Apple's "Warrant Canary" Has Died

HughPickens.com writes When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated: "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us." Now Jeff John Roberts writes at Gigaom that Apple's warrant canary has disappeared. A review of the company's last two Transparency Reports, covering the second half of 2013 and the first six months of 2014, shows that the "canary" language is no longer there suggesting that Apple is now part of FISA or PRISM proceedings.

Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request. This may also give some insight into Apple's recent decision to rework its latest encryption in a way that makes it almost impossible for the company to turn over data from most iPhones or iPads to police.

Re:There is no "almost impossible"

[dunkindave]

Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)

Um, not quite, one time pads are provably impossible to break by brute force since the message can be decoded into any message of the right length.

Re:There is no "almost impossible"

[EvolutionInAction]

No. You don't know what you're talking about. See, OTPs use a random 'key' the same length as the data you're encrypting. It doesn't matter if there are known fields in the data, because matching those sections tells you nothing about any other section.

OTPs have a trivial proof that they provide perfect encryption as long as the key is never reused. They're just horribly impractical for everyday use.

Re:There is no "almost impossible"

[khellendros1984]

If the key (the pad) is perfectly random, then there won't be any pattern. If the key was something like the first chapter of Moby Dick, and it's known that the key is an English-language text, and something is known about the contents, then you've got some patterns to work with, and it might be possible to retrieve the plaintext (and the key, simultaneously).

If the key is perfectly random, the plaintext won't be retrievable from the ciphertext, since for any candidate plaintext that you could construct, there would be a corresponding and equally-likely key paired with it. Trial and error can't decrypt a message encrypted via random one time pad.

Re:There is no "almost impossible"

[PurpleAlien]

Actually, it is not. In reality, a 256 bit key can not be brute forced because of physics - especially the second law of thermodynamics. One of the results of this law is that information needs energy to be represented. In an ideal computer, the representation of one bit requires kT energy, where k is the Boltzman constant and T is the temperature. Let's assume we can operate at the average temperature of 3.2 Kelvin, the average temperature of the universe. The required energy to represent a bit in this case would be around 4.416*10-23 Joule.

The annual amount of energy that our sun emits is about 1.21*10^34 Joule. Dividing this with the per bit-change energy, we could provide power for our ideal computer to perform 2.74*10^56 bit changes. This is just about enough to have a 187-bit counter go through all its states. This does not include the energy needed for the computations to test each key (our counter state in this case) for correctness.

A 256 bit counter would require ~400.000.000.000.000.000.000 stars like our sun just to represent in the counter of our ideal computer.

Or, to say it in the words of Bruce Schneier:
"...brute force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space".

Note: I am not talking about potential attacks against the algorithms here, etc. only pointing out that encryption is definitely not ALWAYS breakable by brute force.

See Apple's privacy site for details

[Camembert]

FYI Apple's privacy site is here: http://www.apple.com/privacy/p...

Of course there will be plenty of cynism here but I think it is in general a good & commendable effort for transparency. Interesting is the section on government information request:

National Security Orders from the U.S. government.

A tiny percentage of our millions of accounts is affected by national security-related requests. In the first six months of 2014, we received 250 or fewer of these requests. Though we would like to be more specific, by law this is the most precise information we are currently allowed to disclose.

No warrant canary required, it is here in the open.
So what could be the kind of thing asked taken into account the other the other privacy information on the site?

Re:See Apple's privacy site for details

[Prune]

No, it is not "here in the open", because "250 and fewer" includes zero as an option. As per the Ars article someone already posted early on in this /. discussion, http://arstechnica.com/tech-po..., the 0-250 range is a reflection of new guidelines from the department of justice. A canary almost becomes unworkable for companies now because saying you have not received such a warrant in the given time period is equivalent to saying you have received 0 orders, which is more specific than the smallest allowable range of 0-250.

Re:There is no "almost impossible"

The reference cartoon is http://xkcd.com/538/

Re:There is no "almost impossible"

It is an excerpt from Applied Cryptography by Bruce Schneier.

The full section is available on Schneier's personal blog.

Re:Not completely gone

[gnasher719]

well cook already made a public canary announcement or a lie, about them not being able to read your mail while at the same time it's obvious for anyone that they can change your apple credentials with or without your consent(giving access to your mail).

Except the only source for the "not being able to read your mail" is the summary of a slashdot article, which managed to incorrectly quote the article that it summarized. And the source of the statement is openly available (a 1 hour interview with Tim Cook) and he clearly doesn't say anything like what you claim.

Re:There is no "almost impossible"

[Aaden42]

There are two things you as a soon-to-be defendant can do:

1) Power down your phone if you believe you are about to be detained. On power-up, the device requires your passcode to unlock. TouchID doesn’t work after reboot until the passcode is entered once. You can do this without unlocking the device by holding the power & home button for 10 seconds.

2) Either before arrest while you can still surreptitiously access your phone or after when they’re trying to get your finger on the screen, use the wrong finger (one you haven’t enrolled in TouchID) or move your finger enough to smudge and get a bad read. You only get five attempts before the phone stops accepting TouchID, and you need to provide your passphrase again. If successful, the screen will say, “Touch ID does not recognize your fingerprint,” so it’s detectable to someone who knows what they’re doing, but also confirmation to you that it worked. As far as I know, there’s no timeout to this status. You will not be able to use TouchID until the passcode is entered.

Either way, TouchID is disabled and they need to get your passcode out of you. Assuming you’re still in ordinary LEO territory, a $5 wrench isn’t going to work out when it comes to admissibility. If you’re already in TLA non-citizen territory, you’re done for anyways. Your call if “making it easier on yourself” is a good play or not...