Edward Snowden Calls For Google To Side With Apple On Encryption Debate (techinsider.io) 259
An anonymous reader writes: Edward Snowden, the most famous whistle blower in the world, is calling for Google to side with Apple and against the FBI in the "most important tech case in a decade." On Tuesday, the FBI asked Apple to help it crack the password on an iPhone belonging to a shooter in the high profile San Bernardino case. Apple CEO Tim Cook quickly responded with a public letter denying the request, calling it "an unprecedented step which threatens the security of our customers." Google creates Android, the most-used mobile operating system for smartphones in the world. Google has been nowhere near as firm as Apple about its stance on un-compromised encryption - Android is famously an open sourced platform that anyone can modify. Snowden issued his message in a tweet.
how does Apple encode a unique device ID on chips? (Score:5, Interesting)
How does a chip manufacturer inscribe a unique code into every chip? As I understand it, chips are produced by successive masks (film) with the circuit pattern layered on each mask.
Is one of the masks getting printed with the unique set of codes? Are the masks printed and changed with every wafer, after the unique codes are changed and discarded? Seems like a very intense way of having to put a unique code on each chip.
Or, if you remember film cameras from like the 80s/90s, where they could burn a date into the corner of the negative, do IC making masks have the ability to dynamically burn a changing code during exposure of the wafer??
Thanks for any knowledge you can offer on this point!
Re:how does Apple encode a unique device ID on chi (Score:5, Insightful)
I dont know how Apple does it on its chips but other companies have done it via one-time-programmable fuses.
Re: (Score:2)
Crazy talk.. https://en.wikipedia.org/wiki/Programmable_read-only_memory [wikipedia.org]
1. Patent the technology
2. Travel to 1955
3. Profit!
Re: how does Apple encode a unique device ID on ch (Score:5, Informative)
I'm not certain about Apple but the way similar tech does this is to have read/write nvram but then burn an addressable fuse on the write line so it cannot ever be written again.
Re: (Score:2)
If it can be read, couldn't they create a clone with a new chip? Pardon my ignorance on this.
Re: (Score:2)
If it can be read, couldn't they create a clone with a new chip? Pardon my ignorance on this.
It can't be read. The chip has a few commands, and "read the encryption key" isn't among them.
Re: (Score:2)
I don't know the specifics on how this works in this case but I know enough about electronics that I can speculate.
One means to have a write once memory is with the use of "fuses", the fuse is a small etched wire that with enough current will open like a fuse. This would be done with a write at a voltage much higher than that normally used for a read. I would further suspect that to prevent someone from changing the written value the write function itself would have a fuse, blow that fuse and the chip is
Re:how does Apple encode a unique device ID on chi (Score:5, Interesting)
Just to reiterate a point - the phone in question is an iPhone 5C which doesn't have a secure enclave. A7 SoCs and above with the secure enclave do all the PIN verification in hardware, enforcing the timeouts and the 10 incorrect guess wipes. But since the iPhone 5C doesn't have this, it's a software check that does it. (However, it doesn't mean Apple can just load on a new firmware update to a locked phone - doing so could wipe the phone as well).
So it is theoretically possible to write code that allows unlimited guesses. Whether or not you can load it on a phone is another question altogether (and I wouldn't be surprised if you couldn't without wiping the phone).
As for the SoC part - no, they don't pattern the masks with the ID. What happens is in practically every SoC in existence, there is a bit of memory that is one-time programmable. Effectively, it's an array of fuses (we call them fuses, but in reality, they're antifuses). You can blow the fuses which often sets various configuration options (e.g., blow one fuse, and the JTAG interface is disabled, blow another fuse, and you disable some block, or half the cache or whatever). You can also blow fuses that have special properties - e.g., a memory area that cannot be read by software, but hardware can access it. This is often done by initial programming software - you program in a serial number and the software blows the right fuses for that serial number. That software can also generate the hardware keys for encryption - by generating a random key using the key generator block (usually a random number generator) of the cryptographic engine, then using that to blow the key fuses. If the software doesn't report the key to the manufacturing hardware, then no one knows the key, not even Apple.
OTP fuses can be blown during the hardware test phase of chip production as well. Special pads on the die that aren't brought out of the package can be used to access and blow the OTP fuses. This is typically done for the unique identifier portion
For small lots, it's often easier to do it in software during production - customers will buy chips with areas of the OTP unblown to which they can use vendor-provided tools to blow them. Larger runs can be blown at the factory.
The OTP array is not strictly a 2D array of fuses - there's metadata like a valid bit (the row of memory is programmed - used by boot firmware to determine if it needs to engage the encryption unit), a lock bit (to prevent bits from being written - stuff like serial numbers and unique IDs will have the lock bit blown to prevent people from blowing fuses in that row and changing the ID), the bits themselves and special wiring that connects each bit with the appropriate piece of hardware.
Re: (Score:2)
The Apple docs use the word "fused" so I think they're using the same technique as PROM [electronics.dit.ie] circuits, except they're not directly readable. Essentially every bit is wired to a circuit breaker, you start with all 1s and intentionally trip some to burn in a fixed patterns of zeros and ones the first time you power it up. If they use the on-chip RNG to initialize it it's possible that not even the manufacturing facility knows what value it has encoded, only the chip itself. Looks like a real tin foil hatter design
Re:how does Apple encode a unique device ID on chi (Score:5, Interesting)
I believe that this is possible. Further, before you mount the die, during the automated testing phase you could easily allow the test unit to make connections to the die in order to allow programming of the nonvolatile areas, then "blow the fuses" by application of specific voltages/currents so the device cannot be modified using the same process ever again. If you use a random enough data source for setting the key, it will be logically impossible to do anything but brute force the key.
Of course, it is all academic. If you have access to the physical device, it should be possible, though likely very difficult, to determine what you need to know to access the data on the phone, even without the pin. At the very least, one should be able to attach to the device, dump the encrypted content, duplicate it onto a emulated device and brute force the pin without having to worry about busting the original phone. Apple could do this if they wanted but it's going to take internal knowledge of the device's design and the software that runs it. I don't see this being dangerous to privacy as it's really just an attack that is going to require extended physical access to the phone by an army of people who are equipped with the necessary hardware, software and tools along with the necessary technical data. Surely Apple can do this for ONE phone.
My guess here is that if the FBI really wants to do this, they can easily force Apple to release the necessary technical data with appropriate NDA's and hire it done. My guess is they don't want it that badly but they will do what they can to hold Apple's feet to the fire by asking the judge for sanctions given his orders are not being followed. Apple may eventually find themselves in some seriously uncomfortable situations if they truly mean to press this.
Google should take a longer-term view (Score:5, Insightful)
In a sense, Google as an organization is a bit more conflicted in its mission, because its mission is/was to make the world's information free and available. Along the way it came up with services that customers liked, and they found that customers also benefitted from not being hacked, so they have some good security along with those services. But from the start it's mission wasn't the front line of being a secure service.
Apple is different. It designs and puts devices in people's hands which they come to regard as personal, inviolable, and private modes of communicating, and keeping information to themselves.
Merely from a practical view, I would say that Google should support Apple, just because in the future, if this case falls, they may find themselves in the same position of having to help the government over and over with increasingly mandatory tasks...
Re: (Score:3)
...
Merely from a practical view, I would say that Google should support Apple, just because in the future, if this case falls, they may find themselves in the same position of having to help the government over and over with increasingly mandatory tasks...
This assumes Google hasn't already caved to the likes of the NSA already. I mean, they've been on the Prism program since 2009... https://en.wikipedia.org/wiki/... [wikipedia.org]
I wonder how much of Apple's recent slide in the stock market and Google's rise in stock value has to do with nefarious interference from the security state (which funds companies these days - they have their own incubator and funding arm)
Re: (Score:2)
compelled speech. (Score:2)
The government is not going to pay the true cost of this operation. Suppose the developer ordered to create this code quits instead, as indeed he must do, to protect his personal integrity. Yes developers can be bought on the market but it takes months to years to bring a developer up to speed on a particular piece of software. This can costs millions. I doubt the government will pay the true cost for this.
This w
Re: (Score:2)
Source code is speech. Compelling someone to create or modify source is compelling speech.
Wrong.
"Commercial speech is speech done on behalf of a company or individual for the purpose of making a profit. Unlike political speech, the Supreme Court does not afford commercial speech full protection under the First Amendment. " https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
No, he's right. Read your own link and the four indicators for what is or isn't commercial speech. "Commercial speech" refers to things like advertisements, not to source code developed for use within a product.
Re: (Score:2)
By Citizens United, corporations have rights.
For the love of.... Corporations had RIGHTS long before the Citizen's United case. All that Citizen's United did was recognize that Corporations had First Amendment rights (free speech rights) and could participate in political campaigns.
I'm not going to adjudicate the SCOTUS decision here, but you guys who don't like the Citizen's United ruling do need to back down on the rhetoric a bit. This ruling does NOT grant a pile of new rights to corporations, it only established that they couldn't be barred fr
Re: (Score:2)
Interesting position, but one that has never been supported by courts. Even in a civil case, a company may have to write custom software to, say, find all employee correspondence containing specific keywords. You can argue before judge that the cost will prohibitive, but first amendment claims will not fly. Conversely, a judge can issue a gag order against discussing certain information during trial or investigation.
You only have the right against self incrimination, but even then you may be compelled to te
Don't be evil (Score:5, Insightful)
I have long been one of those to poke fun at Apple fanbois and their walled garden. But Tim Cook's ethical stance is making me seriously consider my next phone choice.
Public/government information should be free, but what's mine should stay mine.
Come on Google, Facebook, Microsoft, Intel, AMD, Cisco, Twitter, Yahoo, Motorola - be Spartacus! Collectively you can face down the Leviathan!
They are the leviathan. (Score:5, Insightful)
I respect Apple's stance although I have no love for their business practices.
To me this just says that they have crunched numbers and found this to be the fiscally sound stance to take. They are the richest company - I hope there is a reason beyond faux status symbols and "ooooh shiny".
All of those companies will lobby whatever they think is best for their bottom line even if they're in opposition to everything else - even themselves.
I'm sure Cisco would love to sell you network encryption options while also selling the equipment to allow mass collection of that encrypted data for attempted cracking. Why sell weapons to only one side?
Re: (Score:2)
I have long been one of those to poke fun at Apple fanbois and their walled garden. But Tim Cook's ethical stance is making me seriously consider my next phone choice.
Public/government information should be free, but what's mine should stay mine.
Come on Google, Facebook, Microsoft, Intel, AMD, Cisco, Twitter, Yahoo, Motorola - be Spartacus! Collectively you can face down the Leviathan!
Er, I'm not sure who the Leviathan is here? Given the choice of privatised Leviathan that does whatever it likes, and public Leviathan that can be voted out if required, I'll choose the latter every time.
Re: (Score:2)
It is easy to spot the Leviathan. It is the one with civil forfeiture, guns and SWAT teams and claims the right to drone strike you without trial.
Re: (Score:2)
Real life is a little more complicated than that.
Comment removed (Score:3)
my prediction (Score:2)
this will end in congress banning all non-backdoored encryption.
Re: (Score:2)
What can a US software or hardware developer say to their consumers?
Trust US, its only the US federal gov, a few states and larger cities, security cleared contractors and other 5 eye nations that have all the keys to the entire product range?
Ex staff and former workers are under a tight NDA never to share or sell the keys.... or methods..
Under free trade deal other nations will j
Lavabit all over again (Score:2)
I don't see why Apple and the government can't arrive at a mutually acceptable and proportional compromise.
Apple could install an image without wipe limit, run a brute force attack of device and restore original image so government would never be in possession of hack image.
Unless of course there is an ulterior motive like Lava bit fiasco where government forced production of encryption keys that compromised the whole system rather than allow vendor to implement per user data collection capability.
In any ev
Re: (Score:2)
You're assuming Apple isn't working with them, this is all smoke and mirrors with Cook tryign to sound like he cares.
You got me... I'm trying to assume that for some reason.
Have to admit with "That's not what I've heard. Let me leave it at that" stuck in a replay loop in my head I'm going to need another blue pill soon.
Nothing to do with encryption debate (Score:2)
FBI asking Apple to provide them with a signed OS image which allows unrestricted brute force guesses [trailofbits.com] of the password/pin code on a single phone. This is very different from building a backdoor into encryption so that it can be reversed without knowing the password.
Apple could provide an alternative OS image that checks for part serial numbers on specific phones named in a warrant. FBI would not be able to install that image on another phone, as removing serial check would also invalidate the signature.
I th
Re: (Score:2)
FBI asking Apple to provide them with a signed OS image which allows unrestricted brute force guesses of the password/pin code on a single phone. This is very different from building a backdoor into encryption so that it can be reversed without knowing the password.
The reality of import is vast majority of users have device passwords unable to withstand brute force attack. You can label it as something unrelated yet real world practical implication is indistinguishable from a backdoor.
Apple could provide an alternative OS image that checks for part serial numbers on specific phones named in a warrant. FBI would not be able to install that image on another phone, as removing serial check would also invalidate the signature.
What Apple should do is comply and then immediately issue a recall to fix defects in security hardware so this cannot happen again.
Re:Corporate States of America (Score:5, Insightful)
Re:Corporate States of America (Score:5, Informative)
Apple hasn't said they couldn't cooperate, they said that they wouldn't. It seems likely there is at least something they could do if they were willing to cooperate.
Re: (Score:2)
Actually, they *HAVE* said in the past that they cannot decrypt iPhone content with IOS8 or later. Arguably, they are only saying they wouldn't *BECAUSE* they couldn't.
Lots of people seem to believe this... but I don't think any of them are experts in encryption. Ultimately it baselessly presumes that Apple is lying about their inability to b
Re:Corporate States of America (Score:4, Insightful)
Obviously their are mathematical reasons why breaking strong encryption is hard, but security is only as strong as its weakest link which in the case of an iPhone is the 4 digit pin code. Modifying the OS to allow brute forcing of the pin code isn't a mathematical impossibility.
Re: (Score:2)
Obviously their are mathematical reasons why breaking strong encryption is hard, but security is only as strong as its weakest link which in the case of an iPhone is the 4 digit pin code. Modifying the OS to allow brute forcing of the pin code isn't a mathematical impossibility.
Except in this one case where they would have to be able to modify the OS of a phone that is already locked.
Re: (Score:2)
Yup, said this in my followup comment, where I also requested that my post be harmlessly modded out of view.
You two are not even vaguely close to being the first to recognize this, so no harm done.
Re: (Score:2, Redundant)
Re:Corporate States of America (Score:5, Informative)
Apple actually is capable of cooperating (in this particular case), since the relevant device is an iPhone 5c (i.e. three generations old), which pre-dates the protections provided by TouchID and the Secure Enclave. Specifically, because the iPhone 5c and earlier devices lack the Secure Enclave, it means that the OS itself is what's responsible for wiping the device after too many failed attempts and for enforcing the delay between login attempts that limits the effectiveness of brute force attacks. As such, replacing the OS installed on the device with a compromised version that has those countermeasures stripped allows the FBI to engage in brute force attacks against the user's passcode.
Not so in later devices, where the Secure Enclave (which is essentially a separate computer in the iPhone with its own, separate OS and its own, separate memory) manages those features and stores the encryption keys, meaning that even if you have a compromised update for iOS, the Secure Enclave will still deny repeated attempts at logging in, along with destroying the keys after a set number of failed attempts.
The FBI is asking Apple to create a custom version of iOS (which some security experts have taken to calling "FBiOS") that is intentionally and knowingly compromised. The reason they need Apple to do it is because Apple holds the keys used to sign iOS updates. So while Apple can't decrypt the iPhone directly, they are the only ones who can create a version of iOS that allows the FBI to engage in a brute force attack against the user's passcode, which can, in turn, be used to decrypt the device.
All of which is to say, yes, Apple IS taking a stand against the FBI. Were it a later device, you might be right (though rumor in the tech press today seems to indicate that Apple is aware of a similar sort of attack which may be possible against the Secure Enclave), but this issue needs to be a line in the sand, because if the FBI can do this the implications are dire. It would mean that there's nothing stopping them from compelling private software companies to create malware versions of their software that can be used to open backdoors that otherwise wouldn't have existed. And the same legal logic that is being applied here by the FBI (i.e. the use of the All Writs Act of 1789) could be applied just as easily to compel Apple to knowingly compromise the Secure Enclave in new devices, thus creating backdoors where otherwise one would not exist. It's a broad overreach of a centuries-old law, and it needs to be stopped here and now.
Re: (Score:2)
Re: (Score:2)
how does Apple force a device that has been locked by the OS to update itself
Device Firmware Update mode, enabled via USB. It's the same method used by jailbreakers.
Re: (Score:2)
Re: (Score:2)
That's honestly a really good question, and I don't have a certain answer for you. I can speculate a bit, based on what I do know, however...
My understanding based on the reporting today is that the FBI can't do this on their own because they need for Apple to sign the update. Having never jailbroken my iPhones, I can't speak to how the process works, but I'd assume that a jailbreaker is required to unlock their device at some point during the process. Perhaps it's the case that updates signed by Apple's pr
Re: (Score:3)
Speaking as an iPhone owner who has jailbroken his iPods, iPhones, and iPads many times... you don't need a signed update to jailbreak, since you're not changing the iOS version during the jailbreak process.
Now if you are jailbroken, and the version of iOS you are on is no longer being signed, then if your phone gets screwed up there's no way to restore the phone to the current version of iOS - but that's because a restore reinstalls iOS, and that can only be done with a version of iOS that's currently bein
Re: (Score:2)
Perhaps I shouldn't feel bad about not reading entire threads before commenting; apparently nobody else does either.
It wouldn't be /. if we did. ;)
Thanks for the heads up. I got sidetracked while typing and (as per the usual) didn't refresh to check for updates before posting. Apologies if I beat a dead horse, since I've seen you around enough to know that you're one of the good ones.
Re: (Score:2)
It seems more that Apple cannot cooperate, which is what will keep the FBI from storming their facilities in the long run; their "unwillingness" to cooperate is simply cheap PR riding on the back of their inability to do so.
They cannot cooperate because they intentionally engineered their OS so they couldn't comply. It may be for PR purchases, after all in a post-Snowden world we do care about phones that the gov't can't sniff, but it certainly didn't come 'cheap'.
Re: (Score:2)
I think you're right in that I do need to do some more reading into this. I'm not sure if we're talking about whether Apple can decode the device or if Apple can lift the gates on gov't brute forcing it.
Re:I don't have a problem with... (Score:5, Insightful)
Re: (Score:2)
Re: (Score:3)
You speak ignorance with great authority.
Defeating brute-force attacks is very precisely part of strong encryption.
Re: (Score:3)
The limit is to protect the password, not the encryption. The password is weak because humans. If the encryption were weak, they could just copy the flash memory and crack it.
Re: (Score:3)
Re: (Score:2)
and... Enabling a party to defeat all the security measures that implement an encryption method is distinguishable from breaking the encryption, how?
Because not all security measures are encryption. (Seems straight forward to me, maybe a Venn diagram would help?)
Re:I don't have a problem with... (Score:4, Insightful)
they're just being asked to compromise security so that the government* can get the data.
*and totally just the government, no way it would be abused by others
Re:I don't have a problem with... (Score:4, Interesting)
As ordered, it would only affect the particular phone in question. Just create a new version of the OS that disables the delays and lock-out ONLY IF the hardware serial number is ABC123. They then sign the compromised binary their cryptographic key* and update the phone** in question. Put it on another phone, the interlocks still work normally. FBI tries to change the hard-coded serial number and the signature no longer matches, so it won't run. Voila, one particular phone is effectively unlocked without compromising security on anything else.
Of course the broader implications are that Apple would then be required to either create a custom OS image for every phone the FBI wants unlocked, or a "master key" edition that would work on any phone (and absolutely be abused). Honestly you could probably make a good argument that the former was okay so long as the FBI has to cover the costs.
* I'm assuming the iPhone is "Tivoized" so that it will only run signed OS images. Otherwise this entire issue is just evidence that the FBI is lazy, incompetent, or intentionally bolstering a false sense of security on the iPhone.
** I'm also assuming it's possible to update the OS without the inputting the unknown PIN. But offhand I can't think of any straightforward way to prevent that - the decrypting software needs to be accessible in order to decrypt the user files, and if accessible, it's almost certainly modifiable.
Re: (Score:2)
How do you propose to update it without unlocking it first to accept the update?
Re: (Score:3, Funny)
Well wipe the phone first of course!
Re: (Score:2)
Obviously the software itself can't be encrypted or there'd be no way for it to do the decrypting.
Option 1: If the OS doesn't actually require the device to be unlocked to update, just do it. Maybe you can tell it there's an urgent security update that needs to be installed immediately without user interaction. Or maybe there's an option to do something like a factory reset that only effects the OS without touching user data or encryption keys. It all depends on exactly how thorough they were in making s
Re:I don't have a problem with... (Score:5, Insightful)
You don't think that the second it's been done, that the government won't attempt to reverse engineer the "firmware update" thus enabling them to do it to anyone? Regardless of whether or not it is POSSIBLE to reverse engineer it, the government will try to.
Re:I don't have a problem with... (Score:4, Insightful)
Re: (Score:2)
Why would they wait? They already have a whole selection of perfectly functioning iOS images, and you'd only need to change a couple bits to disable the lockout - cracking your average copy-protected video game is a bigger challenge.
I assume the problem is that the iPhone will presumably only run signed OS binaries, so the cracked version wouldn't run unless Apple signed it. And if signing a file, or even a massive pile of files, significantly compromises the secrecy of the signing key, then PGP and prett
Re:I don't have a problem with... (Score:5, Insightful)
You don't think that the second it's been done, that the government won't attempt to reverse engineer the "firmware update" thus enabling them to do it to anyone? Regardless of whether or not it is POSSIBLE to reverse engineer it, the government will try to.
You would fairly be within the realm of probable cause if you suspected your government's information gathering acronyms were breakers of rules.
Don't you think Apple is trying to take the high road and regain some integrity on the international market? Many US corporations, especially tech firms, have suffered from their government's exploits.
Re: (Score:2)
under the patriot act the rules of evidence let them bypass stuff like that.
Re:I don't have a problem with... (Score:4, Informative)
Then it's just down to hoping they were dumb enough to use a 4 digit pin.
This is why you should have a secure password you can't rely on a password rate/try limit to protect you.
Re: (Score:2)
Dude, how many times a day do you WANT to enter your 40+ character passphrase, with caps, lowers, numbers, and specials?
You are correct that having a hardware setup to allow for 4 or 6 digit PINs is not as ideal as that, but realistically nobody would use that security model.
Re: (Score:3)
Re: (Score:2)
Re:I don't have a problem with... (Score:5, Insightful)
I don't have a problem with the specific thing that Apple is being asked to do. They aren't being asked to break the encryption they are being asked to change the firmware on the device to one that doesn't have an artificial throttle on the number of brute force attempts per second; and to disable the wipe command that is engaged with 10 wrong guesses.
I'm glad you're not the only one judging this then, because I have a problem with this. It would essentially mean that security could be defeated, which means it could be done by corrupt officials or corrupt Apple employees.
Sorry, maybe if Feds wanted info from the San Bernardino "terrorists" they shouldn't have shot them up and arrested them instead for questioning later using the guaranteed $5 exploit: https://xkcd.com/538/ [xkcd.com]
I guess when you just gun down everyone you might lose key data!
Re: (Score:2)
So when I say we had to kill these two gunmen (Is that accurate when one is a woman?), I mean, we really, really had to kill them.
I understand your reaction, and most of the time there are questionable fatalities, but these two had predetermined they were going out like Bonnie and Clyde.
Re: (Score:2)
We certainly kill more people in the United States by law enforcement misadventure than anyone else, anywhere.
So when I say we had to kill these two gunmen (Is that accurate when one is a woman?), I mean, we really, really had to kill them.
I understand your reaction, and most of the time there are questionable fatalities, but these two had predetermined they were going out like Bonnie and Clyde.
Your use of the imperative ("I mean, we really, really had to kill them") is pretty arbitrary and appeals to authority. Who died and made you god?
I'd hate to think of you as some armchair Fed... what are your credentials again?
Re: (Score:2)
Your use of the imperative ("I mean, we really, really had to kill them") is pretty arbitrary and appeals to authority. Who died and made you god? I'd hate to think of you as some armchair Fed... what are your credentials again?
I have no dog in this fight. I do have some credentials, but they're not pertinent.
These two were not going to surrender. They killed a bunch of people at an office party where he worked.
This was a Wild, Wild West, going out in a Blaze of Glory, no tray slot in the door, type of deal.
Re: (Score:2)
I'd say that if any of the combatants were disposable it was those two, not a bunch of cops trying to stop the killing of innocent people.
Re:I don't have a problem with... (Score:5, Insightful)
The problem is this is how the slippery slope is entered. Today it's a terrorist's phone, tomorrow a drug dealer's, the day after that, a shoplifter's. The day after that, arrested protestors' phones. The day after that, anyone who is arrested for any reason gets their phone swept. And so on. The Supreme Court has already said that a locked phone is protected under the 4th amendment. Just exactly where does the line get drawn on who that amendment no longer applies to?
Re: (Score:2)
While I will agree with you on the idea that decrypting phones does present the issue of usage creep, the latter part of your statement is incorrect. The Supreme Court has said that the police cannot search your locked phone without an order by a judge - ie; a police officer who wants to check your phone because they suspect they will find something on it can't stop you for an unrelated reason (dead light on your car) and demand that you hand over/unlock your phone so they can see it.
In this case, a judge h
Re:I don't have a problem with... (Score:5, Informative)
I'll concede I was mistaken about the without a warrant portion, but I still stand by the slippery slope that will be exacerbated by cops wanting expedience. For example, when we first heard about Stingrays various law enforcement said they were only supposed to be used with a warrant. How did that go?
https://www.techdirt.com/articles/20150823/23323932038/police-regularly-use-stingrays-without-warrant-to-find-petty-criminals-then-try-to-hide-that-fact.shtml
http://arstechnica.com/tech-policy/2016/02/nypd-used-stingrays-over-1000-times-without-warrants-since-2008/
http://epic.org/foia/fbi/stingray/
Not very well.
Re: (Score:3)
I think a federal judges order puts bounds on the alleged slippery slope.
But speaking of slippery slope the question can be applied in the other direction. Is it wise to prohibit breaking encryption on a citizens phone if it can save innocent lives? Of a few people, of hundreds? or a whole city? Should we say that the "right" to citizen privacy is unalienable even if the information might prevent a major attack? or disarm a WMD?
Re: (Score:2)
Stupid argument. This is like arguing that since people have committed attacks with counter terrorism measures in place we should forego all counter terrorism measures
Re: (Score:2)
Don't worry yourself too much about where the line gets drawn. It can easily be erased and redrawn as necessary. See, nothing to worry about.</sarcasm>
Re:I don't have a problem with... (Score:5, Insightful)
Once a federal gov gets that back door ready OS, so do states, cities, their workers, contractors, other nations that work with the USA.
Former staff, ex staff, the private sector, contractors start walking with the methods and skills to anyone with cash for the OS backdoor.
Once a brand gets to be seen as spy friendly in open court its hard to pull back from the optics as every phone after that will be seen as gov ready as designed and sold.
Its not just one phone, its a method for a generation of phones. If that becomes legal and public, people of interest change their habits and the brand is seen as spy friendly. Interesting people dont have to use a phones. Govs now have signals intelligence as a main tool as they now lack human informants and skilled undercover teams. All the new funding went to signals intelligence that "always" worked as big brands always helped.
The UK had the right idea over decades, never comment, never go to court, never have anything in the press. The public was none the wiser and keeps on trusting cell networks tame encryption, buying from big brands, talking and networking. Collect it all was easy for the UK and the wider legal system never worked out how a case really started.
Now the US is undoing decades of global device access in months in public with requests for OS and product wide backdoors.
Re: (Score:2)
The problem with that is the tool thats been created can then open every phone of a generation and is been seen as been in gov hands via an open court.
Which will be obsolete in 2-3 years. Literally.
Apple has the secure enclave on newer models and if they do come up with this hack it won't be relevant for any newer phones. I almost feel like the cruel thing is to give them what they want, then taunt them with the fact that it'll be utterly useless in a couple of years with no recourse.
Re: (Score:2)
Some form of "Charlie is Listening" stickers for that generation of phones?
Re: (Score:2)
So simply ask for the circuit diagrams, software source code of all chips and then simply pull the device apart, keeping the memory intact in each component, create a back up copy of contents and then brute force it outside of the control of the device itself. Sounds to me they are just being lazy whiny and it is not about this particular phone but about sneaking in a back door. This kind of pressure stinks of corporate political influence. Say there is a dickwad douche bag perv privacy invasive company ru
Re: (Score:3)
Would you have a problem with the government compelling you to publicly speak out in support of a law reinstating racial segregation? Code is protected as free speech under the First Amendment. It cannot be compelled. If the government can use the All Writs Act of 1789 to compel "free speech" from a private entity, what's stopping them from taking things further? What about compelling Google to burn good will by issuing a press release in support of something unpopular the government wants pushed through? C
Re: (Score:2)
I don't have a problem with the specific thing that Apple is being asked to do. They aren't being asked to break the encryption they are being asked to change the firmware on the device to one that doesn't have an artificial throttle on the number of brute force attempts per second; and to disable the wipe command that is engaged with 10 wrong guesses.
No neither of those things are what the FBI is asking. They already HAVE all of the communications made to and from this phone.
They have every person called or calling the phone and the contents of the conversation. .
They have every SMS sender and recipient and the contents of those messages.
Even in iMessage they have the sender and recipient.
What the FBI is asking for is every last criminal script kiddie world wide to have free and complete access to hundreds of millions of phones owned by law abiding ci
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I am very surprised that Apple have taken a stance like this.
This move demonstrates Apple's keen business sense; it's good to see this kind of move from an Apple sans Jobs. Who's got the inside story? Anywho, if you take a quick look around you'll see the news chock-full of stories about how the US' spy regime has harmed business. This may be the difficult road, but it is the only one that does not lead down a dark hole of business failure, let alone being expected to do anything and everything like this for the government in the future.
Re: (Score:2)
It would greatly improve the safety of bicycles to have car drivers that wouldn't run their ass over because they didn't see them. Huh I suppose then only the poor would actually be in control of their vehicles.
http://linux.slashdot.org/stor... [slashdot.org]
http://news.slashdot.org/story... [slashdot.org]
Yes I already know they already have self driving motorcycles in india but I said bicycles.
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)