For the record, I am siding with Apple on this because I believe they are taking the correct stance. But I believe there is a way to do this that would provide the government what is required with compensation to Apple and a way to protect and secure the operating system.
Fair enough. Can you please explain how? Or at least cite someone who can?
The problem with that position is that it's pre-supposes some technical solution that solves all interests. Yet no one who actually is a cryptographer holds that view. The popular label has become the Golden Key Wizard Society. It's the thing people wish existed but doesn't.
It's ok. You can hold a position while accepting there are negative consequences. No need to pretend they don't exist.
For the record, I am siding with Apple on this because I believe they are taking the correct stance. But I believe there is a way to do this that would provide the government what is required with compensation to Apple and a way to protect and secure the operating system.
those two sentences are at odds with each other. you can't both stand with Apple and believe they should be able to provide a backdoor.
Look, we charge our government with keeping us safe and they are trying to do that…
Not at all. They’re trying to spy on everyone.
But I believe there is a way to do this that would provide the government what is required with compensation to Apple and a way to protect and secure the operating system.
The way to do it is to stop government employees from wiping phones or changing passwords in the event of something like this in the future. There’s zero reason to bypass security, ever, because there can be no guarantee that said bypass will be deleted.
The best thing the US Government can do to keep the American people safe is to follow the US Constitution and stop acting as a nerve wreck with the need to spy on everyone, break into everyone's data without search warrants or probable cause. Also, the US is considered to be the greatest threat to world peace by the rest of the world (Google it if you don't believe me). This is why Iran, North Korea, China, Russia are all arming themselves up to their chins. We really need to stop seeing the world as they are out there to get us while they also see us as though we are out to get them and before you know it, it is WW3. And to certain extent the same applies to terrorism. We keep sending those drones and they keep hating us more whenever we strike innocent people. Somebody needs to back down and let the world system cool off; otherwise, this thing is gonna keep amping up until it reaches 12 in the 0 to 10 scale and boom!. And Trump would lead us into WW3 in no time.
For the record, I am siding with Apple on this because I believe they are taking the correct stance. But I believe there is a way to do this that would provide the government what is required with compensation to Apple and a way to protect and secure the operating system.
Fair enough. Can you please explain how? Or at least cite someone who can?
The problem with that position is that it's pre-supposes some technical solution that solves all interests. Yet no one who actually is a cryptographer holds that view. The popular label has become the Golden Key Wizard Society. It's the thing people wish existed but doesn't.
It's ok. You can hold a position while accepting there are negative consequences. No need to pretend they don't exist.
I've been thinking a lot about this issue, and talking to various people. While I've been vehement on these boards for the primacy of privacy, at some point the tension between national security and privacy will seriously come to a head (think, say, a dirty bomb waiting to go off, a problem whose resolution requires decryption).
So what to do? Thinking aloud...
One solution may be to create a decryption division within Apple -- with access only for highly vetted Apple employees -- funded by a 'security fee' on every iPhone sold. In other words, no direct access to any of these FBI-type wanks. No cost to Apple's bottom line. No forcing a business to open up its IP to the vagaries of governments. No ability for the spooks to snoop into every aspect of our lives.
Any better suggestions? At some point we'll need to think of solutions since this problem is not going away.
One solution may be to create a decryption division within Apple -- with access only for highly vetted Apple employees -- funded by a 'security fee' on every iPhone sold. In other words, no direct access to any of these FBI-type wanks. No cost to Apple's bottom line. No forcing a business to open up its IP to the vagaries of governments. No ability for the spooks to snoop into every aspect of our lives.
Any better suggestions? At some point we'll need to think of solutions since this problem is not going away.
I don't think I trust anyone, private or federal to have access to my private information, no matter how necessary it might seem. Apple does not even trust themselves this is why they are making so that they themselves cannot have access to encrypted information. This is not an act of rebellion against the government. The fact is that even employees at Apple make mistakes. They misplace phone prototypes. I can assure you that leaking personal information is not inconceivable. The burden to execute a search warrant is with the government. It is tougher now with technology, but if they want it, they will figure a way around encryption. One way the NSA went around phone encryption was by analysis of phone metadata. Most of the encrypted data the FBI is concerned about is not in the phone. It is in social media and internet. ISIS is trying to use the internet to deceive, mislead, inspire weak individuals to act on their own, to conceive and carry out terrorist acts that are not the result of group planning or international collaborations. Let's not kid ourselves. The FBI is trying to deflect attention from real problems. The real problem is that the FBI is inefficient, does not have a grip on lone wolves (needs to understand the problem). Encryption is the scapegoat, unfortunately. Both, encryption and Snowden are gonna be blamed for every future terrorist attack. At the end of the day, it is failure of our intelligence and law enforcement agencies. It was failure of our intelligence agencies to work together that allowed 9/11. It was not lack of information. The 9/11 committee concluded. Lack of information is not the issue. Russian authorities informed the FBI two years before the Boston
Marathon bombings that Tamerlan Tsarnaev was a terrorist and planning something. How did the FBI failed to not stop them? The FBI has failed as an agency and in my view, it is useless to keep throwing money at a failure, expecting change. From the start, the FBI under J. Edgar Hoover used its coercive powers to harass activists and to illegally spy on political leaders. Comey is at the same level with Hoover or worse with the encryption issue. Comey is not after a phone, he is after encryption, but it starts with 1 iPhone. He has stated that it baffles him that use of end-to-end unbreakable encryption is currently not above the law, but it should be. He is a threat to National Security. He is going to keep everyone countering cyber threats awake at night if he succeeds going after Apple.
I've been thinking a lot about this issue, and talking to various people. While I've been vehement on these boards for the primacy of privacy, at some point the tension between national security and privacy will seriously come to a head (think, say, a dirty bomb waiting to go off, a problem whose resolution requires decryption).
So what to do? Thinking aloud...
One solution may be to create a decryption division within Apple -- with access only for highly vetted Apple employees -- funded by a 'security fee' on every iPhone sold. In other words, no direct access to any of these FBI-type wanks. No cost to Apple's bottom line. No forcing a business to open up its IP to the vagaries of governments. No ability for the spooks to snoop into every aspect of our lives.
Any better suggestions? At some point we'll need to think of solutions since this problem is not going away.
Law enforcement probably won't let it rest and they are prepared to lie endlessly about it until they get their way. You can see Loretta Lynch being questioned in the following video and she doesn't care about the consequences of what they are doing, even when they mention China using it against US citizens or companies:
Imagine someone posting a message on Facebook or twitter and having their phone confiscated, the government asks to have it unlocked and then they have the evidence to prosecute someone for posting something they consider to be illegal.
The FBI has said these kind of potential negative outcomes are unlikely but the same is just as true in reverse. With the example of the bomb, I think people have the impression that it would happen like it would in a movie. Bombs in movies have countdown timers because it's a way to build suspense, they hardly ever disarm it with hours on the clock. If a terrorist even got near to the US with a nuke, they'd bring it in by boat, plane or submarine and explode it as soon as it arrived. It would have a blast radius of about 1 mile so detonated in the water near somewhere like Manhattan, it would kill maybe 200,000 people. There's no reason they'd put a timer on it and certainly not one with an override stored on their iPhone. Even if there was a code on the phone in an unprotected app, they aren't going to mark it 'code to disarm the bomb', nor would the bomb disarming squad trust the code. They'd haul the bomb into the air or sea as fast as they could because any timer on it would be less than 24 hours.
The most likely scenario where time would be a factor with a locked phone would be a kidnapping case and this would only be if they obtained the kidnapper's phone by accident. Even then, the phone would only show where they were, not where they are and they know where they were - the same place the phone was found. It may have clues to a hideout but so should the phone network.
This case with Apple is all about the fundamental difference of opinion on whether there ought to be a place where no one can conduct a search for evidence. It can be very frustrating for law enforcement when there's a case where someone has killed people and they won't tell them the locations of the bodies. That happens all the time. At the same time, there are things that people do while disagreeing with the law as defined by the consensus. Think back to when homosexuality was illegal and imagine they had smartphones with a hookup app like Grindr. You can bet that law enforcement would have wanted access to the phones of suspects to prosecute them.
A lot of phones being confiscated just now are phones of drug dealers. If the drugs they were dealing become legal then what they were doing at the time is all of a sudden considered legal. If there is someone who wants to get an abortion in a state where there are laws to prosecute this and the evidence is on the phone, they can not only prosecute the person but also the person who performed the procedure. Encryption isn't solely to protect people who are breaking laws they disagree with either, it allows people to own things that only they have a right to.
Obviously encryption also allows people to store evidence of things that wouldn't likely ever become legal but if you take this ability away then you take it away from everyone.
Apple having a special group that handles decryption isn't restrictive enough because they wouldn't be allowed to decide which cases to support decryption in. They would be required to comply with every request (possibly including foreign requests once the capability exists), even in cases where there were dozens of phones of suspects but it wasn't clear which phone had the evidence and in unlocking all of them, they invade the privacy of all of them.
Privacy invasion might sound fairly inconsequential and it will seem that way to the FBI because they do it all the time but it can feel to some people like they've been physically violated. The irony here is that law enforcement prosecutes people for violating privacy, they caught the iCloud photo guy, they prosecuted the guy who spied on the ESPN reporter through her hotel room peephole and now they are requesting the right to violate everyone's privacy when they deem it suitable, even after they've demonstrated to the world that they can't be trusted with that level of access, spying on foreign leaders and all sorts. Who was prosecuted for that?
There is a way that Apple can avoid being the gatekeeper to the data, which might get law enforcement off their back, which would be to extract the raw data from the NAND chip, which is heavily encrypted. But even this step would be conceding to the side that says law enforcement gets to search anything they want so that needs to be fought against first. If the courts uphold the idea that there can be unsearchable locations then that's how the law will be and it ought to be this way because the products that members of law enforcement use themselves have to be as secure as possible.
If the courts decide that there should be no location that isn't searchable, then the least impactful step for Apple would be extracting the heavily encrypted data (opening the phone and extracting the NAND chip).
There's also the security flaw method for older systems of for example sending a malicious text to the phone to get root access and disabling the password or erase feature.
It's important to avoid thinking about this case as being about terrorism. This has all the hallmarks of a setup by the intelligence agency to get a security bypass for iPhones. They already lied about the password reset. This iPhone could have been unlocked when they found it for all we know. The fact that it was a work phone that conveniently has not only a passcode but the data erase enabled and the backup disabled, then they quickly move to legal proceedings and appeal to the public's fear of terrorism. If you wanted to construct a scenario to get a security bypass, that's exactly how you'd do it.
The FBI doesn't want to ever have unsearchable containers. If you are leaking information about illegal government operations, they want you prosecuted. Check for some familiar names in the following article:
There was a speech given by JFK asking journalists to balance freedom of speech with national security during the Cold War to avoid accidentally leaking classified info and he described the communist enemy the following way:
"we are opposed around the world by a monolithic and ruthless conspiracy that relies primarily on covert means for expanding its sphere of influence--on infiltration instead of invasion, on subversion instead of elections, on intimidation instead of free choice, on guerrillas by night instead of armies by day. It is a system which has conscripted vast human and material resources into the building of a tightly knit, highly efficient machine that combines military, diplomatic, intelligence, economic, scientific and political operations.
Its preparations are concealed, not published. Its mistakes are buried, not headlined. Its dissenters are silenced, not praised. No expenditure is questioned, no rumor is printed, no secret is revealed."
That was the enemy he was describing there as a warning alongside his proposal for journalists to consider carefully what they publish. The intelligence agencies are not elected, they intimidate people who don't conform, they have been getting educational institutions to help them break security protocols, destroying businesses like Lavabit in order to deal with dissenters like Snowden. They covered up that he was the target:
The intelligence agencies don't want to be accountable to anyone, they want the tools to exert their own system of law as and when they see fit. It's more efficient than legal proceedings but they were given the tools already and abused them, they can't be trusted any more and they shouldn't be given more authority until it's clear that there are safeguards in place to avoid them abusing it further.
I've been thinking a lot about this issue, and talking to various people. While I've been vehement on these boards for the primacy of privacy, at some point the tension between national security and privacy will seriously come to a head (think, say, a dirty bomb waiting to go off, a problem whose resolution requires decryption).
So what to do? Thinking aloud...
One solution may be to create a decryption division within Apple -- with access only for highly vetted Apple employees -- funded by a 'security fee' on every iPhone sold. In other words, no direct access to any of these FBI-type wanks. No cost to Apple's bottom line. No forcing a business to open up its IP to the vagaries of governments. No ability for the spooks to snoop into every aspect of our lives.
Any better suggestions? At some point we'll need to think of solutions since this problem is not going away.
Law enforcement probably won't let it rest and they are prepared to lie endlessly about it until they get their way. You can see Loretta Lynch being questioned in the following video and she doesn't care about the consequences of what they are doing, even when they mention China using it against US citizens or companies:
Neuenschwander in an attachment to Apple's final brief said Pluhar was probably looking at the wrong screen. The settings menu for iCloud backups does not offer this level of granularity; there is no "on" and "off" option for "Mail," "Photos" and "Notes," he said.
They are correct. You cannot pick what gets backed up.
However, those granular settings DO exist in OS X and iOS iCloud sync settings. Which is probably what he was looking at.
Those same settings exist in iOS as well. Those are just the setting to activate iCloud Mail, Notes, Photos etc on the device. If those are off then you won't see those on the device. So if you were never using iCloud email or didn't want to save you photos or notes to iCloud, you can turn them off. They will just reside on the device itself.
If you had these option enabled and then disabled them hey all would be removed from the device. Not sure about iCloud photo library since I don't use it yet. Contacts is one of the option that if you disabled it you can choose to have them remain on the device.
So yes there is no granular backup for these. The reason why iCloud backups could have stopped weeks prior is he turned of iCloud backups or signed out of iCloud on the device as well. If there was never any notes, photos or mail, in the backups they were able to get then its possible those options were never activated.
*I have an idea as a compromise for security and unlocking a locked phone. I call it a triangulation key. Where a phone can be unlocked with a court warrant. It works where 3 encrypted codes are synced up to unlock a phone, government code, Apple code and finally the actual targeted iPhone. The iPhone must approve the two keys in order to unlock. The phone can't unlock unless approved.
* A warrant triangulation code approved by the governments and Apple that is a one time approval for opening device. Must be approved by the government and Apple and synchronized for unlocking. Retrieval of data dump uploaded by Apple for a set time limit then phone relocks and new warrant key approved. Use Quantum Key which applies fuzzy entanglement at a distance. Finally unauthorized hacking would trigger a warning to Apple at highest level of management.
Comments
The problem with that position is that it's pre-supposes some technical solution that solves all interests. Yet no one who actually is a cryptographer holds that view. The popular label has become the Golden Key Wizard Society. It's the thing people wish existed but doesn't.
It's ok. You can hold a position while accepting there are negative consequences. No need to pretend they don't exist.
The way to do it is to stop government employees from wiping phones or changing passwords in the event of something like this in the future. There’s zero reason to bypass security, ever, because there can be no guarantee that said bypass will be deleted.
So what to do? Thinking aloud...
One solution may be to create a decryption division within Apple -- with access only for highly vetted Apple employees -- funded by a 'security fee' on every iPhone sold. In other words, no direct access to any of these FBI-type wanks. No cost to Apple's bottom line. No forcing a business to open up its IP to the vagaries of governments. No ability for the spooks to snoop into every aspect of our lives.
Any better suggestions? At some point we'll need to think of solutions since this problem is not going away.
https://www.youtube.com/watch?v=uk4hYAwCdhU&t=104
A US student in Korea got 15 years in prison for stealing a banner:
http://edition.cnn.com/2016/03/16/asia/north-korea-warmbier-sentenced/index.html
Imagine someone posting a message on Facebook or twitter and having their phone confiscated, the government asks to have it unlocked and then they have the evidence to prosecute someone for posting something they consider to be illegal.
The FBI has said these kind of potential negative outcomes are unlikely but the same is just as true in reverse. With the example of the bomb, I think people have the impression that it would happen like it would in a movie. Bombs in movies have countdown timers because it's a way to build suspense, they hardly ever disarm it with hours on the clock. If a terrorist even got near to the US with a nuke, they'd bring it in by boat, plane or submarine and explode it as soon as it arrived. It would have a blast radius of about 1 mile so detonated in the water near somewhere like Manhattan, it would kill maybe 200,000 people. There's no reason they'd put a timer on it and certainly not one with an override stored on their iPhone. Even if there was a code on the phone in an unprotected app, they aren't going to mark it 'code to disarm the bomb', nor would the bomb disarming squad trust the code. They'd haul the bomb into the air or sea as fast as they could because any timer on it would be less than 24 hours.
The most likely scenario where time would be a factor with a locked phone would be a kidnapping case and this would only be if they obtained the kidnapper's phone by accident. Even then, the phone would only show where they were, not where they are and they know where they were - the same place the phone was found. It may have clues to a hideout but so should the phone network.
This case with Apple is all about the fundamental difference of opinion on whether there ought to be a place where no one can conduct a search for evidence. It can be very frustrating for law enforcement when there's a case where someone has killed people and they won't tell them the locations of the bodies. That happens all the time. At the same time, there are things that people do while disagreeing with the law as defined by the consensus. Think back to when homosexuality was illegal and imagine they had smartphones with a hookup app like Grindr. You can bet that law enforcement would have wanted access to the phones of suspects to prosecute them.
A lot of phones being confiscated just now are phones of drug dealers. If the drugs they were dealing become legal then what they were doing at the time is all of a sudden considered legal. If there is someone who wants to get an abortion in a state where there are laws to prosecute this and the evidence is on the phone, they can not only prosecute the person but also the person who performed the procedure. Encryption isn't solely to protect people who are breaking laws they disagree with either, it allows people to own things that only they have a right to.
Obviously encryption also allows people to store evidence of things that wouldn't likely ever become legal but if you take this ability away then you take it away from everyone.
Apple having a special group that handles decryption isn't restrictive enough because they wouldn't be allowed to decide which cases to support decryption in. They would be required to comply with every request (possibly including foreign requests once the capability exists), even in cases where there were dozens of phones of suspects but it wasn't clear which phone had the evidence and in unlocking all of them, they invade the privacy of all of them.
Privacy invasion might sound fairly inconsequential and it will seem that way to the FBI because they do it all the time but it can feel to some people like they've been physically violated. The irony here is that law enforcement prosecutes people for violating privacy, they caught the iCloud photo guy, they prosecuted the guy who spied on the ESPN reporter through her hotel room peephole and now they are requesting the right to violate everyone's privacy when they deem it suitable, even after they've demonstrated to the world that they can't be trusted with that level of access, spying on foreign leaders and all sorts. Who was prosecuted for that?
There is a way that Apple can avoid being the gatekeeper to the data, which might get law enforcement off their back, which would be to extract the raw data from the NAND chip, which is heavily encrypted. But even this step would be conceding to the side that says law enforcement gets to search anything they want so that needs to be fought against first. If the courts uphold the idea that there can be unsearchable locations then that's how the law will be and it ought to be this way because the products that members of law enforcement use themselves have to be as secure as possible.
If the courts decide that there should be no location that isn't searchable, then the least impactful step for Apple would be extracting the heavily encrypted data (opening the phone and extracting the NAND chip).
https://www.aclu.org/blog/free-future/one-fbis-major-claims-iphone-case-fraudulent
There's also the security flaw method for older systems of for example sending a malicious text to the phone to get root access and disabling the password or erase feature.
It's important to avoid thinking about this case as being about terrorism. This has all the hallmarks of a setup by the intelligence agency to get a security bypass for iPhones. They already lied about the password reset. This iPhone could have been unlocked when they found it for all we know. The fact that it was a work phone that conveniently has not only a passcode but the data erase enabled and the backup disabled, then they quickly move to legal proceedings and appeal to the public's fear of terrorism. If you wanted to construct a scenario to get a security bypass, that's exactly how you'd do it.
The FBI doesn't want to ever have unsearchable containers. If you are leaking information about illegal government operations, they want you prosecuted. Check for some familiar names in the following article:
http://news.yahoo.com/fbi-head-comey--no-deal-with-snowden-201533169.html
There was a speech given by JFK asking journalists to balance freedom of speech with national security during the Cold War to avoid accidentally leaking classified info and he described the communist enemy the following way:
http://www.jfklibrary.org/Research/Research-Aids/JFK-Speeches/American-Newspaper-Publishers-Association_19610427.aspx
"we are opposed around the world by a monolithic and ruthless conspiracy that relies primarily on covert means for expanding its sphere of influence--on infiltration instead of invasion, on subversion instead of elections, on intimidation instead of free choice, on guerrillas by night instead of armies by day. It is a system which has conscripted vast human and material resources into the building of a tightly knit, highly efficient machine that combines military, diplomatic, intelligence, economic, scientific and political operations.
That was the enemy he was describing there as a warning alongside his proposal for journalists to consider carefully what they publish. The intelligence agencies are not elected, they intimidate people who don't conform, they have been getting educational institutions to help them break security protocols, destroying businesses like Lavabit in order to deal with dissenters like Snowden. They covered up that he was the target:
http://www.wired.com/2016/03/government-error-just-revealed-snowden-target-lavabit-case/
The intelligence agencies don't want to be accountable to anyone, they want the tools to exert their own system of law as and when they see fit. It's more efficient than legal proceedings but they were given the tools already and abused them, they can't be trusted any more and they shouldn't be given more authority until it's clear that there are safeguards in place to avoid them abusing it further.