Apple Is Said To Be Working On an iPhone Even It Can't Hack (nytimes.com) 405
An anonymous reader writes with this story at the New York Times: Apple engineers have already begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts. If Apple succeeds in upgrading its security — and experts say it almost surely will — the company would create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year's San Bernardino, Calif., rampage. The F.B.I. would then have to find another way to defeat Apple security, setting up a new cycle of court fights and, yet again, more technical fixes by Apple.
Precedent (Score:5, Interesting)
Re: (Score:2)
If the Secure Enclave has non-volatile storage it can access directly, the boot ROM can do this.
Adding additional hardware support (e.g. a write-once write-only key register) could make it easier, but even without that you could require that the passcode be entered in order to mark a new SE firmware image as being usable without wiping all keys.
life was like a box of chocolates (Score:2)
Why does Apple get props for doing the obvious? (Score:5, Insightful)
Re: (Score:3, Insightful)
Because other phone companies don't?
Re:Why does Apple get props for doing the obvious? (Score:5, Interesting)
Google's Nexus devices are secure and don't have the same firmware update flaw that iPhones do. In fact all Snapdragon 810 based phones are immune because the 810 does not allow firmware updates to the secure memory, it's a ROM burned into the silicon.
Android has in fact offered full device encryption with the key held in secure storage for years now. Since the Nexus 6 it was enabled by default, and Google has been pushing for other vendors to enable it by default too.
Samsung has been offering it's "Knox" security for phones for many years now too. No idea if that it hackable, but it's not true to say that no-one else has offered full device encryption that was claimed to be unbreakable.
Re: (Score:3)
No. But I suspect Google could push a Google services update targeted at a specific phone, and those can do darn near anything. I don't believe Apple is quite as prolific about OTA updates to very powerful core services; unlike Google, they can bundle that stuff into the core O/S without being worried that it won't make it to end users.
On the other hand, the option is there to lock down an Android phone pretty sol
Re:Why does Apple get props for doing the obvious? (Score:5, Interesting)
Google's Nexus devices are secure and don't have the same firmware update flaw that iPhones do. In fact all Snapdragon 810 based phones are immune because the 810 does not allow firmware updates to the secure memory, it's a ROM burned into the silicon.
As an Android security engineer I appreciate you standing up for Google, but this isn't true.
The relevant software for device encryption includes:
1. The system image. This contains the vold daemon which mounts the encrypted disk and configures the kernel with the key.
2. The boot image. This contains the Linux kernel, which includes dm-crypt, the code that does device encryption.
3. The trusted OS image (TOS). This contains the code that knows how to use device-specific hardware-bound secrets. Vold calls into it when decrypting the disk encryption key to pass to the kernel.
4. The bootloader image. This is used to load all of the above. The details vary, but generally the TOS is verified and loaded first, then the bootloader switches out of secure mode (I'm describing the process for ARM-based devices; it's a bit different for others), then verifies and loads the boot image and boots the kernel. The kernel mounts the system image and configures dm-verity which does run-time verification of system image blocks.
All of the above are flashable images, and replacing them would enable bypassing the security controls they implement. The bootloader image is the most critical one, since it verifies and loads both the TOS and the boot image. If you can change the keys it uses to verify those, you can change everything else. The bootloader (including the keys it contains) is signed by a key whose public part is burned into ROM. That key can't be changed, and the private key is held by the device OEM. I believe the keys used to sign the system and boot images for Nexus devices are held by Google (not sure), and the key used to sign the TOS is held by the TOS maker (Qualcomm, on the recent Nexus devices).
You could compromise Android device encryption with the assistance of any of these parties. Getting the OEM to sign a new bootloader allows you to provide your own versions of any of the higher-level pieces, though these things are pretty intricate and writing replacements from scratch that would work is a big, big job. If I were working for the FBI, I probably wouldn't take that approach. Getting Google to sign a modified system image would, from a technical perspective, be much better. You'd still have to brute force the password, and you'd still have to have the TOS perform a 50ms operation for each password you try, but that would be no problem for a four-digit PIN. If the user used, say, an eight-character password, though, it wouldn't be enough. Also, Google's response to a request for a modified system image would probably be about the same as Apple's.
The best point of attack would be Qualcomm (for recent Nexus devices; other platforms and older Nexus devices use different TOSes). Get them to sign a TOS image that takes the device secrets and simply exports them in response to some request. With those secrets in hand, and a copy of the device flash, you can then brute force the device encryption key off-device, on big hardware. No realistic user password would stand up to that. The process is complicated so I won't bother explaining it here, but it would be very doable.
To be clear, the Android security team considers these multiple points of entry a bug, not a feature. I, personally, want to get to a state where if you don't have the user's password, you aren't getting in, barring direct attacks that involve peeling apart chips to extract secrets. Doing that requires a separate secure processor (something most Android devices don't have) running non-updateable software. Working to make this possible is one of my current projects.
It's a much tougher problem in the Android world than for Apple, though, because of all of the players in the ecosystem. Not because they're unw
Re:Why does Apple get props for doing the obvious? (Score:5, Informative)
Apple's encryption is still very secure. It hasn't been broken, and even Apple won't be able to break it for the FBI. What the FBI wants Apple to do is hack the unlock code for them.
The only "vulnerability" is this case is that Apple potentially has the ability to push new firmware onto this model of iPhone (the 5c) using its own signed certificate, even if the phone is locked. The FBI wants this new firmware to do two things: (1) bypass the "10 wrong tries on the unlock code and the iPhone erases itself" routine and (2) reduce the time interval between unlock code entries. Once this is done, the FBI will brute force input combinations until the iPhone unlocks.
The only problem is that Apple hasn't written this firmware. Even if the firmware existed, you'd need Apple's own certificate to push it onto the iPhone. So the iPhone is still quite secure, relatively speaking, provided the courts don't compel Apple to develop a forensics tool for the FBI at Apple's expense.
Of course, Apple doesn't want this situation to ever, ever happen again. You can bet the iPhone 7 will plug this potential vulnerability by making it impossible for anyone to push firmware onto a locked iPhone, even with Apple's own certificate. At that point, the FBI will no doubt petition Congress to legislate that Apple (and Google, Samsung, LG, etc.) provide a means for altering the firmware of any smartphone sold in the U.S., on court order. And that's when this fight will really get interesting.
All devices require passcode to upgrade? (Score:3)
Why does apple get headlines for doing what they should have done in the first place?
Why do you think Apple should have "in the first place" required a PIN code to install an OS update? As a technologist do you not find it reasonable you should be able to put the phone into a recovery mode and then install the OS again in case something was messed up?
Indeed if it's what they "should have done" then you must be apoplectic that no other company has taken this "obvious" step to date.
Should you be required to
Re: (Score:3)
The best way to handle it is to make it an "if the unlock code is provided, then you can update the software of the OS and firmware of the device without wiping the encryption keys. If the unlock code is not provided, then I will let you update the software but first I will wipe the encryption keys." Since the encryption is all done in a hardware chip with it's own separate OS and update process, it would not be difficult to accomplish.
Re:Why does Apple get props for doing the obvious? (Score:5, Insightful)
What is more: the current line of products with their "secure enclave" chip and so, are already supposedly unbreakable by Apple themselves. So is this an admission that Apple can actually break into the current iPhone 6 line? Or do I miss something here?
Your passcode removes all the fancy protection (Score:3)
What is more: the current line of products with their "secure enclave" chip and so, are already supposedly unbreakable by Apple themselves. So is this an admission that Apple can actually break into the current iPhone 6 line? Or do I miss something here?
More secure in the sense of defeating the encryption since part of the key is embedded in silicon and "unreadable"? Which is something quite different from your passcode which is normally all that prevents one's data from being decrypted by all this fancy hardware. Unless the passcode retry delay is burned into silicon, part of a processor, it would seem to be software that is patchable. If so the only thing the FBI needs is for Apple to digitally sign a tampered iOS or firmware.
On a positive note if App
Can you point me to any perfectly secure phone? (Score:2)
Presumably you've made a perfectly secure smartphone yourself--that would certainly justify your 'holier than thou' attitude. Can you point me to where I can buy it?
Failing that, just point me to any perfectly secure consumer computing device. Go ahead, I'll wait.
Re: (Score:2)
You release what you have and then keep on adding features to the next model.
FTFY. In the software world there's almost never improvement in subsequent releases, just new features to keep the marketing people happy.
which brings to mind the old question ... (Score:5, Funny)
Can God make a chili pepper so HOT that even He can't eat it?
Yeah, makes you think, doesn't it?
Android? (Score:5, Interesting)
What I haven't heard yet is where Android lands on the security spectrum. Are they already as or more secure than what the rumors are now saying Apple is trying to achieve? Are they as or more secure than where Apple is right now? Are they as or more secure than where Windows is right now?
Re: (Score:3)
I think that falls on the individual implementation of the phone. If my understanding is correct the operating system does support being at least that secure, but that doesn't mean that the version of Android that actually ships is,or that the phones hardware supports it either. The downside to the fragmented Android community - there are few baselines.
Re:Android? (Score:5, Informative)
I think it depends on the OEM. There are factors such as whether the device storage is encrypted by default, whether the bootloader is locked by default, what kind of security hardware is available on the SoC and whether it is used, whether exploits are patched, whether there is a continuing roll out for discovered exploits, whether updates are automatically installed w/o authentication, whether the baseband contains known exploits and attack vectors (cough), etc.
So there's no one answer because there's no one Android device and many phone OEMs (and the manufacturers of the underlying hardware platform) may be implementing security to different degrees. Though many of these considerations do have google guidelines and policies in place, some of which may be enforceable via google compatibility tests, there is a wide spectrum of what you can expect from Android generally speaking I think.
You might look to Google's policies and recommendations, and more importantly their Nexus devices themselves as models for what they consider best practices to be. Then there is blackphone [silentcircle.com] and other distros that have security as their primary focus, so they may be good to consider as well.
Re:Android? (Score:5, Informative)
What I haven't heard yet is where Android lands on the security spectrum. Are they already as or more secure than what the rumors are now saying Apple is trying to achieve? Are they as or more secure than where Apple is right now? Are they as or more secure than where Windows is right now?
Android devices with L or M are roughly as secure as the pre-Secure Enclave Apple devices (like the 5C). That is, the security software is all in flashable components which are signed, and if the holder of the signing keys can be coerced into signing a custom image, it's possible to bypass all of the anti brute-force protections. Brute force is still necessary, then, but it's trivial for four-digit PINs and may be feasible even for better passwords (or patterns).
That's in general. Some OEMs have gone a bit further, such as Samsung's KNOX. I don't know the details and can't comment on whether or not they actually improved the security above the baseline required/defined. by Google.
I'm the Google Android engineer responsible for lots of these bits.
Re: (Score:2, Insightful)
Because it does depend on the OEM - as Apple is showing the only way to solve this issue is in the hardware because it is too easy to bypass software based solutions.
So there isn't much Google can do with Android itself (now the Nexus hardware is another story, but that's not Android).
Should be more concerned about controlling guns... (Score:2, Insightful)
Than some stupid phone.
This might not be a fight Apple wants (Score:3, Interesting)
The U.S. Government can conceivably ban the sale or possession of that type of phone.
They do it all the time with other products, or require licensing and training and over site after purchase.
I have to wonder (Score:5, Insightful)
I suspect that Tim Cook as an LGBT individual, has an intimate, proximate, and/or cultivated personal interest, with historical and current backing, in personal privacy. In these particular circumstances, it would express itself as the importance of data privacy on a personal device.
If I had to guess, it could come down through the ranks indirectly as unstated support from the top.
Re: (Score:2)
I've always thought that since he came out. It seems like concern for privacy would be a fairly strong value for a man who lived in fear of being exposed.
If all it takes is an OS update to get access (Score:3, Interesting)
Whats going on (Score:5, Insightful)
Missing the point (Score:5, Insightful)
I RTFA this time. It, like so many other other articles, missed the actual legitimate issues of the case. Every time you read an opinion that says Apple should "unlock the phone" or "decrypt the phone" misses the point that Apple must create software which doesn't exist. Whether Apple should do that or not is itself an interesting discussion, but the real issue here is whether government agencies should be able to force software companies to create hacking software, especially when the software company isn't accused of breaking any law in the case.
I don't have any issue with the idea that a government agency should be allowed to create hacking software. I wouldn't object if the NSA had required Apple to sign a software update created by the NSA for the purpose of hacking into the phone. In fact, I think that's what the government should do. However, I'm very troubled by the fact that most people are in favor of Apple being forced to unlock a phone when that's not what is really going on.
Compulsion of speech is an issue that has been supported in food labeling laws and denied in other cases. Creating software is fundamentally different than providing existing information. I believe creation of software is a form of speech, and I think the courts have upheld that viewpoint, so this case is really hinging on whether a judge under "All Writs Act" has the authority to force someone, not even someone accused of a crime, to create something new.
I think it is important in this discussion to understand how the software the government wants Apple to create would work. Apple updates happen automatically for phones which automatically connect to a known wifi access point. Those updates don't just get pulled from Apple though, the phone creates a code which is encrypted with Apple's public key, so that only Apple with it's private key can decrypt. The update is then provided to the phone, with the code provided by the phone re-encrypted so that only the phone can decrypt it, and only then is the update, signed with Apple's key, loaded into the phone.
If the government wanted to, they could require Apple to provide source code to their existing software and the government could modify it and either ask Apple to sign it or require Apple to provide its private key. However, by requiring Apple to create the hacking software, they're introducing an idea that software companies cannot refuse to create software when required by the government. Once someone does something for a government official, often that's taken as a reason that the government can require them to do it again. (See In re Boucher - case citation: No. 2:06-mj-91, 2009 WL 424718)
Apple had asked that the request be sealed, thus kept secret and not able to be used as precedent but the Department of Justice refused and thus made their request both public and able to be used as precedent. If they succeed in forcing Apple to create hacking software they get access to the information on this phone, but more importantly, the hundreds or thousands of phones they'd like to access are much more likely to be accessed by forcing Apple to repeat the process over and over. Apple doesn't want to be in the business of creating hacking software for the government. Much of law enforcement would consider this a victory, but I think the FBI is hoping to lose this case as a general might be willing to lose a battle, in order to win the bigger war. By losing the case, the FBI gains public support that they can use to pressure Congress to create laws forcing software companies to build in backdoors. Such a thing could be done securely, so that it wouldn't open the software to hackers. I have zero faith that Congress or software companies actually would do it in a secure way, but that's not the reason I am against the backdoor. Encryption is math and the math is known and freely available to anyone who searches for it. The ability to create securely encrypted software is something that can't be made to disappear, but it can be made illegal to do in the US. By d
Re: (Score:2, Insightful)
Re: (Score:3)
Most ot the rhetoric from Tim Cook is pure bullshit in this case. He tries to expand the request to all iPhones in order to create a wave of sympathy and pose as a champion of privacy while in reality he doesn't give a shit, unless this can be a sales point. Pure marketing here.
Perhaps you missed this story [macrumors.com]
The twelve cases are similar to the San Bernardino case in that prosecutors have sought to use the 18th-century All Writs Act to force Apple to comply, but none are related to terrorism charges and most involve older versions of iOS software.
Re:Missing the point (Score:5, Insightful)
I'm very sorry to tell you so, but Apple needn't to create software that doesn't exist. It needs to modify an existing piece of software, called firmware that set a limit on the number of attempts with a wrong password before deleting data on the phone and it needs to remove the delay they introduced between attempts to avoid an automatic system to try passwords at a rate no human can. So, the piece of software exists and the modification is about two lines of code and maybe something like less than 10 characters to change in the code.
So if the government handed you a piece of paper and said "Read this into the microphone", you'd consider that not to be restricting your freedom of speech because you didn't have to actually create the message yourself?
This Apple software is written a certain way for reasons specific to the desired functionality. Just like you might choose specific words to get across your specific point, and might not agree to choose alternate words which make an entirely different point.
Right to privacy - /me ducks (Score:3)
Apply the same reasoning, and you'd have:
The court has already established a precedent here that saving a life is subordinate to the right to privacy.
Re: (Score:2)
"Treason against the United States shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. "
Developing a measure with the explicit intended goal to deny the US Government Legal access to any random State enemy's communications device by demanding brute-force decryption software through lawful order by making an alteration solely intended to render that as impossible could be argued as an act with the sole intention of "giving aid and comfort".
It could also be argued to be an act intended to keep the noses of the FIB, CIA, NSA, et al out of places where they don't belong i.e. the private data of every Apple iPhone/iPad/Mac using person on the planet.
Re: (Score:2)
It could also be argued to be an act intended to keep the noses of the FIB, CIA, NSA, et al out of places where they don't belong i.e. the private data of every Apple iPhone/iPad/Mac using person on the planet.
I think the idea (not that I agree, I certainly don't on the full picture, but let's at least be fair!) is that an independent judge decides in a court of law whether or not the FBI belongs in a particular phone or not, and that it makes that decision on the basis of the individualized facts around that phone. And that the decision of the court authorizes only the search of that specific phone.
The first step in an honest argument is arguing against the best possible version of your opponent's position, not
Re: (Score:2)
Re: (Score:2)
Re:Is this treason? (Score:4, Insightful)
Re: (Score:2)
Obviously. That's t-reason they're doing it.
Thank you. I'm here all week. Try the veal.
Re: (Score:2)
Developing a measure with the explicit intended goal to deny the US Government Legal access to any random State enemy's communications device by demanding brute-force decryption software through lawful order by making an alteration solely intended to render that as impossible could be argued as an act with the sole intention of "giving aid and comfort".
You can't give aid and comfort to a dead man - so that's irrelevant in the current case.
On the other hand - if a phone's owner is alive, and if the US Government has enough evidence to obtain a lawful order requiring that person to grant them access to the phone, then if the owner refuses he can be jailed until such time as he decides to comply. I doubt he's going to be launching any attacks from jail.
Re: (Score:2)
Well what about them losing the right to sell stuff in some places (may not usa) or may even hard time in guilty til proven innocent places.
Re: (Score:2)
Re: (Score:2)
Clothing. Particularly warm or loose clothing. And macaroni and cheese. That's even known as "comfort food"!
Re: (Score:2)
So you're saying that if someone from North Korea bought a sweet and delicious cupcake from me, I would be guilty of treason?
Re:Is this treason? (Score:5, Informative)
People can talk secretly. Over large distances. The sooner the government comes to grip with this simple fact, the better.
Re: (Score:3)
The U.S. is defined by the Constitution. If that document is null and void, the government becomes nothing more than the machinations of a warlord.
It could be argued that the FBI and NSA have already BECOME enemies of the state and so helping them is itself giving aid and comfort to the enemy.
It could also be argued that the FBI is committing treason by trying to make it easier for foreign powers to hack Americans' phones.
Re: Torn (Score:5, Insightful)
I find it hilarious that security efforts are not being driven by the government but to protect people from the government.
Re: Torn (Score:5, Insightful)
A free-thinking libertarian once gave me a great acid test for weather or not laws should exist: Would the existence of such a law have helped the colonies overthrow King George III or would such a law have helped King George III keep hold of the colonies?
In my opinion, there are really three things here that have to be considered:
1. What you have
2. What you know
3. What you are
What you have is the information on the phone. This information on an iPhone is encrypted, and would take unimaginable amounts of time to reverse, but it is reversible.
What you know is the key to reverse the information. What you are includes the thumbprint that can also be used to "mimic" what you know (the key).
The government through a warrant has the absolute right to search and seize what you have: The encrypted data.
The government does NOT have the right to what you know (5th Amendment [wikipedia.org]).
The third one: "what you are" is tricky. It only works in this case of the phone has been left ON, and has been unlocked in the past 48 hours using the key. From what I believe: due to the 13th amendment, the government can not force you to enter your fingerprint, because of a catch 22. You have not been found guilty (yet) of a crime, and doing so would constitute "involuntary servitude".
I don't think it would serve us well either to have all of our information readily accessible without any privacy protections either. What happens when China wants this information to find out who has been preaching Christianity in China, or Saudi Arabia wants to know who has gay thoughts?
Our iPhones have such intimate details about our lives and so much information, I wonder if it would not server us well to classify that information as an extension of "what you know".
Re: (Score:2, Funny)
God, "free-thinking libertarians" are even more banal than I thought.
Re: (Score:3, Informative)
The government does NOT have the right to what you know (5th Amendment [wikipedia.org]).
This only applies to self-incrimination.
Re: (Score:2)
A free-thinking libertarian once gave me a great acid test for weather or not laws should exist: Would the existence of such a law have helped the colonies overthrow King George III or would such a law have helped King George III keep hold of the colonies?
I don't understand. Which condition should the law satisfy in order to exist? Also, what exactly does it mean to "help the colonies overthrow King George III"?
A law that would explicitly enable the revolutionaries to stand up to King George III would be a law that would help the colonies overthrow the King.
"We want guns and cannons and stuff!"
"Okay. Free guns and cannons for all colonists!"
"BOOM BOOM BOOM! We're FREE!"
What about a law freeing the colonies of taxation?
"No taxation without representation!
Re: Torn (Score:4, Insightful)
A law that would explicitly enable the revolutionaries to stand up to King George III would be a law that would help the colonies overthrow the King.
"We want guns and cannons and stuff!"
"Okay. Free guns and cannons for all colonists!"
"BOOM BOOM BOOM! We're FREE!"
--Yes! Thats why the second amendment was written. We have a right to bear arms, specifically so that we can overthrow an oppressive government. So that a "militia" can not be overruled and out-gunned by its government. In modern times, its unimaginable how a citizenry in the U.S could overthrow its government, but surely it would be easier with arms than without.
What about a law freeing the colonies of taxation?
"No taxation without representation!"
"Okay. No taxes then."
"Yaaaay! This king RULES! No revolution!"
-- This isn't a good law. Taxation is a form of procurement we exercise as a nation. Eg. we can not procure national defense independently, or pay for a healthy system of courts independently. When the government purchases goods or services, we all collectively purchase them without a choice. Taxation and government procurement is under force, so it should be used sparingly. To put a point on it: No taxation would have hurt the revolutionaries, so no.
What about a law giving the colonies a voice in Parliament?
"No taxation without representation!"
"Okay. You can have some seats."
"Cool. Sounds fair. No need for revolution."
A voice in parliament would have absolutely helped the revolutionaries, and with careful negotiation and a strong bargaining position, the war could have been shorter, or avoided entirely. This would have been a good law, and it would have helped the revolutionaries. Yes.
An overly oppressive law could also help the colonies to overthrow the king, by strengthening the resolve and numbers of the opposition.
"This king sucks!"
"Oh yeah! Well I claim primae noctis on all marriages in the colonies. You also have to pay your own way to England. You can't get married otherwise. We'll kill you if you don't comply."
"Let's kill him!"
This is a bad law for so many reasons. It would not have helped the revolutionaries because it would have strengthened ties to England due to the children, it would have drained the colony of females who could not afford the trip back, and (to humor you) would have resulted in many deaths due to the inability to pay for or survive the Atlantic crossing. Bad law, no.
Does timing matter? Couldn't the same law have different effects during different stages of the revolution? Consider something which, early on, would be non-controversial and "nip in the bud" revolutionary activities. However, if enacted after the colonies were already in revolt, this same law would be seen as oppressive and instead fuel rebellion?
"Don't talk to Ben Franklin!"
"Ben who?"
vs.
"Don't talk to Ben Franklin!"
"FUCK YOU!"
At no point would such a law have helped the colonies, No. This isn't a good law.
Is this really a good test? Wouldn't the most oppressive laws imaginable actually pass, because they would incite revolution? Should the gov't really pass crazy laws simply for the purpose of provoking the public?
None of the laws you have proposed would have helped the colonials, save for the voice in parliament which would have been a great law at the time. Yes, this is a good test. The goal isn't to incite revolution, the goal is that the will of the governed reign over the will of their government. Laws should enact the peoples choices and beliefs. The colonists wanted freedom and liberties, their government didn't want to give it to them.
Re: Torn (Score:5, Insightful)
So what? The Magna Carta was written 800 years ago, and we still value many of the principles it contains. Much of the beauty of the Constitution is how well engineered it is, and how much of its framework still works and applies today, including the 4th and 5th. The fact that the founders couldn't foresee our technology is irrelevant. What you don't seem to understand (most people, actually) is that the Bill of Rights doesn't grant people rights.
It states that these rights preexist, AND EXPLICITLY STATES THE GOVERNMENT HAS NO POWER TO INFRINGE UPON THEM.
Whether we are to be secure in papers in our houses, our strongboxes, or letters, or text messages is simply a game of semantics. These are all communications we intend to hold privately ... and therefore the government has no right to them.
Re: Torn (Score:4, Insightful)
spot on. Magna Carta, the Bill of Rights 1689 and the US Constitution don't *grant* rights, they *guarantee* them against State interference. As opposed the Human Rights Act in England and Wales, which ONLY guarantees that the State won't infringe on rights *granted you by the State at its own sufferance* unless it *feels the need to* - and you have NO RIGHT TO EFFECTIVE REMEDY under the Human Rights Act! Don't believe me, go read it for yourself: compare the ECHR which the HRA is based on, next to the HRA - you'll see that under the Articles in hte HRA, #13 is absent. This is because the UK Government is under the criminally erroneous impression that Art. 6 covers it. IT DOESN'T, which is WHY IT'S IN THE ECHR IN THE FIRST PLACE!
Just FYI: there is a clause in the Serious Organised Crime and Police Act 2005 (linked here [legislation.gov.uk]) which immunises State actors from ANY civil or criminal prosecution WHATSOEVER on the single proviso that they turn evidence in ANY OTHER PROCEEDING. Cliffnote: you can't sue the State!
http://www.echr.coe.int/Docume... [coe.int] (ECHR)
http://www.legislation.gov.uk/... [legislation.gov.uk] (Human Rights Act (HRA))
http://www.bl.uk/magna-carta/a... [www.bl.uk] (Magna Carta 1215, Modern English translation at the British Library)
http://www.legislation.gov.uk/... [legislation.gov.uk] (Bill of Rights 1689 (the dates are different because this is the year the calendar changed))
http://www.senate.gov/civics/c... [senate.gov] (The Constitution of the United States, including Amendments I-XXVII)
Re: Torn (Score:5, Insightful)
"There are simply no comparisons to be made and the writers could never have comprehended the technologically advanced world we live in today."
Bullshit. I can teach 65+ year old biddies from the ghetto how to repair laptops in a couple of weeks, yet they still can't program a VCR to save their lives. Teaching the founders today by analogy would take about ten minutes, and they'd then look at you and go "You sir, are a fucking moron."
Re: (Score:3)
Re: Torn (Score:5, Informative)
iPhones are only secure within themselves. If I send you a text, that's open and easily interceptable.
Military needs secure comms, not secure storage.
(Well okay, they need both... But the storage is cheap and easily handled)
Re:Torn (Score:5, Insightful)
If the lack of security--due to government mandated back doors--allows for state sponsored persecution of innocents, enemy state or NGO attacks, etc. where would you stand then? You do grasp the concept that a security vulnerability may be exploited by any actor, at any time, not solely the "right and just" United States government after receiving a lawfully obtained court warrant?
Re: (Score:2, Informative)
If the lack of security--due to government mandated back doors--allows for state sponsored persecution of innocents, enemy state or NGO attacks, etc. where would you stand then? You do grasp the concept that a security vulnerability may be exploited by any actor, at any time, not solely the "right and just" United States government after receiving a lawfully obtained court warrant?
Well said. We give up what little privacy we have left at our own peril. Here you have a door they want opened. They will probably succeed at forcing it open. At first it will be a few phones, but then it will be an automated process. Then that won't be fast enough, and it will be a portable device. Then the device will be copied and it will be used all over the world at every checkpoint. I wouldn't be surprised now if certain customs agents don't demand the unlock code to get in the country, and the
Re:Torn (Score:4, Interesting)
If the lack of security--due to government mandated back doors--allows for state sponsored persecution of innocents, enemy state or NGO attacks, etc. where would you stand then? You do grasp the concept that a security vulnerability may be exploited by any actor, at any time, not solely the "right and just" United States government after receiving a lawfully obtained court warrant?
Considering how much people divulge about themselves online these days, the government or other actors don't need a back door persecute the innocents. Maybe, if we want protection from prying eyes, we should be more conscious about what we put out for the world to see.
Re:Torn (Score:4, Insightful)
f the lack of security--due to government mandated back doors--allows for state sponsored persecution of innocents, enemy state or NGO attacks, etc. where would you stand then? You do grasp the concept that a security vulnerability may be exploited by any actor, at any time, not solely the "right and just" United States government after receiving a lawfully obtained court warrant?
Exactly, it's really not an exaggeration to say that if the FBI gets their way, when the "just for this phone" (a bald-faced lie anyway) software eventually leaks, dissidents in totalitarian countries will be MURDERED because of it.
Re: Torn (Score:4, Insightful)
I don't have an iPhone, why should I care? Apple didn't care when the Indian government went after Blackberry.
Learn from the past:
First they came for the Socialists, and I did not speak out—
Because I was not a Socialist.
Then they came for the Trade Unionists, and I did not speak out—
Because I was not a Trade Unionist.
Then they came for the Jews, and I did not speak out—
Because I was not a Jew.
Then they came for me—and there was no one left to speak for me.
https://en.wikipedia.org/wiki/First_they_came_...
Re: (Score:3)
Because there is this concept of a "legal precedent."
You're a certified fucking moron if you think that this case only applies to Apple, or people with Apple devices.
Re:Torn (Score:5, Insightful)
Re:Torn (Score:4, Insightful)
in a perfect world countless lives would be saved by limiting the speed of cars to 20kph but no one wants to do that either. I am agreeing that the risk/reward outlook favors encryption by a wide margin.
Re: (Score:2)
In a perfect world, lives would not end prematurely in the first place.
Re:Torn (Score:5, Insightful)
In a perfect world maybe, but you're not considering the real world where few lives will be saved, but the vulnerability will be abused constantly.
Especially since they immediately demanded to violate those rights 12 additional times in order to break the encryption of 12 more iPhones [wsj.com] -- none of which had anything to do with the bogyman of the week, terrorism.
This has nothing to do with fighting terrorism or protecting Americans. The FBI decided us using our right to privacy was making their jobs annoyingly difficult, so our right to privacy, in this situation, simply has to go.
Re: (Score:2)
"If listening on every citizen's phone calls could potentially save lives..." –Sting Ray
Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.
Re:Torn (Score:5, Informative)
Don't forget though, Ben Franklin is someone who never had his liberty or his safety threatened. It's an easy platitude when you've got both.
One would think that his involvement with the US Declaration of Independence, the revolution, etc., would certainly be evidence that he felt his safety and liberty were threatened.
Re:Torn (Score:5, Informative)
"Ben Franklin is someone who never had his liberty or his safety threatened"
Say fucking what? February 15, 1739: Franklin’s home was robbed by William Lloyd. November 24, 1737: Franklin and others organized a volunteer militia – the Associators – for the defense of Pennsylvania. December 23, 1750: Franklin was severely shocked, while electrocuting a turkey. June, 1752: Franklin, who has not yet heard of the French success of his 'sentry-box' experiment, experiments with flying a kite in a thunderstorm, and also proves that lightning is electrical in nature. September 16-17, 1765: Franklin’s house threatened by Stamp Act protestors. Deborah refused to flee, and the mob was dissuaded by 8oo Franklin supporters ready to combat them.
Franklin has had his liberty and safety at risk more times than you can possibly imagine. these are just the documented and notable ones.
Re:Torn (Score:5, Informative)
Re: (Score:3)
Re: (Score:3, Insightful)
Re: (Score:3)
if access to the data on the phone could potentially save lives
That's not really an argument, but more of a random statement.
Keeping everyone sedated and locked up in a room when they are not at work could also potentially save a lot of lives (by keeping some perpetrators and many potential victims off the streets). But we are not planning to do that either.
Re: (Score:2)
Is there evidence that lives could be saved?
Even if true, the FBI could always say that they want to put RFID tags into every person and newborns at birth in order to solve crimes and save lives. It would seem like a huge invasion of privacy and government intrusion, but that's only because care about our own personal rights. But when it comes to a third party we're a lot more blasé about what the government does to companies or people that aren't us.
Re: (Score:2)
I want security, but if access to the data on the phone could potentially save lives, that seems pretty important too.
Well, if your phone has information which can save someone's life, then of course you have the option of unlocking it for the government. No one is forcing people to keep their phones locked. But Apple is giving people the choice.
Re: Torn (Score:5, Insightful)
Anne Frank had something to hide from the government
Re: (Score:3)
To be Frank, at the time, was a dangerous thing.
Re: (Score:2)
Re:Torn (Score:4, Insightful)
I want security, but if access to the data on the phone could potentially save lives, that seems pretty important too.
Would you be willing to give a copy of your house keys to the local police department? Afterall, if everybody did that, then lives could be saved by letting the police enter suspects' homes on a whim. In fact, you could even assume those that didn't volunteer their keys are suspect to begin with!
Re:Torn (Score:4, Interesting)
> In fact, you could even assume those that didn't volunteer their keys are suspect to begin with!
I once had a couple of cops kick me out of Kansas for that line of thinking. It's a long story but I'll try to make it brief.
They tried to convince me that my refusing to allow them to search my vehicle is grounds to allow them to search the vehicle, that it constituted probable cause. Yes, I laughed aloud and explained that I was not a teen. I did applaud their effort, quite literally. They then told me to get out of Kansas and that if they ever saw me again, they were going to arrest me.
Oddly, with all the travel I have done (and the condition and manners in which I've done it) that's the worst thing I ever faced. There's more to the story but that's the gist of it. I don't believe the rest is significant but I'll share it if you want to understand the circumstances. I'm not sure if I should be frightened or amused by the treatment. I have to wonder if they use that line often and if anyone falls for it?
I'm also pretty sure they can't just kick me out of Kansas but I didn't figure I'd stick around where I wasn't wanted and I was headed out anyhow - and right on the border. They were even kind enough to give me an escort to the on-ramp at the nearest highway. I didn't have the heart to tell 'em that I'd just gotten done helping clean up after 90% of Greensburg had been destroyed by a tornado and that I'd only cleaned up because I happened to be right there in the area and they needed help. I just figured that I'd avoid Kansas. I've never been back.
Re: (Score:2)
I want security, but if access to the data on the phone could potentially save lives, that seems pretty important too.
Would you be willing to give a copy of your house keys to the local police department? Afterall, if everybody did that, then lives could be saved by letting the police enter suspects' homes on a whim. In fact, you could even assume those that didn't volunteer their keys are suspect to begin with!
That's a false analogy. The police want help from the local locksmith to get into this house, which he made the lock for, because they have a warrant to search the premises. And the tenant is dead. And the property owner consents.
Re: (Score:3)
That's a false analogy. The police want help from the local locksmith to get into this house, which he made the lock for, because they have a warrant to search the premises. And the tenant is dead. And the property owner consents.
Except that they're not asking for a key to that house. They're asking for a Master Key to 38.58% of the Houses in the country, along with the legal authority to demand a custom built master key for the other 60%.
Wrong.
First of all, you can't build a backdoor or a master key in after the fact -- the backdoor already exists in the 5C. If a there's a "Master Key to 38.58% of the Houses in the country", it's the locksmith's fault for creating that situation, not the police's fault for -- a Master Key being possible -- telling the locksmith to use it on this house they have a warrant for.
Furthermore, the FBI's own affidavit indicates that Apple can keep possession of the software (key).
Re:Torn (Score:5, Insightful)
The problem is it's not just this phone. It's the 12 others they have on stand by, it's the 175 NY has lined up and ready to go -- for starters. The other problem is there is no guarantee breaking into this phone (and enabling the government to break into any other iphone) is going to save even one life. Is it worth compromising the phone's security (and enabling all kinds of fraud) on the off-chance that some information it contains may help the government prevent a death?
This couple purposely and specifically destroyed their phones and computers before going on their rampage. Do you really thing they left incriminating evidence on the guys's work phone?
Ask yourself, what is the price of freedom? If you want to live in a world where your every move isn't monitored and recorded by untrustworthy people who seek to capitalize on every little weakness you may have, perhaps the risk of a death here or there is an acceptable price. The question boils down to, would you rather live as a slave or risk death living as a freeman?
Re:Torn -- Damage done by the terrorists... (Score:5, Insightful)
"This couple purposely and specifically destroyed their phones and computers before going on their rampage. Do you really thing they left incriminating evidence on the guys's work phone?"
Its interesting to consider that by leaving their iphone in the situation they did, this terrorist couple may end up doing far more damage to US society than their shooting spree...
Re: (Score:3)
Apple counsel gets called into court, ordered to make special firmware that can be installed on anyone's phone by FBI agents, without Apple supervision.
Existence of this firmware is not to be revealed to public. Existence of this court order is not to be revealed to public.
FBI uses this to quietly solve some difficult cases, much high-fiving.
Then FBI agent unknowingly allows a copy to be stolen by his mistress, who sells it to her drug dealer.
Another gives a copy to his buddy, a former agent turned private-
Everyone else gets access as well (Score:4, Interesting)
Any knowledgeable international travelers already know to leave their laptops at home or bring a burner laptop on the assumption that Chinese customs and immigration *will* load your computer up with five different flavors of spyware during the immigration process. I expect they would love to do the same with every phone that enters the country.
Re: (Score:2)
If you give up freedom in the name of security you get neither .(paraphrased from Ben franklin)
There is nothing of value on that phone. exactly like how the NSA bulk collection didn't stop a single terrorist threat. Every so called threat it stopped is deeply classified as if the terrorists didn't know we stopped them.
Re: (Score:2)
If you give up freedom in the name of security you get neither .(butchered from Ben franklin)
FTFY. I happen to agree with the rest of what you said, but that particular misuse of the Ben Franklin misquote needs to be retired [lawfareblog.com].
Re: (Score:2)
I don't know why people modded you down as flamebait. You've summed up the dilemma perfectly. Better than most, actually, since tend you see a lot of people falling for the "liberty vs security" rhetorical trap when topics like this come up. You recognised that privacy is security. And only an idiot would think that lives aren't important.
It's not really relevant to the current case, since realistically we all know that exactly zero lives will be saved by the act of the government breaking into the phone. B
Re: (Score:2)
Access to the money you have hidden in your sock drawer could potentially save lives too. So give it up right now.
Re: (Score:2)
Maybe. With the security hardware that exists in the iPhone 5S and later devices, it's possible a software update to them could simply fix it.
Re:Theatre? (Score:5, Insightful)
You know what, I don't actually care if it is theater if it keeps people talking and thinking about security, for a change.
Re: (Score:2)
"Apple embroiled in phone court fights beyond San Bernardino; cases don’t involve terrorism charges, sources say"
http://www.wsj.com/article_ema... [wsj.com]
Also the service providers have a lot of details and so do all the other gov linked workers on gov issued platforms.
The end product been requested is a new backdoor operating system. Once the US federal gov gets this, so will Canada, Australia, the
Re: (Score:2)
Can you point me to a more secure smartphone? (Score:2)
Go ahead, I'll wait.
Re: (Score:2)
Is that so?
I know we have this technology against MITM attacks or wiretaps, provided by SSL and the like. Keys can be securely exchanged, all data is encrypted to a level that makes it virtually impossible to break. But when you have direct hardware access to the device in question? That's a whole different ballgame. You then get someone's private SSL key in your hands and you can start to brute force the password - you could rewrite SSL (open source) if needed to do so. Extra protections have to be in plac
The fastest way to make Apple's life a PITA (Score:2)
Then Apple is one San Bernadino event away from being on the wrong side of things.
Re: (Score:2, Funny)
Guess I should consider looking at OpenBSD
Yeah, I'm also seriously considering to consider the consideration of potentially maybe looking at OpenBSD, or their Website anyway, if Microsoft does this again more than five times, at least if it wasn't for all the Windows-only programs that I need and have no replacement.
I'm sure MS is shaking, considering my consideration.
Re: (Score:2)
That won't stop the US.
Re: (Score:3)
Remember that Jobs publicly announced that he didn't want the DRM, and removed it as soon as he could?