Take a stand against the Obama/FBI anti-encryption charm offensive

2456

Comments

  • Reply 21 of 118
    apple ][apple ][ Posts: 9,233member
    stsk said:
    Daniel, please please please don't refer to the incident as terrorism, unless you refer to shooting up an office Christmas party as an act of terror. The only reason the DOJ uses that term is because the morons pee their pants every time someone in authority invokes the boogeyman "TERROR!" or "Muslim". The non-postal workers shooting up their workplace were NOT terrorists - they were wackos who happened to be Muslim. Don't fall into buying the Feeb's nonsense manipulative rhetoric. Anyone who uses the term terrorist to describe that incident is supporting the Feebs. Don't be that guy.
    It was terrorism, Islamic terrorism to be precise. They were ISIS supporters and they were dirty terrorists. I am sorry if you have a problem with reality and facts. 

    http://www.cnn.com/2015/12/05/us/san-bernardino-shooting/
    ewtheckmanjony0
  • Reply 22 of 118
    tmaytmay Posts: 5,498member
    mrich said:
    We wouldn't be having this conversation if a) such encryption had existed on 9/11 and b) on 9/12 the FBI had asked Apple to let it into any suspect phones. Steve Jobs or Tim Cook would have opened them up with their tongues, because the enormity of the crime demanded it. They would have looked like co-conspirators with mass murderers in the eyes of the whole world if they had made then the same argument Cook et al. are making now. Such noble half-baked and immature statements as the ones made above are only possible because merely 16 persons were murdered in San Bernardino. Yes, the hard truth about abstract moral principles is that they have to be put into action in the real world in the context of real human lives, and that changes the weight and heft of the arguments. If it had been 3,000 people who had been murdered in California rather than a *mere* 16, we wouldn't be hearing these arguments. So that begs the question: Just how many mass murder victims is Apple willing to tolerate? How many are we the public willing to tolerate before we insist that Apple co-operate in keeping us safe? Or is the difference in the nature of the weapons used? Are assault rifle murders acceptable, while murders caused by airplanes are not? How about a poison gas attack, or a dirty bomb? Where is the line between an acceptable number of murders and an intolerable number?
    Fortunately, your scenario didn't occur and frankly, it likely would not have had any effect on the extremely small number of U.S. Citizens killed on U.S. soil from foreign terrorists after 9-11.

    More importantly, there were structural reasons why the various agencies failed to stop the 9-11 terrorists, but it wasn't because they didn't couldn't identify and track some of the suspects prior to the attack.
    edited March 2016 londordsdlatifbpspinnydjony0baconstang
  • Reply 23 of 118
    Government for Dummies 21st Century Edition (8 steps to full control)

    Step 1 - Mess with geo-politics and governments around the world
    Step 2 - Piss off said governments and populace to the point that their country's entire population hates you
    Step 3 - Try to control that country economically and/or militarily
    Step 4 - Kill resistance to your controlling efforts and label them as insurgents. Population declares a holy war against you
    Step 5 - Respond to resulting terror at home by controlling your own population through fear created from steps 1 to 4
    Step 6 - Twist privacy and free speech to make them appear unconstitutional and unpatriotic. Utilize obscure laws from 1700's if necessary.
    Step 7 - Step up fear mongering so laws can be re-written to remove personal privacy
    Step 8 - Wipe ass with constitution.

    latifbpstskfracnolamacguypalominespinnydjony0baconstang
  • Reply 24 of 118
    clemynxclemynx Posts: 1,512member
    A black box has always existed : our mind. 

    What at if one day we can read minds, will we accept to use such technology on anyone?
    ewtheckmanradarthekatlatifbpnolamacguyspinnyd
  • Reply 25 of 118
    mrich said:
    So that begs the question: Just how many mass murder victims is Apple willing to tolerate?
    Really? What does Apple have to do with mass murder in the US? Is an encrypted phone more dangerous than an assault rifle? If public safety is always more important than individual rights, why is any private citizen in the US allowed a gun? What's the point of removing encryption from iPhones when there are hundreds of encryption apps available that can block the FBI from reading communications. Talk about forest from the trees...
    londorradarthekatlatifbpstskpropodthebmtstompypalominejony0baconstang
  • Reply 26 of 118
    The mention of "non-American encryption products" is an interesting choice of words. Why does it have to be non-American exactly?
    Because if the American government requires all encryption to have a backdoor, then it is only possible for non-American encryption to actually be secure. (Of course, that's no guarantee that it would be secure, either.)
    edited March 2016
  • Reply 27 of 118
    We either have encryption or we don't.  The security granted by it is a respect to human decency.  Giving it away is to say some one has power over your thoughts and actions.  Of course we could resort to 3rd party encryption but giving the government a green light at all of our activities and actions is a very dangerous precedent regardless of the small percentage of bad guys that are apprehended.  It will not stop here.  
    ewtheckmanpalominespinnydjony0baconstang
  • Reply 28 of 118
    MDotMDot Posts: 3member
    I wonder how many people taking the side of the FBI have a passcode on their mobile phone...and if they do, why?
    radarthekatlatifbpstskspinnydjony0
  • Reply 29 of 118
    So let me see if I can follow Apple logic. If I have a safe deposit box at the bank and keep the record of my illegal activities there, police can get a search warrant and force the bank to open the box. However, if I keep all of my illegal activities on an overpriced iPhone and encrypt it with the help of Apple, I'm in the clear because Apple, unlike banks, doesn't have to comply with any legal search warrants. I see this strictly as a marketing ploy on Apple's part that makes me feel far less secure than I did before. To me, it's just this simple....Don't do anything illegal and you don't need encryption. What did people do in the time BEFORE iPhones? Apple....The criminal's friend and confidant.
  • Reply 30 of 118
    CMA102DLCMA102DL Posts: 121member
    thanks, just sent emails out.
  • Reply 31 of 118
    So let me see if I can follow Apple logic. If I have a safe deposit box at the bank and keep the record of my illegal activities there, police can get a search warrant and force the bank to open the box. However, if I keep all of my illegal activities on an overpriced iPhone and encrypt it with the help of Apple, I'm in the clear because Apple, unlike banks, doesn't have to comply with any legal search warrants. I see this strictly as a marketing ploy on Apple's part that makes me feel far less secure than I did before. To me, it's just this simple....Don't do anything illegal and you don't need encryption. What did people do in the time BEFORE iPhones? Apple....The criminal's friend and confidant.
    Sorry dude you are missing the point.  Illegal or not is really not the issue. It comes down to trust in the system that you are using and whether or not it can be subjugated.  You may be perfectly happy with letting anyone into your thoughts or activities but others may not feel so welcome.  Criminal or not.  They should have the right to prohibit access.  You are only seeing things from the perspective of criminals.  Profiling individuals is becoming so pervasive with social media.  It would be nice to know there are some places where one can safely express thoughts without fear of being spied on.  It's called decency.  
    nolamacguyspinnydjony0
  • Reply 32 of 118
    ceek74ceek74 Posts: 324member
    Ahh, the 1 posters.  Welcome.  Stick around, you may learn something.
    londorration alpscooter63nolamacguytallest skiljony0
  • Reply 33 of 118
    radarthekatradarthekat Posts: 3,402moderator
    Okay DED, I've sent the following to each of the contacts you provided, plus to Marco Rubio (seeing as I'm a Florida resident):

    Regarding the FBI request for Apple's assistance,

    A brief overview of the situation and its likely effects, followed by some insights as to a way forward:

    The iPhone is locked by a passcode that is combined with a hardware key built into each iPhone at manufacture.  This hardware key is randomly generated and encoded into the silicon inside each iPhone AND IS NOT KNOWN EVEN TO APPLE.  So to unencrypt data on an iPhone, you need the user passcode and the hardware key, which exists only in the phone's hardware.

    To decrypt the data on an iPhone you need to enter the password ON THAT IPHONE so that the password gets combined with that iPhone's hardware encryption key.  Taking the data off the phone and trying to decrypt it elsewhere won't work because you won't have the hardware key portion of the combined encryption key.

    So you need to enter each password guess into the iPhone you are trying to unlock.  And the iPhone has a security feature that wipes all the data in the phone after ten consecutive incorrect password attempts.  This feature is what makes a simple four digit passcode such a strong security measure.  Without that feature, it would be a simple process to manually sit there and try one password after another until you went through all 10,000 combinations.  The FBI, or a school kid with a couple extra days on his hands, could break into any iPhone.  But if the phone erases itself after ten unsuccessful password tries, then you won't dare even try to unlock it, as you'll have only a 10 in 10,000 chance of guessing the correct password and the consequences of that tenth incorrect guess is that you'll lose the data you're after.

    The FBI is demanding that Apple remove this security feature so that they can simply brute-force the password.  10,000 tries, even if done manually, wouldn't take very long.  Of course, they are also asking for two additional weaknesses.  One is to allow passwords to be sent to the phone electronically (wirelessly).  That would save time over manually sitting there trying one after another passcode.  And the other is to remove a delay the software inserts between passcode attempts, so that it could blast passcodes at the phone at a very fast clip.  You'd ask for these two additional weaknesses only if you are planning on turning this into a tool for law enforcement to use over and over.  So that puts the lie to the FBI's stance that they want this only for this one time.

    Apple is not being asked to use any method they want to just get the data.  Apple is being demanded to build a forensic tool for law enforcement's repeated use.  Apple, and those of us knowledgable about this sort of thing, knows that this tool will need to be maintained and documented, and submitted into evidence to be inspected by defense attorney experts, because defense attorneys will want to be certain that the tool does not modify the evidence it makes available.  This is how the tool will get out into the wild, and when it does then none of us will have any security unless we install additional encryption software on top of the operating system.  Which criminals and terrorists will immediately do, leaving them safe from law enforcement search while leaving the vast majority of casual users open to those same terrorists infiltrating their phones and grabbing their bank account passwords, etc.

    Law enforcement will solve a few more crimes, committed by unwitting criminals who didn't think to add additional encryption on top of the weakened encryption in the operating system.

    Casual users like you and me and your kids and wife will be more subject to snooping by hackers, some of which will be working for the fund-raising departments of terror organizations.

    Terrorists will hold up this incident and the fallout from it as a major victory in their attempts to weaken and manipulate free society.


    The whole situation needs to be thought through from the ground up.  Here's a scenario I play in my mind to get my head around this.  

    Imagine there's a bad guy out there with an idea in his head for a Dr. Evil super weapon that could do enormous damage to the world.  The bad guy keeps this knowledge to himself, storing the designs for the weapon only on his personal phone, which is protected with strong encryption.  And then the bad guy dies.  End result, no harm, no foul.  In this scenario, his phone served merely as an extension of his mind, allowing him to flesh out his ideas in a document stored on his phone rather than relying solely upon his own imperfect memory.  Because he died before ever communicating his ideas beyond his own mind and his secure phone the world is safe from this super weapon, until someone else independently comes up with the same idea.  And while he was living, the world was safe from his super weapon as long as he did nothing to share the idea and design with others who could help him build it.  

    Now let's imagine an alternate scenario, where the bad guy with the super weapon design instead shares the idea and designs beyond the sanctuary of his mind and secure smartphone.  It's when a dangerous plan is shared with others who can act upon it that the information represents a danger to the world. 

    So this is where you might want to draw a line.  Information stored under strong encryption on a smartphone or other personal device might be treated as an extension of our minds, sacrosanct from forced inspection.  But information communicated out to the world, where it can be put into motion and effect, should not retain the same rights to perfect privacy.  If I enter the name and phone number of a known terrorist into my contacts list, this should be private and protected information.  But if there's a record of my having placed or received a call from that terrorist, then this indicates a potential of threat, that I might be collaborating with the terrorist.  And so the fact of the actual communication is what government should be fighting to access (via the phone company and not via my handset), not the fact that I merely have the terrorist's contact information on my phone.  And the actual text or voice communications I had with the terrorist, representing the actual communications that might have spread a dangerous idea among multiple people, this too should be of interest to law enforcement, also accessed via the telecommunications provider.  So I understand the whole wiretapping concept, with proper warrant and cause.  But I think it should cover the actual communications between potentially [suspected] conspirators, not the content on their phones which potentially includes information they never shared with anyone, and therefore represents their private thoughts, with the phone's encrypted storage acting as a proxy for their memories.

    latifbpewtheckmanpalominespinnydai46jony0
  • Reply 34 of 118
    jvmbjvmb Posts: 59member
    brakken said:

    hmlongco said:
    Okay Daniel, I was going to write about this but you have the bigger audience, so here goes.

    Apple wanted to allow users to block ads, but they didn't want to bake that capability into the OS itself. So what did they do? They opened up the system and allowed anyone and their kid brother to write ad blockers that users could download from the app store, if they choose to do so.

    And many, many people did. Users got the blockers they wanted, and Apple could take a step back and say, "Hey. Wasn't us."

    So, let's do it again. Apple should take a page from the "ad blocking" playbook and open the system to third-party encryption engines. Allow app developers to write encryption engines that the system installs and then uses to encrypt the disk. Allow users to install them. And in particular, allow developers outside of the US to create security plugins for the iPhone.

    Apple will need to do a thorough job of vetting the code submitted to the store, but they already do that anyway for ad blocker plugins, and they sandbox those plugins to prevent them from transmitting user data and performing other nefarious acts.

    Apple can bake in services to help them (Secure Enclave), but, by and large, the security code isn't theirs to break, they don't have access to the encryption keys to give away, and, in the case of developers located outside of the US, they're beyond the reach of the US government.
    Your understanding of software architecture vs software management is confused and superficial.
    Please explain

    I figured that hmlongco's proposal was a good idea, but my understanding of software architecture is limited.  I imagine this would work similar to Bitlocker. Microsoft does not own the decryption key if you encrypt your Windows laptop with bitlocker.

    Given where governments around the world are heading, having third party encryption may be the only option to secure devices and apps. With the UK, Brazil, New York, and California demanding back doors already, some laws are bound to get passed somewhere requiring Apple, What's App and others to build back doors.

    Apple and Goolgle can not afford to stop selling devices in large markets as a third platform may gain the critical mass to become a viable alternative. I see only two ways around that.
    1) Sell devices without encryption and allow users to add encryption through third party software.
    2) Create two versions hardware and OS, one with encryption and one without. Both would be compatible with the same apps, but the secure version would only be sold in jurisdictions that allow the sale of encrypted devices without back doors. I'd be curious to see which version government officials would use. I am pretty sure they would by the secure version.

    If option 1 is not technically feasible, then that would only leave option 2.
  • Reply 35 of 118
    jhalmosjhalmos Posts: 15member
    Well, the Apple logo is way better. 
  • Reply 36 of 118
    radarthekatradarthekat Posts: 3,402moderator
    So let me see if I can follow Apple logic. If I have a safe deposit box at the bank and keep the record of my illegal activities there, police can get a search warrant and force the bank to open the box. However, if I keep all of my illegal activities on an overpriced iPhone and encrypt it with the help of Apple, I'm in the clear because Apple, unlike banks, doesn't have to comply with any legal search warrants. I see this strictly as a marketing ploy on Apple's part that makes me feel far less secure than I did before. To me, it's just this simple....Don't do anything illegal and you don't need encryption. What did people do in the time BEFORE iPhones? Apple....The criminal's friend and confidant.

    ---

    If the bank doesn't have a key to the safe deposit box (maybe it was lost) law enforcement doesn't demonize the bank and threaten its management.  They also don't demand that the bank manager himself break into the box, as that's not his job.  They simply hire a locksmith to open the safety deposit box.  But that's not what they are doing in this case.  They could hire a specialist with an electron microscope to shave down the EPROM on the phone where the hardware encryption key has been written, use the electron microscope to read that key, then copy all the encrypted data off the phone and brute force the password against it and the recovered hardware encryption key.  Had they gone this route, they'd have decrypted the data by now, but that's not really their objective.  By telling the world the only way to get the data off that phone and decrypt it is with Apple's assistance in taking some very specific steps that results in a reusable backdoor, the FBI has exposed themselves as liers with an agenda.

    As to those who don't do anything illegal not needing encryption, well, I don't do anything illegal and my Target debit card was part of a huge hack that could have compromised my bank account.  Just one of many examples where data security is important to law-abiding citizens.  If a hacker can get into your phone, he could read your schedule, which might include reminders about your kid's activities that you take them to.  An entire picture of your life could be constructed, resulting in your young daughter being abducted perhaps, or any number of other scenarios.  Software to log and transmit your keystrokes could be installed, allowing access to your financial accounts as your usernames and passwords are collected by hackers.  Our lives are in our smartphones.  Don't be naive thinking that data doesn't warrant absolute security.
    edited March 2016 londoradybration alpalominespinnydai46jony0baconstang
  • Reply 37 of 118
    wilwil Posts: 170member

    The FBI or Obama does not care for the one iPhone, they wanted the Holy Grail of encryption from Apple, Microsoft, Goggle, Facebook and others as an excuse to protect the American people.
    Imagine the possibilities of what the FBI or government agencies can do against the American people. Think about the Wisconsin John Doe case but this time the DOJ and the Feds are involved. Imagine having your smartphone secretly sending real time videos of what you are doing, who you meet with and etc to the FBI or any government agency or government entity. Consider the implications on how your iPhone becomes a homing beacon for your political foes, the unprofessional media, jealous lover, kidnappers or what have you that exactly tells them on where will you be located. Imagine the implications that your smartphone shall be used as a blackmail tool to force voters and legislators to act against their best interests.Imagine having Senator XYZ withdraw his own bill to reform the IRS or the NSA or the FBI because someone in the agency upload illicit child pornography files on his own personal smartphone and somehow the press and law enforcement found out the child porno about said Senator’s vice before the latter did. Imagine having a member of an American law enforcement agency use your own smartphone as their own personal hidden camera to stalk you.
    Imagine the consequences for thousands if not millions of people who oppose their governments worldwide. Imagine the power politicians and governments will have over their opponents and their own people. Free speech gone, freedom of association, gone, Privacy, forget about it.
    The FBI’s reasoning is about control not security. Security is extremely hard, but if you can control communications,associations, speech and movement, you control the people and their votes.  Security becomes a possibility only under the terms of the government and not the people.
    radarthekatewtheckmanration alpalominespinnydbaconstang
  • Reply 38 of 118
    I think both parties are withholding some information and use un-enlightened crowd to their advantage. For Apple it should be technically possible to unlock the phone:

    1. Raw data on the phone is physically accessible, so you can create Image
    2. There is software to emulate various hardware devices and Apple also has iPhone software emulator in XCode.
    3. Suppose you manage to load Image in Software Emulator and get a copy of a physical phone running in software
    4. Next, you need to alter hardware behaviour when wrong key-code is entered. Speed up the clock or restore memory/cpu state before attempt is made
    5. Input can be done through software, not touch-screen.

    Apple may already have a software like that, but FBI is lacking technical capabilities and knowledge of inner-workings of iPhone to perform unlock themselves.. What's important is that with a detailed information on apple's hardware this "unlock" can be accomplished by a 3rd party with physical access to hardware - with or without warrant. 

    There is probably another way involving creating a "fake" boot-loader / operating system, if Apple would sign it as "authentic" with their master key and placed it manually into iPhone NAND memory. Once loaded the new operating system would pretty much break it's own access-code and decrypt personal data on device.


    Apple can (and probably has done it) improve this protection by making keys longer and using a more complex computation before being able to determine if the passphrase was correct or not during first un-lock after boot. This can stop (or slow down) brute-force hacking like I have described above.

    I can conclude that the argument between parties here is not the "technical" one. Apple feels powerful enough to challenge a regular FBI practice and force them away form their devices. FBI knows that Apple is capable of un-locking the phone, otherwise they wouldn't pursue the case. Both parties try to leverage the power of community to persuade and achieve their goal.

    For FBI the goal is the ability to get into smartphones similarly how they could access mobile older phones and communication - practice that has been there for decades and hasn't caused common citizen much grief. 

    For Apple the goal is to keep FBI away form their devices, maintain our perception of their "unbreakable device" and panic or 3rd party vendors introducing additional encryption within the apps.

    Either way the outcome is scary, but I doubt it will have any major impact on the strong encryption practices.
  • Reply 39 of 118
    quinneyquinney Posts: 2,528member
    Government for Dummies 21st Century Edition (8 steps to full control)

    Step 1 - Mess with geo-politics and governments around the world
    Step 2 - Piss off said governments and populace to the point that their country's entire population hates you
    Step 3 - Try to control that country economically and/or militarily
    Step 4 - Kill resistance to your controlling efforts and label them as insurgents. Population declares a holy war against you
    Step 5 - Respond to resulting terror at home by controlling your own population through fear created from steps 1 to 4
    Step 6 - Twist privacy and free speech to make them appear unconstitutional and unpatriotic. Utilize obscure laws from 1700's if necessary.
    Step 7 - Step up fear mongering so laws can be re-written to remove personal privacy
    Step 8 - Wipe ass with constitution.

    Your recipe is pretty close, but there are a couple of ingredients you need to add to make a Colonialist Shit Sandwich palatable.  Before Step 1 you need to invent a
    masturbatory concept like "Manifest Destiny" or "American (sic) Exceptionalism".  This allows Steps 1 through 4 to be portrayed as noble rather than selfish.  Around
    Step 5 or Step 6 you need to add a heaping shovel of misdirection.  Claim that the cause of terrorism is that terrorists hate our freedom (rather than that they hate the
    way we have our boot on their neck).  That reminds me.  I wonder if we will continue to hear how they hate our freedom if the FBI/DOJ achieve their end game.  What
    freedom will there be to hate if we are living in a National Surveillance State where the first, fourth, and fifth amendments are nothing more than quaint historical
    references?  Perhaps that is their plan for getting the terrorists to leave us alone.
    edited March 2016 stskbestkeptsecretpalominebaconstang
  • Reply 40 of 118
    jungmarkjungmark Posts: 6,882member
    hmlongco said:
    Okay Daniel, I was going to write about this but you have the bigger audience, so here goes.

    Apple wanted to allow users to block ads, but they didn't want to bake that capability into the OS itself. So what did they do? They opened up the system and allowed anyone and their kid brother to write ad blockers that users could download from the app store, if they choose to do so.

    And many, many people did. Users got the blockers they wanted, and Apple could take a step back and say, "Hey. Wasn't us."

    So, let's do it again. Apple should take a page from the "ad blocking" playbook and open the system to third-party encryption engines. Allow app developers to write encryption engines that the system installs and then uses to encrypt the disk. Allow users to install them. And in particular, allow developers outside of the US to create security plugins for the iPhone.

    Apple will need to do a thorough job of vetting the code submitted to the store, but they already do that anyway for ad blocker plugins, and they sandbox those plugins to prevent them from transmitting user data and performing other nefarious acts.

    Apple can bake in services to help them (Secure Enclave), but, by and large, the security code isn't theirs to break, they don't have access to the encryption keys to give away, and, in the case of developers located outside of the US, they're beyond the reach of the US government.
    So give a third party total control over all your info? What if that third party is a govt hiding as a nested web of shell corporations? 

    No thanks. 
    palominepscooter63baconstang
Sign In or Register to comment.