Even with encryption, if you lock your phone with a fingerprint then its entirely likely that law enforcement is getting in there if they have both you and your phone in custody.
Even with encryption, if you are using apps and visiting web pages on an open wifi network then your data could be compromised. Is that a "human rights issue" the ACLU should be looking into? Everyone using the free wifi at the local library, McDonalds, Starbucks, hotel or airport could be endangering themselves.
I would ask the ACLU what is worse if you have no money. A crappy phone or no phone? A crappy computer or no computer?A crappy car or no car? A crappy house or no house? Crappy food or no food? A crappy library or no library? You can have better and/or safer versions of all of those things, if you have the money.
The ACLU should focus on the real root of the problem. They should focus on the lack of oversight, lack of accountability and growing distrust of law enforcement across the board. From local cops to the NSA.
I would ask the ACLU what is worse if you have no money. A crappy phone or no phone? A crappy computer or no computer?A crappy car or no car? A crappy house or no house? Crappy food or no food? A crappy library or no library? You can have better and/or safer versions of all of those things, if you have the money.
That's a false dichotomy. There is no technical reason that an inexpensive phone can't have encryption, it is just an artifact of how the Android OS was designed and implementation choices by Google and other vendors. I have no problem with the ACLU point out that encryption is more than a convenience but an important mechanism to protect privacy (from both government and non-governmental actors) and I have no problem with them calling out Google for making poor implementation choices.
Quote:
The ACLU should focus on the real root of the problem. They should focus on the lack of oversight, lack of accountability and growing distrust of law enforcement across the board. From local cops to the NSA.
Again, this is a false dichotomy. The ACLU is doing both, and putting a lot of resources into the very problems you mention. (See ACLU vs. Clapper, ACLU vs. DOJ, Wikimedia vs. NSA, FOIA request lawsuit on Executive orders, ACLU vs. FBI). While the root of the problem is the lack of oversight, that doesn't mean that you can't also advocate for better encryption at the same time. And remember, governments are not the only threat to privacy, even if the government were completely trustworthy, encryption and privacy is important to protect corporate and private information from non-governmental entities.
I would ask the ACLU what is worse if you have no money. A crappy phone or no phone? A crappy computer or no computer?A crappy car or no car? A crappy house or no house? Crappy food or no food? A crappy library or no library? You can have better and/or safer versions of all of those things, if you have the money.
That's a false dichotomy. There is no technical reason that an inexpensive phone can't have encryption, it is just an artifact of how the Android OS was designed and implementation choices by Google and other vendors. I have no problem with the ACLU point out that encryption is more than a convenience but an important mechanism to protect privacy (from both government and non-governmental actors) and I have no problem with them calling out Google for making poor implementation choices.
Quote:
The ACLU should focus on the real root of the problem. They should focus on the lack of oversight, lack of accountability and growing distrust of law enforcement across the board. From local cops to the NSA.
Again, this is a false dichotomy. The ACLU is doing both, and putting a lot of resources into the very problems you mention. (See ACLU vs. Clapper, ACLU vs. DOJ, Wikimedia vs. NSA, FOIA request lawsuit on Executive orders, ACLU vs. FBI). While the root of the problem is the lack of oversight, that doesn't mean that you can't also advocate for better encryption at the same time. And remember, governments are not the only threat to privacy, even if the government were completely trustworthy, encryption and privacy is important to protect corporate and private information from non-governmental entities.
You make some great points and you are right there is no reason why the focus can't be on more than one thing. You gave a well reasoned response and I appreciate it.
But a little bit of credit can be given to companies like Google or Microsoft. People love to hate them but they created platforms, that while not flawless, have driven down the cost of computing to where at least 100's of millions of people (if not billions) now have access to information and computers/devices.
We can't all have the best, nicest things. But you are right, just because it's affordable doesn't mean it should compromise on security or privacy. I am not against pushing all of these companies to do better. I'm not against the ACLU either. But reading what Chris Soghoian said makes it seem a little bit one sided. It's far more complicated than to just blame Google.
But reading what Chris Soghoian said makes it seem a little bit one sided. It's far more complicated than to just blame Google.
I only got snippits of what Soghoian said from the article, so I can't be sure how one-sided his whole talk was, but I certainly agree - simply painting Google, Facebook, Microsoft, etc... as evil won't solve the problem.
Why? When you do that it comes off a bit trollish sounding. Familiar with baiting?
I've always thought we should hang our collective hats on every opinion and pronouncement from any ACLU spokesperson. There's few organizations with such widespread respect so what can be said? Fortunately for those concerned ACLU folks the poor have little if anything left to steal so they're pretty safe.
You guys are funny. We should put you guys in a reality TV show in the same apartment, like a reboot of the "Odd Couple."
I think they still officially sell it in some countries.
edit: Not sure if this page existing, along with the Where to Buy with a limited list of countries that aren't Apple's top selling locations is accurate or not, but here you go anyway…
I ain't payin no $800 for a phone I bought my current 5 for $200 (eBay). Actually bought my first 5 (now wife's) for $100 with a little social engineering at an AT&T store
Why? When you do that it comes off a bit trollish sounding. Familiar with baiting?
I've always thought we should hang our collective hats on every opinion and pronouncement from any ACLU spokesperson. There's few organizations with such widespread respect so what can be said? Fortunately for those concerned ACLU folks the poor have little if anything left to steal so they're pretty safe.
Seriously though, you should approach AI to be ensconced as the official opposition to all things Apple and all things pro Google, kind of anti-DED. With an official position your posts would be then editorial and no one need see them as anything but that.
DED stopped just short of mentioning that both new Nexus models sold by Google are encrypted by default, possibly omitting it because it didn't fit the storyline IMO. Google also requires all new smartphones shipping with Android M have it enabled out of the box. That would directly contradict Mr Dilger's statement that Google considers "encryption and privacy for Android an afterthought or even an obstacle". https://nakedsecurity.sophos.com/2015/10/21/new-android-marshmallow-devices-must-have-default-encryption-google-says/
It's fair to mention that due to valid issues DED raised, older Android handsets receiving an update to the latest OS won't have the same requirement, tho it will be strongly suggested. In that arena Apple is far ahead.
Up to your usual tricks. You left out a very important detail. Google requires that devices that meet a minimum performance standard have encryption enabled. And with the inferior and performance sapping software encryption in Android it basically means only flagships will enable it.
Wait, what am I thinking. Only a few flagships will ever get Marshmallow so it's a moot point.
Up to your usual tricks. You left out a very important detail. Google requires that devices that meet a minimum performance standard have encryption enabled. And with the inferior and performance sapping software encryption in Android it basically means only flagships will enable it.
Wait, what am I thinking. Only a few flagships will ever get Marshmallow so it's a moot point.
That's not what Google says is it? AFAIK every new smartphone that ships with Android M installed must include default encryption, out of the box. Perhaps you confused that with Google's comments on updating existing devices to Android M? Yeah they make allowances for older devices that lacked appropriate hardware but not new ones going forward, flagship or not. The only "out " I know of is if some smartphone doesn't have a lock screen, which would be pretty rare I would think. I've never seen a phone without one.
That's not what Google says is it? AFAIK every new smartphone that ships with Android M installed must include default encryption, out of the box. Perhaps you confused that with Google's comments on updating existing devices to Android M? Yeah they make allowances for older devices that lacked appropriate hardware but not new ones going forward, flagship or not. The only "out " I know of is if some smartphone doesn't have a lock screen, which would be pretty rare I would think. I've never seen a phone without one.
EDIT: This is the all the boring details. I think most of what's pertinent is under section 9.9.
"For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience."
Shall I break this down in simple English for you? If your device can't sustain 50MiB/sec, then it's not required to have encryption enabled by default. Which basically means all low-mid range devices.
Your original statement was: "Google also requires all new smartphones shipping with Android M have it enabled out of the box." This is clearly wrong, since Google has specified a disk performance requirement.
"For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience."
Shall I break this down in simple English for you? If your device can't sustain 50MiB/sec, then it's not required to have encryption enabled by default. Which basically means all low-mid range devices.
Your original statement was: "Google also requires all new smartphones shipping with Android M have it enabled out of the box."<span style="display:none;"> </span>
This is clearly wrong, since Google has specified a disk performance requirement.
Ah thanks. So if that new smartphone running Android M used an older incapable entry-level 32bit SoC the requirement would not apply. Otherwise, and particularly if the SoC is 64bit (meeting the minimum) then it's mandatory? Thanks for the clarification. Simple English always works.
Is there no link to the article at MIT Technology Review in this AI article or am I just missing it?
Click on the blue "said" in the third sentence.
I have to admit that this is a pet peeve of mine across many websites. I like the style of also placing links referenced in the article at the bottom of the article. I hate having to hover over every link in order to figure out which link to click. Just put em all at the bottom, even if the site is referencing itself.
Another peeve is when websites update or fix major errors without a mention (I could care less about a typo). I like the style of placing the update at the top of the article, or how AI often does it and change the title of the article with [U] for updated so you know to look for it. The [U] in the title I like a lot.
You kind of missed the point. The guy was saying that a used iPhone is a good option if you are tight on cash. I'd buy an iPhone 4 over Android any day. It's gorgeous.
I thought the point was people running outdated, non updated OS's are at risk from security issues, , so how is getting an iPhone 4 with its unsupported OS a good option for security?
Comments
Only the ACLU could conflate encryption with human rights. What a bunch of tools.
The right to privacy and dignity is the human right, encryption is just the way to enforce it; seems obvious.
Don't throw around a word like "right" unless you have a way to protect that right. At least the US has a Bill of Rights.
Even with encryption, if you lock your phone with a fingerprint then its entirely likely that law enforcement is getting in there if they have both you and your phone in custody.
Even with encryption, if you are using apps and visiting web pages on an open wifi network then your data could be compromised. Is that a "human rights issue" the ACLU should be looking into? Everyone using the free wifi at the local library, McDonalds, Starbucks, hotel or airport could be endangering themselves.
I would ask the ACLU what is worse if you have no money. A crappy phone or no phone? A crappy computer or no computer?A crappy car or no car? A crappy house or no house? Crappy food or no food? A crappy library or no library? You can have better and/or safer versions of all of those things, if you have the money.
The ACLU should focus on the real root of the problem. They should focus on the lack of oversight, lack of accountability and growing distrust of law enforcement across the board. From local cops to the NSA.
I would ask the ACLU what is worse if you have no money. A crappy phone or no phone? A crappy computer or no computer?A crappy car or no car? A crappy house or no house? Crappy food or no food? A crappy library or no library? You can have better and/or safer versions of all of those things, if you have the money.
That's a false dichotomy. There is no technical reason that an inexpensive phone can't have encryption, it is just an artifact of how the Android OS was designed and implementation choices by Google and other vendors. I have no problem with the ACLU point out that encryption is more than a convenience but an important mechanism to protect privacy (from both government and non-governmental actors) and I have no problem with them calling out Google for making poor implementation choices.
Again, this is a false dichotomy. The ACLU is doing both, and putting a lot of resources into the very problems you mention. (See ACLU vs. Clapper, ACLU vs. DOJ, Wikimedia vs. NSA, FOIA request lawsuit on Executive orders, ACLU vs. FBI). While the root of the problem is the lack of oversight, that doesn't mean that you can't also advocate for better encryption at the same time. And remember, governments are not the only threat to privacy, even if the government were completely trustworthy, encryption and privacy is important to protect corporate and private information from non-governmental entities.
Going forward even an "inexpensive phone" shipping with Android M will use data encryption by default.
I would ask the ACLU what is worse if you have no money. A crappy phone or no phone? A crappy computer or no computer?A crappy car or no car? A crappy house or no house? Crappy food or no food? A crappy library or no library? You can have better and/or safer versions of all of those things, if you have the money.
That's a false dichotomy. There is no technical reason that an inexpensive phone can't have encryption, it is just an artifact of how the Android OS was designed and implementation choices by Google and other vendors. I have no problem with the ACLU point out that encryption is more than a convenience but an important mechanism to protect privacy (from both government and non-governmental actors) and I have no problem with them calling out Google for making poor implementation choices.
Again, this is a false dichotomy. The ACLU is doing both, and putting a lot of resources into the very problems you mention. (See ACLU vs. Clapper, ACLU vs. DOJ, Wikimedia vs. NSA, FOIA request lawsuit on Executive orders, ACLU vs. FBI). While the root of the problem is the lack of oversight, that doesn't mean that you can't also advocate for better encryption at the same time. And remember, governments are not the only threat to privacy, even if the government were completely trustworthy, encryption and privacy is important to protect corporate and private information from non-governmental entities.
You make some great points and you are right there is no reason why the focus can't be on more than one thing. You gave a well reasoned response and I appreciate it.
But a little bit of credit can be given to companies like Google or Microsoft. People love to hate them but they created platforms, that while not flawless, have driven down the cost of computing to where at least 100's of millions of people (if not billions) now have access to information and computers/devices.
We can't all have the best, nicest things. But you are right, just because it's affordable doesn't mean it should compromise on security or privacy. I am not against pushing all of these companies to do better. I'm not against the ACLU either. But reading what Chris Soghoian said makes it seem a little bit one sided. It's far more complicated than to just blame Google.
Is that going to be software encryption which bogs down the phone?
But reading what Chris Soghoian said makes it seem a little bit one sided. It's far more complicated than to just blame Google.
I only got snippits of what Soghoian said from the article, so I can't be sure how one-sided his whole talk was, but I certainly agree - simply painting Google, Facebook, Microsoft, etc... as evil won't solve the problem.
You guys are funny. We should put you guys in a reality TV show in the same apartment, like a reboot of the "Odd Couple."
I think they still officially sell it in some countries.
edit: Not sure if this page existing, along with the Where to Buy with a limited list of countries that aren't Apple's top selling locations is accurate or not, but here you go anyway…
Sure, but that's used. If one is talking about a used phone that qualifier should be presented at that time.
Sooo sorry. Used 4S = $100
And cheaper by some accounts.
I ain't payin no $800 for a phone
I bought my current 5 for $200 (eBay). Actually bought my first 5 (now wife's) for $100 with a little social engineering at an AT&T store 
Seriously though, you should approach AI to be ensconced as the official opposition to all things Apple and all things pro Google, kind of anti-DED. With an official position your posts would be then editorial and no one need see them as anything but that.
Up to your usual tricks. You left out a very important detail. Google requires that devices that meet a minimum performance standard have encryption enabled. And with the inferior and performance sapping software encryption in Android it basically means only flagships will enable it.
Wait, what am I thinking. Only a few flagships will ever get Marshmallow so it's a moot point.
EDIT: This is the all the boring details. I think most of what's pertinent is under section 9.9.
https://static.googleusercontent.com/media/source.android.com/en//compatibility/android-cdd.pdf
You're welcome.
That's not what Google says is it? AFAIK every new smartphone that ships with Android M installed must include default encryption, out of the box. Perhaps you confused that with Google's comments on updating existing devices to Android M? Yeah they make allowances for older devices that lacked appropriate hardware but not new ones going forward, flagship or not. The only "out " I know of is if some smartphone doesn't have a lock screen, which would be pretty rare I would think. I've never seen a phone without one.
EDIT: This is the all the boring details. I think most of what's pertinent is under section 9.9.
https://static.googleusercontent.com/media/source.android.com/en//compatibility/android-cdd.pdf
You're welcome.
You should learn to read.
"For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience."
Shall I break this down in simple English for you? If your device can't sustain 50MiB/sec, then it's not required to have encryption enabled by default. Which basically means all low-mid range devices.
Your original statement was: "Google also requires all new smartphones shipping with Android M have it enabled out of the box." This is clearly wrong, since Google has specified a disk performance requirement.
Is there no link to the article at MIT Technology Review in this AI article or am I just missing it?
Click on the blue "said" in the third sentence.
I have to admit that this is a pet peeve of mine across many websites. I like the style of also placing links referenced in the article at the bottom of the article. I hate having to hover over every link in order to figure out which link to click. Just put em all at the bottom, even if the site is referencing itself.
Another peeve is when websites update or fix major errors without a mention (I could care less about a typo). I like the style of placing the update at the top of the article, or how AI often does it and change the title of the article with [U] for updated so you know to look for it. The [U] in the title I like a lot.
OK rant over.
I thought the point was people running outdated, non updated OS's are at risk from security issues, , so how is getting an iPhone 4 with its unsupported OS a good option for security?