Slashdot Mirror

← Back to Stories (view on slashdot.org)

Edward Snowden Calls For Google To Side With Apple On Encryption Debate (techinsider.io)

Posted by yaelk on from the tweets-from-snowden dept.

An anonymous reader writes: Edward Snowden, the most famous whistle blower in the world, is calling for Google to side with Apple and against the FBI in the "most important tech case in a decade." On Tuesday, the FBI asked Apple to help it crack the password on an iPhone belonging to a shooter in the high profile San Bernardino case. Apple CEO Tim Cook quickly responded with a public letter denying the request, calling it "an unprecedented step which threatens the security of our customers." Google creates Android, the most-used mobile operating system for smartphones in the world. Google has been nowhere near as firm as Apple about its stance on un-compromised encryption - Android is famously an open sourced platform that anyone can modify. Snowden issued his message in a tweet.

5 of 259 comments (clear)

  1. Re:I don't have a problem with... by sims+2 · · Score: 3, Informative

    Then it's just down to hoping they were dumb enough to use a 4 digit pin.

    This is why you should have a secure password you can't rely on a password rate/try limit to protect you.

    --
    Minimum threshold fixed. Thanks!
  2. Re:Corporate States of America by amRadioHed · · Score: 5, Informative

    Apple hasn't said they couldn't cooperate, they said that they wouldn't. It seems likely there is at least something they could do if they were willing to cooperate.

    --
    We hope your rules and wisdom choke you / Now we are one in everlasting peace
  3. Re: how does Apple encode a unique device ID on ch by bill_mcgonigle · · Score: 4, Informative

    I'm not certain about Apple but the way similar tech does this is to have read/write nvram but then burn an addressable fuse on the write line so it cannot ever be written again.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  4. Re:Corporate States of America by Anubis+IV · · Score: 5, Informative

    Apple actually is capable of cooperating (in this particular case), since the relevant device is an iPhone 5c (i.e. three generations old), which pre-dates the protections provided by TouchID and the Secure Enclave. Specifically, because the iPhone 5c and earlier devices lack the Secure Enclave, it means that the OS itself is what's responsible for wiping the device after too many failed attempts and for enforcing the delay between login attempts that limits the effectiveness of brute force attacks. As such, replacing the OS installed on the device with a compromised version that has those countermeasures stripped allows the FBI to engage in brute force attacks against the user's passcode.

    Not so in later devices, where the Secure Enclave (which is essentially a separate computer in the iPhone with its own, separate OS and its own, separate memory) manages those features and stores the encryption keys, meaning that even if you have a compromised update for iOS, the Secure Enclave will still deny repeated attempts at logging in, along with destroying the keys after a set number of failed attempts.

    The FBI is asking Apple to create a custom version of iOS (which some security experts have taken to calling "FBiOS") that is intentionally and knowingly compromised. The reason they need Apple to do it is because Apple holds the keys used to sign iOS updates. So while Apple can't decrypt the iPhone directly, they are the only ones who can create a version of iOS that allows the FBI to engage in a brute force attack against the user's passcode, which can, in turn, be used to decrypt the device.

    All of which is to say, yes, Apple IS taking a stand against the FBI. Were it a later device, you might be right (though rumor in the tech press today seems to indicate that Apple is aware of a similar sort of attack which may be possible against the Secure Enclave), but this issue needs to be a line in the sand, because if the FBI can do this the implications are dire. It would mean that there's nothing stopping them from compelling private software companies to create malware versions of their software that can be used to open backdoors that otherwise wouldn't have existed. And the same legal logic that is being applied here by the FBI (i.e. the use of the All Writs Act of 1789) could be applied just as easily to compel Apple to knowingly compromise the Secure Enclave in new devices, thus creating backdoors where otherwise one would not exist. It's a broad overreach of a centuries-old law, and it needs to be stopped here and now.

  5. Re:I don't have a problem with... by barc0001 · · Score: 4, Informative

    I'll concede I was mistaken about the without a warrant portion, but I still stand by the slippery slope that will be exacerbated by cops wanting expedience. For example, when we first heard about Stingrays various law enforcement said they were only supposed to be used with a warrant. How did that go?

    https://www.techdirt.com/articles/20150823/23323932038/police-regularly-use-stingrays-without-warrant-to-find-petty-criminals-then-try-to-hide-that-fact.shtml

    http://arstechnica.com/tech-policy/2016/02/nypd-used-stingrays-over-1000-times-without-warrants-since-2008/

    http://epic.org/foia/fbi/stingray/

    Not very well.