Trombone - I don’t understand why you listed a bunch of general ways to break encryption without dealing with the “backdoor access for nobody-but-us" problem.Indeed, I did watch the entire video but you, quite apparently, did not read my entire post. About half of my post addressed specifically that issue, nobody but us. The video brings up Snowden. Wikileaks gets its information at a fairly low level. We can defeat traitors who violate their security trust through techniques I touched on for preventing distribution of backdoor keys (see above post you apparently did not read in its entirety) as well as through higher levels of classification and better sequestration based on need to know. If you go back and read my very brief introduction to hardware keys, key encryption keys, and multiple backdoor keys you will see I have already addressed the issue you think I did not.
Trombone - I don’t understand why you listed a bunch of general ways to break encryption without dealing with the “backdoor access for nobody-but-us"Ok, re-reading my post #34 I realize now that while each paragraph is valid the overall post lacked structure. My bad. The video you posted makes the false assumption that to assist the FBI in the present case of the San Bernardino shooter's phone a means must be devised to build a master backdoor key which would then be vulnerable to leaking and we would all be at risk of losing vital personal security. Wrong wrong wrong. First, in various places in #34 I show that to exploit this particular phone it may be possible to use various invasive techniques that do not require the building of such a universal back door key. This is why I "listed a bunch of general ways to break encryption", to demonstrate the error of the video in this regard. Also, there is a widespread assumption that the only way to solve this problem going forward, to give law enforcement the ability to conduct lawful searches, is to build in a single number backdoor key that is subject to leaking and all the terrible calamity to humanity that would follow if Apple products were not secure. Tim the corporate greed ubermeister is spreading this particular lie. With others it is an honest misconception, but with Tim it is a lie. To address this misconception I introduced a number of methods that can be used to build law enforcement access that is not simply a single master key that can be leaked. Again, apologies for not structuring #34 better. Further, the video links Snowden with the specter of leakage and the idea that government obviously cannot keep a secret. The truth is that you and I don't know the vast majority of government secrets, because they are secret. The nuclear launch codes will not be showing up on wikileaks. But, we do not have to go as far as handcuffing a locked briefcase to the wrist of an armed agent, or any such antiquated cloak and dagger idea. This is not a new problem and it has already been solved by various means. In #34 I very briefly touch on some of those means. My personal favorite is a hardware key in combination with a software key. The hardware key provides the added security of being a physical object that cannot be transported as data. It is an object that is locked in a vault in a secure facility. The phone is brought to that facility, unlocked, all data is retrieved, and the phone is also locked away. The hardware key never leaves the locked and secure facility and is not something some low level traitor can just upload to wikileaks. But, Tim the corporate greed ubermeister prefers to spread false rumors, as opposed to cooperating with law enforcement to implement these well known security options. For that I hope the attorney general is drafting felony obstruction of justice charges against him.
First, in various places in #34 I show that to exploit this particular phone it may be possible to use various invasive techniques that do not require the building of such a universal back door key. This is why I "listed a bunch of general ways to break encryption", to demonstrate the error of the video in this regard.In a device that is in contact with a worldwide network, I do not believe that any of the techniques you listed would work without building a backdoor key. The safe analogy fails because while a backdoor to an actual safe seems fine, a safe in your basement is not accessed by criminals worldwide at any point in the day whenever they want as long as they know it exists.
Stardust, you list a lot of superficially plausible ideas for accessing data on an iPhone. I’m wondering: What are your qualifications regarding IT security?
Stardust, you list a lot of superficially plausible ideas for accessing data on an iPhone. I'm wondering: What are your qualifications regarding IT security?For me that's the beauty of being an American citizen. I can defer that technical authority to the FBI and the NSA. They have a wealth of information on IT Security. They have experts. I know they will make the right choices concerning security and i phones. Between these technical experts in the govt. and the US court system a solution can be found. (it probably already has actually)
We passed 1984 some time ago. Everything seems to be normal to me. Last time I checked people weren’t being rounded up and put in camps because they are on the Barnes and Noble customer appreciation club. Now you tell me, if the government can track phone calls to and from terrorists should they be able to act on that? If a person tries to buy large quantities of bomb making materials should the government be able to investigate that? If someone is making Facebook posts about shooting up a kindergarten classroom should they be able to investigate that? Would that be too 1984ish for you?Sorry about he delay, our damn WiFi keeps going out, hmm? Now breathe deeply and focus Vy; I was responding to your post concerning the Government's ability to know your inner thoughts and how we enable it to happen. And now the answer to your question: yes! They can, but only if while listening in on suspected conversations certain key words are kicked out, then they begin to focus on the potential terrorist etc. they have also of late responded to tips from informants who have overheard plotters or are wanting to collect a reward. As far as I know, we don't have a Gestapo as yet with ears on every street corner. We do have however surveillance cameras, making it ever harder to blend in with the herd and disappear in plain sight. And of course they should be able to further investigate suspicious actions that could endanger the public safety, but only those acts. So, in the long run how careful must we be so that we aren't dragged into a police station for using phrases like " I'm going to destroy that bar"(English for I'm going to drink and raise hell)? There's a delicate balance that has to be maintained here in order to preserve an individual's personal Constitutional rights, like the Fourth Amendment for instance. So, no I have no intentions of giving up my right to privacy (what's left of it that is) to make it easier to hack my electronic devices. We've pretty much already done that ourselves. Cap't Jack
The argument here is that Apple should fully cooperate with the police. It should give the FBI and the police the technological tools to access these phones for search purposes. I don't know what tangent you have gone off into, I could be missing something. I don't know if you can tie it in. Or show some quote of mine above that has led us down this avenue. I may not have been clear enough in my writing.You're right, I was leading myself down a path, but in a way I think it's at least somewhat justified. Knowing at least a bit of how encryption works may show you how I think that giving FBI access to those phones will inevitably give those capabilities to entities you don't want having them. That's the whole point: not that the FBI doesn't have the inherent right to enforce law, but that they've chosen an extremely poor way to try to do it, seemingly ignorant of the consequences of their actions.
Amendment IV. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Please tell me what the probable cause is in this case. That the FBI wants information does not count as probable cause. Probable cause means there is good reason to think the entity to be searched has done something illegal. Nobody is even suggesting that Apple has done anything illegal. Refusing to help the government by revealing a security code is not illegal. In addition the FBI has not described the things to be searched. They want to go in and see if they can find anything useful to them–not criminal on the part of Apple, mind you–just something the FBI wants. In addition, the FBI is not only expecting to be allowed to search Apple’s files without establishing probable cuse and without specifying which files it wants, if they don’t find what they want on their illegal fishing expedition, they want to force the company to unlock its securiy system–an unprecedented and, IMO, an unconstitutional requirement.
Why is it that so many people here, who are generally rational can"t see the Constitutional principle being violated–and who would trash a Constituional principle simply because they don’t like what it means in this case? What kind of harebrained idea is that?
Lois
The video uses the analogy of a safe. So, no, the sky will not fall if Apple assists the FBI. This is a technical and security problem that can be solved.The sky won't fall but the Constitution won't be worth the paper its written on. When some investigatory entity decides to ignore the Constitution when it concerns a case against you, such as forcing you to testify against yourself or refusing you a juried trial by your peers or searching your home, business, car or person without probable cause and stating what its looking for, and you take the time to think of its obvious implications, you might form a different opinion. Lois
Stardust I don’t think you understand the facts of the situation. The government is asking Apple to do three things
- Create a special OS which can be installed on any iOS device (not just the one they are hoping to search in this case) which will allow them to override the safety feature that encrypts the device data if too many failed attempts are made to access the device
- Create software that will allow the government to quickly attempt lots of password guesses (brute force attack) in a short period of time. The current system requires longer and longer waiting periods after each failed attempt
- Make all of this remotely accessible so the FBI is not required to use it under Apple supervision at an Apple facility.
Once this software is created there is NO method by which we can be assured the government won’t use it on other devices. In fact its clear that this is exactly what they will do based on the fact that they have at least 9 other phones they want Apple to access for them. Additionally the fact that it will be remotely accessible means the genie will eventually get out of the bottle and people and organizations other than the our government will also obtain access to it.
There is absolutely no way to create a back door like this and keep it out of the hands of the bad guys. Especially because the government sometimes is the bad guy.
I and every other iPhone owner hired Apple to create a secure product to protect our information. If the government wants to hack into that they should have to figure out how to do that on their own.
So, no I have no intentions of giving up my right to privacy (what's left of it that is) to make it easier to hack my electronic devices. We've pretty much already done that ourselves. Cap't JackWell grog bless ya VA. I got nothing. I've said all I have to say.
You're right, I was leading myself down a path, but in a way I think it's at least somewhat justified. Knowing at least a bit of how encryption works may show you how I think that giving FBI access to those phones will inevitably give those capabilities to entities you don't want having them. That's the whole point: not that the FBI doesn't have the inherent right to enforce law, but that they've chosen an extremely poor way to try to do it, seemingly ignorant of the consequences of their actions.Yeah it's justified because it's part of the topic. I'm confidant that technology can be found that makes all parties happy. Real confidant. In lieu of that, compromises can be made. But really I'm betting on technology.
DarronS - Stardust, you list a lot of superficially plausible ideas for accessing data on an iPhone. I’m wondering: What are your qualifications regarding IT security?I am not an expert in information security, but I am an electrical engineer and computer programmer with some experience in the use of security features. Please let me emphasize, not an expert. An expert is somebody with advanced research education and experience who works in the field full time. But, I do have enough technical background to have a modicum of appreciation for the technical issues involved. You are justified in calling the ideas I presented "superficially plausible". I have no detailed access to Apple schematics or source code. Consultation with the hardware and software designers of a system is absolutely invaluable in performing an attack. Typically, our security experts work against those who have expended great effort to prevent an attack. To have the designers collaborating in an attack is of enormous benefit. Attacks are typically classified as non-invasive, semi-invasive, or invasive. One type of invasive attack is a microprobing attack against chips that have been stripped of their outer packaging. Various coatings and meshes have been implemented to thwart such attacks. Another form of invasive attack is similar to microprobing a chip, but can be done at the systems level, by probing the circuits in situ. Yet another form of attack is to remove memory chips from the device and install them on a specially designed circuit board that allows fully independent access to the chip contents. Apple has built in a protection against brute force attacks by initiating an erase after some number of failed password attempts. One conceivable work around is to remove the memory chips, put them on a different circuit board, and make a bit for bit copy of the chip. Then load up multiple iPhone emulation systems and brute force with impunity, unconcerned about the erasure of a single copy, since there is now a master copy and many duplicate copies. And yes, these are generalities on my part based on public domain information. You can search on keywords above and find vast amounts of information on these subjects. My point is that Apple is obstructing justice in time of war. A foreign state has declared war on the USA and has conducted military attacks on our soil. Any form of collaboration that leads toward exploitation of that phone would satisfy me, but total intransigence on the part of Apple should lead to felony criminal charges.
macgyver - There is absolutely no way to create a back door like this and keep it out of the hands of the bad guysThat is the lie Tim is peddling in his corporate greed. Tim is a super rich global corporatist ubermeister. If this were Monsanto, or Dow Chemical, or GM I think my liberal friends would have a much easier time realizing how profoundly dishonest and greedy Tim is and his corporation is. No less than Bill Gate weighed in that your assertions are false and Tim's assertions are false and the FBI is just asking for some help in accessing this single phone. Gates sidestepped a bit on that but he cannot unring that bell of his original support for the FBI. The notion that the FBI is going to force Apple to install a single key backdoor that can be remotely accessed and that single key will then inevitably fall in the hands of bad guys and now look the sky is falling on our heads...nonsense. There are many ways to attack that phone without any such thing occurring and Apple is fully capable of collaborating with the FBI in time of war, but Tim and the super rich corporatists he represents place ultra greed over our national security. Next step, federal prison.
Another form of invasive attack is similar to microprobing a chip, but can be done at the systems level, by probing the circuits in situ. Yet another form of attack is to remove memory chips from the device and install them on a specially designed circuit board that allows fully independent access to the chip contents. Apple has built in a protection against brute force attacks by initiating an erase after some number of failed password attempts. One conceivable work around is to remove the memory chips, put them on a different circuit board, and make a bit for bit copy of the chip. Then load up multiple iPhone emulation systems and brute force with impunity, unconcerned about the erasure of a single copy, since there is now a master copy and many duplicate copies.I believe that Apple's built-in erase security feature is not to block brute-force attacks so much as it is to block a criminal scouring other media belong to a person and testing passwords found that way. With a good modern encryption, a brute-force method of breaking it would take a supercomputer the age of the universe to find the password, or longer. With that much processing required, making copies of a chip won't really help.
Lois - Please tell me what the probable cause is in this case.Really? 36 people were shot. 14 killed. The shooters swore alliegance to the Islamic State during the attack. The Islamic State is a foreign government that has declared war on the USA. Seriously? What is the probable cause to search their effects?
That the FBI wants information does not count as probable cause. Probable cause means there is good reason to think the entity to be searched has done something illegal.It is illegal to shoot and murder people. Do you really need anybody to tell you that?
Nobody is even suggesting that Apple has done anything illegal. Refusing to help the government by revealing a security code is not illegal.Obstruction of justice is a crime. Violation of a court order under the All Writs Act is a crime. Apple are criminals.
In addition the FBI has not described the things to be searched.The FBI intends to search the phone of mass murdering jihadists. How much description beyond that do you want?
They want to go in and see if they can find anything useful to them—not criminal on the part of Apple, mind you—just something the FBI wants.Something I want, and the surviving victims want, and any American with any notion of what jihad is wants.
In addition, the FBI is not only expecting to be allowed to search Apple’s files without establishing probable cuse and without specifying which files it wants,Law enforcement searches all records of mass murders looking for where the got their money, who they are associated with, and any clues they can find that could lead them to foiling further such plots. What part of this is not bloody obvious?
if they don’t find what they want on their illegal fishing expedition, they want to force the company to unlock its securiy system—an unprecedented and, IMO, an unconstitutional requirement.This has more than 200 years of precedent! The supreme court forced a clerk to decipher a coded letter from Aaron Burr. The All Writs act has been updated and used many times for some 200 years, yet you say this is both "unconstitutional" and "unprecidented"
Why is it that so many people here, who are generally rational can"t see the Constitutional principle being violated—Because it isn't. The search has probable cause and is reasonable. Apple is under court order based on 200 years of legal precedent.
and who would trash a Constituional principle simply because they don’t like what it means in this case? What kind of harebrained idea is that?Right back atchya Lois.
This is NOT a "time of war". We have had fewer deaths in a year from terrorists than occur in a single day from automobile accidents. These are the sort of hyperbolic scare tactics that are often used to convince citizens to give up their rights and protections. Did you read what I wrote about the three requirements the FBI is insisting on? You either misunderstood what Bill Gates said or he is misinformed about the request. Please explain to me how access can be limited to one phone once a customized OS is created and Brute force attack software is written and all of this is put in the hands of the FBI without oversight from Apple? You admitted you're not an expert. There are far more expert people from across the tech spectrum who say this can not be done. You will understand if I put more weight on their opinions and than yours especially when what they are saying makes more sense logically and historically. Apple works for us. Their fiduciary responsibility is to their customers. I couldn't care less if their goal is to make more money as long as they protect my interests as one of their customers. If you hire a lawyer to protect you in a criminal case that lawyer is not required to divulge information you give him in confidence that may help the prosecution. The prosecution investigators have to do their job. Your lawyer won't do it for them. If the FBI wants to figure out a way to hack the phone on their own then give it a try. Apple ( who we employ) should not be required to help them. Of course as soon as the FBI figures out how to hack the phone (as they claim to have done) I would expect Apple to double their efforts to make it unhackable next time which they will.macgyver - There is absolutely no way to create a back door like this and keep it out of the hands of the bad guysThat is the lie Tim is peddling in his corporate greed. Tim is a super rich global corporatist ubermeister. If this were Monsanto, or Dow Chemical, or GM I think my liberal friends would have a much easier time realizing how profoundly dishonest and greedy Tim is and his corporation is. No less than Bill Gate weighed in that your assertions are false and Tim's assertions are false and the FBI is just asking for some help in accessing this single phone. Gates sidestepped a bit on that but he cannot unring that bell of his original support for the FBI. The notion that the FBI is going to force Apple to install a single key backdoor that can be remotely accessed and that single key will then inevitably fall in the hands of bad guys and now look the sky is falling on our heads...nonsense. There are many ways to attack that phone without any such thing occurring and Apple is fully capable of collaborating with the FBI in time of war, but Tim and the super rich corporatists he represents place ultra greed over our national security. Next step, federal prison.
Trombone - I believe that Apple’s built-in erase security feature is not to block brute-force attacks so much as it is to block a criminal scouring other media belong to a person and testing passwords found that way. With a good modern encryption, a brute-force method of breaking it would take a supercomputer the age of the universe to find the password, or longer. With that much processing required, making copies of a chip won’t really help.If the shooters used a password consisting of a random character set the full size allowable you are correct about a brute force attack taking an impractical amount of time. However, you also allude to methods that provide a high likelihood of success, namely, intelligent guessing. A modern brute force attack does not simply start at 0 and increment by 1 in order to test all possible character combinations. The form of an effective brute force attack is to try permutations of common words, commonly used passwords, commonly used modifications to ordinary words, and as you suggest, permutations of words found in the effects of the individual. So, irrespective of your assessment of intent, the effect of the erasure feature it to thwart an intelligent brute force attack. To conduct such an attack the words in the effects of the individual can be added to the database of other words and character combinations to be tried. For example, some people will substitute $ for S or s, I for 1 or 1 for I or i, 0 for O or o etc. The attacking program will work out these kinds of permutations and try them. At the speed of a modern computer such an intelligent brute force attack has a substantial chance of success.
macgyver - This is NOT a “time of war".On 11 Sep 2001 the United States of America switched from a peace time footing to a war footing. We have been in a continuous state of war ever since. The enemy declared war on us verbally, and they attacked us militarily on our own soil. We responded with a military invasion and defeat of the enemy that ultimately led to killing of their leader, but not their ideological and military movement. There has not been a day since 11 Sep 2001 that the United States of America has not been at war. We are continually at war. We have soldiers on the ground right now in Iraq and Afghanistan conducting deadly military operations. Our air forces are continually killing enemy, and most unfortunately, innocents as well. We have been the target of plot after plot after military plot against us on our home soil and thanks to our fine security forces only a small number of these military operations against us have succeeded. Belgium. Wake up, my friend, we have been at war for a decade and a half and there is no end in sight. The enemy that has declared war on us, the enemy we are killing, the enemy that occasionally manages to kill some of us...fundamentalist Islam. True believers in the textual facts of Muhammad.
We have had fewer deaths in a year from terrorists than occur in a single day from automobile accidents.How many US citizens died on US territory on 7 Dec 1941, or in all the years of WWII at the hands of Axis powers? Almost zero, relative to general causes of mortality. Yet we went to global war and fought the enemy to a terrible defeat that was no victory in human terms, only loss, yet a preservation of our nation and the nations of our allies. Military attacks by a foreign nation that has declared war against us simply are in a unique class. We as a nation do not compare the numbers to domestic accidental deaths and shrug off the threat as inconsequential. A foreign enemy that attacks us is to be met and defeated abroad.
Did you read what I wrote about the three requirements the FBI is insisting on?Yes. Your words are overblown.
Please explain to me how access can be limited to one phone once a customized OS is created and Brute force attack software is written and all of this is put in the hands of the FBI without oversight from Apple?I already have in previous posts so I will keep it short...by keeping these tools within the confines of a secured facility. Oversight by the corporate greed meisters? Would you trust oversight by R. J. Reynolds? Take off the rose colored glasses, my friend, Apple is the ultimate global amoral corporate greed machine.
Apple works for us. Their fiduciary responsibility is to their customers.Wowwww. You really floored me with this one. Apple is the world's most highly capitalized corporation. The corporate officers work to maximize profits. The fiduciary responsibility of the corporate officers is to maximize profits for the shareholders. Apple does not give a flying ---- about its customers as human beings, only as sources of profit. Again, take off the rose colored glasses, my friend. Think Dow Chemical, Union Carbide, General Motors, Monsanto, Apple, Microsoft, IBM, William Morris, and on and on. Apple is not a couple kids in a garage in Cupertino California any more. Those days are long gone. Apple is now the largest corporation on planet Earth, run by and for the ultra rich for the sole purpose of making them even richer.
Apple ( who we employ)You do not employ Apple. You are living in a dream world if you think you employ the corporations that sell you products.
I would expect Apple to double their efforts to make it unhackable next time which they will.Only if they wish to face felony criminal charges of obstruction of justice and failure to comply with a court order under the All Writs Act, a law with some 200 years of active use and precedent.
On 11 Sep 2001 the United States of America switched from a peace time footing to a war footing.Exactly what those who profit from war want you to believe. A group of radicals attacks us and the stupid response our leaders came up with was to spend a 2 trillion dollars bombing people. This approach has accomplished nothing except to create far more terrorist volunteers than we could have ever imagined. Among your list of evil corporations you conveniently left out the military corporations that have made a fortune from this manufactured war. Declaring war is just a convenient excuse to strip civilians of their civil rights which is exactly what is being done here.
How many US citizens died on US territory on 7 Dec 1941, or in all the years of WWII at the hands of Axis powers? Almost zero, relative to general causes of mortality.Are you serious? There were thousands and ultimately millions of people dying in Europe and China and around the world before we got involved in that war after they attacked and destroyed and important naval facility. There was also an actual country we could attack. To compare terrorism to that is factually incorrect and a huge exaggeration. Worse, it implies that the solution is the same and sets us on a self destructive course of indiscriminate bombing when a much more nuanced and smarter approach is needed.
Apple works for us. Their fiduciary responsibility is to their customers. Wowwww. You really floored me with this one. Apple is the world's most highly capitalized corporation. The corporate officers work to maximize profits. The fiduciary responsibility of the corporate officers is to maximize profits for the shareholders. Apple does not give a flying ---- about its customers as human beings,I don't care if Apple is making billions or if their main goal is profits. They have a legal obligation to their customers based on the privacy policy document that accompanies iOS (https://www.apple.com/business/docs/iOS_Security_Guide.pdf). This is a legally binding document and as you correctly point out, profits are important. If they violate this document profits will suffer so yes we DO employ them and we also fire them when they don't live up to their promises. Thats what they are afraid of
I would expect Apple to double their efforts to make it unhackable next time which they will. Only if they wish to face felony criminal charges of obstruction of justice and failure to comply with a court order under the All Writs Act, a law with some 200 years of active use and precedent.Again you are wrong. There is no law preventing a manufacturer from creating an unhackable device. The All Writs Act would not apply to a device which can not be hacked even by its manufacturer and may not even apply to a device that can be hacked by its manufacturer. That has yet to be decided in court.