Slashdot Mirror
Apple's "Warrant Canary" Has Died
HughPickens.com writes When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated: "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us." Now Jeff John Roberts writes at Gigaom that Apple's warrant canary has disappeared. A review of the company's last two Transparency Reports, covering the second half of 2013 and the first six months of 2014, shows that the "canary" language is no longer there suggesting that Apple is now part of FISA or PRISM proceedings.
Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request. This may also give some insight into Apple's recent decision to rework its latest encryption in a way that makes it almost impossible for the company to turn over data from most iPhones or iPads to police.
Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request. This may also give some insight into Apple's recent decision to rework its latest encryption in a way that makes it almost impossible for the company to turn over data from most iPhones or iPads to police.
Here's an interesting follow up from Ars
http://arstechnica.com/tech-po...
Watch those corners
What's missing is a specific reference to Section 215, suggesting that a limited Section 215 order has been served on Apple.
The real "Libtards" are the Libertarians!
It either can or can't be done. Almost impossible means it still can be done.
Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
It either can or can't be done. Almost impossible means it still can be done.
Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)
Decades?
Wow.
You must live pretty damn far away from a big city or something.
Takes me like fifteen minutes to buy a $5 wrench. Tops.
Encryption is ALWAYS breakable by brute force. Question is how long does it take? Seconds? Hours? Months? Years? Decades? This is usually determined by key sizes. The longer the key, the longer it takes to brute force. (generally)
Um, not quite, one time pads are provably impossible to break by brute force since the message can be decoded into any message of the right length.
"Almost Impossible" can be made very precise. Indeed, modern cryptography is based on the understanding that certain algorithms are "almost impossible" to reverse. Cryptographers prove theorems with wording like "indistinguishable from random by any polynomial time algorithm" when they mean almost impossible. So, Apple may be quite correct in their statement.
My take on this is that Apple likely has received legal orders it can not disclose, and implementing real, strong security to protect user's data.
I'm sure he does, but like everyone else, if he wants to see tits, he has to pay (am I am not talking about the people lending him the binoculars).
And that's why I use throwaway / random passwords...authorize once, throwaway if it needs to reauthenticate. I can't give them what I don't know. ;-)
Nope. Not for everything. Perhaps every phone conversation, but I don't necessary use my smart phone for talking. If I, for example, work in 1Password which encrypts the data while synching, the NSA can listen in on that conversation and presuming they haven't broken my password or the companies algorithms, that conversation is not understandable.
If it goes into the modem encrypted, having the keys to the modem isn't going to help all that much.
And you're an idiot if you're doing anything remotely illegal on a cell phone system anyway.
Faster! Faster! Faster would be better!
"Apple Warranty Canary Caught Working in a Coal Mine"
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Takes me like fifteen minutes to buy a $5 wrench. Tops.
That requires:
a) you know who to hit with it
b) the person you decide to hit with it knows the password
So if you shoot a "terr'ist" and retreive his encrypted smart phone... what are you going to do exactly with a wrench?
There is no try, only do
Ahh, Yoda's bathroom mantra...
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
The cost of complying with requests for this sort of data is not zero, and may in fact be considerable. The Agencies may do it at their own cost, but you can bet they really want the cost out of their own budgets and into someone else's.
If a company really has no way to deliver the information, impossibilium nulla obligatio (no legal obligation to do the impossible), they have no compliance costs.
Protoplasm. Quiet Protoplasm. I like quiet protoplasm.
No. You don't know what you're talking about. See, OTPs use a random 'key' the same length as the data you're encrypting. It doesn't matter if there are known fields in the data, because matching those sections tells you nothing about any other section.
OTPs have a trivial proof that they provide perfect encryption as long as the key is never reused. They're just horribly impractical for everyday use.
It can't be Apple - they download WESTERN music to your phone, without your permission, which could GET YOU KILLED.
I literally don't know the password to my phone. I know of it, and how to type it in, but even at gunpoint / threat of contempt, I couldn't tell you what it is.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
If the key (the pad) is perfectly random, then there won't be any pattern. If the key was something like the first chapter of Moby Dick, and it's known that the key is an English-language text, and something is known about the contents, then you've got some patterns to work with, and it might be possible to retrieve the plaintext (and the key, simultaneously).
If the key is perfectly random, the plaintext won't be retrievable from the ciphertext, since for any candidate plaintext that you could construct, there would be a corresponding and equally-likely key paired with it. Trial and error can't decrypt a message encrypted via random one time pad.
It is pitch black. You are likely to be eaten by a grue.
No, one time pads cannot be broken. The key and the message have the same length. You xor the key and the message to encrypt, xor again to decrypt. Since the attacker knows neither the key nor the plain text, he cannot break it even if he is an immortal whose only objective is breaking the crypto.
Then why isn't it used everywhere? Because the key needs to be as big as the message, and the key is good for only a single use. That means you cannot send a new key encrypted with the one time pad (well, you can, but it won't help you). Any clever tricks you're thinking would make the crypto weaker.
Actually, it is not. In reality, a 256 bit key can not be brute forced because of physics - especially the second law of thermodynamics. One of the results of this law is that information needs energy to be represented. In an ideal computer, the representation of one bit requires kT energy, where k is the Boltzman constant and T is the temperature. Let's assume we can operate at the average temperature of 3.2 Kelvin, the average temperature of the universe. The required energy to represent a bit in this case would be around 4.416*10-23 Joule.
The annual amount of energy that our sun emits is about 1.21*10^34 Joule. Dividing this with the per bit-change energy, we could provide power for our ideal computer to perform 2.74*10^56 bit changes. This is just about enough to have a 187-bit counter go through all its states. This does not include the energy needed for the computations to test each key (our counter state in this case) for correctness.
A 256 bit counter would require ~400.000.000.000.000.000.000 stars like our sun just to represent in the counter of our ideal computer.
Or, to say it in the words of Bruce Schneier:
"...brute force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space".
Note: I am not talking about potential attacks against the algorithms here, etc. only pointing out that encryption is definitely not ALWAYS breakable by brute force.
My blog, if you're interested: http://www.purp
One warrant canary conveys 1 bit of data. How many are allowed? Has anyone gotten away with using more than one?
It's interesting that this story hits Slashdot the same day as the story about Apple double-pinky swearing that they'll never, unh-uh, not ever unlock your iPhone for law enforcement any more.
I don't believe a fucking word. They'd throw a baby off a bridge for a $2 bump in their stock price. It's the same with any corporation, but they're closed ecosystem just means there's no way to protect yourself.
All this "canary" bullshit begs the question why, if Apple really cared one little bit about their customers, don't they just come out and say what they have to say. Apple may be one of a very small handful of corporations that actually could stand up to the surveillance regime. As far as I'm concerned, tacit complicity is worse than loud complicity. Especially when your selling yourself as someone who can be trusted with peoples' mobile payments and personal information and when you pretend you "Think Different". Remember the famous 1984 Apple ad? They are now part of the problem.
You are welcome on my lawn.
Tighten a loose bolt! I can always use a good wrench.
It's five dollars well spent, in my opinion.
How can I believe you when you tell me what I don't want to hear?
FYI Apple's privacy site is here: http://www.apple.com/privacy/p...
Of course there will be plenty of cynism here but I think it is in general a good & commendable effort for transparency. Interesting is the section on government information request:
National Security Orders from the U.S. government.
A tiny percentage of our millions of accounts is affected by national security-related requests. In the first six months of 2014, we received 250 or fewer of these requests. Though we would like to be more specific, by law this is the most precise information we are currently allowed to disclose.
No warrant canary required, it is here in the open.
So what could be the kind of thing asked taken into account the other the other privacy information on the site?
They really think you're stupid.
No, the rest of us that understand encryption think you are.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Apple double-pinky swearing that they'll never, unh-uh, not ever unlock your iPhone
That's not what they said - they said the've altered it so they CANNOT unlock your iPhone, even if they want to.
Given how the technology works, that is a quite reasonable assertion. iOS devices have had full device encryption for some time, without that key you have nothing.
All this "canary" bullshit begs the question why, if Apple really cared one little bit about their customers, don't they just come out and say what they have to say.
That just shows a misunderstanding of what companies are legally ALLOWED to say. Once you get the order you CANNOT talk about it, thus the device of the canary.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Police seize iPhone
2. Police arrest owner.
3. Police tell owner to unlock the phone.
4. Owner refuses.
5. Police grab finger, press to button/fingerprint reader.
6. Phone is unlocked.
What encryption?
How would a quantum computer change the equations?
Instead of providing just one global canary.... more canaries, so the identity of which canaries were withdrawn, could be used to help ascertain the nature of the request(s) received.
They should also provide each user their own 'custom' canary.
For example: an option to receive every month, every quarter, every week, or every day, a personalized canary statement that "Apple has never received an order under Section 215 of the USA Patriot Act which included information related to your account records. We would expect to challenge such an order if served on us."
The huge machinery behind the NSA / CIA / FBI and all those alphabet agencies wants total control, and it has the enthusiastic support of private companies such as Google, Microsoft, Apple, Cisco, amongst others
Obama? That one is but a puppet
When the term of this puppet ends, by 2016 they will have another puppet installed. But of course, they will give us an "illusive election", whereby no matter who we vote for, it will be their puppet who will be installed inside the Casa Blanca!
Viva la Maquinaria !!
Muchas Gracias, Señor Edward Snowden !
I believe that there are theoretical designs for computers (using reversible computation) that can compute without using any energy in computation. What I'm not sure about is that there's anyway to retrieve the results of the computation. (I've also got no idea of the speed of the computation. It might depend on random motions for all I can remember.)
Whatever, that's merely a theoretical quibble about your point. But then your point itself was a theoretical quibble.
The real weakness of 256 bit keys is poor implementation (of something). And you can't know that everything is properly implemented.
I think we've pushed this "anyone can grow up to be president" thing too far.
This is one of the most informative and insightful comments I've ever read on slashdot. thanks!
Some drink at the fountain of knowledge. Others just gargle.
The reference cartoon is http://xkcd.com/538/
Another reason why biometry is great to establish identity but poor for authentication.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You underestimate the stupidity of your adversary. And their sadism.
Or, in other words, just 'cause you can't confess doesn't mean the torture ends.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
It would flip a coin...
“He’s not deformed, he’s just drunk!”
It is an excerpt from Applied Cryptography by Bruce Schneier.
The full section is available on Schneier's personal blog.
You could use the data itself as key. Sure, that might make decrypting it a bit harder when you do not have the key, but it is pretty good encryption.
Don't fight for your country, if your country does not fight for you.
Won't last. Someone will forget his passcode about 8 seconds after the iOS 8 goes public. Then comes the flood of unhappy customers locked out of their unbreakably encrypted phones. "Sorry, we can't help you" won't be accepted as an answer.
That's the answer they already had to accept. The guy in the Apple Store _never_ could get your passcode. Apple in Cupertino _could_ get your passcode by brute forcing at a rate of one passcode every 80 milliseconds. They would do that if the police hands over a phone together with a search warrant, but not because a customer is too stupid.
(MacOS X uses a clever trick to reduce the number of cases: You turn on full disk encryption. At some point you will have to enter your password for the very first time, proving that you remembered it at least that far. At that point nothing is encrypted yet! Only when you demonstrate that you have actually remembered your password does the encryption start.
Which is different to anything in the past how? If the police in 1920 turned up at a lawyers and threatened to break his knees if he didn't give them all of a client's paperwork they'd have everything in minutes. As long as law enforcement can use force it can get this information.
There is however a big difference between a world in which they can get all that data secretly behind the scenes, and one in which they have to overtly threaten/force people to hand it over in person.
It would flip a coin...
Maybe it should just ask the cat.
It would flip a coin...
Maybe it should just ask the cat.
You could, but there's an even chance it's dead :)
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
Apple removed a sentence from their quarterly filings and obviously this is a sign of imminent fascist genocide.
Smart people are some of the stupidest people I've ever met.
There are two things you as a soon-to-be defendant can do:
1) Power down your phone if you believe you are about to be detained. On power-up, the device requires your passcode to unlock. TouchID doesn’t work after reboot until the passcode is entered once. You can do this without unlocking the device by holding the power & home button for 10 seconds.
2) Either before arrest while you can still surreptitiously access your phone or after when they’re trying to get your finger on the screen, use the wrong finger (one you haven’t enrolled in TouchID) or move your finger enough to smudge and get a bad read. You only get five attempts before the phone stops accepting TouchID, and you need to provide your passphrase again. If successful, the screen will say, “Touch ID does not recognize your fingerprint,” so it’s detectable to someone who knows what they’re doing, but also confirmation to you that it worked. As far as I know, there’s no timeout to this status. You will not be able to use TouchID until the passcode is entered.
Either way, TouchID is disabled and they need to get your passcode out of you. Assuming you’re still in ordinary LEO territory, a $5 wrench isn’t going to work out when it comes to admissibility. If you’re already in TLA non-citizen territory, you’re done for anyways. Your call if “making it easier on yourself” is a good play or not...
You need to understand the problem better. A quantum computer doesn't change the equations, it changes what is being searched, and the class of problem you are searching for.
WIthout being great with QM, I can tell you that quantum computers can definitely solve the class of NP Complete problems easier, but probably can't solve the set of NP Hard problems. Maybe.
Given the presence of a quantum computer and a 256 bit key, the question becomes one of "can we recognize a solution when we see it?" based upon the ability to simultaneously test all 256 bits in parallel. Depending upon the class of encryption used, the answer might be "No"
256 Bits "obviously" refers to symmetric ciphers. And more specifically these days, probably a class of them known as feistel networks, which probably aren't ...very quantum computable, although they are (often) engineered to be hardware friendly.
If it was 2048 or 4096 or more bits, it's probably referring to asymetric keys -- e.g. RSA. The factoring of numbers -- is very quantum friendly (hence you see a push to DSA algorithms). You'll never see a 256 bit RSA key (I hope) though, because even my desktop can factor something in that size pretty quickly given a sieve.
The short of it is...
"a quantum computer probably isn't interesting for a 256 bit key, because it's not the type of problem they know how to recognize" (today, at least).
If you want to exploit quantum computation, you need a way to recognize a solution immediately when you test it.