Slashdot Mirror
Apple To FBI: Encryption Rules Out Handing Over iMessage Data In Real Time
Mark Wilson writes that Apple has balked at a court order to provide the FBI with the contents of text messages among users of its iMessage service, claiming that the encryption it uses to protect these messages makes handing over the messages themselves impossible. From the article: The Justice Department obtained a court order that required Apple to provide real time access to text messages sent between suspects in an investigation involving guns and drugs. Apple has responded by saying that the fact iMessage is encrypted means that it is simply not able to comply with the order. The stand-off between the US government and Apple could last for some time as neither side is willing — or possibly able — to back down.
... give them what they are asking for? Just hand over the encrypted data and say "good luck with that".
This is an ex-parrot!
for the BFI
Encryption Rules Out Handing Over iMessage Data In Real Time
Beautiful. This is as it should be.
As I understand the iMessage, Apple hides some of the key selection process from end users. (This is considered a good thing - without it, fewer people would use it because it would be like using PGP.) If Apple was compelled, they could also encrypt outgoing messages with one of the FBI's public keys and either send the same message across the wire (where the FBI could pick it up) or send a second message encrypted just for the FBI to the FBI. Either method would be discoverable, but Apple could paper over that issue in its interface because it controls the software. (Apple could also limit the discoverability of such a "feature" by using its phone home key request to request the FBI's key for and encrypt only certain monitored people's communications - that way most security experts WOULDN'T see a change.)
Long story short, Apple COULD provide real-time access to encrypted messages, but it would take a little work to sneak that in, and eventually someone would find it.
Pretty well defines what is good.
Once the industrialized countries outlaw encryption, I don't know how the banking system can survive.
But, of course, the US govt. will continue using encryption for their docs.
I hate to add this but to be truthful Apple can comply if the iMessage is a group message using their cloud based keychain. Since Apple controls which public keys are associated with which participant there is no reason they could not insert an extra one for which they themself have the corresponding private key.
That is assuming they could make the UI hide the extra iMessage recipient line.
See: https://www.grc.com/sn/sn-448.... for further info and some interesting other stuff about the IOS security model.
We'll finally get to see what "impossible" really means if said by a software company. As in "It is impossible to unbundle IE from Windows".
Anyone holding a bet that this impossible mission will be made possible?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Is the change official? Over here it's still "or else the terrorists win".
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
... from Apple ? Making all Android-based vendors look like bad guys, while making themselves look like good guys. Maybe it will help sales as well.
Also, "Black-box" testing uncovers several ways the NSA could tap iMessage (from 2013)
http://arstechnica.com/securit...
Just send the encrypted messages. That way you're complying with the order.
Apple knows good and well that the DoJ could easily fool some ignorant/fascist Judge to conclude that Apple was being "unresponsive" to the Request, or even worse, was deliberately "Obstructing Justice".
Isn't this wonderful? From the Fourth Amendment, we now have a situation where Privacy == Obstruction.
How in the FUCK did THAT happen?!?
...is if court decides to sanction Apple. After all, there's a lot of money in Apple's coffers which the court could use to incentivise Apple do doing its bidding or risk losing. Of course, Apple will appeal any such sanction but it could have a massive impact on the stock price in the mean time...and could cause Apple to rethink its cash reserves.
Just saying...
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
According to the article:
Despite a court order instructing the company to hand over text conversations between iMessage accounts to the FBI,
How was the court order to do this obtained? Is the FBI investigating someone? Is there some other case in progress?
In the end, government will get its way. Sadly. This is the world we live in. It's going to end up "for the children".
Stop being a defeatist. Apple has smarter lawyers than the Gummint, and just wait until the Amicus Briefs start flying. Since this has already been elevated into the public attention, expect some "strange bedfellows" to come to Apple's defense.
The FBI needs to start hiring smarter people who understand how technology works.
#DeleteChrome
If the FBI really wants access, they could get an NSL issued, forcing apple to comply by compromising their own system..and they couldn't tell their customers about it.
Until this is fixed, there's no way in hell I will believe any grandstanding on the part of any vendor.
How in the FUCK did THAT happen?!?
The voters keep reelecting corrupt politicians. How could it NOT happen??!
“He’s not deformed, he’s just drunk!”
Isn't this wonderful? From the Fourth Amendment, we now have a situation where Privacy == Obstruction. How in the FUCK did THAT happen?!?
Because the Fourth Amendment doesn't guarantee you absolute privacy, it grants "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures", meaning until a court has issued an order to grant such access "upon probable cause". In this case the court issues such an order. The question is, given the circumstances, what Apple is legally required to do. Hint: they are not required to change their software to create the ability for the government to get access, only to give the government what they already have access to.
You are confusing the literal meaning of impossible with the pragmatic meaning. People would say it is impossible to walk through a concrete wall, but quantum mechanics says it is possible, just so unlikely that it counts as impossible from a practical standpoint.
Actually, I'm surprised they still feel somewhat obliged to justify anything. We're past the stage they should actually say "shut up and comply or we'll kill you and your family".
Human beings rationalize. It's not like the intelligence agencies take away your privacy rights because they're trying to be the bad guys--they're trying to be the good guys and save everyone and go after the big bad criminals, it's just that their profession gives them a really warped view of what privacy should look like and the consequences of losing it. Basically they trust themselves with your information so most of them don't seriously believe or really understand how much of a threat it is to democracy for a government force operating mostly in secret to have that information.
It's a little like trying to make today's Americans understand the vitriol of the Protestant-Catholic wars, or the Sunni-Shiite divide. There's no real frame of reference or an inability to project that frame of reference onto the conflict.
I wonder if these fights are just disinformation to try to convince criminals/terrorists that they can use iMessage. The government lets a criminal get away with it in a case they don't really care about or can convict them without it anyways and makes a lot of press, and then has access to it in all the cases they do care about.
iMessage is designed with warrants in mind if you read over the protocol documentation. Each device has its own key and is tied to your Apple Id. If you have a iPhone, a Macbook, and an iPad each device has its own encryption key. When someone sends you an iMessage, Apples sends them the public key for each of the 3 devices and then the encrypted message is sent to each device which uses its private key to decrypt the message.
When a warrant is issued, all Apple has to do is add a 4th, "FBI device" to your Apple Id and anyone sending you an iMessage also gets encrypted with that key.
As Apple controls the user interface and they provide no way to view how many keys an iMessage is being encrypted with, there is no easy way to see if an extra key for ease-dropping is being used. There may be ways if one monitored the size of the traffic, but I am not aware of that work being done. Anyone who had the need to make sure they weren't being spied on by the government, wouldn't use iMessage.
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
Apple *is* able to hand over the messages, but is legally obliged to maintain appearances toward the public that it can't though a theatrical court process ?
This is paranoid, but is there any way to disprove this theory ?
How in the FUCK did THAT happen?!?
The voters have no choices BUT corrupt politicians. How could it NOT happen??!
FTFY!
Bullshit. They have primaries, and a process for putting anybody on the ballot they want. Voters are just lazy and submissive, and antipathic towards each other.
“He’s not deformed, he’s just drunk!”
If I had said "it's not impossible because you can guess the 256-bit decryption key and be lucky" you'd have a point, but P=NP is not a pragmatic impossibility, it is very possible. Wikipedia reports a poll of 151 researchers in 2012 placing the probability somewhere between 9% and 17%.
No one today has publicly shown a way to decode the encryption method used by Apple, so pragmatically (meaning what is reasonable to expect or demand), it is considered impossible for Apple to comply with giving the FBI "real time access to text messages sent" by iMessage. Whether P=NP or not, until the encryption method is broken, the FBI demand can be considered "impossible" since Apple has no way today to comply.
Shouldn't they be seizing and searching the person, not Apple?. If I write an encrypted letter with pencil and paper and send it via the Post (or an encrypted drive by Fedex), should they have to concern themselves with transporting encrypted data?
to provide those iMessages as they happen.
And how would you like your copy of those encrypted messages delivered?
Bullshit. They have primaries, and a process for putting anybody on the ballot they want. Voters are just lazy and submissive, and antipathic towards each other.
Yes, the primaries, where we get to choose between a small group of pre-vetted candidates, thus giving us the illusion of choice.
Similar to the upcoming US election results
No way would the FBI want to do this, since it would set the precedent that surrendering the encryption key to that data would be self incrimination.
They have a vested interest in the encrypted data being treated as legally the same as the unencrypted data, since they don't want legal precedent for a fifth amendment defence on encryption keys being ruled on by a court. There's no solid case law on that one way or the other right now.
They should just hand over the encrypted data. Technically that counts as handing them the messages.
With enough signatures you can put anyone you want on the ballot. The voters decide, not the money, not the crooks. Following the money for convenience is their free choice. Stop trying to make excuses and passing blame.
“He’s not deformed, he’s just drunk!”
No way would the FBI want to do this, since it would set the precedent that surrendering the encryption key to that data would be self incrimination.
They have a vested interest in the encrypted data being treated as legally the same as the unencrypted data, since they don't want legal precedent for a fifth amendment defence on encryption keys being ruled on by a court. There's no solid case law on that one way or the other right now.
Great! I believe you are right on in your analysis.
Then Apple can just hand over the encrypted messages and say "We responded fully". Cool.
...or this is just a giant rouse to convince us all the iMessage is an end-to-end, secure, PKI system that we should all trust, when this may not be true at all. Very hard to tell if it is a closed-source system which is not publicly auditable. Would you trust it with your secrets? I wouldn't (if I had any).
If these work similar to BlackBerry and BIS did, the key's are on the device itself, and the public key is registered with the iMessage service. When a message is sent to another party it is encrypted with their public key. The matching private key is not in apples possession, it is on a chip in the other parties phone. If this chip was designed correctly, there is no way to extract the private key without disassembling it. So legitimately, Apple may not be able to service this request.
That is EXACTLY how it works.
My father and his friends all worked for Big Blue during their golden years selling/installing mainframes and I've had a PC in the house my entire life. Never once have I ever considering paying for over-hyped over-priced Apple "toys" until now. I simply cannot ignore the facts anymore that Apple makes the best phones on the market with sound security while Android and Windows erode away, and articles like this go a long way towards making me feel confident about my purchase. I'm very impressed with my 5s.
So, stick your other foot in the water and buy a MacBook Pro and run OS X on it. You'll wonder why you ever waited this long. Trust me.
This is good propaganda for Apple. I don't believe it.
The security of the iDevice is stunningly bad, and has been for years. It has more holes than swiss cheese. If a 3-letter agency wants data from a device, they barely have to ask.
If I were a 3-letter agency, I would use a ploy like this to tempt terrorists or wanna-be's to feel special using something amazingly insecure.
Prove ANY of that. I'll wait.
You are using the basic assumption that there are only two parties.
If more people voted third party we could crash the US electoral system and force change. Our electoral system is built around a 2 party system, if a third or forth party takes major shares the system would collapse and have to be revised to a system that accepted more than 2 parties and in the process we would gut the oligarch system that's based on two political parties. The result would be an electoral system where minority parties and less popular views have a voice and actual power.
Don't be so sure about what Apple is required to do. The phone companies were required to build in phone tapping capacity at unbelievable levels (the police can tap something like 1/3 of all phones simultaneously). Congress could very well force Apple to make the changes you suggest they can't or the Justice department might even be able to convince the courts that the telephone tapping law applies to data as well (creating an end run around congress).
There are already precedents on the books treating encryption keys like keys to a safe. This precedent makes it obstruction of justice to refuse to hand them over, allowing the court to hold you in contempt and basically incarcerate you for life.
Trivially? No. But any encryption can be defeated eventually, by trying all possible keys. It's just that could take so long the universe will have died by then. So not "real" time.
Are any nations recalling, banning, deep in talks to ensure the next generation of telco products finally meet their mil/gov interception needs? :)
The products are for sale around the world and follow on from been what was Communications Assistance for Law Enforcement Act (CALEA) acceptable for years.
No nation, city, parishes, state, province have issues with any product on sale. Every interesting call reverts to voice for a voice print, every text message is logged just as the national standards set out to have a cell phone product for sale. Images and gps are no problem, as sold cpypto does not exist for any gov.
Entering a message on the hardware in the system and having a 3rd party application secure it is still expecting a software layer to save a user from the device hardware and software as sold. Create all the app crypto and sell it to users, export it, give it away free, govs and mil are still not banning the sale of the devices.
Still getting all the voice, plain text as entered/displayed, images, gps as always no matter the 3rd party application level 'programming'. The setting out of CALEA https://en.wikipedia.org/wiki/... was clear. A device for sale in the USA would have to be built-in surveillance ready at the carriers and manufacturers level. Also note the use of Trusted Third Parties on the networks and the need for real-time surveillance
Domestic spying is now "Benign Information Gathering"
Still getting all the voice, plain text as entered/displayed, images, gps as always no matter the 3rd party application level 'programming'. The setting out of CALEA https://en.wikipedia.org/wiki/... [wikipedia.org] was clear. A device for sale in the USA would have to be built-in surveillance ready at the carriers and manufacturers level. Also note the use of Trusted Third Parties on the networks and the need for real-time surveillance :)
And what does any of this have to do with Apple?
The Digital Telephony Act of 1994 and CALEA were both, IIRC, aimed not at the producers of "handsets", such as the iPhone and Android phone; but rather the manufacturers of "Telco" equipment, such as you would find in a "CO" (Central Office). None of the equipment in question is under the control of an End-User; but rather is the property of, and under the direct control of, your friendly neighborhood Telco or Wireless Carrier.
IOW, stuff that is way outside of Apple's product line.
Tempting but I've been a core PC gamer all my life. If one day Macs surpass PCs in gaming them perhaps.... but baby steps first, and the phone is a nice start.
Just wait. You've already put on the Halo... ;-)
...there upon the wall was a print of Albert Einstein standing by a chalk board with a tiny apple logo in the corner besides the words "Think Different." I took another sip and muddled over the message behind such a profound image as it connected with me how I was experiencing so many things that evening that opened my eyes
LOL. I guess ya gotta take your revelations where and how ya get 'em!!!
But that's an iconic poster, for sure, and EXACTLY exemplifies Apple's corporate attitude, it's ability to tap into the inner hopes and dreams of us ordinary people, without being condescending, high-handed, or in any way disrespectful.
magna carta isnt germanic, it's norman.
Precedents in the US are mixed, but it seems that you may be ordered to hand over or enter keys to reveal what you are known to have. I haven't seen decisions ordering the handing over of keys to reveal stuff that might or might not be there, but IANAL. However, you cannot be required to hand over what you don't have and can show you don't have.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
key's
keys
apples
apple's
Happy to Help.
P=NP would not mean that any particular NP problem could be solved before the heat death of the Universe. What it would essentially mean is that, if k is the key length, there would be a solution in a*k^b steps. If either a or b were sufficiently large, the algorithm would be no more practical for reasonably sized key lengths than brute force, meaning that even having P=NP is not itself enough to create any sort of practical possibility.
In general, for problems we've found to be in P, the coefficients are usually reasonable, and a polynomial-time solution is usually more or less reasonable. That's experience, though, and not universal, and not applicable to problems we may later find are in P.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
From the bottom of the article:
âoeApple is standing by its decision to implement end-to-end encryption, having conceded only to hand over the content of some messages to the FBI, rather than providing real time access as requested.â
If it can hand over the content of some messages then surely that implies that Apple has the ability to decrypt people's iMessages. Does Apple have its own back-door / master key?
I used to have a better sig than this, but I got tired of it
If a non-corrupt politician could be selected in the primaries, then they would be carefully selected ahead of time. It is turtles, err, general elections all the way down.
While I would like to think otherwise, The Matrix only included this theme by accident.
When I worked election security in Southern California, I discovered that they did not even *count* the third party votes never mind any write in candidates. I have no idea where the numbers reported to the news came from but it was not from counting.
They are not required to change their software because of a warrant but there are other procedures. The legislature could pass a law or there is another type of court order (I forget what it is called) which could be used to compel Apple to do the same thing.
I was thinking of the All Writs Act:
https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...
So how would this work if Forward Secrecy is used? Then there is no recorded encryption key to reveal. Contempt of court cannot be used to order the impossible.
Since the United States Supreme Court has ruled that "limited times" includes any duration which can be specified, any brute force attack may be conducted within a "limited time".
The government should get to it and stop complaining. It will only take a "limited time" to decrypt the ciphertext.
The government can change the rules (laws), has unlimited funds, and extended litigation provides employment. How much would Apple have to gain or lose to compromise their system? How much more than the 10 million dollars RSA accepted?
Or the government could give the same treatment to Apple that they gave to Quest. Maybe Tim Cook could have the same cell Joseph Nacchio had.