Slashdot Mirror
FBI Has Sights On Larger Battle Over Encryption After Apple Feud (bloomberg.com)
An anonymous reader writes from a report via Bloomberg: FBI Director James Comey said the FBI is exploring how to make broader use of the hack, used to access a San Bernardino terrorist's encrypted iPhone, while bracing for a larger battle involving encrypted text messages, e-mails and other data. The tool could "in theory be used in any case where there's a court order" to access data on an iPhone 5c running Apple's iOS 9 OS, Comey told reporters in Washington on Wednesday. However, accessing content on a phone, known as "data at rest," is only part of the challenge that encryption poses for U.S. investigators. Software applications and other services that encrypts texts, e-mails and other information in transit over the Internet, known as "data in motion," are "hugely significant," especially for national security investigations, Comey said. He said criminals are increasingly using services that encrypt data in motion, and he didn't rule out litigation against companies such as WhatsApp. "WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house." As for whether or not there will be litigation against WhatsApp down the road, Comey says, "I don't know." The FBI is trying to figure out how to allow "law enforcement around the country with court orders to be able to use our tool," Comey said. It's "tricky," he said, because using the tool to help state and local criminal investigations could mean that it would have to be revealed in a court preceding if there isn't a procedure in place to prohibit testimony about how it works.
...yet they're just itching to let local law enforcement use their tool for what plainly is not a matter of national security. I really hope that Americans aren't quite as dumb as I perceive and can see things for the way they are. Also, the more I hear Comey speaking, the more I wish somebody would just put a sock in him. The 1990's called and wants its Clipper chip back.
I can walk down the street with a friend and have a conversation that is not recorded, is never discoverable in the future. Although millions of us are honest people, terrorists could have these types of conversations as well. I just don't know how we can let that happen. It seems that the government should require us to record conversations so that if there is a warrant in the future we can get that data. Why it is just unfathomable that there could be information that the government cannot discover! How could we have let this happen for so long?! It's just SO GREAT that the FBI is trying to protect us...
Who cares? Are they going to make illegal to use something else?
“He’s not deformed, he’s just drunk!”
If the prosecution's case relies on evidence gathered by secret means then the data cannot be verified and it does not meet the standard of beyond reasonable doubt.
"We have evidence that proves his guilt but we can't tell you about it" -- then you don't have evidence.
"Grab them by the pussy" -- President of the United States of America
FISA Court
This issue is a bit more complicated than you think.
Even their director admitted there's "scant" evidence.
Plus there's no way Lynch will file charges given what she has said, so this is just a waste of time and money like that Starr thing.
Which is currently wasting the time of over 200 government employees. It's such a waste.
This. Charges will never happen.
.... we can learn a lesson from WhatsApp. if you ever develop any mechanism that allows end users to encrypt data in ways that nobody other than the intended recipient can decrypt, you have to actively try to discourage it from ever becoming too popular, because if it ever should become a dominating player, then criminals will be using it as well, and then law enforcement will want to come after you.
File under 'M' for 'Manic ranting'
If you want one more layer of defense against hackers, encrypting data helps. I'm not sure how outlawing an algorithm helps anyone... Especially since every other government will use encryption. Are we suddenly not allowed to play foreign made video games if they have encryption on them?
The political motivation is to find a way to let her off when we all know full well that she's committed thousands of felony counts.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Secret investigations are often necessary for a time to allow law enforcement investigations to proceed.
Right up until the moment when you take someone to court. If you don't disclose how evidence was obtained, then there is nothing to prevent en masse violation of the Constitution--no matter how good your intentions or how bad the people you are going after.
Real lawyers write in C++
Republicans love proving government doesn't work.
FBI Director James Comey needs to resign because he's made it very clear he does not have the American public's best interests in mind.
Anons need not reply. Questions end with a question mark.
Where are the GoPro cameras, where is the third suspect, why was a 'disaster drill' going on before the shooting. How did a coworker manage to identify one shooter as Farook as they were all wearing masks. Why did Farook attend the 'departmental event' in civvies only to rush out after being insulted to return in combat gear.
San Bernardino Jihadis Strapped GoPros to Their Body Armor
It is understandable the FBI wants to not have to deal with encryption. It is their sworn duty to uphold the law, and to them, encryption is something a crook can use to keep them from answering for their crimes.
However, the problem is that it creates a blowback effect. Before Biden and Lieberman introduced laws to ban encryption completely, nobody gave a rat's ass about it. What encryption there was was absolute shit and at best, just homegrown (lets seed and use rand.c and XOR that.) Want FDE? Stacker and setting a password was the way on the MS-DOS or OS/2 side. On the Mac side, FWB Hard Disk Toolkit had a driver that did two rounds of DES. Archiving utilities at best had 1-2 rounds of DES as well, due to speed.
When the Congrescritters started trying to ban it, it woke people up. Especially after Operation Sun Devil. Those two events (the government going after and raiding people, coupled with wanting to ban encryption, then have their own key escrowed stuff) created the Cypherpunks list. Eventually, after Clipper was killed, Skipjack publicized, encryption got boring, and the college students went on to other things.
Now, we have a similar situation. Again, Congrescritters wanting encryption bans, people being thrown in jail for the rest of their lives without trial until they cough up a password.
It isn't just the US. Other countries will seize businessmen's laptops as a matter of routine.
Then, there is Apple's halo effect. Apple is seen as the "good guys" by many people. Pushing on Apple is not good PR. Hell, even the EU which routinely drags Google and Microsoft into their kangaroo courts so that they can keep relevant (anti-Americanism is a sure way to keep your job), those guys don't even get near Apple, even when laws are passed (like the one forcing companies to standardize on one charging/data adapter.)
The FBI shouldn't keep on this route. If the government starts pushing too much against encryption, we all know about the War on Drugs and Prohibition... there would be a renaissance on encryption that would make Tim C. May, Black Unicorn, and PRZ seem like amateur hacks, with what products would be produced, with real security. Virtually everything would "go dark". Hardware backdoors? If consumers were willing to pay for it, there will be some company selling "trusted" hardware, with the only guessed backdoors, that country's intelligence department.
Look at the firearm industry in the US... if people started really fearing that they might be tossed in a private prison, to only see their family on some shitty Skype-esque thing for $10 a minute for the rest of their lives, you will see that factor of fear causing a lot of people to pay a lot of money for heavy duty encryption.
Citation? Because that's not the news making it's way around the internet today, as he did just shoot a hole in the talking points of the Clinton campaign today:
That doesn't sound like he said 'scant' evidence (of which there is plenty under a gross negligence standard for the lowest charge), even when taken with the last line of the article:
If it wasn't a criminal probe, why would you give immunity to a key staffer?
Help Brendan pay off his student loans
The FBI got super lucky especially because the 5s and up has more advanced and complete encryption (both in hardware and iOS) and the San Bernadino terrorist had a 5c device. On top of that, they had physical access to the device. They wouldn't be so lucky if they wanted to dig up conversation data WITHOUT the cooperation of the company administering the servers, using Whatsapp as an example. Obviously snooping encrypted conversations "in motion" as they put it is not possible. What they really need is for these companies to cooperate and provide data when needed. Companies will fight back of course, but there really has to be some happy medium where companies can feel safe providing necessary information to law enforcement and yet know that they aren't undermining the security and privacy of their users. That's really what this boils down to. But that will be a super tough thing to iron out in law, since it comes from a position of compromise - no one will be happy.
He's a hacker! Lock him up already! It's the law!
"law enforcement around the country with court orders to be able to use our tool"
Getting court approval isn't the problem: Getting a universal back-door is the problem.
We don't have to prove we're the good guys. We need parallel construction to hide our dirty tricks.
And Blumenthal confirmed today that there is no "Clinton bombshell."
They're bad because any old file can be presented as coming from the encrypted device. It would be very easy for the fuzz to "plant evidence", so to speak. As in:
"Did you find this photo of the defendant wielding an ISIS flag on the defendant's phone Officer?"
"Yes your honor."
"How did you recover it?"
"I can't say your honor."
Good luck proving the phone only had lolcats on it.
The FBI director openly discussing how to subvert the justice system is yet another sign that the US is now a fully fledged totalitarian state.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Congress has the right to impeach any federal employee. Write to your congressman and ask for a vote on the matter.
So the claim is terrorists use "whatsapp" - then what are their names?
I think the claim, like many others, is a lie.
How many terrorists even use a timer on bombs let alone more advanced technology? They are just being used as an excuse to lie and push an agenda.
Given that it doesn't want to be subject to US harassment, it should find another country to be based in - and in which to pay
TAXES
it's only when the government is hit in its finances will it stop drifting towards a police state.
Before WhatsApp and the iPhone, there weren't any real obstacles. Given time and equipment, any physical safe can be opened.
It *can* be, but it won't be. John DOE, Petitioner v. UNITED STATES. 487 U.S. 201 (108 S.Ct. 2341, 101 L.Ed.2d 184).
"A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the prosecution in convicting him of a crime? I think not. He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe —- by word or deed."
The police did not subsequently obtain a warrant to break open the safe, because they could not produce probable cause that the safe contained the bank records which the police were seeking.
So no: there is no difference between encryption and a combination lock.
What's interesting, however, is that there is, likewise, no difference between a lockbox key and a fingerprint to unlock a phone. So if you are stupid enough to use a fingerprint lock, they can compel you to put your finger on the sensor.
The only difference here is that an iPhone is treated differently than a safe, because the iPhone isn't (yet) as secure as a safe, and the iPhone isn't (yet) treated as a container for data, rather than personal property. Obviously, the first time someone is smart enough to raise that precedent in an evidentiary hearing and get an iPhone hack in as an illegal search, things will go to hell for the police, and then for the FBI.
So for right now, I think they will use it only where they've used it so far: where the perp doesn't own the device, and the actual owner gives permission.
Of course, this means that, for most of the U.S., which buys their iPhone over time as part of agreeing to a service contract, until they go off contract, it's actually the telephone company which owns the iPhone, not the person in whose possession it happens to currently reside.
That should make a nice court case, as well: when the police go to the telephone company and obtain permission. Expect if e.g. AT&T actually grants permission, that the week following, there's going to be a LOT of new T-Mobile, Verizon, and Sprint customers.
I don't think that WhatsApp really understands what this means.
I think they do. I think they have a pretty damned good idea, in fact, having talked to a number of executive officers of the company personally about the issue.
Is this really what we want - for evidence of crimes to be unobtainable?
No.
In the "think of the children" argument you are making, this is what we want:
We want the police to arrest the child pornographers at the point of the creation of the pornography, prior to its distribution, and prior to the further abuse of the children in question. If they can't do that, then what good are they to anyone?
Great, you break into an iPhone, and find someone has a picture on it that was illegally created, and is illegal to posses. Big deal. For every copy you find, there are dozens or hundreds still out there. You haven't prevented the social harm by breaking into Guido The Child Perv's iPhone. You haven't even ameliorated it a bit, if Guido is a "leaf node" (i.e. he doesn't distribute the material himself).
Marching in after a crime has been committed and figuratively beating the crap out of the perpetrator, while the victim is still lying in a pool of blood is not a useful operation. It clearly does not prevent future victims, particularly for things like murder, where the penalty takes so freaking long to enact that someone can start by getting their GED and have multiple PhDs before they ever
Are you still going on about this email thing when there are real scandals like the Pfizer donations after Hillary decided to drop penalties and all the stuff about Hillary that came out with the Manning leak?
Funny how the email was not a big deal with Palin but it is with Hillary - but it's still just being lazy instead of going after real scandals that are far worse.
"WhatsApp has over a billion customers, overwhelmingly good people,"
And they live in 194 countries, 193 of them not giving a shit what the FBI wants.
> it's actually the telephone company which owns the iPhone
I hate to do this, mostly 'cause I like you, but that's simply not true - by precedent. To give two good examples:
1. Your home. If you're paid and current with your mortgage and the bank has not foreclosed and taken possession then the lending agency can not grant rights.
2. Your car, just like the above. The dealership or credit agency can not give the police permission to search your vehicle. Well, they can. It won't hold up in court.
So long as you're current then you have most every right you'd have with complete ownership. You own your house even while the bank owns it. You have the deed, they have a lien on the deed. The same thing for your car if it is not yet fully paid off. I'm not positive but I strongly suspect that if you're incarcerated and unable to make your payment then they still can't give permission to search.
"So long and thanks for all the fish."
In one simple word ? Whoosh.
.
The phone company can, and does have all kinds of (often called "debugging") access to your phone you have little to no clue about, and which, even if you knew, you can't do anything about.
Yes, you do own your phones hardware in a legal sense. Its firmware and phone companies "added value" packages ? Not so much.
Absolutily nothing that is stored on your phone or anything your phone can do that is outside the reach of a phone company, and thus the "law enforcement" agencies.
And don't come with encryption. The only thing malware (of any kind, "legal" or not) needs to do is to wait for the user to access such encrypted content, and it has access too.
So no, although you can own the physical device (and even that is questionable if you got it as part of a contract), you definitily are not the owner (as in the one who makes all the decisions) of what it all can do. Not by a long shot.
Posting to undo hamfisted mod...
This is exactly what Apple was saying would happen if they released the patch. This hack is now to be used for all other phones that have some information, which have no bearing to the original case. This is exactly the slippery slope we where warning about would happen.
Terrorists and good people lock their doors. Both use safes. Both drive cars. Should we ban these things as well to make your job easier cop? No. Fuck you, do your job, don't compromise my security and privacy to do so.
Silence is a state of mime.
> We want the police to arrest the child pornographers at the point of the creation of the pornography, prior to its distribution, and prior to the further abuse of the children in question. If they can't do that, then what good are they to anyone?
If they take that image with an iPhone then they can't ever obtain it prior to distribution.
Which is to say that you are arguing that there is no need for police.
FTA:
"WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house."
Translation:
"The United States has over 300 million people, overwhelmingly good people," Comey said. "But in that 300 million people are terrorists and criminals, and so that now-under-siege document called The Constitution will be further undermined by law enforcement agencies."
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
> Policework seems to be going down the same rathole that investigative journalism went down,
Police are just following where society has gone - online and into electronic communications. When two people in a night club conspire to assault the person sitting between them using WhatsApp, where do police turn to show that it was a premeditated crime and more serious than something random if phones cannot be broken into? The evidence exists (on the phone) but is inaccessible. Wanting to get into the phone is not being lazy, it is pursuing all relevant avenues available for collecting evidence.
> ... where the penalty takes so freaking long to enact ...
That's a completely separate problem but if relevant evidence that would speed things up is on a modern iPhone then it is no longer reachable. Are you in favor of making it easier or harder for police to do the work that is required of them? Or do you want police to operate like they did in 1916 and be ignorant of modern technology?
> You haven't prevented the social harm by breaking into Guido The Child Perv's iPhone.
But you may find a list of contacts that Guido has exchanged it with. The unfortunate part will be that Guido's granny may be on that phone's contact list too and may thus fall into the pool of further suspects until that list is examined and processed. Through doing proper investigative work on the material in Guido's phone the police do become in a position to prevent further harm if they can determine Guido has swapped contact with other people. But you don't want the police to do that, do you? Or did you have some other magical way for the police to do that?
Maybe I'll put it like this: how do you envisage police obtaining evidence when a phone such as the iPhone (with WhatsApp) is used for all communication around planning a crime and executing it? Or does it no longer be possible to prosecute a crime for being "premeditated" because no evidence can be produced?
As an iPhone owner, I love the idea that police can't break into my phone and see what I've been doing with it but make no mistake, this is a two edged sword.
> We want the police to arrest the child pornographers at the point of the creation of the pornography, prior to its distribution, and prior to the further abuse of the children in question. If they can't do that, then what good are they to anyone?
If they take that image with an iPhone then they can't ever obtain it prior to distribution.
Which is to say that you are arguing that there is no need for police.
Incorrect. They should battering-RAM down the door while the pornographer is there, with the naked child.
That's enough to throw them in prison for a very, very long time. If you are in a reasonable jurisdiction, they will throw them in prison for life, or until the other inmates find out what they are in for, if they happen to be in general population. Whichever comes first.
> Policework seems to be going down the same rathole that investigative journalism went down,
Police are just following where society has gone - online and into electronic communications. When two people in a night club conspire to assault the person sitting between them using WhatsApp, where do police turn to show that it was a premeditated crime and more serious than something random if phones cannot be broken into?
They get perp A to flip on perp B for some concession in sentencing. The police and prosecution have always done this with criminal conspiracies, and it is very rare that at least one person involved in the conspiracy does not flip.
In other words: good old fashioned police work.
> ... where the penalty takes so freaking long to enact ...
That's a completely separate problem but if relevant evidence that would speed things up is on a modern iPhone then it is no longer reachable.
In things like your first degree murder example, I mean enacting the death penalty quickly.
While some wrongly convicted (definitionally NOT innocent, as they were convicted) people may die as a result, the purpose of the penal system is not to serve some epistemological Platonic ideal of "justice", nor is it to enact "vengeance", as some would argue (thus allowing victims families to testify prior to sentencing), it's to act as a deterrent to rule breakers *other* than the person being held up as an example of what society does to people who break the rules.
Logically, their guilt kind of doesn't matter all that much. So rapidity serves the public good, more than accuracy.
Are you in favor of making it easier or harder for police to do the work that is required of them?
Not "easier at the expense of fundamental rights". The "harder" you refer to is not the same as "impossible", it simply means "requiring the expenditure of additional resources". Perhaps if they were to stop enforcing laws against consensual crime, such as drug abuse, or sodomy, they would have more resources to go after child pornographers.
Sadly, no one is "thinking of the children", are they?
> You haven't prevented the social harm by breaking into Guido The Child Perv's iPhone.
But you may find a list of contacts that Guido has exchanged it with.
Given my initial premise that Guido (and most like him) represent leaf nodes: you will not find that information.
What actionable intelligence was obtained from the San Bernardino iPhone? That's what I thought.
Maybe I'll put it like this: how do you envisage police obtaining evidence when a phone such as the iPhone (with WhatsApp) is used for all communication around planning a crime and executing it?
By demonstrating probable cause that the iPhone contains the evidence they seek.
And then getting a warrant and serving it on Apple to obtain access to the iPhone's contents from the iCloud backup, after not being fucking morons and causing the iCloud password to be changed.
How do they obtain evidence? Umm good old fashioned police work?
Your logical fallacy of appealing to "think of the children" is one that is much loved to be lampooned around here. You might try to think of better arguments.
One of the interesting aspects of the Assault on Freedom being conducted by governments the world over is the incredibly selective, distorting arguments that they make. In this case, one of the FBI's central themes has been that "terrorists, criminals and paedophiles" use encryption to hide behind. The inference is that "general purpose encryption" is being used "to do or hide bad things".
Even assuming that this argument were true, or had been substantiated by the claimant [neither in this case] it seems to be somewhat self-defeating.
If we apply the same logic to, say, the right to private ownership of firearms [and, sorry for all those who wish to retain their Second Amendment rights, because I truly don't mean to come across as a troll] provides a very similar argument and case. The United States has some of the highest personal firearm ownership levels anywhere in the world, and some of the highest levels of firearms related murders and woundings. So if the FBI were to stand up and say, "Well, because so many people with firearms use them for criminal purposes, we'll just outlaw all personal firearm ownership..." Whether or not you consider that argument right or wrong is irrelevant in this case, because I am using it as a good example of the way that law enforcement are so selective when it comes to their arguments.
We have also seen how acts of states that are conducted behind closed doors and without full public scrutiny (Wikileaks, Snowden, Panama Papers, etc) lead to corruption and vast amounts of white-collar crime. So if we apply the same logic that the FBI are using to attack encryption - and in attempting to stamp out bribery, corruption, fraud and tax evasion, obviously the FBI will also be demanding completely transparent government, all key decisions made before public hearings, complete financial transparency, with additional requirements for anyone worth more than say $10 Million and so on?
What's that you say? No? Didn't think so...
People that care little about staying on the bleeding edge still have a 5c or older. What good is a "tool" that cracks old phones, in a year or two it will be able to crack what 5% or less of iPhones. That is, if there's a tool at all. I'd venture to guess that there is no tool, and if there is, they act like they're under the assumption that Apple has no control over their own operating system. There are only so many ways a phone can be decrypted... Good luck if you do have a tool to crack old phones FBI, but you're running out of time.
They want full control of data, period. The claim of having a tool whether true or not is just a fulcrum for socially engineering judges/juries. They've never needed a "tool" to lie in court before... They are paid to lie with he intent of getting people to incriminate themselves.
You better just ban mathematics beyond basic arithmetic. It's the only way you win the crypto war, 4-6 generations after you stop teaching advanced mathematics. Lets see how that works out for you. Yes im being ironic and condescending at the same time.
... when Comey was still telling everyone he wasn't obsessed with encryption, back doors, and such. Nowadays he doesn't even bother to lie about it.
CUR ALLOC 20195.....5804M
> Policework seems to be going down the same rathole that investigative journalism went down,
Police are just following where society has gone - online and into electronic communications. When two people in a night club conspire to assault the person sitting between them using WhatsApp, where do police turn to show that it was a premeditated crime and more serious than something random if phones cannot be broken into? The evidence exists (on the phone) but is inaccessible. Wanting to get into the phone is not being lazy, it is pursuing all relevant avenues available for collecting evidence.
Can't tell what is causing what here, but it's really the "low hanging fruit" syndrome in action. Police in general are lazy and incompetent, much like the rest of society. But there you go; people willing to do the least amount of work for the greatest return for a nice pat on the back.
Life is not for the lazy.
If you had your way, it would be trivially easy for hackers to steal all his monies.
Is this really what we want? To let hackers have free reign over all of our digital devices?
Before WhatsApp and the iPhone, there weren't any real obstacles.
Really? There were no obstacles to deciphering this jumble of characters on this physical notebook?
Given time and equipment, any physical safe can be opened.
An encrypted hard drive is not a safe. It is a notebook, made out of metal, written to using magnets. And it is not my job to teach you the made-up language I used to write in my notebook.
> By demonstrating probable cause that the iPhone contains the evidence they seek.
> And then getting a warrant and serving it on Apple to obtain access to the iPhone's contents from the iCloud backup, after not being fucking morons and causing the iCloud password to be changed.
Thank you for pointing out that Apple should be in a position to always provide a way to access data that the owner thinks is encrypted (and only accessible by themselves) but isn't really.
Or in other words, you've just justified a "backdoor" into encrypted data.
Your assertion is totally non-sequitor. Technological ability is independent to legal rights. The point of the GGP was that the phone company CANNOT grant the right to search and as such, any LEO MUST obtain a search warrant based upon probable cause to search a phone. Evidence obtained by the phone company "breaking in" to a users phone against his will with no valid search warrant would be suppressed by the court. i.e No conviction.
As for the phone company owning a users "financed" phone: The last time I checked, breaking contract requires payment of an ETF or payment of the balance of the credit acount, not repossession of the phone. The phone company or credit agency has no legal ownership of the financed phone, nor lien. I believe you are conflating own/p0wn anyway. The court can tell the difference.
Try to pay attention next time.
These articles really need to stop confusing "encryption" with password security. They've broken Apple's password security, probably an altogether trivial thing to do as security exploits in iPhones are fairly common. They can't "break [good] encryption" anymore than they can break gravity - it's math - it's fundamental laws of the universe. They can break software security measures designed to artificially bolster security of weak passwords though. Nothing to see here, use strong passwords folks, as always.
If it ain't broke, don't fix it.
The ultimate end to their demands will not make people more secure, but make people less secure. The companies, including VPN manufacturers, that the US government itself relies on will be making weaker products. But the criminals, do not have to obey this law, so they will create their own encryption routines, contrary to the FBI's beliefs,encryption isn't an "American Only" skill.
The other problems that come up, is that it wold allow foreign countries and even the same terrorists they are trying to prevent from having these private communications. And would just cause job losses as companies decide to move out of the country.
Somebody help me out here. Since pgp is, essentially, open-sourced, how do government agencies expect to regulate encryption? Even if they force this company or that company to give them a "back door", what is there to prevent someone from running their own app? Do they not realize that criminal and terrorist organizations are capable of easily building their own encryption applications?
Proverbs 21:19
I'm sorry, but may I now use the phrase "Non sequitur" ? Shall we contain our conversation to the person who's statement I responded to and I even quoted ? FYI, that would be my parent. Not my GP and certainly not my GGP.
And who the heck claimed that a phone company can grant anything at all ? Not me, and not the parent I was responding to. Strawman argument much ?
The problem is that if a(ny) enforcement agency comes by such a phone company and says "hey, do as we tell you and don't squawk about it"* the phone company has a lot more control over the phone you call your property than you do yourself. It makes it very easy to get anything-and-everything from your phone with you being none-the-wiser. Regardless of if it is legally your property or not.
*And I won't even try to discuss with you how such (non-specific, as broad the person using them wants them to be -- including dragnetting) warrants can be obtained from secret, rubberstamping "courts".
As for the
?
I would suggest that you, in the land of the free where unread shrink-wrap EULAs are legally binding, check the wording of that contract carefully. There just might be some wording in there stating that the object only becomes yours after the last full payment ...
Also, if it is yours from day one than why is a phone company allowed to vendor-lock your property to their services up until after the contract ends (if at all -- but thats a whole other discussion) ? Quite a contradiction, don't you say ? :-)
Lolz !
As the FBI explains, WhatsApp has over a billion users. If they charge each user a $0.25 government litigation fee, they'll have $250 million to fight the FBI in court.
In things like your first degree murder example, I mean enacting the death penalty quickly.
While some wrongly convicted (definitionally NOT innocent, as they were convicted) people may die as a result, the purpose of the penal system is not to serve some epistemological Platonic ideal of "justice", nor is it to enact "vengeance", as some would argue (thus allowing victims families to testify prior to sentencing), it's to act as a deterrent to rule breakers *other* than the person being held up as an example of what society does to people who break the rules.
Logically, their guilt kind of doesn't matter all that much. So rapidity serves the public good, more than accuracy.
Actually, I saw that very thing happen this year in a DUI accident case (in the Baltimore County Circuit Court) - the judge asked the victims to speak prior to sentencing the defendant.
Maybe I'll put it like this: how do you envisage police obtaining evidence when a phone such as the iPhone (with WhatsApp) is used for all communication around planning a crime and executing it?
By demonstrating probable cause that the iPhone contains the evidence they seek.
And then getting a warrant and serving it on Apple to obtain access to the iPhone's contents from the iCloud backup, after not being fucking morons and causing the iCloud password to be changed.
Agreed.
I'm starting to think GNU is the problem with "GNU/Linux" these days.
> If you had your way, it would be trivially easy for hackers to steal all his monies.
There is a difference between providing law enforcement what they need to conduct investigative work and requiring that devices be safe from hackers. Many would argue that it doesn't matter whether crypto is used or not, software bugs will always let hackers in. That's not to say that because of hackers there's no reason to use crypto, rather that because we don't know what path (and thus who can see our communications) that encrypted comms is always prefered.
In so far as WhatsApp is concerned, there's nothing stopping WhatsApp from changing the app so that both needs are served.
The challenge for services using encryption is to ensure that only the parties that have a right to know what is being sent are aware of it and nobody else. That includes keeping out hackers *AND* the CIA/DHS/NSA (that don't have any rights to that material) as well as allowing the FBI *ONLY* when so authorized.
Apple could only decrypt the drive. Each app can (and should) be encrypting its own data how it sees fit. Each session of a 3rd party messaging app should have a one-time key. Messages sent between 3rd party apps do not even need to be stored long-term. Having Apple unlock the phone is only going to help if criminals are using the built-in apps, which they're probably not. In the end, this just pisses off the law abiding citizens who enjoy their privacy, except now they now Apple can eavesdrop.
What a load of crap. Why would the FBI tell him that? He doesn't know that.
Very Very sad I cannot mod this up.
Put "parallel construction" into your favorite search engine. LEOs ARE searching and seizing without court orders.
Take your own advice and pay attention.
As long as they rely on hacking the system, and not forcing the system provider to fork over security keys. Let's just hope that Apple keeps on top of their security and continually fixes the holes that the FBI finds.
"Hi, I'm FBI Director James Comey, and I have no interest in or regard for the consequences of my actions.
Privacy, what's that? Due process? Are you a communist? Constitution? OK, that's it, get in the paddy wagon you terrorist!"
Now now, children, you're both right. You're talking about what is possible, fuzznutz and KGIII are talking about what is legally permissible.
In so far as WhatsApp is concerned, there's nothing stopping WhatsApp from changing the app so that both needs are served.
Except for the fact that, y'know, it is literally impossible to do so. But keep living in that fantasy world of yours. Well, at least until I drain your bank account dry because you were too stupid to realize that a backdoor accessible to "the good guys" is equally accessible to "the bad guys".
In theory this is true. But I just don't trust anybody in the govt or private sector with my data. Which sucks because you gotta trust someone.
Companies are compelled all the time to hand over data. I'm not even sure a warrant is used half the time(citation needed).
First... get with the times, calling her 'Hillary' is sexist.... doubly so when you only used last names of two other people.
I wasn't, I was replying to a comment of someone who was... and also citing a quote from the FBI director who currently has an investigation into the matter.
There are also the whole Clinton Cash allegations... and thanks to the FBI having her email server and having allegedly been able to recover all of the deleted emails, we may soon hear more about that just as soon as they interview her and wrap up their investigation.
Nice false equivalency you've got there... or are you suggesting Palin not only had access to classified information, but allowed it to traverse her unsecured private account as we know Clinton did?
The reason for Palin not being a scandal is probably for the same reason the Governor of Washington state admitting to using private email to conduct official business from time to time, and it's not just the matter of access to/misuse of classified information... but state vs federal law.
Somehow, I imagine the FBI is able to walk & chew bubblegum at the same time, and given the # of agents that are on the case I am sure they have enough resource to investigate multiple directions related to Clinton's lawbreaking.
Help Brendan pay off his student loans
Your last sentence is the problem. If it was up to them then they'd have access whenever they'd want it. And that's what they want. You better believe it.
There can never be back doors in these products. It's impossible to keep a backdoor hidden. And once someone finds a way in, the floodgates open.
If a cop wants encrypted data, do police work, have probably cause, get a warrant. None of this parallel construction shit.
Whoever has been thrown in jail using parallel construction needs to be set free. Regardless of crime, they need to be set free and have another court case. One that doesn't break the laws to prove someone's guilty.
... or until the other inmates find out what they are in for, if they happen to be in general population. Whichever comes first.
That's not justice, that's vigilante-ism. That is actually just a variation on the lynch mobs that sought 'justice' early US history. Justice is not to throw bad men into a small enclosed room with another bad man (or several bad men) and let what happens, happen. That's a cop-out and should be considered cruel and unusual punishment.
In the case of repeat offenders, if they need to be executed, then appoint someone to do so. If they need to be kept in a small box for the rest of their life (because by their own admission or actions) they'll never stop, then do that instead. If the second option is 'too cruel', then see the first option.
Posting anonymous because my name says it all.
I hate to do this, mostly 'cause I like you, but that's simply not true - by precedent. To give two good examples:
1. Your home. If you're paid and current with your mortgage and the bank has not foreclosed and taken possession then the lending agency can not grant rights.
2. Your car, just like the above. The dealership or credit agency can not give the police permission to search your vehicle. Well, they can. It won't hold up in court.
So long as you're current then you have most every right you'd have with complete ownership. You own your house even while the bank owns it. You have the deed, they have a lien on the deed. The same thing for your car if it is not yet fully paid off. I'm not positive but I strongly suspect that if you're incarcerated and unable to make your payment then they still can't give permission to search.
You probably want to look up something called Contract for Deed.
So believe it or not, there are alternative processes where the deed is retained by another entity who is the owner.
How applicable this is to searches, I don't know, but you're not correct on the one part. And if you want to know about something truly deplorable, check out the cars seized when the owner let another person drive it, and that person got caught doing something unlawful.
And Blumenthal confirmed today that there is no "Clinton bombshell."
Meanwhile, Trump confirmed that his daughter is a "bombshell."
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
Clinton, Bush, Cameron and the rest of this Spartan bunch of people will churn out anti-crypto propaganda.
And all their cocksuckers will say that computers must be hackable, so that the mentioned corrupt elite can never be challenged, not even in speech.
By 2021 the spartans will require you and everybody else to wear an Electronic Necklace with microfone and direct connection to the Communist Central Computer (CCC).
All to "defeat fascism" and so on.
If you vote for Clinton, Bush or Fiorina, that is.
All future TVs must be doing the NSAs bidding and secondly millions of Muselmans must be imported in order to justify the first measure.
The effect will be Total Control By 1%.
And all the commie suckers will aid her.
1.) Use four-digit numbers instead of the funny characters. That way it can be communicated via any voice channel.
2.) Your KEY should have at least 80 bits of entropy. English provides about 1 bits per character on average. Look up md5
Citation needed. In fact, the San Bernadino and New York City FBI lawsuits against Apple along with the voluminous other backlogged cases speak loudly against your position. The recent FBI threats against Apple and WhatsApp along with the Burr-Feinstein bill tends to undermine your credibility too. Telegram, SIgnal, WhatsApp, or any of the other fully encrypted apps leave the phone company out of the loop.
You wrote > you definitily [sic] are not the owner (as in the one who makes all the decisions) of what it all can do. Not by a long shot.
Parent wrote > Your car, just like the above. The dealership or credit agency can not give the police permission to search your vehicle. Well, they can. It won't hold up in court.
Yes you are the owner and decision maker of your property. The phone company cannot "hack your phone" without your knowledge or permission unless backed by a warrant. The Computer Fraud and Abuse Act specifically makes this illegal. Evidence only matters in court if it is collected legally. That was the whole point of this thread from the OP. You are the owner of the phone. LEO must get a warrant or permission to search. In San Bernadino, the owner (the county) gave permission. In the New York case, a warrant was issued. Your assertion that the phone company can hack the phone through some sort of OTA malware or baseband backdoor is irrelevant; parallel construction notwithstanding. Just last month a Federal court threw out evidence obtained by an invalid warrant that was overturned in a child porn case.
Uh, no. It's allowed because it is not illegal. It is the same logic that locks the iPhone, iPad & iPod Touch to the work only with the Apple App Store "service" too. Or are you arguing that Apple should be required to "unlock" iPads to use the other software stores just because you own them?
And in case you missed the big shift, phone contracts are pretty much defunct these days. You would have to be insane to sign away multiple years in a contract at the current rate of change in the telecommunications industry these days. I haven't been "under contract" for almost five years now. My last three phones I purchased outright and were unlocked from the start.
(definitionally NOT innocent, as they were convicted)
Innocent means you didn't do it. This is a matter of objective fact.
Convicted means that a court has concluded "beyond reasonable doubt" that you did it, which is a matter of judgement.
These two labels are not contradictory. It is entirely possible to be both innocent and convicted, i.e. you didn't actually do it but a court wrongly concluded that you did.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
You missed the point: fuzzynuts there thought it would be a great idea to read my response as if it was aimed at a fully different post as the one it was a decendant of, and from which I even quoted the part I responded to.
Combine that with some wild accusation that I claimed something anyone can read I never did, and I think you get the picture:
Either fuzzynuts is trolling for the heck of it, trying to "proove a point" by rather obvious strawmanning at my expense, or he hasn't got the first clue how to correlate a message and its reply.
In so far as WhatsApp is concerned, there's nothing stopping WhatsApp from changing the app so that both needs are served.
Except that no one has ever found a way to create a backdoor that only law enforcement can use. An encryption backdoor can't distinguish between "good guys" and "bad guys."
The challenge for services using encryption is to ensure that only the parties that have a right to know what is being sent are aware of it and nobody else. That includes keeping out hackers *AND* the CIA/DHS/NSA (that don't have any rights to that material) as well as allowing the FBI *ONLY* when so authorized.
Same problem... a backdoor built for the "the FBI *ONLY* when so authorized" can be abused by the NSA or by FBI when not authorized. If you poke a hole in a wall, the hole doesn't know or care who looks through it.
What are these idiots worrying about? What does our government care about stopping criminals, rapist, and terrorist when at the same time they leave out borders wide open to them?
Calling her "Clinton" is confusing so why bother with such ridiculous nitpicking?
And it's not false equivalency or a big deal - plus OF COURSE a State Governor had access to classified and other sensitive information. Where did you put your brain today? Why bother replying when you are in such a state?
There are bigger scandals and she is part of them. Get off your backside and leave the petty shit alone - there's plenty to show she's done a lot worse than Palin because she's done a lot more than the email thing. I've got no idea why you didn't comprehend that much from my previous post when I even gave an example.
Prove to us that those student loans were not a waste of money - I'm sure you can do better.
Well, you could ofcourse read back/remember some stories that even have been posted to this very forum. Put some effort into it yourself, why don't you.
As long as you think that "ownership" has only a single meaning, and is defined by "the law" than I think you are not even qualified for this discussion. And no, I'm not going to (again) explain the other meaning(s) of that word, go ask your mother.
You're making up stuff here ... again. Who said anything about "hacking" ? I certainly didn't.
I did however state the posibility that there could rather easily be some kind of maintenace entry point (other than the OTA updating one I mean).
Lolz. Point: Your phone runs firmware. Point: You did not write that firmware. So where is that certainty of yours coming from ? One thing is certain, not from facts. :-)
I'm sorry, but isn't it dark up there, with your head inside your ass ?
Gouvermental investigatory agencies have shown time-and-again that they at best pay lip service to the countries laws, even regarding the founding fathers writings with disdain, and a gouverment who, year-after-year, effectivily turns a a blind eye and refuses to deal with that attitude.
As for the warrants themselves ? With those rubber-stamping secret cangaroo courts that requirement has become a farce. Tag a "gag order" on that warrant, and you will not even know you've been targetted.
Again, lolz. You have again fully missed the point. How can you claim you own a phone when some other entity can block you from using it at your leisure ?
tl;dr:
you might be the owner of the physical device and be able to defend it against physical attacks, but you have absolutily no knowledge of what it is doing inside, and therefore are unable to detect, much less defend yourself against OTA attacks.
And a free thow-in. Google for "silent SMS". Than go see if you can detect it and/or switch it off on your phone. :-)
I fully forgot to respond to this part. I would not want to have you think that was done on purpose ... :-)
.
.
Which can be described as both "you have to our work for us on your own expense" as well as a (multiple times mentioned) "crowbar" case -- making it easier to simply demand from companies to "lift the lid" in future cases.
I mean, if they really just wanted to gain access to that phone they could have used a cangaroo courts gag-ordered warrant, don't you think ?
And are you that thick that you do not understand that Apple had to refuse that openly put demand (or suffer a sharp drop in sales because their customers would not trust them anymore) ? Their refusal tells you absolutily nothing about their ability to enter their phones or not.
Yes, rather voluminous ... What was it, way less than 50 IIRC.
Also, it was the police who claimed that there was such a backlog. Forgive me, but that sounds as fudging some numbers to make their demand towards Apple sound a bit more credible.
And yours speeks loudly of plain-old gullibility. Don't blindly believe everything you read, especially if the ones claiming something have much to win by you believeng it.
Pardon me ? If the FBI has the Law on their side, why should they start with threats ? What you are saying there is that those feds legally have nothing to go on, but try to bully others into doing their bidding anyway.
Lolz. Those two seem to have no clue about the implications of their "no encription permitted" bill (which could even be interpreted as disallowing encoding), and seem to be proud of their ignorance too. Good example bub. Not.
Well, in the above I've tried to name a few things to why your perceived credibility undermining is based on a series of false premises. In other words, you've lowered your credibility with me. :-)
Last I checked, Apple was not "the phone company." They are a manufacturer. Maybe you are ignorant of what a "phone company" is. Let me help you: https://www.google.com/#q=phon... Do you see Apple on that page?
You original assertion was that the phone company could use their sooper dooper hacking ability to defeat encryption. Are you moving the goal posts again? I have no doubt Apple has the ability to defeat their own encryption methods on some phones running some version of ios. I have never said otherwise. When you can point out that the FBI goes to Verizon or AT&T to get plaintext on an iPhone, I will be impressed.
You wrote --> The phone company can, and does have all kinds of (often called "debugging") access to your phone you have little to no clue about, and which, even if you knew, you can't do anything about. [...] Absolutily nothing that is stored on your phone or anything your phone can do that is outside the reach of a phone company, and thus the "law enforcement" agencies.
Well, I call bullshit. I am asking you to give me proof. I asked earlier and you wanted me to do your homework for you. You want me to prove a negative.
Your memory is either faulty or you are willfully ignorant. On Slashdot, articles have reported between 100 and 400 at the Federal level and many more if you add in local cases awaiting resolution of the New York case resolution before litigating. A New York Manhattan Prosecutor is on record for 175 himself.
Citation: http://abcnews.go.com/Technolo...
Comey himself mentioned the following: He (Director Comey) also said that since October 2015, the FBI has examined "about 4,000 digital devices" and was unable to unlock "approximately 500."
How many of those devices were actually encrypted?
Citation from Ars Technica: http://arstechnica.com/tech-po... and Reuters: http://www.reuters.com/article...
You do realize that is what TFA is about, right? The FBI threatening more litigation against tech companies using encryption by default.
I do not believe everything I read, including you. I am still waiting for you to cite one single case where a "phone company," which is an entity distinctly different from a phone manufacturer, hacked a cell phone for any law enforcement agency and successfully defeated encryption permitting them to prosecute. I do believe that Apple does have the resources currently to defeat encryption on some of their phones. I also believe that Apple will work to remove that capability to prevent being caught in the position of being "bullied" (as you said) again, provided the Burr-Feinstein bill goes nowhere. And as I
Not in the context of the conversation.
Yes, it remains a false equivalency, and your dismissing of the applicable laws further demonstrates it.
Apples, meet oranges.
Bullshit. What sort of *classified* (per federal law) information would Palin have had access to when governor of Alaska? Not sensitive mind you, but *classified*? Think you've got something? Is there any evidence of her mishandling that classified information? No? Then the false equivalency remains.
I seem to recall a newspaper asking it's readers to go through her emails to find incriminating bits... and ended up not finding much, so much for that scandal! On the other hand, the Inspector General at the State Department found oodles of classified information which lead to an FBI investigation.
Yup, same exact things!
Physician, heal thy self.
Which, if you were paying attention you would realize the email scandal is a major part of as it is likely to be treasure trove pointing to other illegality & corruption.
Funny how you didn't comprehend my response, which I had to echo above.
I need not prove anything to you, the facts are there, you simply opt to ignore them.
Help Brendan pay off his student loans
Then how about we have a more serious one instead of pointless nitpicking that ignores more serious issues.
Also, you calling bullshit on the irrelevant side issue ignores that the there are military based in Alaska and some of them are even under the direct control of the governor of Alaska - where did you put your brain today?
Good idea, shame you keep insisting on it and deflecting.
You keep making such claims, yet fail to substantiate *ANY* of it. It's almost as if you don't know what you are talking about... or are you one of those being paid by the Clinton campaign to 'correct' people on the internet?
Palin's emails were released, multiple outlets put them online, here is one that still is. It's reported that some 2200 pages were redacted in some way, to quote one article (notice how I keep quoting sources? You might try it.):
So many named carve outs... and yet 'classified information', 'military secrets', & 'common sense from dbIII' aren't listed as reasons, odd that?
Yes, it is possible that *IF* classified information existed in the emails and was found, it accidently got lumped in with one of those other categories... only that still assumes that she had access in the first place, something you continue to have failed to prove she did.
If you cannot, I will accept your admission of defeat on this matter and treat your statements of "ZOMG! Sarah Palin did the same thing!" as the same sort of conspiracy theory as "9/11 was an inside job" I hear from similarly grounded people.
Help Brendan pay off his student loans
Sigh ... So, #1: Why did you bring them up than ? #2: where did I claim as much ?
You're seem to be having quite a bit of trouble keeping the/your own strains of arguments apart, don't you ?
And neither do you really do not bother to put that brain of yours into gear before engaging that mouth of yours. If you can reach any person on this earth by only knowing his phone number, why do you think that Apple can't ?
Also, what makes you think that a phone-service providers active help is needed to successully attack a phone, especially if its done by the very persons who wrote its firmware ?
You're making stuff up ... again.
Challenge: show me where I said as much or loose 5 credibility points.
And I already debunked that the first time you claimed the above.
I even, in my very first contribution to this topic, tried to explain why hacking anything would not even be needed. Did that perhaps go over your head ?
And by the way: my origional assertion was that you do not actually own your phone - and decribed why I thought so.
And I told you that if you would be a regular visitor of this forum you should already have some.
And you are demanding I put effort into something you can easily find yourself. What are you, some lazy entitled kid or something ?
No, I don't. All I want from you is to use your (own!) brains and realize that the chance that its possible is quite high.
As recent examples I could refer to stories about several internet related devices that had backdoors build in on purpose, as well as PC-builder provided software with the same. And thats not even talking about "whoopsy, our software has got a bug, allowing outside access to your machine" type of problems.
The above is ofcourse absolute besides the OTA updating mechanism most smart phones seem to have, which is a kind of barndoor size "backdoor" in itself. :-)
You again seem to be missing the point: Why threatening ?
Would that maybe be because they already know that they have no chance in hell for that "no encryption" idea to be come law (it would cripple their country)?
So, you need a 100% proof before you accept that it exists ? Have you ever seen your heart/liver/intestines, etc ? How than do you know they actually exist ?
If you had paid attention in high school I would not need to would I?
In short - people who are in charge of things tend to hear things about those those things (such as the National Guard etc) - I've got no idea why you are in denial of the obvious over what is really a side issue anyway.
Look up the Pfizer stuff - Hillary's email stuffup looks as trivial as Palin's in comparison to a real scandal.
WTF?
Are you playing some stupid game here with rules that make you look like an idiot, such as playing "devil's advocate" to take a side you know is utter bullshit? That would explain the idiocy, since I keep thinking you cannot possibly be as dense as you appear to be.
Dunno about your HS, mine was rather boring and a waste of my time (not unlike this conversation)... which is why I went and got a GED and later a masters.
That is different than what you've said. My focus has been on legitimate, approved access to *classified* information (clearly you've missed me highlighting the word, but then words don't have any specific meaning, do they?)
Which again, you are relying on the possibility she *may* have heard something... and that info *may* have traversed her personal email account... neither of which have you offered a smidgen of evidence of... so I'm going to conclude that you are a conspiracy theorist as much as anyone who screams "9/11 was an inside job" or chemtrails.
Unlike either of those, there is sizable evidence of wrongdoing by Sec Clinton in her use of email, and non regarding Gov Palin.
I'm familiar, perhaps you should look up my references to the FBI being able to walk and chew bubblegum at the same time.
Help Brendan pay off his student loans
OMG WTF LGBTQRST BBQ FTW!!!
It's called picking your battles, you should look into it!
I have cited specific sources several times, you have failed to do so, almost falling back to the tired line of the helpless of "educate yourself!". It is clear you are no longer worthy of my time.
Goodbye.
Help Brendan pay off his student loans
I would much prefer not to be worthy of the time you are spending playing such petty little games at my expense.