iPhone may take down the county's data infrastructure
|
| Author | Content |
|---|---|
| linuxscreenshot Mar 04, 2016 10:22 AM EDT |
This laughable FBI vs Apple case has just become ridiculous. The US govt wants into your device at all costs! This has be stopped before all devices have a back door, including Linux. San Bernardino District Attorney says the iPhone might contain evidence of a "dormant cyber pathogen" threatening the county's data infrastructure. |
| dotmatrix Mar 04, 2016 10:44 AM EDT |
@linuxscreenshot: What you posted is truly a valid threat... Do you remember stuxnet? Any anyway... the FBI is not seeking to enable a 'backdoor' into everyone's iPhone. What they are asking is for Apple to disable the 10 try limit, sign the changed firmware code, and update the single phone. This is not a backdoor into everyone's iPhone... and Apple does this all the time... it's how the OS is updated. The request to disable the 10 try limit is probably as simple as changing two lines of code like this: int MAX=10; int x=1; ******* And then compile and sign... which is probably nearly entirely automated... and then update the single phone's firmware. Wow! that seems like too much work for Apple in order to abide by the warrant... I'm sure it will cost them a whole $10.50 in hourly wages. |
| penguinist Mar 04, 2016 11:06 AM EDT |
This discussion has been going on for centuries.Benjamin Franklin in November 1755 wrote: Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. |
| dotmatrix Mar 04, 2016 11:15 AM EDT |
I'm pretty sure that Ben Franklin would want to know what was in the unbreakable iron chest filled with secrets by the spies of King George III... if such a chest of secrets existed. And I'm pretty sure Ben Franklin's comments were related to the Liberty of person's to pursue legal avenues through life. And I'm pretty sure that Ben Franklin was not at all opposed to having the state protect his property with the force of written law as well as the threat of state funded violence to perpetrators or to have the legal system pursue such criminals. So... I'm calling BS on all comments that try to pigeon hole the Honorable Ben Franklin into a Apple sized patriot. |
| linuxscreenshot Mar 06, 2016 11:29 AM EDT |
Quoting:I'm pretty sure that Ben Franklin would want to know what was in the unbreakable iron chest filled with secrets by the spies of King George III... if such a chest of secrets existed. "San Bernardino police chief, said there was a "reasonably good chance that there is nothing of any value on the phone."" - hardly an "iron chest filled with secrets". Now we have the FBI, with a track record of unwarranted spying, and a lawyer, who are notoriously dishonest, changing the story. Why not put two and two together and suspect these guys are up to no good, instead of believing this time they have had a change of heart? |
| dotmatrix Mar 06, 2016 12:27 PM EDT |
@linuxscreenshot: When all you got is a hammer... everything looks like a nail. I have no love for the police. And certainly don't want a police state. However, the police are hired to protect society. And one of the best tools to protect society is lawful "Search and Seizure" ... Without lawful search and seizure, society will collapse. This is not an exaggeration. In the specific case of cryptography... the government has significant reason to believe that strong cryptography combined with impossible to undo protections around that cryptography will lead to a significant rise in crime. The rise in crime will include things like:
However, the cat is already out of the bag - so to speak. I can generate a large number of 4096 bit PGP keys on my PC and encrypt information with those keys and send that information any where in the world. However, with PGP -- like with all cryptography -- there is a requirement to know a 'secret' and this 'secret' is the weak link in today's cryptography. BTW: openssl can also be used to encrypt files and other data using AES symmetrically. Side Note: I'm purposefully ignoring 'side-channel' attacks and attacks on the implementation of the cryptographic algorithms, since most of these attacks are discovered after an algorithm has been mathematically tested. Since the math works, it's likely that it is possible to create an implementation which is cryptographically unassailable except through brute force of the 'secret.' And please note also that this 'secret' I'm referring to is not the cryptographic key. The 'secret' is a passphrase or passcode which in general is used to unlock or 'unwrap' the actual password -- which is then used to unlock the key to decrypt. In Apple's iPhone, the 'secret' is allowed to be very short because of the protections around the 'secret'. And, in fact, there is no way to change the protections around the 'secret' except through Apple. This statement will always be true unless a new architecture is mandated to include an option to remove the protections without Apple's help. However, if a new phone is mandated, this new architecture would need to pass through either the courts or Congress. It's nearly unimaginable that the courts would pass down a ruling that Apple must create a new phone -- so, let's forget about that scenario. So, I find it very difficult to imagine that Law Enforcement has no right to ask Apple, on a one phone per warrant basis, to load software which removes some of the protections around the 'secret' in order to carry out lawful Search and Seizure. The only way this FBI v. Apple thing becomes a 'slippery slope' is if Congress tells Apple and other manufacturers that they need to remove the protections around the 'secret'... And since this is only possible with a new phone architecture... all current phones will need to be confiscated. Now --- do you really believe that Congress is going to do that? And that all iPhones currently in circulation -- including those in overseas markets -- will be required to be confiscated?? This Apple v FBI 'slippery slope' is a conspiracy theory gone nuts... definitely tin-foil hat territory. It's very likely that the Apple v. FBI case will reach SCOTUS. And I really don't know what will happen then. However, it is my hope that sanity will prevail and so will the FBI. Lawful search and seizure has been a component of the US since its European Invasion more than 200 years ago... It's a very important component of civil society and keeps you safe on a daily basis, and no amount of Ben Franklin quotes are going to help you 'prove' that the founders of the current USA government meant it otherwise. |
| jdixon Mar 06, 2016 2:00 PM EDT |
> However, the police are hired to protect society. That's a very debatable point. > So, I find it very difficult to imagine that Law Enforcement has no right to ask Apple, on a one phone per warrant basis, to load software which removes some of the protections around the 'secret' in order to carry out lawful Search and Seizure. They're not just asking them to load the software, they're asking them to write the software. I'm not sure why you always leave out that point. > And since this is only possible with a new phone architecture... all current phones will need to be confiscated. They could always claim Apple was acting as an accessory to terrorism and seize the entire code base of IOS. It would be in keeping with current trends. We're probably not at that point yet though. Give it another 25 years or so. |
| dotmatrix Mar 06, 2016 2:41 PM EDT |
>They could always claim Apple was acting as an accessory to terrorism and seize the entire code base of IOS. It would be in keeping with current trends. We're probably not at that point yet though. Give it another 25 years or so. What the heck are talking about? Which entire OS code base has been seized by the US Government? Please don't say Microsoft... if you have an official document that says so -- please share it. Otherwise it's tin-foil hat time. What trends are you talking about? You and I have access to FOSS encryption software. This software is currently available to anyone in the world, for zero cost. The software combined with a little bit of ingenuity can be used in nearly the same way as Apple's protections around the passcode on the iPhone. You could, for example, use a $35.00 RPi has as a 'secure enclave' and write a few lines of code to produce a server/client protocol running over a USB link between the Pi and a host PC... Similar to a 'smart card' system... which you can also buy premade, along with a smart card... and encrypt your data. Furthermore, there is nothing stopping you from encrypting your data and then loading it onto your iPhone. Thereby removing the ability for anyone - even with your passcode - from gaining access to your data. However, this would only be useful for transporting data via the phone, not for using the data on the phone. >They're not just asking them to load the software, they're asking them to write the software. I;m not sure why you always leave out that point. I do not leave this out. In fact, just a few posts above I indicated that Apple is being asked to write this 'new' code... and also pointing out that this 'new' code most likely consists of significantly fewer lines of 'new' code than I can write in 30 minutes. Furthermore - and I've pointed this in priors posts - the government has told Apple that the government will pay Apple for its time. This is not a 'favor' to the government... It is a fully paid coding change. ************ You and nearly everyone on the planet has access to strong cryptographic solutions to protecting data of various kinds and in various ways. An individual's lack of knowledge in how to use the available tools doesn't mean that corporations should not be required to respond fully and completely to reasonable and legal warrants for search and seizure of data whose doors those corporations may have access to... note: Apple does not have a backdoor in to User Data, and such a backdoor is not possible. I've written it before [maybe in other words]: Your data security is your problem, not Apple's. If you trust Apple, you necessarily trust the government to whom Apple is necessarily beholden. |
| jdixon Mar 06, 2016 4:55 PM EDT |
> Which entire OS code base has been seized by the US Government? None that I know of. I remember a claim that they confiscated patents dealing with lasers during one of the two world wars, but that's the only equivalent case I can think of. > What trends are you talking about? The war on drugs. Asset forfeiture. The Kelo decision. The Patriot Act. Obamacare's mandate. The GM bailout. The list goes on and on. Government inserting itself more and more into every aspect of our lives and corporate operations. Would a government that deigns to tell every person in the country that they must buy a product balk at seizing code from a single company that stands in their way? Especially if it sends a message to the others? In any case, I'm not claiming they will do this. You said there was only one option. I pointed out another. And if they claim national security concerns, they undoubtedly could both do it and get away with it. National security is very much a get out of jail free card in that respect. The courts are very leery of messing with it. > I do not leave this out. Yes, you did. You always do. You point it out in one place, where you dismiss it as being a trivial change, but then always leave it out of your summary, I'm not sure why, since it's so easy to note it. And for any coder (or any creative field for that matter) it's a very important detail. Laying claim to the product of a person's mind is a far different thing than laying claim to physical property. |
| dotmatrix Mar 06, 2016 5:34 PM EDT |
In reverse: >And for any coder (or any creative field for that matter) it's a very important detail. Laying claim to the product of a person's mind is a far different thing than laying claim to physical property. This is debatable. Where does a person's creativity end and physical property begin? And Apple is not a person. Apple is a corporation. This corporation exists at the pleasure of the government. The government can and does regulate businesses, including the right for businesses to exist. >Yes, you did. You always do. You point it out in one place, where you dismiss it as being a trivial change, but then always leave it out of your summary, I'm not sure why, since it's so easy to note it. So, you are saying I need to point out, every time I post something, that Apple has been asked by the FBI to accept payment for changing one or two lines of code ... not exaggerating. Wow! I gotta say my long posts will be longer yet. >Would a government that deigns to tell every person in the country that they must buy a product balk at seizing code from a single company that stands in their way? Especially if it sends a message to the others? This exists with or without the iPhone or cryptography... https://en.wikipedia.org/wiki/Mail_and_wire_fraud >The war on drugs. Asset forfeiture. The Kelo decision. The Patriot Act. Obamacare's mandate. The GM bailout. The list goes on and on. Government inserting itself more and more into every aspect of our lives and corporate operations. Hey... I don't believe I've indicated a love for government or over reach of power. My argument here has been that this particular case in FBI v. Apple has nothing whatsoever to do with the rest of these things... If a given iPhone is used by a drug dealer -- the government has laws regarding illegal drugs and has every right, per the law, to search that phone's data. If Apple can help, and are the only one's who can help, then that should be a valid warrant... If you want the War-on-Drugs to go away, vote. If you are a drug dealer and use an iPhone - you are trusting that the government is just simply going to look the other way... since you are trusting that Apple will protect you and the government controls Apple... because Apple is corporation and is required to respond to legal warrants and abide by the law. *************** In fact, there could be a valid argument on the government's side that strong encryption should be illegal for citizens to use without first getting a permit. A law such as this would be consistent with other laws allowing citizens to use other potentially criminal items -- like cars, selling alcohol, selling cigarettes, and other products... The fact that US citizens have access to strong, and in fact - unbreakable, encryption is truly amazing considering that this technology was categorized as a munition just a decade and a half ago... It's also amazing given the history of strong encryption and its roots as a technology for waging war. I am in no way indicating that I would like to remove free and clear citizen access to strong encryption. I'm simply indicating how truly amazing it is that we do have access... and this fact should place the current FBI v. Apple controversy into perspective. Even if Apple were to be told they can't sell any more iPhones built to the current specifications, all citizens would still be able to encrypt their data... The movement against the FBI in this case, is a lazy user movement... because: Your data security is your problem, not Apple's. If you trust Apple, you necessarily trust the government to whom Apple is necessarily beholden. |
| jdixon Mar 06, 2016 11:54 PM EDT |
> And Apple is not a person. Apple is a corporation. Corporations are considered persons under the law. That's a legal fiction I'd rather see done away with, but it's still the case currently. And the corporation known as Apple won't be writing the code, a person will. > So, you are saying I need to point out, every time I post something, No, I'm perfectly willing to do so for you. :) Seriously, it's a central aspect to the case. If the government were handing code to Apple and saying sign this so we can run it on this iPhone, do you really think Apple would be fighting it? So it should be mentioned in any summary. > My argument here has been that this particular case in FBI v. Apple has nothing whatsoever to do with the rest of these things... And on that point we will have to simply disagree. > If you want the War-on-Drugs to go away, vote. What makes you think I don't? > In fact, there could be a valid argument on the government's side that strong encryption should be illegal for citizens to use without first getting a permit. The opposing argument would be that once the government classified encryption as a munition, that meant it was covered by the second amendment, and that option was unconstitutional. |
| dotmatrix Mar 07, 2016 12:21 AM EDT |
>Seriously, it's a central aspect to the case. If the government were handing code to Apple and saying sign this so we can run it on this iPhone, do you really think Apple would be fighting it? So it should be mentioned in any summary. No one except Apple has the ability to write the code. And yes, I do think Apple would be fighting a request to cryptographically sign the government's code. It's the cryptographic signature that makes running the code possible. And Apple doesn't want the code to run, so they would fight the signature. In effect there is no difference in who writes the code. Apple will be paid to write it and Apple is the only one who can write it, and this has nothing whatsoever to do with technical abilities of the FBI vs. Apple. >> If you want the War-on-Drugs to go away, vote. >What makes you think I don't? I don't have a feeling one way or the other. I'm simply pointing out that legislation is the proper avenue to pursue in tearing down the "war-on-drugs" ... the voters voted and the laws were written by the voters choice of representatives... if the result is not what you want - vote differently... or better yet, run for office yourself --- of course, the 'yourself' is meant as 'anyone who might be reading along' rather than directly "jdixon" >Corporations are considered persons under the law. That's a legal fiction I'd rather see done away with, but it's still the case currently. And the corporation known as Apple won't be writing the code, a person will. Strawman: This is only for tax purposes. There are plenty of laws governing businesses that do not apply to individual human citizens. >The opposing argument would be that once the government classified encryption as a munition, that meant it was covered by the second amendment, and that option was unconstitutional. No... the 'munition' is not bullets... See ITAR: https://en.wikipedia.org/wiki/International_Traffic_in_Arms_Regulations I think you'd have a hard time procuring an armed F-15 and then selling that to Iran without the federal government getting a wee bit upset. When encryption was categorized as a munition it was governed under ITAR... and thus it's 'export' to other nations limited. However, citizens had every right to use it -- and were able to download Netscape with 128 bit encryption. I may have cross-threaded the discussion... so you'll just have to point that out to me =þ In any case, back to the current thread -- The government is not taking your encryption away from you... they are simply trying to say that you might not have a right to 'expect' delivery of a finished product... getting tired. I'm not gonna win the argument because like most arguments - no one can win. **** My arm chair thoughts: Apple will be required to give the FBI what it is asking for, and the world will not end, and your uninteresting personal data will continue to remain unreviewed by anyone except you, your friends, and the advertising networks getting money from your data. |
| jdixon Mar 07, 2016 6:21 AM EDT |
> No one except Apple has the ability to write the code. I doubt very much that's true. > And yes, I do think Apple would be fighting a request to cryptographically sign the government's code. OK, We'll have to disagree on that point too. That's equivalent to providing an existing key to a building, and well within the governments rights. I don't think Apple would fight it at all. > Strawman: This is only for tax purposes. Uhm. No, it's not. Citizens United vs. FEC for merely one example. > There are plenty of laws governing businesses that do not apply to individual human citizens. Yes, there are. That's a side effect of allowing the govermnent to create the fiction of an independent being known as a corporation. But the legal standing as a person under the law is not one of them. > No... the 'munition' is not bullets... I didn't say it was. I didn't even say it would win. I said it was a counter argument. One which would be made. > I think you'd have a hard time procuring an armed F-15 and then selling that to Iran without the federal government getting a wee bit upset. The systems on the F-15 are probably still classified (there's that pesky national security thing I mentioned above), so yes. In general, armed, yes; selling to Iran, yes; procuring, no. Google used military jets. > I'm not gonna win the argument because like most arguments - no one can win. Well, duh. We're not even arguing. We're discussing various views of the case for the benefit of other readers. > Apple will be required to give the FBI what it is asking for,,,, Entirely possible. That's what the courts will decide. And what either you or I think will have absolutely no bearing on their decision. > ... and the world will not end. No, but there will be one more codified government allowed intrusion into your life. A slow, steady, and apparently irreversible process. |
| dotmatrix Mar 07, 2016 9:27 AM EDT |
>No, but there will be one more codified government allowed intrusion into your life. A slow, steady, and apparently irreversible process. Isn't there a not-so-slow stream of uncodified, non-citizen directed corporate intrusion into your life. Seriously, if an individual is partaking of the various 'free' email and 'free' cloud data storage options offered by the modern Ad companies posing as technology companies, that individual has already given up all privacy. However, if an individual is willing to put forth his/her own effort... privacy can be enforced. Apple is not a proxy for citizen privacy rights enforcement, nor should it be... and they don't seek to maintain your privacy regardless of the appearance otherwise. > In general, armed, yes; selling to Iran, yes; procuring, no. Google used military jets. Exactly! The point is proved and agreed upon. Strong unbreakable encryption is very much akin to an armed F15. And thus should be regulated under ITAR. *** I think it's a mistake to cheer Apple on here. If the citizens press the government for strong unbreakable encryption everywhere - the government is going to respond in kind --- and the risk is high that we will lose the legal ability to use openssl, gpg, ecryptfs, and other cryptographic packages. It's far better to let Apple do what the government asks -- and protect your own data with your own keys. |
| jdixon Mar 07, 2016 9:40 AM EDT |
> Isn't there a not-so-slow stream of uncodified, non-citizen directed corporate intrusion into your life. Mine? Not so much so. Some folks, sure, but most of those are chosen voluntarily. Government intrusions aren't. > Strong unbreakable encryption is very much akin to an armed F15. Not hardly. :) But if you think so, I'll be happy to trade you my (currently) unbreakable encryption for an armed F-15. |
| dotmatrix Mar 07, 2016 10:04 AM EDT |
>Not hardly. :) But if you think so, I'll be happy to trade you my (currently) unbreakable encryption for an armed F-15. Enigma, anyone? Imagine if everything about WWII was the same, except the Nazis had iPhones instead of Enigma. Strong encryption is how wars are won and lost. You can have plenty of F15s and still lose due to encrypted communications. And what about the Turing Award? What did Turing do? I suppose Apple would have turned him away. Let's all take a page from Turning... and support the FBI in their fact finding mission. **** Strong unbreakable encryption in the hands of the general public is a significant threat to public safety and national security. I think you'd be hard pressed to accurately argue otherwise. |
| jdixon Mar 07, 2016 11:32 AM EDT |
> Strong encryption is how wars are won and lost. Encryption is merely one component in the matter. And honestly not as significant a one as you seem to think. > Strong unbreakable encryption in the hands of the general public is a significant threat to public safety and national security. I think you'd be hard pressed to accurately argue otherwise. Why would I want to argue otherwise? The argument is that it's a tradeoff worth making, not that there's no tradeoff. |
| linuxscreenshot Mar 07, 2016 11:45 AM EDT |
Quoting:Encryption is merely one component in the matter. Privacy is the issue here.. From c|net this morning: Here are the concerns of Amazon, Box, Cisco, Dropbox, Evernote, Facebook, Google, Microsoft, Mozilla, Nest, Pinterest, Slack, Snapchat, WhatsApp, Yahoo, Airbnb, Atlassian, Automattic, CloudFlare, eBay, GitHub, Kickstarter, LinkedIn, Mapbox, Medium, Meetup, Reddit, Square, Squarespace, Twilio, Twitter and Wickr: Outdated rules. "The government seeks a dramatic extension of New York Telephone (a 1977 Supreme Court case) to cover ever-evolving technologies...It is dangerous to extend that limited endorsement of judicial power over third parties to situations the Supreme Court never could have envisioned." Not just one hack. "The government's motion reassures the court and the public that the request here is a one-time-only hack. But there are already strong indications that law enforcement will ask for broad authority under the All Writs Act on facts far different from the terrorism investigation at hand." A most personal device. "Cell phones are the way we organize and remember the things that are important to us; they are, in a very real way, an extension of our memories. And as a result, to access someone's cell phone is to access their innermost thoughts and their most private affairs." Dangerous precedent. "The government's demand here, at its core, is unbound by any legal limits. It would set a dangerous precedent, in which the government could sidestep established legal procedures authorized by thorough, nuanced statutes to obtain users' data in ways not contemplated by lawmakers." More important than ever. "The unprecedented scale of digital information used, stored and communicated on the Internet means that 'privacy,' which 'has been at the heart of our democracy from its inception,' is "needed now more than ever." |
| dotmatrix Mar 07, 2016 11:54 AM EDT |
You are entitled to your non-expert opinion on the seemingly lack of significance of encryption and cryptography... And to your misguided argument that the tradeoff of corporate control over cryptographic enabled devices is preferred to a corporate + Law Enforcement team on responsible lawful use of cryptographic enabled devices. It's useful to remember that Apple still maintains the ability to do precisely what the FBI is asking. And can - without informing anyone at all - allow any organization... corporate or nation state... friendly or not... the same access they are now attempting to deny to the FBI. And, I will end by saying that I side with Comey when he says that the people of the US will regret trying to shut out lawful search of cryptographic enabled devices such as the iPhone. No more from me on this topic -- for at least a month. I gotta get back to work doing other things. |
| jdixon Mar 07, 2016 12:53 PM EDT |
> You are entitled to your non-expert opinion on the seemingly lack of significance of encryption and cryptography You said: Strong encryption is how wars are won and lost. I replied: Encryption is merely one component in the matter. And honestly not as significant a one as you seem to think. My response was specifically with respect to the importance of encryption in warfare. Not it's generic importance. And at no point have you argued that your opinion is an expert one, so I believe that makes is even. Look, we disagree about fundamental points on this case. That's obvious. But the points are not clear cut and there's lots of room for disagreement. The courts will decide the matter one way or another. Let's both hope their decision turns out to be the best one, whichever one it is. |
| skelband Mar 07, 2016 1:19 PM EDT |
>> And yes, I do think Apple would be fighting a request to cryptographically sign the government's code. > OK, We'll have to disagree on that point too. That's equivalent to providing an existing key to a building, and well within the governments rights. I don't think Apple would fight it at all. Well actually supplying a signing key to the government would be more akin to a key to everyone's door. They most certainly would fight it. They would probably also claim it as a commercial secret, whether or not that would help them legally, I do not know. |
| jdixon Mar 07, 2016 1:40 PM EDT |
> Well actually supplying a signing key to the government would be more akin to a key to everyone's door. In my hypothetical scenario they wouldn't be providing the signing key. They would merely be signing the code the government provided them so the code would run on that iPhone. |
| thenixedreport Mar 14, 2016 7:01 PM EDT |
Before we assume that it would only be for that one iPhone.... consider this: https://www.youtube.com/watch?v=zsjZ2r9Ygzw (John Oliver breaks the issue down) |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!