Saturday, 19 March 2016

The Dangers of the Internet of Things (IoT)



Are you ready for a future where not just your smartphone,  desktop, laptop computer or tablet is connected to the Internet but also your cars, electronic appliances(home theatre, TV etc.), lights in household and commercial environments, alarm clocks, speaker systems, washing machines, microwaves, sandwich makers/toasters, blenders etc. are connected to the Internet? 

In the near future, you may no longer need to remember to turn the oven off when the cake is done or switch on lights when you enter a room. Your home will do it for you. These products are part of the Internet of Things (IoT), aimed at automating our lives by connecting mobile devices to appliances, lights, and just about everything.

The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems. IoT extends internet connectivity beyond traditional devices like desktop and laptop computers, smartphones and tablets to a diverse range of devices and everyday things that utilize embedded technology to communicate and interact with the external environment, all via the Internet.

Simply put, IoT is a computing concept that describes a future where every day physical objects will be connected to the Internet and be able to identify themselves to other devices. Most of us think about being connected in terms of computers, tablets and smartphones. IoT describes a world where just about anything can be connected and communicate in an intelligent fashion. In other words, with the IoT, the physical world will become one big information system.

It describes a situation where everything in our surrounding environment is made capable of automatically communicating with each other without any inter-human or human-to-machine interaction. Apart from the fact that it is a path-breaking discovery, it can also prove to be extremely beneficial in facilitating our lives to manifolds.

Despite the enormous benefits, IoT might raise some privacy and security concerns. The risks inherent in our Internet-connected lives and IoT are brought into sharp focus by the movie: Ratter. Ratter is an acronym for a type of malware known as a Remote Access Trojan, an unwittingly downloaded program that provides a hacker with undetected access to a user’s Internet-enabled devices. The ratter can then manipulate programs and files, as well as operate camera and microphone functions, enabling video and audio access to the victim’s activities.

In the movie; Ratter, Emma is determined to make a fresh start as she moves from the Midwest of America to rent a spacious apartment in Brooklyn, New York and begin grad school, Emma never suspects that everything she does within view of her laptop, phone or webcam is being watched and recorded by an unknown stalker who has electronically hijacked her devices. Whether she’s prepping meals in her kitchen, settling into bed at night or showering with her laptop playing music in the background, Emma’s always-online lifestyle is fully revealed to the ratter.

At the same time, she begins receiving random blocked calls and text messages, which her friend Nicole dismisses as typical misdialed numbers and tech glitches. When her laptop starts acting up, Emma takes it to a repair shop but apparently there’s nothing amiss, although she does change her passwords as a precaution. An unexpected call from a blocked number turns out to be her jilted, bitter ex-boyfriend Alex, leading Emma to wonder if he’s the one who’s been anonymously harassing her.

She dismisses the thought however, since things are going so well with Michael, the new guy she’s been dating, until an online chat session becomes way too creepy and Emma breaks things off, concerned that even he might be targeting her. It’s all part of the ratter’s escalating plan to isolate her from friends and family, even as he becomes more aggressive, breaking into her apartment and observing her while she sleeps. As his threatening behavior escalates and Emma’s stress level spikes, her parents urge her to move to a new apartment, but with the ratter monitoring her every move, message and phone call, a change of location isn’t likely to provide much respite or increased security.

In a selfie-obsessed culture motivated by the urge to document everything and perhaps even achieve fleeting viral celebrity, the unpleasant possibilities articulated by the movie, Ratter, are alarmingly immediate and unnervingly reinforced by news accounts of hijacked webcams and hacked cellphones betraying unsuspecting users.



Monday, 29 February 2016

RICKY TARFA (SAN): THE RIGHT TO REMAIN SILENT AND PASSWORD-PROTECTED MOBILE PHONES



 On the 24th of February, 2016 a Senior Advocate of Nigeria, Mr. Rickey Tarfa withdrew an N5billion fundamental rights violation suit he filed against the Economic and Financial Crimes Commission (EFCC) and four other respondents. The senior lawyer had filed the suit, alleging violation of his right to privacy by the respondents

Mr. Tarfa in the suit sought a court declaration that his right to privacy was violated when the call records/log on his phone with mobile number 08034600000 was allegedly accessed without his authority and made available to Sahara Reporters and other online news media without any reasonable cause or a lawful court order.

He also urged the court to hold that it was unlawful for his iPhone 6 with mobile number 08034600000 to have been used in calling one Alhaji Ado in Kaduna on mobile number 08061272929 on February 9, 2016 while the said phone was with Magu and the EFCC without any reasonable cause or any court order.

Furthermore, Mr. Tarfa also urged the court to hold that it was unlawful for the EFCC to access his bank details, clients’ information, private and confidential information contained in his iPhone 6 with number 08034600000 and Samsung 6 phone with number 08077341616 without any reasonable cause or any court order.

The writer cannot tell if Mr. Tarfa’s mobile phones were password-protected but assuming he had pass-worded/locked his mobile phones (just like Syed Rizwan Farook, one of the two killers (who were later killed in a shootout with the police) in the December 2, 2015 San Bernardino, California mass shootings, who left behind a pass-worded/locked iPhone 5c whose data the FBI has not been able to get access to) and the EFCC were unable to access the mobile phones either through hacking or guessing his passwords, would it have been lawful for the EFCC to demand from Mr. Tarfa or compel him to provide the passwords to his mobile phones?

The Position of the Law in Nigeria
According to Section 35(2) 1999 Constitution as amended:
“Any  person  who  is  arrested  or  detained  shall  have  right  to  remain silent  or  avoid  answering  any  question  until  after  consultation  with  a legal practitioner or any other person of his own choice”

Section 36(11) further provides that “No person who is tried for a criminal offence shall be compelled to give evidence”. However, section 35(2) is more germane to the issue at hand so this discourse will be limited to the said section.

The import of the section 35(2) is that whenever a suspect is in police custody, his constitutional right to remain silent begins, and this right is to the effect that he cannot be forced or coerced to say a word unless he volunteers to do so as it is the duty of the prosecution to prove its case beyond reasonable doubt. The above position of the law has been upheld by the Supreme Court of Nigeria in the case of Sugh v. State (1988) NWLR (Pt. 77)475. See also Ajudua v. FRN (2014) LPELR-24126(CA) where it was held that an  accused  has the  right  to  remain  silent  as  he  cannot  be forced to make a statement during investigation.

The Position of the Law in the United States
In the United States the general position of the law regarding the right to remain silent or right against compelled self-incrimination is provided for in the Fifth Amendment to the United States Constitution which provides that “No person shall…be compelled in any criminal case to be a witness against himself.”

In the case of Securities and Exchange Commission (SEC) v. Bonan Huang et al (Case 2:15-cv-00269-MAK), the SEC were investigating the defendants who allegedly used insider information associated with their jobs to trade stocks. The SEC suspected the mobile devices were holding evidence of insider trading and demanded (via a motion filed in court) that the defendants turn over their passcodes. The defendants declined supplying their passcodes contending that the Fifth Amendment protected them.  The issue was therefore, whether the defendants could be forced to give up passcodes to devices that were provided by their employer, but secured by passcodes chosen by the employees themselves. The Federal District Court (the Supreme Court has never ruled on the constitutionality of the issue) in Eastern Pennsylvania ruled that the defendants cannot be compelled to give up the passcode to their cell phones as doing so would be equal to giving self-incriminating  testimony.

The Position of the Law in the United Kingdom
The privilege against compelled self-incrimination or the right to remain silent is deeply rooted in the common law. Goddard LJ in Blunt v Park Lane Hotel [1942] 2 KB 53 at 257 stated thus;
"No one is bound to answer any question if the answer thereto would, in the opinion of the judge, have a tendency to expose (him) to any criminal charge, penalty or forfeiture which the judge regards as reasonably likely to be preferred …" 

In Saunders v UK [1996] 23 EHRR 313 it was held that Article 6 of the European Convention of Human Rights guarantees the protection against self-incrimination.
"The right to silence and the right not to incriminate oneself, are generally recognised international standards which lie at the heart of the notion of a fair procedure under article 6….the right not to incriminate oneself, in particular, presupposes that the prosecution in the criminal case seek to prove their case against the accused without resort to evidence obtained through methods of coercion or oppression in defiance of the will of the accused. In this sense the right is closely linked to the presumption of innocence contained in article 6(2)".

However, the right is subject to numerous statutory exceptions which limit, amend, or abrogate the privilege in specified circumstances. Therefore, despite the privilege, individuals may sometimes be required to answer questions or provide information or documents which may incriminate them. For instance the Regulation of Investigatory Powers Act 2000 (RIPA), Part III, activated by ministerial order in October 2007, requires persons to supply decrypted information and/or keys/passwords to government representatives or law enforcement agents with a court order. Failure to disclose carries a maximum penalty of two years in jail. Thus, under the provisions of the RIPA Syed Hussain was convicted of failing to provide police with the password to the USB memory stick seized in a counter-terrorism operation. When Hussain was arrested in April 2012, police seized a USB memory stick from his home - but they discovered the information on the device was protected by sophisticated encryption technology. Hussain told detectives that he could not remember the password because he was suffering from stress – which meant they could not access its contents. Police called in experts from GCHQ, the government's secret eavesdropping and communications agency, but even they were unable to crack the device.

Oliver Drage, a 19-year old was arrested as part of an investigation into child sexual abuse images. His computer was seized by police who were unable to access some material on it thanks to a 50-character encryption password. Police formally requested the password from Drage, he refused to co-operate, an offence under the RIPA. He was accordingly sentenced to 16 weeks in a young offenders’ institution for refusing to give police the password to an encrypted file on his computer. See-

Conclusion
Considering the position or state of the law in Nigeria it may be safe to conclude that if Mr. Tarfa’s mobile phones were locked or pass-worded, the EFCC would have acted outside the law or illegally if they compelled Mr. Tarfa to disclose the passwords to his mobile phones which they seized. This is so as to the best of the writer’s knowledge there is no exception to the right to remain silent under Nigerian law; unlike the position in the UK, during interrogation in the custody of law enforcement agents.

However, as one writer observed:
“Realistically, the right to silence has a low value and not really exercised by most suspects. Only a suspect who knows the law and the right well would exercise the right as most people would not be able to withstand the mental pressures during the interrogation. False evidences, lies, isolation and many other psychological tactics are practiced to make the suspect confess the crime. As a result of this, many false confessions happen due to unbearable psychological pressures.”

It may therefore, not be out of place to suggest that it would take an extraordinarily strong-willed suspect undergoing interrogation during detention by any of the law enforcement agencies in Nigeria, especially the Nigerian Police who are notorious for torturing suspects in detention, to exercise his right to remain silent as guaranteed by section 35(2) of the 1999 Constitution as amended!

Friday, 26 June 2015

INACCURATE AND INCOMPLETE BIS DATA USAGE REPORT BY MTN


If you subscribe for the one month Blackberry Internet Service (BIS) plan on Glo, Etisalat and Airtel and you check the status of your subscription they inform you via sms of how much data in MB(megabytes) you have left for the plan. This enables a subscriber to better manage his data usage and ensure the subscriber doesn't exhaust his data and therefore the subscription before the end of the one month.

However, the story isn't the same with MTN as when you check the status of your BIS they only inform you via sms that you are within the Fair Usage Plan and if you are not they also inform you of that fact without showing you the ACTUAL data in MB that is remaining on your subscription.

I do not think MTN is being fair to its customers/subscribers and that is not right. In fact they could actually be breaching the General  Consumer  Code  of  Practice  published by the Nigerian Communications Commission pursuant to section 106 of the Nigerian Communications Act 2003 which imposes a duty on service providers such as MTN to provide consumers with information on their services that  is  complete,  accurate,  and  up  to  date  and  in  simple,  clear  language. Below is a screen shot of the status inquiry of MTN and Glo one month BIS respectively:
In view of the foregoing, can it be said that MTN has provided its customers or consumers of her one month BIS plan, information on the status of their subscription that is COMPLETE and ACCURATE? In my opinion, I don't think so!

I therefore call on the relevant authorities such as the Nigeria Communications Commission and the Consumer Protection Council of Nigeria to wade into this matter and direct MTN to provide her consumers of the one month BIS plan, information on the status of their subscription that is COMPLETE and ACCURATE just like Glo, Etisalat and Airtel does.