Slashdot Mirror
ACLU Shows How the Apple-FBI Fight Was About Much More Than One Phone (theverge.com)
Russell Brandom reports for The Verge: Apple's San Bernardino fight may be over, but the government is still seeking both Apple and Google's help in unlocking phones. New research from the American Civil Liberties Union shows 63 different cases in which the government compelled help from Apple or Google in unlocking a handset. It's unclear how many of the orders were filled, although companies often complied with such orders where possible before last year. The bulk of the cases target Apple, but nine of the orders also look to compel Google's help, typically to reset the password on a given device. The devices include phones from Alcatel, Kyocera, and Samsung, many of which shipped without the default device encryption that blocked the use of traditional forensic tools in the San Bernardino case.
Is it ever in, your opinion, acceptable for the law enforcement to demand (through courts) other parties' cooperation in accessing encrypted data?
If yes, please, list the circumstances, which would make it acceptable and explain, why the "San Bernardino" case was different. Thank you!
In Soviet Washington the swamp drains you.
So Apple complied with the requests in drug cases but started a big fight over a terrorist? Did they change their policy or is there a technical difference between the cases?
The revelation that Apple and Google are both receiving many of these requests and have complied on some of them, reversing course only recently, is an important artifact in the narrative.
I'll start giving a damn about the ACLU when they start treating all our rights as fundamental - not just the ones they like.
how can we make this issue work for our BOTTOM LINE?
THIS IS ALL APPLE AND GOOG CARE ABOUT.
its not about freedom. dont kid yourself.
--
"It is now safe to switch off your computer."
Sure, Apple's motivation is to shift liability on to the end user by taking away their own ability to help the government. But it's still important to know that they didn't have goodness in their hearts about this, and they were complying with Big Brother's requests until they decided the liability involved was a little too much for them.
Yes, but it's good to get that info out to the public as undeniable facts. History has shown that the public tends to prefer a state of denial to uncomfortable possibilities. Repeatedly ripping the bandaids off will change opinion. If the San Bernardino case had occurred in 2002, do you think the public would have even questioned whether forcing Apple to unlock an iphone was problematic? Just a little bit more and perhaps people will actually care about their privacy.
The cesspool just got a check and balance.
The first amendment guarentees everyone the freedom to practice their religion. It does not guarantee that you will not witness other's practicing of their religion.
http://www.washingtontimes.com...
I guess the example I was thinking about doesn't involve the ACLU...however, I have seen previous examples where the ACLU sought to prevent other's from exercising their religion because they didn't like it, not because somehow the state was involved.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Freedom OF religion includes freedom FROM religion... [I]f you dissolve the separation of Church and State, don't count on it being your sect in charge.
None of the three things you quoted ("Freedom OF religion," "Freedom FROM religion," or "separation of Church and State") are actually law or in the Constitution or anything like that.
The First Amendment ACTUALLY says "Congress shall make no law respecting the establishment of a religion or prohibiting the free exercise thereof..."
You don't get to demand that the government use its force to suppress religious practices that you don't like any more than you get to demand that they suppress speech or printed opinions that you don't like. "Freedom from religion," "Freedom of worship," and similar slogans are intended to trick people into thinking that exercising religious liberty is something you can only do in your house of worship. It's not. The government is expressly prohibited from interfering with The People living a life guided by the tenets of their religion. Even in scenarios where the government disagrees.
how can we make this issue work for our BOTTOM LINE?
THIS IS ALL APPLE AND GOOG CARE ABOUT.
its not about freedom. dont kid yourself.
And what exactly is the problem with this? Neither Apple nor Google are altruistic tech "think tanks", they are in business to make money
If you want news from today, you have to come back tomorrow.
Basically the ACLU has fought situations where people of one faith or no faith at all are put into awkward situations by other's practicing their religion. Having a Christian prayer at a high school sporting event, graduation, etc... puts kids into a situation where they either have to act like they are part of that religion or look like they are some weird oddity by refusing to participate. Just because you are free to practice your religion doesn't mean you get to espouse it in everyone else's face. And if you think you do, then you should have to let any and all religions or atheists to espouse whatever they believe in right back.
I remember downloading porn on an old 9600 baud modem back in the early 90s. Then the savior came in the form of the 14.4 modem and we ushered in a new era of porn. No longer did we wait hours for our porn to download, we only had to wait 30 minutes. In the time of watching a tv show, you could have a single porn image. Now with even greater advances in download speeds, you can have millions of porn images delivered per second. Kids these days have it so easy!
Support your local school shooter, give them your firearms.
Simply because the FBI says they "cracked an iPhone 5c does not mean they actually did. More likely is they did not but knew that they would lose the case and didn't want to set a precedence. They knew very well that in all likelihood, the iPhone contained nothing. The terrorists used burner phone which they destroyed, why would they use a work issued phone at all for anything but work?
If you want news from today, you have to come back tomorrow.
How many of those prior cases demanded that the vendor create a customised "FBiOS" to bypass all protections, and how many involved a much more limited order to provide the password to unlock one specific phone?
I think you'll find the change in tune is more about what they're now being ordered to do. Consider also that Apple and Google created these encryption features in part to avoid the burden of the increasing number of unlock requests.
Why would anyone engrave "Elbereth"?
Phlease... Claiming, they had to "build on OS" implies an amount of work comparable with, you know, creating an OS, when in fact all they had to do was slightly modify their existing OS to disable (comment-out) the data-destruction functionality, which would've kicked-in upon too many invalid PIN-entries.
This would've been less work, than hackers were/are doing to disable various license-checking parts of binary files.
And certainly far less work than, for example, Ubuntu did, when they diverged from Debian — and, arguably, Ubuntu is not even an OS in its own right (still a Linux).
In Soviet Washington the swamp drains you.
it is that "Legal warrant described search" is NOT the normal use for spying on citizens as undertaken by the NSA
What we all need to remember is, the NSA wants an open look at all records of every call, every link, every note, such that the 4th Amendment will simply disappear for law enforcement
3/4 of all prosecutions using FISA warrant search are used for DOMESTIC DRUG ENFORCEMENT, a situation which begs us to remember that every Congressman has a file to be used anytime debates about how much money to give to the War Machine come up.
IF you want a republic, the spies can NOT have this access.
It must stop now.
The difference is that the "someone" is the maker of the encryption algorithm and not the owner of the papers. The latter would be against the 5th Amendment but the former is not.
To put it plainly, you can always potentially force a safe open without using the actual key or combination to the safe by physically compromising its structure. Subjecting the safe to physical forces or energies beyond its tolerance limit and the safe will invariably open. If you do that to a phone, however, you won't have anything left to retrieve. So in a sense, the only way to access a locked phone is with a key that the phone recognizes as being correct. This means that the process of unlocking a phone effectively creates a kind of key that, if it were to get misappropriated before it could be destroyed (assuming destroying it later was even the intent), could potentially be used by other parties to unlock additional phones. Ideally, the key would simply fail to work on any other phone and be treated as a random failed hacking attempt even if it were to be so misappropriated, but unfortunately nobody can make a solid guarantee that it would not be possible for anyone to modify such a key to unlock other devices.
File under 'M' for 'Manic ranting'
The revelation that Apple and Google are both receiving many of these requests and have complied on some of them, reversing course only recently, is an important artifact in the narrative.
Note that this may not have been a choice by the companies. As I understand it (IANAL), if the company can comply and can't show any egregious harm that would be caused by compliance, they have to comply or be in contempt of court, and judges have extremely wide latitude in the penalties they can apply for contempt. So the change may have been that security improvements made it impossible for them to comply, or -- as Apple was arguing -- impossible to comply without egregious harm.
On the Google side, for example, one thing that changed was that Google removed the device admin and Android device manager features that allowed the password to be remotely reset. IIRC, the remote reset features were removed in Lollipop. In Marshmallow my team moved password verification into the trusted execution environment. The TEE app (called Gatekeeper) that manages password authentication does allow a "forcible" password change, where the old password is not provided, but higher layers don't offer any way to do this, and doing it will cause the TEE-based crypto keystore to permanently and irrevocably invalidate all authentication-bound keys. Such as the one used for device encryption. So a forcible reset doesn't let you in, it bricks the device (until factory reset).
Previously, device admins could remotely reset passwords so that enterprises could let users into their managed devices when they'd locked themselves out. No more. Now all the admin can do is wipe the device. Android device manager will still allow you to change the password remotely, but you have to provide the old one (and you have to have configured Android device manager on the device, and you have to be able to log into the Google account associated with the phone).
These changes were made to eliminate the potential for abuse by Google, rogue employees, etc. But they had the side effect of making it impossible for Google to comply with password reset requests.
(Disclosure/disclaimer: I'm a Google Android engineer. I work on the TEE-based password manager and crypto keystore. All of the above is publicly available information, however. I tried to avoid expressing any opinions, sticking only to facts. If you find an opinion, however, it's mine and not Google's.)
While your assumption isn't without merit, it's still an assumption.
This signature is false.
there is a difference between witnessing others practicing their religion, and being forced to partake yourself.
hence the implied freedom -from- religion as part of the deal.
though that concept is not applicable in your link.
the guy in the article is a crank...but that doesn't mean hes necessarily wrong.
from that article it seems the concepts at issue is two fold:
-the participation of public officials in their official capacity participating in a religious activity, rather than as private citizens, while such participation is barred by law
-public eyesore
(will dismiss the safety hazard claim; unless its firing lasers or super bright spotlights at interstate traffic, the claim is likely a non-starter)
Not knowing the local laws regarding large display objects and eyesores, can't comment beyond noting that some localities zoning rules (or local HOAs) have rules regarding public displays, and it's possible the cross here breaks one. don't know, would have to look it up.
But the public officials side of it is a reasonable argument as the lawsuit is against their public office or official persona (eg, Mayor soandso), and not their private person. Ergo, they as private citizens are not being sued for practicing their religion. Rather they, as public officials, are being sued for using their official capacity to endorse a particular religion which is contrary to law.
I do think they could potentially defend themselves against such a lawsuit by claiming they would perform such actions for -any- religion that so requested it, ie that they would not discriminate, and did so viewing the cross as a economic/tourist attraction to the town (though that last part is probably a stretch). Followed with an apology that they intended no special favoritism. And in the future, they participate solely as private citizens to avoid any controversy.
The guy who said the election was rigged won the presidency with the second-most votes.
Consider this scenario, from my time in the service:
Often at large ceremonies, like changing command, or pass in reviews, or etc, a chaplain will offer a brief prayer at the start.
As one of the bodies in the formation (ugh...the worst duty ever, I swear! standing there in dress or service uniform, sweating/freezing, trying to pay attention and not fall asleep, or ignore the bug biting....sorry...went on tangent) ... ...at some point the command is given "Let us pray". Now this is not intended as a religious command, rather its part of the drill manual directing the formation to respectfully bow heads*; sign of respect, not an expectation of participation.
And then the chaplain, who could be some form of Christian, Muslim, or Jewish (I've experienced all three), then gives his non-denominational prayer, usually for guidance or protection.
Now. Is that forced participation in a religious activity?
--
*in fact "let us pray" is not really a command; it doesn't come from the formation leader out in front, and isn't itself part of the drill manual, but from the chaplain. its not part of the usual command then action routine. its simply stated in the drill manual that when a chaplain begins to speak the formation will bow their heads out of respect, and the raise them when he's done. the phrases "let us pray" and "amen" simply being an unofficial means of signaling to the formation when he is starting and when he is finished. he could just as easily just start talking, and then hand the floor over to the next speaker, and the formation would still react appropriately.
The guy who said the election was rigged won the presidency with the second-most votes.
may have tipped my hand that I'm personally on the fence, and see both sides of the argument.
The guy who said the election was rigged won the presidency with the second-most votes.
Honestly, I would ask a lawyer. It seems to be a touchy situation, but, possibly, they may get around it by opening it up to all religions so that no one religion is being favored over any other. This is the meaning behind the establishment part, not being free from observance, but selecting one over the other.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Apple and Google have no choice about complying with requests for information they've got, or can get with tools they've got. Apple isn't saying they won't provide information in response to court orders. They're saying that they're making it difficult for anyone, including Apple, to crack the security, and that they will resist orders to make tools to crack iPhones and iPads. Whether this is a matter of marketing or idealism isn't really an important issue.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
In which case they can damn well get a Hindu or Buddhist or Shinto chaplain once in a while, unless they intend to form an establishment of monotheistic religions only. Or, for that matter, Pastafarians and Satanists.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The First Amendment non-establishment clause means the government cannot use its resources to promote any particular religion or group of religions. That's what the ACLU fights against. There's a lot of cases where some government or other decides to do something that specifically favors Christianity, which is unConstitutional.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
That is possible, however, it doesn't look like there are many in the military of those religions.
http://secular.org/files/mldc-...
But, that could also be a sampling error; maybe those weren't options in the survey.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
There are Hindu chaplains.
I've not heard of Buddhist ones, but then that religion doesn't seem like one that would lend itself to having chaplains.
The only one I know of being rejected is a Humanist (atheist) who is currently suing the navy over that rejection.
Though I believe his rejection had to do with the lack of an endorsement. Remember that Chaplains are volunteers , and the military does not actively recruit them (and in a sense, cannot). They must apply for service as a chaplain. Then the military can evaluate their fitness to serve in the military. But the military cannot itself be the one to determine whether or not a person is really Catholic/Jewish/whatever, as that's a violation of the Separation of Church and State (military deciding what qualifies as a particular religion) clause. So therefore they must be endorsed by an outside religious order. Catholic priests are usually endorsed by their Archdiocese, etc. The first Muslim chaplains, lacking their own body to endorse them yet, were actually endorsed by various Christian orders.
There's also the tenet that Chaplains are expected and trained to administer to -ALL- service members regardless of which religion they may be a member, at least so much as they can between different religions. But then much of ministering isn't just religious in nature, but simply advise or counsel on matters of ethics or morale. Example: an Imam would not be expected to hold a Catholic service and administer the Communion, but he would be expected provide advise and counsel to anyone who asks. And it's impractical, and impossible, to have a Chaplin from every religion attached to every unit. For a while we had an LDS chaplain.
Chaplains occupy a gray zone in the military structure. They're afforded officer rank, but have no really command authority over anyone besides other Chaplains. They do get some training, such as basic survival training as well as first aid and medical training (allowing them to assist in triage and field hospitals), but naturally not combat training.
In fact 9 Chaplains have received the Medal of Honor. Two especially worth reading about are Lt. Comdr. O'Callahan (took command of the USS Franklin after it was crippled and nearly sunk, successfully leading the ship out of danger and back to port) and Capt. Angelo J. Liteky (shot multiple times, yet stood up in the face of enemy fire directing medevac helos into and out of a landing zone, and personally carried (and saved the lives of) over 20 men through that gunfire to the helos), are especially worth reading about. The latter one went on to become a war protestor, renouncing his both his medal and priestly vows.
Then on the other side of the spectrum, you have people like Gordon Klingenschmitt, who sued and protested while serving as a Chaplain, because he felt the military was restricting his freedom of religion by not allowing to proselytize to service members, or be more coercive in getting them pray, or the requirement that all prayers outside of chapel services be non-sectarian. He was eventually court-martialed and kicked out, whereupon he returned to Colorado where he became a rabidly anti-gay radio personality and preacher, and now recently managed to get elected to Congress where he makes the loonie Louie Gohmert of Texas look sane.
The guy who said the election was rigged won the presidency with the second-most votes.
Even if Google wanted to be part of the solution (and since they view the user's privacy as their product that's a big assumption) their inability to control OEMs makes me want to abandon them for Apple. That's saying something since I absolutely deplore the manufacturing standards that Apple upholds w.r.t. their contract factories like Foxconn, but I think that it's something that we are going to have to start thinking about in the future!
Will
remove nospam. to email!
The documentation for the hardware-backed keystore is at: https://source.android.com/sec...
The Lollipop changes... that I'm not sure about. I'm sure it's in the release notes somewhere, but I'd have to go Googling for it, and I'm sure you can do that as well as I can.