Slashdot Mirror
18th Century Law Dredged Up To Force Decryption of Devices
Cognitive Dissident writes The Register has a story about federal prosecutors using a law signed by George Washington to force manufacturers to help law enforcement access encrypted data on devices they manufacture. The All Writs Act is a broad statute simply authorizing courts to issue any order necessary to obtain information within their jurisdiction. Quoting the Register article: "Last month, New York prosecutors successfully persuaded a judge that the ancient law could be used to force an unnamed smartphone manufacturer to help unlock a phone allegedly used in a credit card fraud case. The judge ordered the manufacturer to offer 'reasonable technical assistance' to make the phone's contents available." What will happen when this collides with Apple and Google deliberately creating encryption that they themselves cannot break?
>> authorizing courts to issue any order necessary to obtain information within their jurisdiction.
Isn't this actually contradictory to the 5th admendment?
Really, as long as only "reasonable technical assistance" is required, there is no danger. Good encryption is designed to be (practically) unbreakable unless the key is known, hence expecting somebody to break it without the key is not "reasonable" at all.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You have to accept the premise that Apple and Google can not break the encryption, or have not provided a method to break it to the authorities.
The corporate build of Apple OSX that's used by employees has a "corporate key" for filevault.
It's all smoke n mirrors IMO.
Besides what supersedes what? This law or the Constitution?
"If any question why we died, Tell them because our fathers lied."
What will happen when this collides with Apple and Google deliberately creating encryption that they themselves cannot break?
That is answered by the former quote:
The judge ordered the manufacturer to offer 'reasonable technical assistance' to make the phone's contents available.
Breaking encryption that is not breakable does not fall under any sense of the word "reasonable".
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
"New York prosecutors successfully persuaded a judge that the ancient law could be used"
The law was not sunset-ed, the law was not stricken down by another law, the law itself was not repelled on its own, the law was not stricken down by the supreme court.
So what is the problem ? Until a repell/strick down , ALL those law are still valid. Cue the shooting down welsh with a bow, but this is the basis of our judiciary process. just because a law is old does not make it invalid.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
If the encryption is real (aka, a third party isn't holding the key,or a copy of YOUR key), then they may as well deliver the order to a donkey.
So there's no threat about Apple and Google "deliberately creating encryption that they themselves cannot break", because that just means they can't help the government when they ask, much as, for instance, my dog could not help them out.
But there's a lot wrong with that sentence. They aren't creating encryption, they are writing crypto code using existing crypto algos- arguably the same thing, but still. Also, YOU, the user, will be the one encrypting it, much like you can't sue a knife manufacturer for making a sharp knife. And encryption that is "breakable" isn't really encryption by any decent standard.
The real concern isn't some ancient law trying to force the hand of companies- this will only force them further along the path of making sure that it's not THEIR data, because they lack keys, it's the USER data, go bug him. That's the logical place for them to be anyway- no one spends hundreds of dollars for a phone and then encrypts it without expecting that the encryption is actually a thing- while it's wise to supposed that government level attackers have ways to get keys, it is obviously NOT WHAT YOU WANT WHEN YOU BOUGHT IT. I mean, so there's that.
Anyway, the real concern will be NEW laws that force the companies to do this. And they wouldn't have to be federal laws- if California made some law about how you can't blah blah offer real encryption unless X, and Washington was like no real encryption unless Y, and New York was like no real encryption unless Z, then you would be pushing the companies out of too many markets, and then all the federal courts have to do is drag their feet and the feds get another full decade of Total Access To Your Own Papers And Possessions.
... This is everything that's wrong with your country... Not like the manufacturers could even decrypt the phones, unless they put in a backdoor, in which case it's not secure.
The Bill of Rights is comparably ancient. So what? Old does not mean "wrong" (unless you are a teenager in the rebellious phase)...
Makes sense to me. In fact, seems like a good — forward-compatible — law indeed...
In Soviet Washington the swamp drains you.
"1st century cipher used by Caesar dredged up to force decryption of devices."
Is it reasonable for Google to push an update to the phone in question that decrypts the phone the next time the password is entered?
Unfortunately some manufacturers may have a back door in the phones and the hardware and software already developed to exploit them for the "normal" cases of R+D and factory repairs. It would in that situation be "reasonable" for them to provide those tools or do the bypass work.
1) If you design it so you can't break it, then you can't break it, and any such law and pursuant order is moot.
2) Using said law in such manner against a defendant is simply UNCONSTITUTIONAL under the 4th. Nothing trumps the constitution.
What if a company makes a device to evade the law's ability to inspect its contents and there is suspicion of malicious or incriminating information inside?
This is an argument that will be used to create a law that will require a back door into the system.
The judge ordered the manufacturer to offer 'reasonable technical assistance' to make the phone's contents available." What will happen when this collides with Apple and Google deliberately creating encryption that they themselves cannot break?
Then the vendors won't be able to offer "reasonable technical assistance". What's so hard to understand able that? The existence of the law doesn't prevent them from creating said, unbreakable, encryption.
It must have been something you assimilated. . . .
America's modern left often argues that portions of the US Constitution can be safely ignored because it's old and was written by white dudes. Here's a (fairly calm) piece that explores that argument. (Also look up "constitution living document".)
"Is the Constitution Still Relevant?"
http://consortiumnews.com/2013...
Unfortunately, this isn't just a fringe belief: in 2010 a USA Today poll showed that 1 in 4 people no longer though the Constitution was "relevant"
http://usatoday30.usatoday.com...
Really, as long as only "reasonable technical assistance" is required, there is no danger. Good encryption is designed to be (practically) unbreakable unless the key is known, hence expecting somebody to break it without the key is not "reasonable" at all.
From a legal standpoint, the moment you assume to understand how the definition of "reasonable" will be upheld in court now or in the future is the moment you find yourself dead wrong.
Reasonable all depends on the people and money involved.
This tells us that the cryptography is working and that they're only able to access data with legal power rather than some unknown height of technical prowess.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Actually, it does not matter, because whatever perversions the legal profession has created here, Apple or Google cannot help them. Of course, most people in that field are disconnected from reality, but even they have to bow to hard facts eventually.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Yeah, well, as long as you can root an Android phone or jailbreak an iOS phone, all this talk of "encryption they themselves can't break" is hokum.
From a business point of view, nope. Any corporation would drop Androids like they're penny stocks.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
They cannot even "push" updates for normal use...
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I like the idea that well written laws will apply to anytime.
Nothing. The law requires people to give reasonable assistance to law enforcement. It does not require them to architect systems so that such reasonable assistance is fruitful. Safe manufacturers are not required to know the combinations to their devices.
authorizing courts to issue any order necessary to obtain information within their jurisdiction.
...
What will happen when this collides with Apple and Google deliberately creating encryption that they themselves cannot break?
They can just write an order demanding the NSA help them break the encryption or provide them a dump of the in-transit data they've collected. In the words of Bart Simpson, 'The system works.'
The State has the right to compel the company to break its evil spell.
"To those who are overly cautious, everything is impossible. "
The Constitution is about as strong as toilet paper these days.
Can God create encryption so strong that even he cannot break it?
I mean once they have the encrypted data... it has everything they need. It's not the Apple or Google's fault that the police can't comprehend encrypted data.
Actually, it does not matter, because whatever perversions the legal profession has created here, Apple or Google cannot help them. Of course, most people in that field are disconnected from reality, but even they have to bow to hard facts eventually.
I fully expect whatever illusions Google and Apple have about creating this "perfect" secrecy to protect the consumer will be overridden by the "need" for governments to combat terrorism.
We've certainly had plenty of our privacy and rights overridden for this "need" in the past, and continue so today.
Speaking of bowing, remember that both Apple and Google are companies that operate and do business within the United States. Like I said, I fully expect.
I'm watching this carefully, because the hardware vendors and carriers who actively resist are going to be the ones I do business with.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
When did 238 years ago became "ancient" in regards to time? Anything past 2,000 years is ancient, 228 years is more recent.
Nothing trumps the constitution.
Except physical force, which the government keeps pushing for an even more decisive monopoly on. Keep pushing that anti-gun agenda. Guns are not for self-defense against your neighbor...
And yes, you're outmatched. That's what happens when you don't push hard enough to maintain your rights. C'est la vie du damne.
What brand?
From a business point of view, nope. Any corporation would drop Androids like they're penny stocks.
Tell me about how Windows suffered by having the NSA Key embedded.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
America's modern left often argues that portions of the US Constitution can be safely ignored because it's old and was written by white dudes. Here's a (fairly calm) piece that explores that argument. (Also look up "constitution living document".)
"Is the Constitution Still Relevant?"
http://consortiumnews.com/2013... [consortiumnews.com]
Unfortunately, this isn't just a fringe belief: in 2010 a USA Today poll showed that 1 in 4 people no longer though the Constitution was "relevant"
http://usatoday30.usatoday.com... [usatoday.com]
I think you mean the right. Republicans have been trampling on the constitution since 2001. The terrorists have won.
Really, as long as only "reasonable technical assistance" is required, there is no danger. Good encryption
The Justice Department feels that having an embedded back door into the devices' crypto is very "reasonable" and has been pushing for just that. Now they need a judge to rule on their version of the word and the corporations will fall in line.
Throw in a Patriot Act gag order and some import/export barriers vis-a-vis patent wars, and let's make a bet about how many 2015 backdoors will be discovered in 2018.
This is the kind of government the voters support.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Shhh, the kiddies have never heard of that.
There are two types of people in the world: Those who crave closure
You forgot to quote "terrorism". Because that's the biggest piece of bullshit ever.
There are two types of people in the world: Those who crave closure
http://wolfstreet.com/2013/08/...
One thing I learned with going through the federal process (see my bio at The Market is not Random), is that the constitution is irrelevant and that the use of it becomes pure interpretation and loophole. I doubt that the current legal structure was anything close to the forefathers imagined, but never doubt that the governmental employees will utilize any and every loophole at its disposal to justify its actions. The oxymoron of united states government.
-------
artlu.net
What will happen when this collides with Apple and Google deliberately creating encryption that they themselves cannot break?
Nothing much. They'll provide as much assistance as they can: they'll instruct the judge that the extent of assistance available is "Sorry, it can't be done. By anyone."
A successful API design takes a mixture of software design and pedagogy.
I'm thinking the single ply 80 grit they have at gas stations.
Time to offend someone
While the courts can be quite silly, they cannot order you to sweep back the tide. If something is technically impossible within a relevant timeframe, the court will be SOL. There are plenty of cryptographers who can testify as to the practicality of breaking a good encryption scheme. Just make sure to use a good one so that a cryptographer can fairly testify to a timeframe in the hundreds of years. Even the craziest court will have to admit that there's little point in decrypting the data after all relevant parties (including the judge) will be dead.
"deliberately creating encryption that they themselves cannot break?"
Google and Apple can help them by making the encryption breakable.
So, now......if 18th century law is supposely crystal clear in that it applies to modern technology in this context, then there should be 100% no doubt that "arms" in the second amendment CLEARLY applies to state of the art modern technology in that context ---- magazine fed automatic rifles.
Can't have it both ways, libs.
America's modern left often argues that portions of the US Constitution can be safely ignored because it's old and was written by white dudes. Here's a (fairly calm) piece that explores that argument. (Also look up "constitution living document".)
Thomas Jefferson was concerned greatly about the "Tyranny of the Dead" -- that the laws and debts of dead elder generations will inhibit progress in younger generations that are facing entirely new types of problems not envisioned by the older generations. He wanted the Constitution (or at least federal law) to be effectively completely rewritten every generation -- every 18-20 years or so. You can read about it in his letters.
I would say that probably the results of that poll are not people being "stupid" and "forgetting" that the Constitution is important, but rather, evidence of a yearning that the current system is not entirely working and it needs modification. Just like we have done so 27 times in the history of the US (i.e., the Amendments). It's not relevant today, but we Amend it to be more relevant. For example, the move to get a 28th amendment that strikes down the Citizens United ruling and makes more free and fair elections (see any number of organizations: Move to Amend, WolfPAC, etc.). We know there's money in politics, and here's one proposed solution to it. Not by ignoring the constitution or laws, but actually, working the way the constitution is supposed to work! The people can call for an amendment if our national leaders do not.
I don't think I've heard anyone make the argument that they can ignore laws because old white dudes wrote them. I *have* heard that we need to change laws because they are stupid and we want to make a more perfect union, though. Don't let people like the ones that wrote the article in your link trick you into think their opinion is public opinion (its easy to spot because of the use of words like "The Left thinks blah" and "The Right does blah" -- there is no Left and Right as one huge bloc, but a spectrum of smaller groups with differing opinions, and even if it was one big bloc, who is this author to be able to speak for half the country? I've never heard of him.).
I'm not that worried. I think when our current leaders that have been in office for 30+ years finally retire or are voted out as the younger generation comes up, we will see laws and constitutional amendments that fix problems. Not ignored, fixed.
My (probably harebrained) idea of the day:
Some folks have long discussed putting more expiration dates on laws. Situations like this show why.
All existing laws lacking expiration dates should be given one. Perhaps 50 years from now, since politicians like to kick the can down the road. New laws without expiration dates should then only be permitted when passed by a supermajority.
Unfortunately, even if this works in theory, it would require a constitutional amendment to have any teeth. Good luck with that.
I thought someone would point out the 200 year old law should be reworked on it's age alone. Especially since the even older copyright laws got such an update...
HungryHobo's Slashdot Law:
If there's an insane way to apply a law which everyone dismisses as "nobody would ever apply it like that" then you can bet your ass it will be abused exactly like that.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
What's the alternative? It's not like most companies could easily dump MS.
They can, though, dump Android fairly easily.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
How much does it cost to create that update? Considering the time and money involved, I'd say that no, it isn't.
XDInd
How is this law consistent with Boyd v. United States, 116 U.S. 616 (1886), and Fisher v. United States, 425 U.S. 391 (1976), which held “the Fifth Amendment applies when the accused is compelled to make a testimonial communication that is incriminating..”?
Google and Apple can help them by making the encryption breakable.
Nope, that battle has already been fought. That would constitute compelled speech.
They can compel the company to provide information (such as source code) for their current data. Subpoenas have been doing that for decades.
They can compel the company to help them perform certain research.
They can even use NSLs to compel the company to intercept certain communications.
But at least so far, they cannot compel the company to modify their product to become defective.They still need to do that themselves, commonly by intercepting shipments or less commonly modifying chips inside the supply chain. Note that both routes are considered clandestine, they don't compel the business to intentionally release a faulty product, instead they just sabotage the results.
//TODO: Think of witty sig statement
Self-incriminating information which can be used as testimony, however, is not within any court's jurisdiction as per the 5th amendment.
Under the Data Treaties signed with Canada and the EU, citizens of those countries have protections for their civil rights in America.
Americans don't.
Wake up and smell the Epic Fail.
-- Tigger warning: This post may contain tiggers! --
You give them the source code and say have at it.
Seems pretty simple to me.
This is SO LAST THANKSGIVING DAY, gentlemen.
http://gizmodo.com/the-doj-used-225-year-old-law-to-bypass-a-phones-passwo-1664063536
http://blogs.wsj.com/digits/2014/11/25/case-suggests-how-government-may-get-around-phone-encryption/
Respectfully,
Legal.Troll
Breaking encryption that is not breakable does not fall under any sense of the word "reasonable".
But it is breakable. The encryption relies on a password or PIN. Since people tend to enter things that are less than 12 digits, decryption is trivial brute force.
http://www.youtube.com/watch?v...
If your code is not like this one, your encryption will be weaker.
And no, using finger print as input instead of password is even weaker if you are in custody. I'll leave it as an exercise to the reader to understand this point.
You forgot to quote "terrorism". Because that's the biggest piece of bullshit ever.
I would, but I've heard that discussing terrorism and implying that it has been artificially inflated in any way is in fact an act of terrorism itself...
...not that anyone has ever overreacted with massive sweeping policy in the face of "terror" before...
Without my password? Not trivial.
Are you saying that my phone can't unencrypt my device when I enter my password now?
"Ignorance more frequently begets confidence than does knowledge"
- Charles Darwin
and we can help ourselves by using s second layer of encryption.
I'm concerned that "reasonable technical assistance" may transform into "you are required to have a backdoor for law enforcement access."
All they have to accomplish is to push a trusted keylogger, or a similar piece of software to the individual phone, or set of phones specified within a warrant. That should be well within the word "reasonable."
You think companies will just fall in line? I feel like many of them would simply pick up shop and leave the US. There are plenty other business friendly countries around the world, and these businesses know that such a backdoor would be a death knell for much of their domestic business, let alone their international business. You see how much damage just rumors that such a backdoor might possibly exist maybe, probably not but just maybe, has done to the international standing of many of these companies. The big boys understand that they depend on this international business to really rake in the profits, and they know that certain things would destroy them. This is one of those things, and if you think they would go down without a fight, then you're sorely mistaken.
The courts cannot force them to retrieve data that is locked by 'unbreakable' encryption. In theory, the courts should not be allowed to, a priori, ask them to not make 'unbreakable' encryption either.
In practice...
Is there any actual evidence that registry key actually had something to do with the NSA? I thought that was urban legend. I didn't hear about it from any of the Snowden releases. All of the stuff we did hear about make something like a registry key look childish compared to the actual exploits the NSA uses.
In any case, the limitations of Windows encryption were well know, and did limit its uptake, but BitLocker is still fine for most people to protect their laptops, as Microsoft can't decrypt it. Your domain admin can, but that's a feature Or at least it is to the domain admins who choose to roll it out).
Socialism: a lie told by totalitarians and believed by fools.
Even if we could trust the Justice Department 100% with a backdoor into every crypto system developed (and this is one HUGE "if"), having a backdoor would provide hackers the chance to break into the crypto systems also. Do you think having a side entrance of a building will keep thieves out because you hung a "For Government Use Only" sign on it or because you painted the door to kind-of-sort-of look like the wall to hide it?
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
What will happen when this collides with Apple and Google deliberately creating encryption that they themselves cannot break?
This seems pretty obvious, and I'm not sure why this was even asked. If Apple and Google do not posses a way to decrypt something, how can the courts force them to turn over something they don't have?
America's wingnuts often pass around chestnuts of "wisdom" like this and slap each other on the back for how clever they are.
Nevermind the "living Constitution" stuff is what considers your emails to be your "papers" and thus subject to the same protections from government searches.
Still think you're clever? Want to go on being all literalist? Explain how the U.S. Air Force is Constitutional, since Congress "only" has the authority to fund an Army and a Navy under a literal reading of Article I, Section 8.
Step 1) Hire an intern, preferably from a local community college.
Step 2) Assign him the task of attempting to crack the encryption on phones as required by court order.
Step 3) Tell legal for forward these court orders to him, and wish both him and the law enforcement agencies the best of luck in getting the data.
What's the alternative? Start supporting better OS delelopers?
If a tame product is open to outside gov, mil, ex gov and mil staff and former gov and mil staff consider other software options.
Domestic spying is now "Benign Information Gathering"
Yes the backend to any tame service sold to the public will always be open to a court or law enforcement officials who can use parallel construction to get needed court paperwork.
Domestic spying is now "Benign Information Gathering"
America's modern left often argues that portions of the US Constitution can be safely ignored because it's old and was written by white dudes. Here's a (fairly calm) piece that explores that argument. (Also look up "constitution living document".)
"Is the Constitution Still Relevant?"
http://consortiumnews.com/2013...
Unfortunately, this isn't just a fringe belief: in 2010 a USA Today poll showed that 1 in 4 people no longer though the Constitution was "relevant"
http://usatoday30.usatoday.com...
By mongering against "the Left" you are opening yourself to being manipulated by wealthy elites (who really don't care about left or right, just more power and money at our expense).
The real dichotomy is the .01% vs the rest of us - the haves vs. the have-nots.
Make sure everyone's vote counts: Verified Voting
This tells us that the cryptography is working and that they're only able to access data with legal power rather than some unknown height of technical prowess.
Oh, not necessarily, there is also the need for parallel construction [1] - i.e., coming up with some plausible way that someone *could* have found the defendant guilty, while really relying on secret and/or technically illegal means for doing the real discovery.
[1] http://en.wikipedia.org/wiki/P...
Make sure everyone's vote counts: Verified Voting
"Welp, invest in a huge super computer and crack the encryption."
Sounds good to me.
Fuck the police.
What will happen when this collides with Apple and Google deliberately creating encryption that they themselves cannot break?
How will it "collide"? They'll do what they can to assist with the decryption, which is nothing, and there will be no collision.
vi ~/.emacs # I'm probably going to Hell for this.
Your comfortable conclusion is only valid in the short term. Eventually one of the following will occur:
1). The $5 wrench will be used on the person possessing the encrypted device or data;
2). The definition of "reasonable" will change. In favour of the authorities;
3). Device manufacturers will be required to end all encryption support (unlikely as that is too visible), or create encryption backdoors, or weaken the encryption to a level the TLAs can break.
These are not mutually exclusive options.
Nice idea. But in a dog-eat-dog corporate world, there's no room for such folly.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Which is why some people will have their projects hosted outside the U.S. This will lead to the "big bags of cash" circumvention method, which can be mitigated by the many eyes validation method, which can be circumvented by the "more big bags of cash" method, etc. The question is, which will run out of first - the big bags of cash, or the qualified eyes?
Sure I'm paranoid, but am I paranoid enough?
All the courts offer is the understanding that parts of the network or product have to be voice or plain text ready.
That skill is in the hands of many ex and former mil and gov staff.
Trusting tame standards lets many people have that same network or product access.
Domestic spying is now "Benign Information Gathering"
The reasonable thing is to supply the encryption algorithm, whitening and key size and then tell them to use their own hardware to brute force it. This is no law against an unbreakable lock that requires you to supply a master key, it means reasonable aid in recovering the data. And it is not reasonable to hire the 100 top mathematicians in the world and pay them for decades without certain success or expend billions of dollars for hardware to brute force it so again if the court asks then it is for example "AES-256 with such and such ciphermode. We do have the phone number for NSA they might be able to help you better than we can.". What you can't say is fuck you we can't or won't help you.
Funny how feds take any star bossible to spy on citizens. Even laws that were made in time none had even imagined device like modern smart phone...
That was based on a single reporter taking something out of context, then in his own words "using a little imagination" to make a backdoor into windows. Its nothing more than a conspiracy theory that sees boogymen everywhere. The stuff he took out of context was cautioning about the risks of a TPM failure that could brick a machine, not about any backdoor.
I'm amazed that they still feel the need for a law, an explanation or even an excuse. I wonder how long we have left until it's "give us what we want or we'll imprison, torture and kill your family" time.
Really, as long as only "reasonable technical assistance" is required, there is no danger. Good encryption is designed to be (practically) unbreakable unless the key is known, hence expecting somebody to break it without the key is not "reasonable" at all.
The four digit passcode on an iPhone is "safe enough" because only software signed by Apple can take a passcode and try to use it to unlock a phone, and the Apple-signed software on your iPhone doesn't allow a practical brute force attack. Apple could however create its own software to do a brute force attack if they have your iPhone and crack it, which they used to do if the police handed them a warrant and a phone (doesn't work with random eight digit or mixed digit/letter code because it takes too long). Apparently Apple changed this system so even Apple cannot brute force your iPhone anymore.
The Justice Department feels that having an embedded back door into the devices' crypto is very "reasonable" and has been pushing for just that. Now they need a judge to rule on their version of the word and the corporations will fall in line.
That might be reasonable if say Apple could add a backdoor to the phone of a suspected criminal. But Apple can't do that, and adding a backdoor or the ability of adding a backdoor to the phones of millions of law-abiding citizens, including our honourable and law-abiding judges, politicians etc. , nobody can force Apple to do this.
Hmm. I am doubtful about a 4 digit PIN not being brute-forcerceable. If they have managed that, then they have managed to make cloning the phone impossible (the hard part) and making it lock itself permanently after a few wrong tries (the easy part). Will be interesting to see what comes out when the first good security-hacker takes a look at this system.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You misunderstand the situation. The court can only demand help after the fact, not before. Before would be demanding that security of the device be lowered, i.e. that Apple makes a defective device. They cannot do that. But this really shows what level we are on here: For really dangerous people, they can have the NSA hack the phone, not even a warrant required. This here is about small-time criminals where the police just does a raid and confiscates the phone with no attack on the phone before because that would be too much effort. All that bluster about the dangers from them not being able to unlock a phone in that situation is just a direct lie, as these situations are not that severe.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Indeed.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
What about Skype?
So, what keeps you from having your own encryption on a second password?
A shovel , used properly, is for digging. That doesn't mean improperly used, it can't perform as well as a club...
Given the parents quote from the summary, the real question isn't about the use Act itself, but its application, and about what is within the jurisdiction of the courts. I doubt any reasonable person would say "everything", and many might argue that encrypted personal content on a personal phone is not.
Presumably their case was so weak they couldn't use many of the other means necessary that already exist to obtain information, otherwise they wouldn't have used the archaic Act in the first place.
How does one get around "All Writs Act". Essentially you don't! Functionally you and some conspirator have a agreement to use some form of encryption that may or may not be already broken by some TLAs. When the TLA shows up at your door you MUST decode the message or go to jail. This process absolves anyone else; hardware, software, application, etc. from Gov. action. You and your conspirator become the responsible party. Essentially one must leave the jurisdiction of the TLA that would be interested in your communications. Bye - bye!
Using the law against a defendant would be arguably requiring self-incrimination, and that violates the Fifth. Using the law to compel a company to decrypt something that doesn't reveal their own possible guilt would be a search, which is allowed under the Fourth under certain circumstances.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
So no businesses use Android today?
Dude, got news for you: all cellphones sold in the USSA are p0wned by law (CALEA). If they need to ask you for the password, you just haven't pissed of the right part of the Gestapo yet.
You only need to code the backdoor once, plus a little maintenance to keep it working with each new Android version. Then you can bill fedgov $$$ every time you use it at their behest to search & seize the personal documents of an American subject.
Nothing trumps the constitution.
Except the Supine Court!
I fully expect whatever illusions Google and Apple have about creating this "perfect" secrecy to protect the consumer will be overridden by the "need" for governments to combat terrorism.
Quick way to tell if your communications are "perfectly" secret: Look around, is there an FBI man physically tailing you? No? Okay, that's a good indication you don't have the knowledge/skills to do actually-secure communications.
Yer dreamin', bro.
In fact, that's not the case.
Good encryption is unbreakable. There's nuances, but that's a good summary.
The issue is, there's a lot of ways to make your strong algo shit with a bad implementation. For instance, it shouldn't be too hard to keylog your password on a phone, nor would it be out of line to simply copy the RAM via some physical intrusion for the devices that rely on "we blank the device after some number of attempts because your key is like 4 digits and would be trivial to brute force",