e-mail. There are some minor problems with keeping your e-mail on the server, such as running out of server space (depends on your e-mail provider). One problem that is usually overlooked, however, is that if your e-mail is stored on the server, your e-mail is accessible at all times by hackers and the government. Let’s take a look at these two scenarios.

Scenario One: Hackers

In the old days e-mail was never encrypted. Nowadays more and more companies are trying to insure it is encrypted when in-transit between servers. Google offers an interesting view of their attempt to encrypt e-mail in transit to different providers, showing which companies they receive and send e-mail to that are fully encrypted, and which are not. This in-transit encryption prevents, or at least greatly lowers, the ability of third parties (criminal or government) to intercept your e-mails while they are traveling between servers, or from a server to your client device. That’s great, but there’s one problem they don’t usually talk about, which is that the e-mails are stored unencrypted on the server itself. Apple actually points this out in their iCloud security and privacy overview:


Now I’m sure most major e-mail providers have amazing security, but nothing is a guarantee. How many times have you received spam from a friend whose account on a major e-mail provider or social network had been hacked? I still remember the first time I received the ‘I’m stranded in X and need you to wire me money’ scam. If your e-mail is online, it’s available to those who can access the server. That could be high-level hacks that compromise the entire server, or simple hacks like guessing your password. Check out to search a database of over 250 million username/password credentials that have been hacked and leaked online and you may find your e-mail address there. Do you use the same password on multiple sites? how about the same password for your e-mail and for online sites? That’s a big no no, but when the most common password on the Internet is ‘password’ security isn’t a major concern for many.

Even if you use strong passwords and use different passwords on different sites, however, there are more intricate methods for gaining access to e-mail without having to hack the server directly. Take for example the teenager that gained access to the personal e-mail account of John Brennan, the director of CIA. He did a reverse-lookup of Brennan’s phone number, determined its provider (Verizon), and called Verizon pretending to be a Verizon technician. This is called social engineering, and it’s basically hacking without a computer. The teenager managed to get enough information from Verizon to then call AOL and reset the password on the e-mail account. This was the director of the CIA.

Scenario Two: The Government

Sure, everyone knows the NSA is listening. Edward Snowden’s revelations about the NSA have been news fodder for years. One of the most troubling images released by Snowden via The Guardian was this slide from a presentation on NSA’s PRISM electronic surveillance program:

PRISM E-mail Data Collection

The slide seems to suggest at which point each of these services were compromised by the NSA. Whether these services were hacked by the NSA or were given access by the providers isn’t shown. That distinctions is really irrelevant, it would seem. Does this mean that the NSA can read all of your Gmail, Yahoo and iCloud e-mails? That’s not clear, but it doesn’t seem that is what they mean. It is possible that this slide merely means that the NSA is capable of intercepting all e-mails being sent and received by these servers. For example, they connect to the data pipes in between the hosting location and the Internet provider they use. The NSA can just listen in to everything coming and going, and doesn’t need to access the servers at all. That might have been the impetus for Google’s increased focus on in-transit encryption as mentioned above.

Now you might say that a lot of these programs were shut down and are not active. That’s also irrelevant. You know why? Because you don’t need to be the NSA to access e-mails stored on servers. You don’t even need a warrant. You’re probably thinking that’s crazy, and of course law enforcement agencies would need a warrant to access your e-mail on the server. NOT. TRUE. The Electronic Communications Privacy Act of 1986 (ECPA) defines e-mail on a server that is more than 180 days old as abandoned. This dates back to a time when everyone used POP or a proprietary protocol to download their e-mails, and storage was so expensive that keeping everyone’s e-mails on the server seemed absurd. Back then the assumption was you could download your e-mail and then the server would delete it to make room. The problem is that this antiquated definition is still the law of the land, and a law enforcement agency can ask for all e-mails older than 180 days and doesn’t need a warrant to do so. That’s not to say e-mail providers haven’t fought against this definition, but the law is on the government’s side until it gets changed. Meanwhile, if the government wants to take a look at the e-mails you’ve downloaded to your computer, they need a warrant. So if you store your e-mails remotely (using IMAP), the government can simply ask for them with little justification. If you download all your e-mails (using POP) then the government needs to go to a judge and get a warrant to search your computer, which they obviously need to get from you physically. If an e-mail provider hands over all your e-mails to a law enforcement agency, how would you know it even happened?

The interesting thing then is that using the older POP protocol, you are in many ways more secure than if you use IMAP. If you’re using in-transit encryption, which both IMAP and POP support, then the only e-mails accessible to government agencies when they approach an e-mail provider are what are sitting there in between downloads to your client. It’s usually a pretty good bet that those are less than 180 old, which means the government cannot get access to any of your e-mails if you use POP, without a warrant.

Sure all of this is theoretical. I don’t assume anyone reading this is being pursued by law enforcement. That said, any loophole is exploitable. Just ask John Brennan.

Then What?

The obvious answer to e-mail security is to encrypt all e-mails all the time. That, however, is harder than it seems. First, you can’t force other people to send you e-mails that are always encrypted. Second, even setting up encryption for all of your outgoing e-mails is incredibly difficult. It doesn’t feel like so long ago that Phil Zimmerman had to publish the code to his PGP encryption software in a hard-bound book and put it up for sale, in order to allow it to be exported outside the US under the First Amendment. The problem at the time was that strong encryption was considered a munition under US law, and exporting it to many countries was illegal. Anyone with a copy of the book could rip off the cover, separate the pages, and then scan the pages and generate the source code. A project to do just that outside the US was set up to stay up to date with new versions, called the PGPi scanning project. Nowadays, those laws are more relaxed, and no scanning in foreign countries is required. It’s not a secret sauce anymore. Getting strong encryption code out into the wild was only part of the problem, however. The bigger problem turns out to be a question of how easy encryption is to use.

Many people have tried to make encryption easier to use so more people would use it, but no one has really succeeded. Phil Zimmerman himself advised Hushmail, and co-founded Silent Circle, both of which could be described as attempts to make encryption more accessible. More recently two other efforts are perhaps more interesting.

Will Ackerly, who used to work at the NSA, launched Virtru, a company that piggybacks on existing e-mail services like Gmail and adds strong encryption. Some of the things Virtru allows beyond encryption are the ability to allow or disallow an e-mail from being forwarded, and the ability to revoke an e-mail (i.e. delete it from the recipient’s computer) at will, or automatically after a set period of time. Additionally, recipients of encrypted e-mails don’t need to install special software to read messages sent via Virtru. Virtu currently offers Chrome and Firefox plug-ins for web-access to services like Gmail, and offers a plug-in for Outlook on the Windows desktop. They also offer iOS and Android apps. Virtru tries to be a simple end-to-end solution for secure e-mail, and it does seem to do things very well.

Another startup, Keybase, was founded by the former founders of online dating site OKCupid. Founding a dating site might not sound like the right pre-requisite for bringing encryption to the masses, but besides building OKCupid based on complex mathematical matching algorithms, they also managed to sell their company to for $50 million in cash. As proven entrepreneurs, they managed to convince the right people, and raised $10.8 million from major silicon investors just to get started on the problem. The idea behind keybase is to link your cryptographic key with your various social media profiles, making it much easier for people to locate your public key and communicate with you. For example, you might link your Facebook, Twitter, Instagram, and Reddit usernames to your public key, which you store on the Keybase server. The important part is not just finding the key, but finding the right key. Normally using PGP you need to establish trust based on who signs each key. The problem is that if you’re e-mailing someone new, you won’t necessarily know if the people signing the key are fake. If you can link the key to established accounts of the user and cross-reference them with other accounts, then you have a fairly safe and easy want to confirm the owner of a key. The encryption scheme started with PGP, but is now evolving to include NaCl. The idea addresses a significant problem with public-key encryption, but doesn’t fully remove the ease-of-use problem most people have with encryption. Hopefully those are also being addressed.

All of these efforts are great, but they’re not solutions most people will use – yet. In the mean time, the question is how accessible are your e-mails to snooping. While the latest whiz-bang e-mail applications support IMAP and storing e-mails on the server, most have left POP behind. It is possible to download all your e-mails locally using IMAP, and then delete them all from your server, but it’s not the default. Next time another web site is hacked (don’t forget to check your e-mail address on or another revelation about government snooping is revealed, you might wonder if storing everything locally, like POP does by default, might not be the better way to go.


Another font evolves in the digital realm

Recently, I’ve been reading about T.E. Lawrence (also known as John Hume Ross, T.E. Shaw, and thanks to Hollywood – Lawrence of Arabia). In my research I came across a story about how Lawrence came to write a translation of Homer’s The Odyssey. Most people aren’t aware that Lawrence was trained as a historian and archaeologist, not a military strategist. Leading up to WWI, it was his knowledge of the region from his work as an archeologist that convinced the British army to arrange an archeological survey of the Negev desert as a ruse for actually mapping the region for the military. That experience led him to join British Intelligence in Cairo, where he eventually would be sent to help organize the Arab rebellion against the Ottoman Empire that made him famous (some would say infamous).

While Lawrence’s exploits during WWI made him famous, his life after WWI isn’t very well known. Shunning the spotlight, he actually managed to re-enter the military under false names – first the Royal Air Force (RAF), then the Royal Tank Corps, then back to the RAF. It was while working as a clerk in the RAF that he was contacted by a friend who had met the famous book designer Bruce Rodgers. Rodgers had told his friend that he had been commissioned to create a new translation of Homer’s The Odyssey, and then design the new book. His friend had discussed T.E. Lawrence with him, and suggested he do the translation. Prior to that time, Lawrence had only published his memoir, The Seven Pillars of Wisdom (and an abridged version called Revolt in the Desert) and a translation of a French novel, although he had learned classic Greek in school. In the ensuing back-and-forth about the translation, Bruce Rodgers mentioned in passing that The Monotype Company was ‘cutting’ his Centaur typeface. Cutting in this sense was literally cutting the typeface out of metal so it could be used in a printing press.

Advertisement for Centaur typeface from 1948
Advertisement for Centaur typeface from 1948

I wrote back in February about another font, now called The Doves Type, which interestingly enough was also based on the work of of the same 15th century book printer/designer Nicolaus Jenson. There was perhaps more intrigue in the story of the The Dove Type, which you can read about in my post From bibles to web sites, the century-long trek of one font. What’s interesting is that when I started writing this post about another font, I didn’t know that it was also based on the work of Jenson.

If you go to Monotype’s web site today, the only mention of Centaur on their site is that they own the trademark for it, although you can find it for sale from Linotype (a Monotype subsidiary), (also owned by Monotype), and other related sites. Adobe used to also sell a version of Centaur, but from what I can tell no longer do so. Adobe does, however, sell Adobe Jenson Pro, based on the same font that Centaur was originally modeled on, and thus is similar. Perhaps Adobe licensed Centaur from Monotype before digital type was as widespread, and created an early digital version of it, I’m not sure.

Linotype has a good description of Centaur on their site:

Centaur is probably the best known re-creation of the roman type cut by Nicolas Jenson in the fifteenth century. The great American typographer and book designer, Bruce Rogers, was commissioned to design an exclusive type for the Metropolitan Museum of Art (New York) in 1914. Rogers, who wanted to emphasize the written quality of the letter shapes, enlarged photos of Jenson’s type and drew over the letters with a flat pen. He then selected the best letters and touched them up with a brush and white paint, and the new type was cut from these patterns by Robert Wiebking. It was named Centaur after the title of the first book designed by Rogers using the type: The Centaur” by Maurice de Guérin, published in 1915. Lanston Monotype of London cut the commercial version of Centaur and released it in 1929. Rogers convinced Frederic Warde to design the italic, which was given its own separate name of Arrighi. Because Jenson did not cut a companion italic, Warde used as his models the types cut by Ludovico degli Arrighi in 1524-27. He inclined the caps and shortened the ascenders so it would go better with the height of Centaur’s ascenders. The lowercase italic g is a notable character because it has no ear. The current digital version of Centaur has both roman and italic, and includes bold weights, small caps, alternates and swashes. The difference between Centaur Italic and Centaur Italic (Arrighi) is in the lowercase z. Use the Centaur family for book composition, headlines, and elegant advertising pieces.

Typefaces are a funny thing, since early typeface designs (such as those of Jenson, who lived over five hundred years ago) are obviously not protected by any kind of copyright or trademark. Sometimes many later type designers used these early typefaces as inspiration or copied them outright. Those copies were then copied, etc. As further illustration of this point, the fonts Cambridge Serial (by Softmaker), LTC Metropolitan (by Lanston Type Company) and Venetian 301 (by Bitstream) are all basically versions of Centaur, which of course is a version of Jenson’s original Roman font from over 500 years ago, that inspired Adobe’s Jenson Pro and Linotype’s Jenson Classico.

There is another digital version of Centaur that is under development, and the interesting thing about this version is that it is free. The font is called Coelacanth, and it’s made freely available through the Open Font Library. I suppose the name is related to the fact that the Coelacanth is a fish that is believed to have evolved into its current state hundreds of millions of years ago, and stayed the same since, and Jenson’s original designs are over 500 years old and still being used. The font is a work-in-progress by Ben Whitmore, who writes about the project, as well as more specifically his efforts to create italic and bold variations. One of the goals of Coelacanth is to create a font with a wide range of optical sizes, so even in the smallest sizes the font would look good, something that was true of the metal-cut Centaur font, and which Ben Whitmore wants to reproduce with his digital version. Here’s a demo sheet of Coelacanth:

Coelacanth Demo Sheet
Coelacanth Demo Sheet

It’s amazing to think how one man’s work over five hundred years ago has influenced so many designers, and so many book designs, and that it continues to inspire people to this day. If you’re still wondering about T.E. Lawrence and how a story that started with Lawrence ended up about a digital font, all I can say is that Lawrence did indeed translate The Odyssey, and it was published by Bruce Rodgers in 1932. You can pick up a copy on Amazon if you want, although I’m not sure the paperback version on offer there utilizes Rodger’s original layout and his Centaur typeface. If you’re interested in the creation of Centaur itself, it seems there is a forthcoming book on the topic called The Noblest Roman (Amazon).


Robert Bringhurst on the design of books

In a badly designed book, the letters mill and stand like starving horses in a field. In a book designed by rote, they sit like stale bread and mutton on the page. In a well-made book, where designer, compositor and printer have all done their jobs, no matter how many thousands of lines and pages, the letters are alive. They dance in their seats. Sometimes they rise and dance in the margins and aisles.
Robert Bringhurst – poet, typographer and author