Godfather Of Encryption Explains Why Apple Should Help The FBI

An anonymous reader writes: Famed cryptographer and Turing Award winner, Adi Shamir, has an interesting if not surprising take on Apple's current legal tussle with the FBI. While speaking on a panel at RSA Conference 2016 earlier this week, the man who helped co-invent the vaunted RSA algorithm (he's the 'S' in RSA) explained why he sides with the FBI as it pertains to the San Bernardino shooter's locked iPhone. It has nothing to do with placing trapdoors on millions of phones around the world," Shamir explained. "This is a case where it's clear those people are guilty. They are dead; their constitutional rights are not involved. This is a major crime where 14 people were killed. The phone is intact. All of this aligns in favor of the FBI." Shamir continued, "even though Apple has helped in countless cases, they decided not to comply this time. My advice is that they comply this time and wait for a better test case to fight where the case is not so clearly in favor of the FBI."

What a crock

[zieroh]

What a crock full of shit.

Re:What a crock

And from someone who really ought to know better.

What this tells me is that being the "Godfather of Encryption" is not mutually exclusive with being a dunce on operational security.

Waiting for a future, better case would sure end up looking foolish when the government argues, "What's the problem? You agreed to do this exact same thing before, in the San Bernardino case..."

Re:What a crock

[rtb61]

Well to be accurate he is on the payroll of Weizmann Institute of Science https://en.wikipedia.org/wiki/.... So rather than being on the FBI payroll he is more likely on the Mossad payroll and actually spends most of his time specialising in "Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can affect the resultant difference at the output. In the case of a block cipher, it refers to a set of techniques for tracing differences through the network of transformations, discovering where the cipher exhibits non-random behaviour, and exploiting such properties to recover the secret key." https://en.wikipedia.org/wiki/... ie breaking encryption. So yeah, self serving dick wants to make his life easier, so basically what ever he says, do the fucking opposite and do not trust anything from him.

Re: What a crock

[nytes]

No, it's about the other 14 iPhones the FBI has lined up behind it, and the 175 iPhones New York city has after those, and so on.

Re:What a crock

That's only one opinion. Ron Rivest, the R in RSA, disagrees with Shamir over this one. As the S in the abbreviation, Shamir is the man in the middle.

Re:What a crock

[Shoten]

And from someone who really ought to know better.

What this tells me is that being the "Godfather of Encryption" is not mutually exclusive with being a dunce on operational security.

Waiting for a future, better case would sure end up looking foolish when the government argues, "What's the problem? You agreed to do this exact same thing before, in the San Bernardino case..."

Should he know better? I'm not sure. On one hand, Shamir is really good at math. But math has almost nothing to do with Constitutional law, which is what this is really about.

There's a big difference between who can create/build a certain technology, and who should be trusted with knowing how and when to use it. A lot of people conflate the two, but they are incredibly different skillsets.

Re: What a crock

[Shoten]

Only if you're an idiot. It's only about the one phone until precedent is made.

This.

And Apple's statement to this effect has already been proven true...for there are multiple cases where the FBI has asked for "just this one phone" to be unlocked in this manner. There are literally more than a dozen parallel efforts, in addition to this one particularly high-profile one, to get this to happen.

Re: What a crock

[plover]

Shamir is also being disingenuous when he said, "even though Apple has helped in countless cases, they decided not to comply this time." Apple's cooperation in the prior cases was in recovering unencrypted data. They have never provided a way to decrypt data when they don't have the keys, or recover keys locked in the secure enclave.

Re:What a crock

[Solandri]

Yeah, because MGM vs. Grokster and Capitol Records vs. Thomas-Rasset did so much to advance the cause of filesharing rights vs IP law.

You want a good case which burns away irrelevant fluff and centers the issue solely on the principles at stake. If you pick a bad case, the court could decide against you based on that fluff, inadvertently setting a precedent which influences the balance of those principles. The principles at stake in this case (or what people are hoping this case will be about) are an individual's right to privacy and a company's right of self-determination against government coercion, vs. the government's duty to keep society safe. Here are the flaws I can see with this case:

• Privacy rights and the 4th Amendment aren't relevant. It's not the shooter's phone. The phone belongs to the San Bernardino County government.
• The shooter was indisputably guilty of the crime. You want the test case to highlight how the power the government is asking for could be abused, not one which validates the government's argument. That way the rights violation is real while the benefit the government is arguing for is hypothetical. Not the other way around.
• Even if you argue that the shooter's privacy is somehow relevant, he's dead. It's questionable if or to what extent privacy rights survive after your death. If we're going to have a test case about privacy rights after death, I'd rather it be of an innocent guy wrongly accused by the government and his reputation consequently smeared. Not some guy who was indisputably guilty.
• The shooter was a terrorist, and his victims were innocent. I wish this weren't a factor, but it is. The best way to get a guy off a murder charge is to convince the jury that the victim deserved to die. The polls showing a slim majority of Americans supporting the FBI in this wouldn't be coming out that way if this were the FBI asking Apple to help it break into some grandmother's phone because she might have poisoned an axe murderer who hacked her grandkids to bits.
• The strongest argument supporting Apple in this case is that the government cannot coerce an individual or company to do something against their will. Well, the exceptions to that in general law are pretty much all tied to a state of war or national emergencies. People can be drafted into military service. Stores' inventories can be confiscated for redistribution as the government sees fit. This being a terrorism case comes uncomfortably close to meeting that criterion.

Waiting for a future, better case would sure end up looking foolish when the government argues, "What's the problem? You agreed to do this exact same thing before, in the San Bernardino case..."

All the points I listed above can be used to refute that argument. That's why this is a bad case. Heck, even the recent New York case (defendant is a drug dealer, but he is the phone's owner, and he didn't kill anyone) is a better case.

Re: What a crock

[BlueStrat]

The fbi is willing to let APL control everything in this particular case:

Wrong.

Look up the actual court order.

The text of the court order instructs APL to place the tool on a hard drive and give it to the FBI to use.

Are you stupid or are you a shill?

Of course the two are not mutually exclusive, and as often as not, correlate strongly. Particularly when the shills work for government.

Strat

Re:What a crock

[shawn2772]

To wit the answer must be: "We re-architected our security hardware and no longer possess the *capability* to circumvent query limit and delay."

They probably already did this in the 5S and later. The 5C does not have the "secure enclave" chip, which means there is no secure hardware on the device, all of the security is implemented in software.

Also, it should be pointed out that the signed software approach is quite secure against anyone who doesn't have the software signing keys, or the capability to compel the holder of the signing keys. That's actually just fine if the goal is to defend the data from access by private snoops (e.g. spouses, even technically sophisticated ones, corporate espionage, etc.) and criminals.

Consumer devices will never be secure against state actors with unlimited funds and sufficient motivation (e.g. NSA, GCHQ, Mossad, etc.), so really the only cases where the approach is inadequate are cases where (a) the owner of the signing keys (Apple) wants the data or (b) a government with the power to compel the owner of the signing keys wants the data. Apple has no reason to prevent their own ability to circumvent (though they do need to protect against use of this ability by rogue employees), since they know their financial interest is strongly on the side of securing the data, and legitimate companies generally do not expend effort on securing data against law enforcement officials of democratic regimes that have due process and rule of law.

Indeed, although the 5S and the 6-series probably do make it impossible for Apple to comply with similar demands for those devices, I really doubt that was the rationale for adding the security chip. I'm the lead engineer for similar components on Android, and while I've been pushing to include a secure element chip for some time, the rationale has never been to keep US courts from being able to compel access, it's always been about strengthening security against corporate espionage (which signed software solutions do address, but not completely) and to make penetration costlier for oppressive governments and intelligence services. I say "costlier" since they can't really be kept out completely.

I'm not certain that the secure enclave actually keeps Apple from being able to comply with this sort of request, either. I expect that the software in that device is also field-upgradable, since there are compelling practical and security reasons for enabling upgrades. Bugs are always a risk, and being able to fix them is a really good thing. But if the software can be upgraded, then it can be "upgraded" to remove security features. This can be limited in various ways; it's common, for example, to have secret keys burned into hardware which simply cannot be extracted by software because the software never has direct access to them, and any security that derives from the secrecy of such keys can't be subverted by software changes. But brute force mitigation possibly can be upgraded away, even with the secure enclave chip.

The bottom line here is that these are really hard engineering problems. Not that it's hard to design so that key components are non-updatable... that's easy. But it's also very risky, because it leaves you without any options when said components turn out to have problems. I think it's flat wrong to characterize Apple engineers' failure to secure the 5C against Apple as any kind of incompetence, which is your clear implication.

I disagree

[jtownatpunk.net]

Once the tool/method is created, it exists. Even if the tool never leaves Apple, they could be compelled to use the tool in future cases. Tool.

Re:I disagree

You're mistaken in your logic.

The fact that the tool could exist means that the design of the iPhone is itself compromised, so they could be compelled, or somebody could unlawfully construct a version on their own.

That means you need to concern yourself with a real secure design instead of fighting over this issue.

Don't sacrifice a Queen to save a pawn.

Re:I disagree

[dsmatthews9379]

The capability to create it already exists at Apple and so if they do make it, use it for this case and destroy it afterwards, you just end up back at the start, where the capability to create it exists and they are no more or less likely to be coerced into doing it by any other party. They shot themselves in the foot when they indicated so publicly that they could, but would not do it. Furthermore if you claim that they can't make and then securely destroy such tools you are also claiming that they can't securely do anything and the iPhone isn't secure. You can't have it both ways. Anyway the phone can be cracked, it would just cost a lot more money than if Apple did it. All Apple has to do is take the phone into a clean room with the equipment needed, get the codes, hand them and the phone back to the FBI and then completely destroy the contents of the clean room. Apple just do not want to do it because it devalues their product in the eyes of those who have secrets and naively believe that no other party can crack the iPhone.

Re:I disagree

[bitingduck]

The capability to create it already exists at Apple and so if they do make it, use it for this case and destroy it afterwards, you just end up back at the start, where the capability to create it exists and they are no more or less likely to be coerced into doing it by any other party.

That shows a profound misunderstanding of how the US legal system works. Once they've done it, then the probability of them being coerced again is identically 1. If the gov't is allowed to compel them to produce software, and especially produce particular features, then the government can:
a) repeatedly compel them to recreate the software to crack existing phones that can be cracked by that method. Then apple effectively has to either maintain a team to keep recreating and destroying the software (good luck hiring people who want that job. seriously tiresome) or keep the software intact and protect it. But they can't do that, because once it gets used in an actual criminal prosecution then the defendant will have the right to see the software. And every defendant it's used against will have that right. So then it's out.
b) compel them to create a permanent backdoor in all future versions (the precedent for government compulsion of particular features having been established, despite CALEA's wording to the contrary. And they can do it secretly through the FISA court, and it will be 5-10 years before we hear about it publicly. In the meantime, people will find the holes and exploit them (aside from NSA and FBI exploting them).

The technical possibility of that particular phone being hackable by sideloading a custom system is almost irrelevant to the case. It's the legal precedent that's important.

There won't be a better test case

[penguinoid]

If you comply once, then you greatly weaken any objections to complying again.

Totally BS argument.

[BarbaraHudson]

The perps are dead, so there is no need to decrypt their phones in that case.

This is just fishing for information on other people, and it's pretty naive, since they destroyed 2 other phones. Would you use your company phone to plan a terrorist act?

Also, the phone isn't Apple's property. Let them go after the entity that owns the phone.

Adi "IANAL" Shamir

[nimbius]

Adi:
no one has argued the case isnt firmly in the hands of the FBI, or that they arent entitled to prosecute it. What we're highlighting and opposing is the biblical retribution with which the government seems intent upon pursuing this cases. the entire purpose of unlocking the phone at this opportune time is to create a precedent so that, in future endeavours and cases there is no point at which "favour" is ever questioned. the purpose of forcing apple to unlock this phone, or any device for that matter, is to create a legal standing by which any other device the government sees fit can be unlocked for any reason, however remote.

the facts stand: both killers are dead. their motives were known. their accomplices were known. their method is known. this is more than enough to convict a corpse.

Re:Adi "IANAL" Shamir

[LordWabbit2]

You're an idiot.
Maybe they actually do need to get into the phone, if so why did the FBI reset his account password so that even Apple could not get into his account and unlock his phone? They are using this specific case ("Oh my god Terrorrists!") because they are betting on public sentiment and morons like you to set a legal precedent that they can then use to beat the shit out of anyone who does not decrypt data for them. If you think the FBI are doing this for any other reason then you obviously ate wall candy as a baby (ie. lead paint, since I doubt you would figure it out).

Yep.

The ability to spy on law-abiding citizens grants an enormous economic advantage to those in power. They can do the financial equivalent of insider trading with impunity, and rake it in. That is just one way of many.

Strong encryption gives the poor some leverage against the rich; a chance to reclaim and protect some of the wealth that they generate through their labor. I guarantee, the rich will never abide this. Even if Apple wins, subsequent political and technological maneuvering will ultimately result in strong encryption available to the rich, but not to the rest of us.

This case is a lot like the presidential election: no matter who wins, we lose.

Re:What a bunch of ignorance

[hawguy]

Why does everyone think Apple has to create anything new? They already have the ability to do what the FBI wants. It's not a backdoor, it's not something they have to use on every phone...it's a simple code adjustment to turn off the poison pill and can easily be pushed to this one single phone. In fact, it can be built specifically for this one phone and it will only work on the one phone. Due to the way Apple already does their updates, they do this already as it is. They don't do mass updates to apps and iOS to all phones. each phone is unique and has it's own nonce. that's all Apple needs to match this code up to.

This isn't a technical issue. It's about people's opinion's on whether these douchebags have rights still and whether this actually violates them.
***Spoiler Alert*** They don't.

You don't seem to understand how slippery slopes work.

It's not "just one phone", and never was, it started at one and only one phone, because you know, terrorism, we need to read the phone of just this one terrorist and Apple won't help us! Then "Well there may be a dozen others that we'd like to break into". Then "Law enforcement agencies possess hundreds, or even thousands of phones they'd like to break into". And somewhere between "dozens" and "thousands", it becomes too unwieldy for the government to wait for Apple to unlock each one, so they'll require the tools to do it on their own.

And once they've proven that they can force Apple to create software at their bidding, they'll easily be able to force Apple to hand over the tools they need to decrypt phones at will. And really, there's no end to what they can force Apple to hack into their phones.

Re:has nobody thought

[AchilleTalon]

Obviously you haven't follow that case very carefully. The iPhone isn't locked using fingerprints, it uses a 4 digit password. And before you ask why they just don't try all the combination, after 10 trials the iPhone may have been setup to delete the data. In addition, there is a delay between each trial which render this method unpractical unless you remove the delay and the 10 trials limit, which is exactly what the FBI is asking Apple to do for this iPhone by flashing a new firmware on it remotely. Yes, this model doesn't require the user to authorize the firmware to be flashed. So, that is totally possible to do. And why do they ask Apple and aren't just do it themselves? Because the firmware must be signed with Apple's private key otherwise the security chip in the iPhone will block the firmware execution.

Re:What a bunch of ignorance

[Pseudonym]

You don't seem to understand how slippery slopes work.

If the FBI succeeds on this one, there will be a point in the future where some prosecutor argues in court that nobody has a reasonable expectation of privacy in their smartphones, in part because society at large was okay with how this case went down.

The frightening part is that the argument might work.

Re:Adi's correct

[tacokill]

Nothing prevents them (or anyone else) from doing exactly that right now. They are more than welcome to bang away on the phone as much as they want and if they get in, nobody will say a peep and all is as it should be.

The problem comes when the FBI compels/orders Apple to build a 2nd operating system. Forcing and compelling people and companies who are not accused of a crime is un-American and that is why this is going to court. Wanna compel Apple? Fine, go to Congress and pass a law like CALEA. But lets be clear.....a law forcing Apple to do what the FBI wants does not currently exist and that's why the FBI is relying on the All Writs Act to force Apple to do it.

Nobody has ever suggested the FBI (or anyone else for that matter) is prohibited from hacking the phone. They aren't. They are more than welcome to use whatever resources they have to hack it. But those resources do not include Apple, the company, or any of it's employees or tools unless allowed by law.