uroshnor

The article isn't strictly correct in a few areas.

Apple has supported location services level accuracy for emergency services since 2010 (maybe 2011 ?) with 3GPP Release 10 support. However, this approach had two problems  

- Apple was one of handful of vendors who exposed the full level of the phones awareness of location to the carrier network when requested - a lot of hem were just cell tower accuracy

- it requires the carrier to put in & maintain infrastructure to support it being accessible by the emergency services call centre

US, Japan and South Korea required carriers to implement this, but many other countries did not.

So the big advantage of AML isn't the accuracy on iPhone - its that the governments didn't need to go to the effort of forcing the carriers to implement that part of the 3GPP standards, and the carriers didn't need to spend the money to do it.

AML forces the effort back onto the handset OS vendor.

Google denied to ship AML in Android from 2016, so ~50% of the market went from patch support to a consistent GNSS level of accuracy, without involving the carriers.

The problem with AML is it uses SMS to send the location of the phone, and SMS is both insecure and unreliable delivery. There's a big risk with AML that in an emergency situation like an active shooter, mass casualty event, or natural disaster, that the SMS delivery will be delayed or dropped due to network congestion, and the feature will be useless just when its needed. It is likely to be fine for "steady state" events like a car crash or other accident though - so its not useless, just has significant limitations.

Whilst some of the governments involved view it as "THE" solution, AML in its current form is probably not much more than an interim step, and the reliability security and privacy issues are addressed either by an improved version of AML, or something else

Kuyangkoh said:

Well well, Apple its time to buy the company that built parts for Iphone....ie oled, memory etc and see how Korean corrupt govt reacts

Apple can’t afford it. Samsung’s component business is just another part of a sprawling, massive conglomerate - finance/banking/construction/cars/healthcare/Ships/etcetc .The whole thing is something like 15% of South Korea’s economy . All in the 4 big chaebol in SK are something like 40% of their economy - such concentration of ownership does not happen much elsewhere and there is a whif of truth to what is good for Samsung is good for SK, that enables behaviours that elsewhere would be viewed as corrupt or protectionist

Soli said:

alandail said:

Soli said:

vukasika said:

Q: Is encryption legal?
A: Yes.
End of discussion.

True, but this isn't that discussion. Apple has been served a warrant so they'll hand over all data they can access, in accordance with the warrant.

if it's encrypted, Apple can't provide without the keys, which they can't access by design.  Making the keys accessible defeats the purpose of encrypting the files in the first place.

That's the device encryption. If they can't can't access it then they just have to make that an official statement to them, but this is also about his iCloud account, which may not have unbreakable account encryption on their servers as this is inherently different from iDevice HW encryption. Even if it is unbreakable, they just need to state that and explain why. It's a warrant, so I'm not sure why you're focused on the legality of encryption but ignoring the legally of warrants.

Also note that Apple tried to assist them right away, so there's no reason to suspect that Apple will not try to assist them now. If his iCloud account was accessible I'm sure they already have the data waiting for them.

Apple publically documents on their Privacy site, what they can and can’t provide to law enforcement under warrant from data and metadata , from what sits on Apple’s servers.

lkrupp said:

So we as a society must accept the fact that if we want to remain free a good number of us must be prepared to die in terrorist attacks? Is that what this argument boils down to? 

We as a society must accept that a good number of us will die, even if the terrorists only use _unencrypted_ communications. This has happened already. 

There's really 3 parts to what AG Brandis is asking for, so it may well be a negotiating tactic.

1. For countries that aren't the US, obtaining data that vendors do have, takes forever (aka 6-12 months). The have to use a process called the Multi-Lateral Assistance Treaty to get a US based company to send a foreign LE agency data relevant to a case under a warrant. Its reasonable for them to  say to companies "there's got to be a better way for this to be processed faster", when a US LE agency can get the answer in days.

2. Brandis is also implying that he wants companies to support LE in installing malware implants in devices when they are ordered to by a court. This probably means "poisoning" a software update that is delivered to a specific device only. This is very similar to what Apple fought the FBI over in the San Bernadino case.

3. Brandis is also implying  he wants companies to change their products to build in a back door to allow LE access to encrypted traffic. This is currently only possible for certain services and architectures (e.g. not iMessage itself, but iMessages that are in an iCloud backup are fair game currently). This is s defacto ban on end-to-end encryption in clients.

The first point is pretty reasonable, and I actually do hope they get to a better, more responsive process than exists at the moment.

The second point is nuclear. How can the Australian Government stop a foreign government doing exactly the same thing, to force a vendor to help it target Australian Government devices ? If this practice becomes an accepted as lawful, nobody using publicly available devices is secure, including the governments themselves. 2016 election hacking will be a footnote compared to the devastation to follow. Governments could still use non-publically available devices, but they will to be hugely expensive compared to consumer devices.

The third point is also nuclear. It forces every vendor to take authoritarian steps to try and control access to that system. Most vendors would prefer to build a secure architecture, where even if they were compromised, they could not access the data. The rationale is that if they build a mechanism, it will eventually leak, be compromised or otherwise subverted and get out in the wild, and at that point, nobody is secure, including governments. This is not theoretical - both Microsoft and Google have had major leaks or hacks through their LE access systems already.

Lastly, both point 2 and 3 contravened the UN Universal Declaration on Human rights - it is very clear on its stance on privacy of the individual (basically government can not compromise individual privacy, including communications), versus privacy of organisations (governments can apply lawful compromises the privacy of a corporations communications). As Australia is a signatory to the UN UDHR.

BittySon said:

sirozha said:

Wi-Fi Assist is able to route traffic via cellular signal when Wi-Fi has no connectivity to the Internet. It's really pretty simple to implement. One way to do this is to ping an Apple server on the Internet via Wi-Fi. If the server is not reachable, route to the Internet via cellular. This way, both Wi-Fi and cellular can be connected. Wi-Fi could be used for communicating with the Wi-Fi direct device, and cellular can be used for communicating with the Internet.

Thanks, I think that is the answer, since iOS doesn't support Wifi Direct.

There is one other thing it might be - iOS supports an ad hoc peer-peer connection in the 5 GHz band - it's what it uses for Airplay when it is not connected to an infrastructure wi-fi network (also used for AirDrop, GameKit and a few other things - they call it AWDL - Apple Wireless Direct Link)

Carplay is basically a variation on Airplay , so it might be AWDL. 

Its conceptially similar to some aspects of Wi-fi Direct, but different in detail