Former NSA director opposes iOS backdoor, but leans towards FBI in iPhone unlock debate
On Monday, a former director of the U.S. National Security Agency -- Michael Hayden -- took a middleground stance on the Apple/FBI encryption debate, supporting the FBI in the short term while opposing a universal backdoor in devices.
"In this specific case, I'm trending toward the government, but I've got to tell you in general I oppose the government's effort, personified by FBI Director Jim [James] Comey," Hayden explained to USA Today. "Jim would like a back door available to American law enforcement in all devices globally. And, frankly, I think on balance that actually harms American safety and security, even though it might make Jim's job a bit easier in some specific circumstances."
In the case of an iPhone 5c belonging to dead San Bernardino shooter Syed Farook, the FBI is demanding that Apple remove the limit on passcode attempts for Farook's phone, rather than decrypt it. Comey has insisted that the agency's interest is limited in scope -- Apple, however, has argued that giving the FBI a workaround would allow it and others to break into any iPhone, and is actively fighting the order.
Though he left the NSA in 2005, Hayden is responsible for establishing some of the mass surveillance apparatus that would later be exposed by people like former NSA contractor Edward Snowden, including a domestic phonecall database.
In the interview, Hayden argued that while mandatory backdoors would be extremely useful for the NSA and other intelligence agencies, the U.S. is a "safer, more secure nation" without them, since other parties would take advantage. The latter view has also been expressed by Cook.
"In this specific case, I'm trending toward the government, but I've got to tell you in general I oppose the government's effort, personified by FBI Director Jim [James] Comey," Hayden explained to USA Today. "Jim would like a back door available to American law enforcement in all devices globally. And, frankly, I think on balance that actually harms American safety and security, even though it might make Jim's job a bit easier in some specific circumstances."
In the case of an iPhone 5c belonging to dead San Bernardino shooter Syed Farook, the FBI is demanding that Apple remove the limit on passcode attempts for Farook's phone, rather than decrypt it. Comey has insisted that the agency's interest is limited in scope -- Apple, however, has argued that giving the FBI a workaround would allow it and others to break into any iPhone, and is actively fighting the order.
Though he left the NSA in 2005, Hayden is responsible for establishing some of the mass surveillance apparatus that would later be exposed by people like former NSA contractor Edward Snowden, including a domestic phonecall database.
In the interview, Hayden argued that while mandatory backdoors would be extremely useful for the NSA and other intelligence agencies, the U.S. is a "safer, more secure nation" without them, since other parties would take advantage. The latter view has also been expressed by Cook.
Comments
http://www.wsj.com/video/hayden-the-pros-and-cons-of-access-to-encrypted-files/B45F7083-CC7C-4097-80CD-11D3D490F1EB.html
Tim's a Boy Scout; his belief system is front and center. I believe him when he states that they don't, but he also acknowledges that there are potential vulnerabilities that would be exposed if Apple did have to comply, however unlikely that would be.
Trust James Comey; not so much.
Two points;
Hayden did exceed his authority, and Snowden was able to break into the NSA's data, albeit from the inside. There aren't enough safeguards in place with the best of intentions, yet Comey wants to create a backdoor. Once the U.S. decides to do that, every nation on earth will attempt to attack U.S. citizen's smartphones; some attempts will succeed.
No gov’t has ever been capable of keeping a secret, no matter how vital to national security. That is a fact, not an opinion.
So far the argument has been about protecting the sensitive information of private citizens. But that's not the half of it.
So what happens when ISIS, Al-Qeda, or some resourceful jihadi with a bad attitude gets their hands on the encryption key? And accesses a misplaced FBI phone, or a NSA agent's phone, or a CIA agent’s phone, or a prosecutor's phone, or a military officer's phone?
http://techcrunch.com/2016/02/18/no-apple-has-not-unlocked-70-iphones-for-law-enforcement/
What will the government do then? Outlaw all forms of encryption? Which will simply cause the criminals and terrorists to use illegal software. So they'll be nice and secure while the law-abiding population no longer has any privacy.
Of course, there are plenty in Washington who want exactly that, even though they are loudly insisting otherwise right now.
They don't. OR they lied in federal court depositions on a Brooklyn court case involving accessing an iPhone. That's both a felony and lots and lots of federal prison time.
That's why I have never seen one that had not been hacked and they have mostly fallen out of favor.
They can work if there is hardware pairing between parts (like the secure enclave with touch ID), but then Apple would to be able to make a hardware key for every phone they sell and it would complexify the phone side, having it connected in the something like the secure enclave (but different) would be the wa to do it. The vulnerability wiould then be the interface with this circuit which needs to be tamper proof.
But, then this repository of keys is of very high value and needs absolute protection. And it's obvious every tom dick and harry in law enforcement all around the world will want to unlock people's phone. The greater the number of people who have access to the repository, the more unsafe it gets. And since those are hardware keys, making them is less than trivial. Apple would have to run a large department just to service demands like that of police.
So, without an east in, it becomes a bitch for Apple to manage and since crooks now think the police have access to their phone all the time, they simply use burner phones or cheap android phones with third party encryption that they destroy often.
It seems to me that the government doesn't need Apple to do anything. They just want to take a shortcut and they're whining that Apple is going to make them do it the hard way.
If as the FBI says, this case is all about justice and the victims, why didn't they do the one thing that would probably have given them all they say they want?
After the event, they took possession of the phone.
[scenario]
Ok, we have the phone, is it working? - yes.
Great, can we unlock it? Anybody? - no.
Who made the phone? - Apple.
Right, we're talking to them already and have a contact. Get them on the phone for advice on how to break this thing...NOW.
Let's say that took 5mins at most.
This would seem to be the obvious first step. Can anyone really argue they couldn't have spared 5 mins in the 'less than 24 hour period' before they reset the password to do that? If justice is so important. Or that not doing so actually delayed the pursuit of justice by several months? Possibly forever?
I went to the university bookshop and found...
Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet.
Third Edition
Eoghan Casey
Chapter 7: Handling a Digital Crimescene
Where, like other crime scenes, preservation of original unaltered or contaminated evidence - is paramount. It's so called Standard Practice.
But they didn't.
And now we know why.