Slashdot Mirror
Former NSA, CIA Director Michael Hayden Sides With Apple Over FBI (foxbusiness.com)
cold fjord writes: General Michael Hayden (Retired), who served as head of both the NSA and CIA, has taken a position supporting Apple in its conflict with the FBI. Apple is fighting a court order to assist the FBI in breaking into the government owned phone used by one of the two dead terrorists responsible for the recent San Bernardino massacre. General Hayden stated, "You can argue this on constitutional grounds. Does the government have the right to do this? Frankly, I think the government does have a right to do it. You can do balancing privacy and security dead men don't have a right to privacy. I don't use those lenses. My lens is the security lens, and frankly, it's a close but clear call that Apple's right on just raw security grounds. ... I get why the FBI wants to get into the phones but this may be a case where we've got to give up some things in law enforcement and even counter terrorism in order to preserve this aspect, our cybersecurity."
Parent may already have been replaced by a cunning Eliza program.
If, eventually, a computer can do whatever a human can do, and do it better, what is the point of human existence?
To invent those computers, obviously, and then either use them to better ourselves or fuck off and let them go on
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Can we can bring him out of retirement and put him back in charge?
Translation... The NSA/CIA is already able to break into iPhones without Apple's help and we don't want to share our advantage with the FBI.
Support Right To Repair Legislation.
Except Snowden doesn't say what you claim. He states that he disbelieves the FBI's claims that they can't break into the phone. According to what is referenced in that article, he doesn't say anywhere that this is just Apple putting on a show.
I did, no coffee in the house...
Maybe if I had a robot...
"If any question why we died, Tell them because our fathers lied."
To be and enjoy it. Or change as you would like to. Just because someone is better than something and even if it is by orders of magnitude beyond your understanding that doesn't mean you are worth less as a person. Whether that is a fundamental truth or a quirk of the Human brain I think that should be something we should hypothetically instill (Not necessarily install.) in others. So find something to do.
Perhaps you should read "The Culture" series, by Iain M. Banks.
Looking over my iphone I don't really have anything that Law enforcement would be interested in - however, I really really really do not want the bad guys having that very same access.
note: I don't actually want anyone snooping in my phone at all, so let's not have the semi-obligitory "First they came for....." sillieness folks, mKay?
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
What was the point of human existence before computers?
I doubt it's changed.
You can argue this on constitutional grounds. Does the government have the right to do this? Frankly, I think the government does have a right to do it.
I disagree. I think the government doesn't (or at least shouldn't) have the right to compel companies to break security protocols on behalf of the government when that would affect parties other than the one under legal scrutiny. Furthermore it seems clear to me that this creates an unreasonable burden on Apple (or any other company) to support the government. I'm not sure the court in this case fully appreciates what they are asking from Apple. By breaking the encryption on this device they materially devalue the product Apple is selling substantially. I think you can argue this on at minimum 1st and 4th amendment grounds.
it's a close but clear call that Apple's right on just raw security grounds.
"Close"? No it isn't. Apple is clearly correct that breaking security for one phone breaks them all. That's how it works. Anybody with even a basic understanding of cryptography on computers would know this. If we break it for the US government we break it for foreign governments, black-hats, paparazzi, etc. There is no way to restrict it to just one specific party. Apple is 100% correct to do what they are doing. I'm not always a fan of Apple but they are both morally and technologically correct in their position here.
If, eventually, a computer can do whatever a human can do, and do it better, what is the point of human existence?
Some humans can do everything certain other humans can do and do it better. Does that make the existence of less capable humans pointless? I think not.
Anyway it's a moot question. You can argue that the point of human existence is to pass on their genes and robots cannot in any manner pass on human genes. So there is always at least one thing humans can do better than robots.
Why is it that only former and retired officials have them, and never the current ones? Pure public relations bullshit.
“He’s not deformed, he’s just drunk!”
Except Snowden doesn't say what you claim. He states that he disbelieves the FBI's claims that they can't break into the phone. According to what is referenced in that article, he doesn't say anywhere that this is just Apple putting on a show.
They likely can break into the phone, but that is not what this is all about. And it never has been, just as this has never been about "one phone", regardless of who wants to claim that bullshit.
This is about setting legal precedent. Period. End of statement. And once it's set, it will be abused. Guaranteed. There is zero evidence in our history to even prove otherwise.
The question is not "what if it escapes".
What if, one of the guys working at Apple is able to get his hands on that "one-serial" version? Is that guy security checked? Is he a spy?
That such a version even exists is a risk. Whereas if all the Apple firmwares issued, to anyone, are just consumer, technical, etc. firmwares that don't allow arbitrary bypass of security restrictions, it's much harder to make happen.
And how difficult would it be for, same, some enterprising country to get their hands on this "one-serial" firmware and hack either the serial is applies to AND/OR the serial on the hardware they want to get into?
It's not public escape and the guys on the firmware hacking forums that this guy would care about. That kind of thing could already be going on anyway. It's that Apple are providing firmwares capable of device compromise to anyone who asks in any of their legal locations. Like China. If the FBI succeed in the US, what's to stop the appropriate equivalent Chinese agency succeeding in China (where it would be done much more quietly and probably without any safeguards at all?). Nothing.
Short of Apple literally having to pull out of China if they are forced to do it, they would have to comply with the laws there too, by their court's interpretation, whether the device was originally bought in the US, the EU or anywhere else, if if a similar case comes up and the highest Chinese legal authority decrees they want this, and Apple has already provided the facility to the FBI, it's almost impossible to deny them it short of pulling out of sales in that country entirely. And that would hurt Apple and, by proxy, the American export economy.
This guy is making some sense, at least. He's not even trying to pretend that the courts aren't within their right in this instance, what he's saying is that it's a much bigger issue than just resolving one legal dispute, and will affect the security and export of US electronics worldwide.
It's got nothing to do with "how many times we give in", but "that we gave in the first time", which is a sad and oft-repeated lament where law is concerned. Apple aren't even saying they COULDN'T do this... they are saying they SHOULDN'T.
It would destroy exports, user confidence, and provide a tool that - with almost zero effort - could be applied elsewhere. And, please bear in mind - evidence submitted in a court can be requested, inspected, queried and argued over by the other side too.
In the same way that the firmware of breathalysers and all kinds of other devices are legally forced open in many jurisdictions (because you are putting people behind bars based on the assertions that the software is making, and thus the software has to be able to be inspected by an appropriate professional analyst if the defendant makes a fuss about it, in order to dis/prove their case), providing this firmware to the FBI may well pave the way to providing it to the defendant's lawyers, legal team, analysts, courtroom, etc.
It's not joe-public hacking the firmware on their iPad that anyone cares about. It's creating a tool that you then can't "uncreate" and may well be able to be applied to everything from some kiosk-like visitor-log device in the White House to the kid's tablet in Downing Street, and then advertising that the tool exists to any court in the world that might demand it.
Though I hate Apple with an absolute, physical, lividness, this is actually a big case with much more impact for Apple, the US electronics economy and the global IT economy, plus the national security of almost every country, than just "who might bypass your passcode when they can put a hacked firmware on your iPad when you leave it unattended in a bar".
It doesn't even need to "escape". If Apple get summonsed to provide this same tool by a Chinese court, or an EU one, they will have to comply or fight the same fight. If they could point at the US and say "No, look, we argued this over there, we're not going to do it", it holds much more precedent than "We caved to the FBI, but we don't like your court system over here so we won't do the same for you."
what is the point of human existence?
To dream... to love
“He’s not deformed, he’s just drunk!”
Really, the guy is coming down on the side I think is right, for both 'security' and (of course) technological reasons, but I don't trust him, have this sneaking feeling that there is some hidden agenda, or that we're being misdirected somehow. Isn't that sad?
Am I the only one that feels this way about this? Somehow I think not.
See what you've done to us U.S. Law Enforcement and Government? You've fucked everything up so much that we can't trust anyone anymore, even when they agree with us.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
I didn't read the article, but I heard the interview on NPR. Basically his reasoning is this: Cybersecurity is our biggest defense gap. It's clear now that the chinese have stolen designs for expensive weapon systems of ours and we've seen signs that foreign entities have the ability to manipulate our power grid and infrastructure, and possibly the stock market. In this context, building in any weakness at all - even for a seemingly slam dunk case such as terrorism, we should be cautious. In a landscape so woefully filled with security holes, it is more incumbent upon us to protect Americans by tightening security, than gaining a little extra information about some lone wolf shooters.
And you know what the FBI wants? That's pretty powerful stuff there. Those four items are a backdoor. And just because the FBI doesn't publicly reveal their desires, it doesn't mean they don't exist. You need to acknowledge precedent.
“He’s not deformed, he’s just drunk!”
Life has whatever meaning you choose to attach to it.
sigs are hazardous to your health
Because they want a president set that it's okay for the government to insert backdoors into encryption solutions, and make unreasonable requests of tech companies, so that when it comes to inserting backdoors in all communications systems, it'll be easy to force through.
What?! The FBI want Apple to install Thunderbolt ports on iPhones? Wow. You know a lot of things about not very much.
http://www.acetonestudio.com
General Hayden stated, "You can argue this on constitutional grounds."
I wasn't aware that ever worked.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
there is something on the phone that implicates General Hayden as a terrorist!
What was the point of human existence before computers?
I doubt it's changed.
Near as I can tell, the point of human existence is to eat, shit, fuck, and suffer. Too bad, those poor computers won't get to do any of the fun stuff once they replace us.
Fine, I got it wrong, it is a lightning connector:
http://www.apple.com/iphone-6s...
As I am not a iPhone owner, I wasn't aware that they have a special name for the port on the phone. So sue me.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Um, have you read anything at all about this case? No one has asked Apple to insert a backdoor. The FBI has asked Apple to write a program that:
1. Remains in memory 2. Only Apple has access to 3. Allows the FBI to use unlimited guesses on the PIN 4. Allows the FBI to use a custom pin entry through the Thunderbolt port
Nowhere in there is a request for a backdoor on every phone, nor does the FBI want a generic backdoor they can use whenever they want. In fact, the first item is because the FBI doesn't want anyone to claim they can reverse engineer the backdoor from the firmware.
You are a moron, or a liar, or both.
Unlimited access to the pin IS a backdoor. There is no functional equivalent between one iPhone 5c with one serial number and another. The claim that the software can't be used on a different iPhone 5c is an unmitigated lie.
Oh please! You got all sorts of secret 'requests' and gag orders, the most obvious being the national security letters. You only know what's public. The government does not operate very publicly in these matters. The entire theater is to vilify private, secure communications in the public's mind. The government already has more than one phone that they want to break into. They are trying to make a case against encryption. And it sounds like you side with them. If that is true, I guess there's nothing to discuss.
“He’s not deformed, he’s just drunk!”
Govt doesn't have rights.
More to the point. the FBI is painting a huge target on Apple employees' heads.
http://it.slashdot.org/story/14/03/21/1214223/inside-nsas-efforts-to-hunt-sysadmins
That's what our spies do to random sysadmins at foreign telcos.
If the FBI gets its way, even if the Apple employees who crack the thing sincerely intend to never disclose the technique, their lives are effectively over, as they will be targeted for spearphishing and watering-hole attacks every Chinese and Russian cyberespionage group will be targeting them for the rest of their lives.
There's a good ACLU piece this week talking tech about why the FBI is lying.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
To shoot the machine in the head when it gets too big for its britches.
The only reason this is happening, is that the key in question is expected to be unusually easy to brute force. (We think the user's passphrase was 4 or 5 decimal digits.)
The general case is much harder, and it doesn't matter how much you beg/force a manufacturer or anyone else:
No matter which side wins this battle, the war is settled: attack loses and defense wins.
It should be worthless to the government to attempt to win this new right of theirs, since they're in the closing days of ever getting to use it anyway. It also looks like it's nearly worthless to Apple and the public, to win the defense against this government expansion. No matter which side's shoes I try to wear, victory and defeat look nearly the same, and there's little risk of dangerous precedent.
What am I missing? Tell me how a government or Apple win causes a future that is unlike its alternative.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
You're absolutely right. Maybe you should just find a quiet, painless way off this mortal coil now, and beat everyone to the punch.
..or, alternately, you could quit being a Negative Nelly and find some purpose in your life. Based on the first impression you give, I'd also recommend you go find a decent talk therapist, and enter into some conversation with them about why you're so (obviously) depressed.
For the rest of you: I don't forsee anytime in approximately the next 100 years, humans being completely outmatched by computers in all areas that define us as sentient beings, so don't quit your day jobs just yet.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
So, a court order, asking for Apple to modify a single phone is somehow going to make every iPhone in the world backdoored? Do you really think that?
http://www.ndaa.org/pdf/SB-Sho...
There is the court order, please show me where they ask Apple to give them access to the software. Please show me where it says that they want a generic backdoor, compiled and signed with Apple's key that they can use on every phone in the world.
Instead, the court order asks for a single backdoor, which is keyed to a specific phone, and compiled and signed with Apple's code signing key. This would NOT give the FBI the ability to create a backdoor for every phone, as they don't have the private key used to sign a new firmware, so they are still out a backdoor. This will only give Apple the ability to make changes to phones which they support already. But I guess you don't care about facts in your attempt to accuse the FBI of something that they are not doing.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
He wasn't talking about Apple's position on encryption. He was saying the argument that the government should be allowed to force Apple to break the iPhone security.
RTFA yourself. That is a distinction without a difference. Security = Encryption in this case. The iPhone's security relies on encryption. To break the iPhone security means to circumvent the encryption. By breaking or circumventing the encryption you make the encryption (security) immediately worthless on every iPhone in the process. Arguing that the government has a right to force Apple to break this security means that ALL citizens are no longer entitled to first and fourth amendment rights and the privacy rights that flow from them. It also creates an unreasonable economic burden on Apple as a company. Furthermore the government is arguing a position that would fundamentally weaken the security of products the government uses itself.
Short version is that I completely disagree with his assertion that the government does (or should) has any constitutionally granted authority to force Apple to break the security of their own products.
Considering the the motion to order Apple to comply was filed ex parte meaning Apple could not see the FBI's motion nor respond to it, yes, the FBI had something to hide. In the New York case, Apple was able to defeat that motion because they were able to supply a judge with convincing arguments.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Seriously a single iPhone? Considering that the FBI asked the same thing in the New York case, that is factually not true. What the FBI is also asking as other amicus curae briefs have noted is the FBI wants it for this "single" iPhone until they ask again. So Apple not only has to design the software, they have to devise a system where they will have to manage all these "single" cases in that the software is not only secured from others but that the software only works on one phone at a time. New York has said they have over 100 "single" phones that they would Apple to break into.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Eating and shitting aren't our purpose, that's like saying my cell phone's purpose is to consume battery.
It's a byproduct of the actual purpose.
To fuck and suffer.
Or more elegantly, to fuck and be fucked in return.
And Apple is in this too, so why do I always get -1 for such comments? That many fanbois or is someone playing "forum police".
I rant about other shit rarely get marked down as quickly as pointing Apple's security "issues" or point out the fallacies of this case.
When this all becomes evident to even the dimmest fanboi what then? Will you stop buying their products?
Doubtful.
"If any question why we died, Tell them because our fathers lied."
The FBI only wants Apple to have the access right now just like it's "just for this one phone." Once the precedent is set, the FBI will ask for more and more phones to be unlocked for ever-less-severe crimes. It'll go from "he's a terrorist" to "he's a murderer" to "he threatened someone" to "this person uploaded some movies against copyright law." Meanwhile, the law enforcement agencies requesting this unlocking will increase. It'll start with the FBI, but eventually local law enforcement will want access. Also, law enforcement agencies around the world will demand that Apple unlock devices for crimes committed in their own countries.
As the requests pour in, Apple will take longer and longer to fulfill the them (at greater and greater cost to Apple) until the FBI tells Apple to just hand over a generic "unlock any iPhone" program. Apple will resist but the precedent will have already been set. This is just quibbling over who has the program (and it'll be spun that this is easier for everyone involved) so Apple will hand the program to the FBI... and then to local law enforcement... and then to law enforcement organizations across the world. And then the inevitable leak will occur and hacking groups will get access to it.
I know "slippery slope" can be a tenuous argument, but the FBI and various law enforcement agencies haven't even tried to hide their true intent. They want to be able to unlock any phone, at any time, based on the flimsiest of reasons. Apple is standing in the way and they want the courts to order Apple to comply and weaken our security (device encryption) to make us more "secure" (as in anti-terrorism security theater).
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Actually, the FBI's been pretty overt with what they want and they view "just this one phone" as a stepping stone to unlock any phone they want at any time they want. Like you pointed out, precedent is the important thing here. If Apple fails to set the right precedent, then it's only a matter of time before Apple is flooded with requests and the FBI demands that Apple turn over the unlocking program so that the FBI can unlock phones quicker.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
there's ponies in that?
Michael Hayden presided over the increased Mass Collection "just in case" of innocent communications data. He essentially excremented on Magna Charta and the U.S. constitution.
His reasoning was that "all that data is stored in a lockbox. It will only be touched when an analyst searches (like googleing) in the lockbox". Of course even if that is true they can ANYTIME change the rules. They can write algorithms which will do much more than the described search engine does. E.g. "give me all persons who ever called the anoymous alcoholics phone number and a MD in the same time frame".
If General Michael Hayden were a lover of freedom, he would never have allowed the collection of totally innocent data. Instead, he would have limited the collection to the 0.1% of suspicious persons and their immediate communications partners. But he is a control freak, he is a traitor to freedom and we better do not trust him.
Captcha "redneck". Yeah, what a rooten people you are. You deserve NSA, slashdotters.
"What was the point of human existence before computers?"
Ask your grandpa. People played cards and board games, and porn was printed on paper.
Um, have you read anything at all about this case? No one has asked Apple to insert a backdoor.
The FBI has asked Apple to write a program that:
1. Remains in memory
Already an issue. This means that Apple has to remove one of it's features. No wiping the phone
2. Only Apple has access to
Bwahahhahahahaha! Yes, only apple will ever have access to it. Spare me your self righteous hmm's seriously? Seriously. Looks like the perfect scenario, because Nothing that is ever a secret gets out. Never ever happened so far. Right?
3. Allows the FBI to use unlimited guesses on the PIN
Sounds like a fine brute force ...... get ready for it....... backdoor
4. Allows the FBI to use a custom pin entry through the Thunderbolt port
You gotta be shitting me don't ya? This is doubleplusgood talk. Let's just not call any of this stuff a "backdoor", make up your own name if you like, but if there's a program written so that the phones can be accessed by apple, it can be accessed by others. And if a brute force attack can access the phone, and let's face it, Numbers only makes for a faily limited set of choices - Its delivering the keys to the kingdom to just about anyone. Because once again, if Apple provides it to one group, other groups can find and utilize it.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Considering that what the FBI wants is listed in the court order, you should be able to find it on your own without issue. I guess you think the FBI is somehow keeping their request secret?
http://www.ndaa.org/pdf/SB-Sho...
I suppose you could just read the court order, but maybe that is too hard? The FBI already stated that they don't want a generic backdoor, nor do they want access to the backdoor, but I guess you know so much more than I do.
right, they just want access when they want it, with nothing hindering the process.
All of your "solutions are actual backdoors. So now if you want to say thy don't want backdoors you have to tell us why you were wrog when you first told us we were wrong. You're digging a pretty deep hole for yourself.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
I guess you take everything at face value, but from known liars?
“He’s not deformed, he’s just drunk!”
Parent may already have been replaced by a cunning Eliza program.
Say, do you have any psychological problems?
dead men don't have a right to privacy
Is this true? is that the law in USA? ... If death makes private information easier to legally obtain, doesn't that make it very dangerous for the people still alive with private information? it's far easier to make people dead and then legally obtain their secrets than convince the courts that they have no right to privacy while alive.
First of all you did not link the motion. You linked the order. Those are two separate things. Second, you failed to understand legal procedure. Here are the series of events in this case.
In Apple's motion: "And more importantly, by invoking “terrorism” and moving ex parte behind closed courtroom doors, the government sought to cut off debate and circumvent thoughtful analysis." Please explain how the original motion was not ex parte.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Um, have you read anything at all about this case? No one has asked Apple to insert a backdoor. The FBI has asked Apple to write a program that:
1. Remains in memory 2. Only Apple has access to 3. Allows the FBI to use unlimited guesses on the PIN 4. Allows the FBI to use a custom pin entry through the Thunderbolt port
Nowhere in there is a request for a backdoor on every phone, nor does the FBI want a generic backdoor they can use whenever they want. In fact, the first item is because the FBI doesn't want anyone to claim they can reverse engineer the backdoor from the firmware.
And all they have to do is to desolder the Flash, read the (encrypted) contents (I'm sure Apple will give them the pinout for the flash chip, even if proprietary (which I don't believe it is. In fact, Step 10 in this iFixit Teardown reveals that it is a Toshiba THGBX2G7B2JLA01 128 Gb (16 GB) NAND flash)), and have at it. No "remote wipe", no "10 tries", no "escalating timeout" issues.
1. Remains in memory
What does this mean? Someone has to write this code. This code must exist on disk somewhere. Obviously you've not done any coding. Every single piece of code I ever created had to be saved when being developed. So this code will at the least exist at Apple. Apple now becomes a huge target for hackers wanting to access this code.
2. Only Apple has access to
The FBI has physical access to the phone. They will have to at the transfer ownership temporarily to Apple but then they will get back the phone to do the breaking. As soon as they break the phone, the FBI will have access to the software. What is to stop them from copying everything and trying to reverse engineer the Apple signing keys and the new version? Nothing.
4. Allows the FBI to use a custom pin entry through the Thunderbolt port
Not quite. The FBI asked for access through a cable, WiFi, or Bluetooth. This is not current functionality on the phone due to security. This in effect creates a new vector of attack, a new door. You could call this a back door.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Not that bullshit again. If you remove the flash memory, you separate it from one of the 256 bit keys required for decryption which is locked inside the CPU.
... to learn! Try giving it a shot
“He’s not deformed, he’s just drunk!”
The point of human existence before computers was the develop technology to the state able to create computers.
If, eventually, a computer can do whatever a human can do, and do it better, what is the point of human existence?
Man is that he might have joy.
Not that bullshit again. If you remove the flash memory, you separate it from one of the 256 bit keys required for decryption which is locked inside the CPU.
Which still allows you to sicc your fancy Quantum computers on about 10,000 copies of the data, without fear of the "Wipe", the "Timeout", or having to have 10,000 interns manually keying in "0001, 0002, 0003..."
So yeah, that bullshit again.
It is this easy: Apple closed the backdoors they had left open for your spooks in iOS 8 after the Snowden-files.
Snowden claims that apple does the right things (can't trust their cloud, but there are secure alternatives as caldav, carddav and IMAP for notes are ssupported out of the box).
Android is way (!) more insecure, leaving encryption keys on wiped devices and supporting the way more insecure cloud from google and security fixes usually require to buy a new phone or wait indefinitely for the manifacturer after (!) the fix made it in the vanilla android ftom Google, while apple still supports the iphone 4s from 2011.
I do not trust apple, they had their hands in the cookie jar until iOS 8. But I do trust the international hero Snowden. He claims apple is doing the right things at the moment. To my knowledge, he is right.
You are just a random guy.
Slashdot is still about credibility, although it changed a lot. Your carma shows you have none. Maybe you should think about that and why we trust a REAL security expert like snowden with first hand experience in your governments capabilities WAY more than we trust random loser koan?
I gladly sacrifice some carma for this ;)
It is this easy: Apple closed the backdoors they had left open for your spooks in iOS 8 after the Snowden-files.
Snowden claims that apple does the right things (can't trust their cloud, but there are secure alternatives as caldav, carddav and IMAP for notes are ssupported out of the box). Android is way (!) more insecure, leaving encryption keys on wiped devices and supporting the way more insecure cloud from google.
I do not trust apple, they had their hands in the cookie jar until iOS 8. But I do trust the international hero Snowden. He claims apple is doing the right things at the moment. To my knowledge, he is right.
You are just a random guy. Slashdot is still about credibility. Your carma shows you have none. Maybe you should think about that and why we trust a REAL security expert like snowden with first hand experience in your governments capabilities WAY more than we trust random loser koan?
I gladly sacrifice some carma for this ;)
How is this for a precedent: The Clipper Chip, an encryption chip designed by the NSA in the early 1990s which was intended to be included in communications devices. They were pretty open about it having a backdoor that only they had access to; this was pretty much the point of its push.
Although it was opposed by the strange-bedfellows partnership of John Kerry and John Ashcroft, it was the technical flaws that doomed the chip, specifically the lack of security inherent with key escrow systems, and some of the papers are being referenced again today in arguments for why Apple couldn't give up a master key that law enforcement agencies could use to access devices.
I do not trust apple, they had their hands in the cookie jar until iOS 8. But I do trust the international hero Snowden. He claims apple is doing the right things at the moment. To my knowledge, he is right.
Snowden has been holed up in Russia for the last three years, and it's likely his access to impartial media is even worse than the average American's. How could he possibly know what Apple is doing? He has no special access, he's a sideline watcher like the rest of us.
I have no doubt of his good intentions, but he doesn't have any knowledge of what Apple and the NSA are up to since he fled the country.
The FBI already stated that they don't want a generic backdoor, nor do they want access to the backdoor, but I guess you know so much more than I do.
Well, we know what FBI Director James Comey has publicly stated. In his testimony before the Senate Intelligence Committee.
"Encryption is a problem in our investigations and it is also a great thing. And therein lies the problem."
He mentioned they haven't been able to access the phone of the San Bernadino shooter, and then stated that wider use of encryption is "overwhelmingly affecting" law enforcement operations, including investigations into murder, car accidents, drug trafficking and the proliferation of child pornography. (Sadly, the Senate has not provided a transcript, but this is what was reported in the Reuters story)
He says, specifically, that he doesn't want a "backdoor," and then says that tech companies need to change their business model – by selling only communications gear that enables law enforcement to access communications in unencrypted form rather than products that only the parties participating in the communication can decrypt. So... no "backdoor," but something that sounds exactly like a backdoor. He said the nature of enabling that would be up to the tech companies.
Look dude, the FBI specifically said they don't want a backdoor. They just want the tech companies to sell "only communications gear that enables law enforcement to access communications in unencrypted form" rather than the two parties to the communication. TOTALLY different from a backdoor. I'm not sure how, but Comey proposed it, and you don't become FBI Director by being a dullard.
That's not only a backdoor but a serious and irresponsible threat to the lives of apple software engineers caused by the FBI.
I doubt the FBI would go that far. All they need is an informant in Apple.
I have my lawyers working on it.
http://www.acetonestudio.com
There are backdoors in all communications systems, required by CALEA. This is about the iPhone as a computer, not as a phone.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Um, Apple is doing the right thing, and when this becomes obvious to the dimmest fanboi said fanboi will stop buying Apple products? Or is it that Apple products are insecure, and so the correct thing to do is to buy less secure products?
Is it your opinion that it's trivial to design an easy-to-use device that can withstand any security attack from highly motivated entities with great resources and knowledge who not only have physical control of the device but don't have to worry about destroying it or letting anyone know? This particular attack will not work on the 5S or later, and although I've read there are similar attacks Apple is probably continuing to improve its security.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The court order is not to create a generic backdoor directly. It is to establish a precedent, and to make sure Apple has the ability to break in. The All Writs act has been held to allow the government to compel third parties to use tools they already have, which means that if Apple had this software they could clearly be compelled to use it. If Apple gives in on this case, they won't have a leg to stand on when the next 254,984 orders come in.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
That wouldn't work. The flash memory is encrypted with AES-256, which is impossible to brute-force with optimal quantum computers using only the resources of the Solar System until the heat death of the Universe. It seems highly unlikely for several reasons that the NSA has a way to crack it. This means that the only way to read the flash is to recreate the key.
Apple has a special piece of hardware that does AES-256 encryption and decryption. It includes a secret 256-bit random number that can't be read, and which can only be accessed by combining a PIN with it to form the key. I don't think the key is exposed either, so the only way to read the flash is to enter the correct PIN into that particular hardware. It cannot easily or reliably be copied, and if it's destroyed the flash is permanently unreadable.
Brute-forcing a 4-digit or 6-digit PIN is trivial, except that iOS permits only ten tries before wiping the random number and rendering the flash permanently unreadable, and the tries have to come through iOS on that particular device. The FBI wants a changed version of iOS that doesn't have the wipe, the lockout delay, and which accepts access through new means.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
We DID deal with it... by inventing the concept of "higher purpose". Like God, "higher purpose" is self-reinforcing and not falsifiable, thus providing never-ending fun for we great apes!
This comment is my opinion and does not represent an official position of Donald Trump or others I do not work for
That wouldn't work. The flash memory is encrypted with AES-256, which is impossible to brute-force with optimal quantum computers using only the resources of the Solar System until the heat death of the Universe. It seems highly unlikely for several reasons that the NSA has a way to crack it. This means that the only way to read the flash is to recreate the key.
Apple has a special piece of hardware that does AES-256 encryption and decryption. It includes a secret 256-bit random number that can't be read, and which can only be accessed by combining a PIN with it to form the key. I don't think the key is exposed either, so the only way to read the flash is to enter the correct PIN into that particular hardware. It cannot easily or reliably be copied, and if it's destroyed the flash is permanently unreadable.
Brute-forcing a 4-digit or 6-digit PIN is trivial, except that iOS permits only ten tries before wiping the random number and rendering the flash permanently unreadable, and the tries have to come through iOS on that particular device. The FBI wants a changed version of iOS that doesn't have the wipe, the lockout delay, and which accepts access through new means.
For someone pretending to have some knowledge of the situation, you have (deliberately or ignorantly) left out a few key points, to wit:
1. The phone in question is a iPhone 5C. So no "Special piece of hardware" (Secure Enclave chip). This is VERY significant.
2. As I pointed out in another post, AES256 is actually weaker than other forms of the algorithm. So it may be breakable in less time than the Universe has left.
3. When you Brute Forrce a key on a pile of static data in situ, all you need is the data. All the "random numbers" (salt), special hardware (Secure Enclave), secret keys burned into chips, user PINs, etc. are rendered moot. All you need is the encryption algorithm, and the data. Then you "solve" for "key". Since you know the (real) key-length (256 bits), and you know the encryption algorithm, the rest is simply a matter of processing speed. And with multiple copies of the data, you effectively multiply your processing speed by the number of copies.
So, sorry. The problem is trivial (tedious, but trivial), once the data is sitting outside of the control of the phone.
This seems to be counter to his usual opinion.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
1. The 5C does not have the Secure Enclave chip. This does not mean the key is in the open. Part of it is in the CPU, and therefore the iPhone can only be decrypted as itself, not by examining the flash. See this Ars article for more details. The key isn't nearly as well protected as it would be in the the Secure Enclave, but it's not trivial.
2. AES-256 has problems that raise the possibility that it may be a lot weaker than it should be for a 256-bit key. You're not citing an actual attack. It may turn out that AES-256 is practically crackable, but that's covered in my earlier "It seems highly unlikely for several reasons that the NSA has a way to crack it", considering it's still used for secret government documents. You're speculating that what I claim to be highly unlikely right now might come to pass.
3. You have no idea what you're talking about here, do you? You seem to assume that brute-forcing a 256-bit key is a matter of throwing enough computrons at the problem. It is not possible to brute-force a 128-bit key using only the resources available in the Solar System, unless using sufficiently powerful quantum computers (which may turn out to be impossible). Quantum computers halve the effective length of a key, so AES-256 might be able to be brute-forced by a Kardashev Type III civilization using sufficiently powerful quantum computers.
So, the problem is doable, if not trivial, for a Kardashev Type III civilization with powerful quantum computers.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes