Take a stand against the Obama/FBI anti-encryption charm offensive

Posted:
in General Discussion edited March 2016
It has been frustrating to watch as the horrific San Bernardino terrorist killing spree has been used as a cover by the FBI to achieve the anti-encryption goals they've been working towards for years. Much of that frustration stems from the fact that the American media has so poorly reported the facts in this case.




The real issue in play is that the FBI wants backdoor access to any and all forms of encryption and is willing to demonize Apple in order to establish an initial precedent it can then use against all other software and hardware makers, all of whom are smaller and are far less likely to even attempt to stand up against government overreach.

However, the media has constantly echoed the FBI's blatantly false claims that it "does not really want a backdoor," that only cares about "just this one" phone, that all that's really involved is "Apple's failure to cooperate in unlocking" this single device, and that there "isn't really any precedent that would be set." Every thread of that tapestry is completely untrue, and even the government has now admitted this repeatedly.

Representative democracy doesn't work if the population only gets worthless information from the fourth estate.

However, in case after case journalists have penned entertainment posing as news, including a bizarre fantasy written up by Mark Sullivan for Fast Company detailing "How Apple Could Be Punished For Defying FBI."

A purportedly respectable polling company asked the population whether Apple should cooperate with the police in a terrorism case. But that wasn't the issue at hand. The real issue is whether the U.S. Federal Government should act to make real encryption illegal by mandating that companies break their own security so the FBI doesn't have to on its own.

The Government's Anti-Encryption Charm Offensive



Last Friday, U.S. Attorney General Loretta Lynch made an appearance on The Late Show with Stephen Colbert to again insist that this is a limited case of a single device that has nothing to do with a backdoor, and that it was really an issue of the County-owned phone asking Apple for assistance in a normal customer service call.

Over the weekend, President Obama appeared at SXSW to gain support for the FBI's case, stating outright that citizens' expectation that encryption should actually work is "incorrect" and "absolutist."

He actually stated that, "If your argument is 'strong encryption no matter what, and we can and should in fact create black boxes,' that I think does not strike the kind of balance we have lived with for 200, 300 years. And it's fetishizing our phone above every other value, and that can't be the right answer."

That's simply technically incorrect. There's no "balance" possible in the debate on encryption. Either we have access to real encryption or we don't. It very much is an issue of absolutes. Real encryption means that the data is absolutely scrambled, the same way that a paper shredder absolutely obliterates documents. If you have a route to defeat encryption on a device or between two devices, it's a backdoor, whether the government wants to play a deceptive word game or not.

If the government obtains a warrant, that means it has the legal authority to seize evidence. It does not mean that the agencies involved have unbridled rights to conscript unrelated parties into working on their behalf to decipher, translate or recreate any bits of data that are discovered.

If companies like Apple are forced to build security backdoors by the government to get around encryption, then those backdoors will also be available to criminals, to terrorists, to repressive regimes and to our own government agencies that have an atrocious record of protecting the security of data they collect, and in deciding what information they should be collecting in the first place.

For every example of a terrorist with collaborator contacts on his phone, or a criminal with photos of their crimes on their phone, or a child pornographer with smut on their computer, there are thousands of individuals who can be hurt by terrorists plotting an attack using backdoors to cover their tracks, or criminals stalking their victims' actions and locations via backdoor exploits of their devices' security, or criminal gangs distributing illicit content that steps around security barriers the same way that the police hope to step around encryption on devices.

Security is an absolutist position. You either have it or you don't.

Obama was right in one respect. He noted that in a world with "strong, perfect encryption," it could be that "what you'll find is that after something really bad happens the politics of this will swing and it will become sloppy and rushed. And it will go through Congress in ways that have not been thought through. And then you really will have a danger to our civil liberties because the disengaged or taken a position that is not sustainable."

However, the real answer to avoiding "sloppy, rushed" panic-driven legislation is to instead establish clear rights for citizens and their companies to create and use secure tools, even if there is some fear that secure devices may be used in a way that prevents police from gaining access to some the evidence they might like to access in certain cases.

The United States makes no effort to abridge the use of weapons like those used in San Bernardino to actually commit the atrocity. It should similarly not insist that American encryption should only work with a backdoor open on the side, giving police full access to any data they might want.

It's not just a bad idea, it's one that will accomplish nothing because anyone nefarious who wants to hide their data from the police can simply use non-American encryption products that the FBI, the president and the U.S. Congress have no ability to weaken, regardless of how much easier it would make things for police.

What you can do about it



You can contact the Obama White House online to comment on strong encryption.

You can contact your state Senators and Representatives via the contact information supplied by ContactingTheCongress.org.

You can specifically contact Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) to express concerns about their bill intended to force companies to weaken or work around encryption under court orders.

Express yourself with the honesty and clarity that the government's charm offensive is lacking.
lolliverbrakkenicoco3
«13456

Comments

  • Reply 1 of 118
    hmlongcohmlongco Posts: 533member
    Okay Daniel, I was going to write about this but you have the bigger audience, so here goes.

    Apple wanted to allow users to block ads, but they didn't want to bake that capability into the OS itself. So what did they do? They opened up the system and allowed anyone and their kid brother to write ad blockers that users could download from the app store, if they choose to do so.

    And many, many people did. Users got the blockers they wanted, and Apple could take a step back and say, "Hey. Wasn't us."

    So, let's do it again. Apple should take a page from the "ad blocking" playbook and open the system to third-party encryption engines. Allow app developers to write encryption engines that the system installs and then uses to encrypt the disk. Allow users to install them. And in particular, allow developers outside of the US to create security plugins for the iPhone.

    Apple will need to do a thorough job of vetting the code submitted to the store, but they already do that anyway for ad blocker plugins, and they sandbox those plugins to prevent them from transmitting user data and performing other nefarious acts.

    Apple can bake in services to help them (Secure Enclave), but, by and large, the security code isn't theirs to break, they don't have access to the encryption keys to give away, and, in the case of developers located outside of the US, they're beyond the reach of the US government.
  • Reply 2 of 118
    dysamoriadysamoria Posts: 3,430member
    Ok, comment sent. No confirmation of the submission was given... because my input as an American isn't really wanted(??) so why let me know if it was successfully received...
  • Reply 3 of 118
    There is a possible solution, maybe difficult, but if Apple could create a unique hardware based encryption key for every individual device, this could then be split in two,  Apple could hold one half of the key and the other half could be held by FBI/Government/other agency. The two halves of the key could only bought together with a court order and the physical presence of the device.  Even if both halves of the keys were stolen it would be useless with out the actual physical device.
    bdkennedy1002rbonner
  • Reply 4 of 118
    rbonnerrbonner Posts: 635member
    dysamoria said:
    Ok, comment sent. No confirmation of the submission was given... because my input as an American isn't really wanted(??) so why let me know if it was successfully received...
    I just did also, whitehouse, at the top of the page there was a nice "Thank You", and a page with tons of other info. Was actually impressed by the page.
  • Reply 5 of 118
    calicali Posts: 3,494member
    hmlongco said:
    Okay Daniel, I was going to write about this but you have the bigger audience, so here goes.

    Apple wanted to allow users to block ads, but they didn't want to bake that capability into the OS itself. So what did they do? They opened up the system and allowed anyone and their kid brother to write ad blockers that users could download from the app store, if they choose to do so.

    And many, many people did. Users got the blockers they wanted, and Apple could take a step back and say, "Hey. Wasn't us."

    So, let's do it again. Apple should take a page from the "ad blocking" playbook and open the system to third-party encryption engines. Allow app developers to write encryption engines that the system installs and then uses to encrypt the disk. Allow users to install them. And in particular, allow developers outside of the US to create security plugins for the iPhone.

    Apple will need to do a thorough job of vetting the code submitted to the store, but they already do that anyway for ad blocker plugins, and they sandbox those plugins to prevent them from transmitting user data and performing other nefarious acts.

    Apple can bake in services to help them (Secure Enclave), but, by and large, the security code isn't theirs to break, they don't have access to the encryption keys to give away, and, in the case of developers located outside of the US, they're beyond the reach of the US government.
    Or they could not bend over to government demands and NOT compromise the most secure OS in the world.

    In reply to post 3(won't let me quote the post)

    What for? Should Apple work for the government for free? The FBI doesn't own iOS nor have they ever subsidized it or anything. Why should Apple go through all the trouble only to later respond to thousands maybe millions of requests a year to open iPhones. F*** THAT! Should Tim Cook spend time managing Apple or half his day opening iPhones for the government to snoop through? What would your respect level be if you knew Apple was opening their customers iPhones all day?


    lolliverbrakkenrogue cheddarthebmticoco3nolamacguyjony0baconstangc0lapse
  • Reply 6 of 118
    stskstsk Posts: 22member
    Daniel, please please please don't refer to the incident as terrorism, unless you refer to shooting up an office Christmas party as an act of terror. The only reason the DOJ uses that term is because the morons pee their pants every time someone in authority invokes the boogeyman "TERROR!" or "Muslim". The non-postal workers shooting up their workplace were NOT terrorists - they were wackos who happened to be Muslim. Don't fall into buying the Feeb's nonsense manipulative rhetoric. Anyone who uses the term terrorist to describe that incident is supporting the Feebs. Don't be that guy.
    londorirelandnolamacguyspinnydc0lapse
  • Reply 7 of 118
    SpamSandwichSpamSandwich Posts: 33,407member
    Emails are OK, but if you really want to make your voice heard (literally), you must take the time to actually CALL. Emails are easily ignored. Calling is more effective.
    tallest skilirelandicoco3jbdragonbaconstang
  • Reply 8 of 118
    Create a one ton device so it can't be stolen, not connected to the internet with a special chip in the phone that will only decrypt information when plugged into the device.

    No software backdoor needed.
    brakken
  • Reply 9 of 118
    mrichmrich Posts: 1member
    We wouldn't be having this conversation if a) such encryption had existed on 9/11 and b) on 9/12 the FBI had asked Apple to let it into any suspect phones. Steve Jobs or Tim Cook would have opened them up with their tongues, because the enormity of the crime demanded it. They would have looked like co-conspirators with mass murderers in the eyes of the whole world if they had made then the same argument Cook et al. are making now. Such noble half-baked and immature statements as the ones made above are only possible because merely 16 persons were murdered in San Bernardino. Yes, the hard truth about abstract moral principles is that they have to be put into action in the real world in the context of real human lives, and that changes the weight and heft of the arguments. If it had been 3,000 people who had been murdered in California rather than a *mere* 16, we wouldn't be hearing these arguments. So that begs the question: Just how many mass murder victims is Apple willing to tolerate? How many are we the public willing to tolerate before we insist that Apple co-operate in keeping us safe? Or is the difference in the nature of the weapons used? Are assault rifle murders acceptable, while murders caused by airplanes are not? How about a poison gas attack, or a dirty bomb? Where is the line between an acceptable number of murders and an intolerable number?
    GOPcriminals
  • Reply 10 of 118
    QuakoQuako Posts: 1member
    I do not believe a word of what Apple says.  They are totally seeing the financial fall out from cooperating with Law Enforcement.
    That's it.  Nothing more and nothing less. As the previous comment says ......ditto!
    GOPcriminals
  • Reply 11 of 118
    stskstsk Posts: 22member
    Anytime you hear someone claim Apple is interfering with the FBI, which is only trying to get valuable intelligence from the phone, ask them if they have a work mobile phone as well as a personal one. Ask them if they put any valuable personal information on their work phone, like the phone numbers of their fellow terrorists and plans for their next attack, or do they keep that information on their personal phone. As the husband of one of the victims wrote in his support for Apple, everyone, including his wife, who has a work phone from San Bernardino knew not to keep ANY personal info on their work phones. The Feebs expect, apparently with some success, that very few people have the slightest capacity for critical thought, and that all they have to do is use the magic incantation "TERRORISM" and everybody will lose their minds.
    ration allondorstevehSpamSandwichirelandthebmticoco3spinnydjony0baconstang
  • Reply 12 of 118
    There is a possible solution, maybe difficult, but if Apple could create a unique hardware based encryption key for every individual device, this could then be split in two,  Apple could hold one half of the key and the other half could be held by FBI/Government/other agency. The two halves of the key could only bought together with a court order and the physical presence of the device.  Even if both halves of the keys were stolen it would be useless with out the actual physical device.

    Unfortunately, for the iPhone to use the encryption key, the full key must be on the device. With public/private keys you need one of the keys on the phone and send the other to do the trick. Again half of a key would not work.

    You would need a triplet: public, private, and backdoor key. The backdoor key would be split into two, one for Apple and for the FBI. But that makes accessing the backdoor harder (you would have to steal the information from Apple and the FBI) but not impossible. Once you have a backdoor, it's hard too keep it locked.

  • Reply 13 of 118
    There is a possible solution, maybe difficult, but if Apple could create a unique hardware based encryption key for every individual device, this could then be split in two,  Apple could hold one half of the key and the other half could be held by FBI/Government/other agency. The two halves of the key could only bought together with a court order and the physical presence of the device.  Even if both halves of the keys were stolen it would be useless with out the actual physical device.
    Apple (and I suspect many other device manufacturers) have no desire to hold decryption keys. They want your information to be yours and yours alone.

    Not having possession of the key is why Apple can't just open the San Bernardino iPhone. The FBI isn't asking Apple to decrypt the iPhone; they are asking for Apple to write software to eliminate all the security protections so the FBI can brute force (try every possible combination until they find the right one) the iPhone. Surely the FBI can't be stupid enough to not understand that software to eliminate security protections on one iPhone can be used to eliminate them on ANY AND EVERY iPhone. And it WILL leak and be used if it's created.
    ration alewtheckmanlondorirelandicoco3jony0baconstangc0lapse
  • Reply 14 of 118
    There's nothing new or novel about the authorities having access to cell phone information and tech companies have complied without protest.  All of a sudden, smart phones are considered sacred devices by encryption absolutists and Snowden lovers.  There are ways to allow law enforcement access without compromising personal privacy but the way articles like this tell it, that's beyond the capability of technology (even though everything else is possible).  Yes tech companies must do a little work to be in compliance - that's the societal bargain.  Or they can simply design future encryption with that in mind but obviously Apple made a business decision to deal with this inevitability when it became a problem instead of baking it in to their initial design. That's simply a business blunder and now they'll hopefully have to pay the price.  I'm no Obama lover, and I own Apple products, but I side with law enforcement on this one.
    edited March 2016 romaninsh
  • Reply 15 of 118

    The government has not used the All Writs Act to force manufacturers of paper shredders to develop an un-shredder. Maybe because it's not such a widespread problem. Or manufacturers of matches to recreate burnt documents from the ashes. Or gun manufacturers to develop tools to undo the damage to the other iPhone and computer hard drive destroyed by the San Bernadino attackers by putting a bullet in them.

    There are limits, even if we can put a man on the moon.

    edited March 2016 londorlatifbppalominemontrosemacs
  • Reply 16 of 118
    bobschlobbobschlob Posts: 1,074member
    Ahh, the '1 post'ers... Where would we be without them? 
    ration allondordsdradarthekatlatifbpjungmarkSpamSandwichirelandtheunfetteredmindadyb
  • Reply 17 of 118
    coolfactorcoolfactor Posts: 2,239member
    The mention of "non-American encryption products" is an interesting choice of words. Why does it have to be non-American exactly?
  • Reply 18 of 118
    coolfactorcoolfactor Posts: 2,239member
    Quako said:
    I do not believe a word of what Apple says.  They are totally seeing the financial fall out from cooperating with Law Enforcement.
    That's it.  Nothing more and nothing less. As the previous comment says ......ditto!
    Yes, very easy for you to say that ... until YOUR personal information is compromised because Apple enabled such a backdoor to exist.

    Would you willingly leave a copy of your house key with your local police department? Think about that for a moment.

    ewtheckmanlondorlatifbppropodspinnyd
  • Reply 19 of 118
    brakkenbrakken Posts: 687member
    At no point is usgovt espousing he virtues of the constitution or its amendments.
    I can only assume he reason being that convincing the gen public wih emotionalism is their purpose.
    Who is paying all these people to reinforce Android or MS's awful track record with security and protection of privacy?
  • Reply 20 of 118
    brakkenbrakken Posts: 687member

    hmlongco said:
    Okay Daniel, I was going to write about this but you have the bigger audience, so here goes.

    Apple wanted to allow users to block ads, but they didn't want to bake that capability into the OS itself. So what did they do? They opened up the system and allowed anyone and their kid brother to write ad blockers that users could download from the app store, if they choose to do so.

    And many, many people did. Users got the blockers they wanted, and Apple could take a step back and say, "Hey. Wasn't us."

    So, let's do it again. Apple should take a page from the "ad blocking" playbook and open the system to third-party encryption engines. Allow app developers to write encryption engines that the system installs and then uses to encrypt the disk. Allow users to install them. And in particular, allow developers outside of the US to create security plugins for the iPhone.

    Apple will need to do a thorough job of vetting the code submitted to the store, but they already do that anyway for ad blocker plugins, and they sandbox those plugins to prevent them from transmitting user data and performing other nefarious acts.

    Apple can bake in services to help them (Secure Enclave), but, by and large, the security code isn't theirs to break, they don't have access to the encryption keys to give away, and, in the case of developers located outside of the US, they're beyond the reach of the US government.
    Your understanding of software architecture vs software management is confused and superficial.
    thebmtnolamacguybadmonk
Sign In or Register to comment.