Slashdot Mirror
FBI Has Sights On Larger Battle Over Encryption After Apple Feud (bloomberg.com)
An anonymous reader writes from a report via Bloomberg: FBI Director James Comey said the FBI is exploring how to make broader use of the hack, used to access a San Bernardino terrorist's encrypted iPhone, while bracing for a larger battle involving encrypted text messages, e-mails and other data. The tool could "in theory be used in any case where there's a court order" to access data on an iPhone 5c running Apple's iOS 9 OS, Comey told reporters in Washington on Wednesday. However, accessing content on a phone, known as "data at rest," is only part of the challenge that encryption poses for U.S. investigators. Software applications and other services that encrypts texts, e-mails and other information in transit over the Internet, known as "data in motion," are "hugely significant," especially for national security investigations, Comey said. He said criminals are increasingly using services that encrypt data in motion, and he didn't rule out litigation against companies such as WhatsApp. "WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house." As for whether or not there will be litigation against WhatsApp down the road, Comey says, "I don't know." The FBI is trying to figure out how to allow "law enforcement around the country with court orders to be able to use our tool," Comey said. It's "tricky," he said, because using the tool to help state and local criminal investigations could mean that it would have to be revealed in a court preceding if there isn't a procedure in place to prohibit testimony about how it works.
...yet they're just itching to let local law enforcement use their tool for what plainly is not a matter of national security. I really hope that Americans aren't quite as dumb as I perceive and can see things for the way they are. Also, the more I hear Comey speaking, the more I wish somebody would just put a sock in him. The 1990's called and wants its Clipper chip back.
I can walk down the street with a friend and have a conversation that is not recorded, is never discoverable in the future. Although millions of us are honest people, terrorists could have these types of conversations as well. I just don't know how we can let that happen. It seems that the government should require us to record conversations so that if there is a warrant in the future we can get that data. Why it is just unfathomable that there could be information that the government cannot discover! How could we have let this happen for so long?! It's just SO GREAT that the FBI is trying to protect us...
Who cares? Are they going to make illegal to use something else?
“He’s not deformed, he’s just drunk!”
If the prosecution's case relies on evidence gathered by secret means then the data cannot be verified and it does not meet the standard of beyond reasonable doubt.
"We have evidence that proves his guilt but we can't tell you about it" -- then you don't have evidence.
"Grab them by the pussy" -- President of the United States of America
with their politically-motivated investigation of Hillary.
FISA Court
This issue is a bit more complicated than you think.
.... we can learn a lesson from WhatsApp. if you ever develop any mechanism that allows end users to encrypt data in ways that nobody other than the intended recipient can decrypt, you have to actively try to discourage it from ever becoming too popular, because if it ever should become a dominating player, then criminals will be using it as well, and then law enforcement will want to come after you.
File under 'M' for 'Manic ranting'
If you want one more layer of defense against hackers, encrypting data helps. I'm not sure how outlawing an algorithm helps anyone... Especially since every other government will use encryption. Are we suddenly not allowed to play foreign made video games if they have encryption on them?
The political motivation is to find a way to let her off when we all know full well that she's committed thousands of felony counts.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Secret investigations are often necessary for a time to allow law enforcement investigations to proceed.
Right up until the moment when you take someone to court. If you don't disclose how evidence was obtained, then there is nothing to prevent en masse violation of the Constitution--no matter how good your intentions or how bad the people you are going after.
Real lawyers write in C++
FBI Director James Comey needs to resign because he's made it very clear he does not have the American public's best interests in mind.
Anons need not reply. Questions end with a question mark.
Where are the GoPro cameras, where is the third suspect, why was a 'disaster drill' going on before the shooting. How did a coworker manage to identify one shooter as Farook as they were all wearing masks. Why did Farook attend the 'departmental event' in civvies only to rush out after being insulted to return in combat gear.
San Bernardino Jihadis Strapped GoPros to Their Body Armor
It is understandable the FBI wants to not have to deal with encryption. It is their sworn duty to uphold the law, and to them, encryption is something a crook can use to keep them from answering for their crimes.
However, the problem is that it creates a blowback effect. Before Biden and Lieberman introduced laws to ban encryption completely, nobody gave a rat's ass about it. What encryption there was was absolute shit and at best, just homegrown (lets seed and use rand.c and XOR that.) Want FDE? Stacker and setting a password was the way on the MS-DOS or OS/2 side. On the Mac side, FWB Hard Disk Toolkit had a driver that did two rounds of DES. Archiving utilities at best had 1-2 rounds of DES as well, due to speed.
When the Congrescritters started trying to ban it, it woke people up. Especially after Operation Sun Devil. Those two events (the government going after and raiding people, coupled with wanting to ban encryption, then have their own key escrowed stuff) created the Cypherpunks list. Eventually, after Clipper was killed, Skipjack publicized, encryption got boring, and the college students went on to other things.
Now, we have a similar situation. Again, Congrescritters wanting encryption bans, people being thrown in jail for the rest of their lives without trial until they cough up a password.
It isn't just the US. Other countries will seize businessmen's laptops as a matter of routine.
Then, there is Apple's halo effect. Apple is seen as the "good guys" by many people. Pushing on Apple is not good PR. Hell, even the EU which routinely drags Google and Microsoft into their kangaroo courts so that they can keep relevant (anti-Americanism is a sure way to keep your job), those guys don't even get near Apple, even when laws are passed (like the one forcing companies to standardize on one charging/data adapter.)
The FBI shouldn't keep on this route. If the government starts pushing too much against encryption, we all know about the War on Drugs and Prohibition... there would be a renaissance on encryption that would make Tim C. May, Black Unicorn, and PRZ seem like amateur hacks, with what products would be produced, with real security. Virtually everything would "go dark". Hardware backdoors? If consumers were willing to pay for it, there will be some company selling "trusted" hardware, with the only guessed backdoors, that country's intelligence department.
Look at the firearm industry in the US... if people started really fearing that they might be tossed in a private prison, to only see their family on some shitty Skype-esque thing for $10 a minute for the rest of their lives, you will see that factor of fear causing a lot of people to pay a lot of money for heavy duty encryption.
The FBI got super lucky especially because the 5s and up has more advanced and complete encryption (both in hardware and iOS) and the San Bernadino terrorist had a 5c device. On top of that, they had physical access to the device. They wouldn't be so lucky if they wanted to dig up conversation data WITHOUT the cooperation of the company administering the servers, using Whatsapp as an example. Obviously snooping encrypted conversations "in motion" as they put it is not possible. What they really need is for these companies to cooperate and provide data when needed. Companies will fight back of course, but there really has to be some happy medium where companies can feel safe providing necessary information to law enforcement and yet know that they aren't undermining the security and privacy of their users. That's really what this boils down to. But that will be a super tough thing to iron out in law, since it comes from a position of compromise - no one will be happy.
He's a hacker! Lock him up already! It's the law!
John Smith owns an iPhone 6. John Smith keeps kiddie porn on his iPhone 6. If John doesn't use a finger print, nobody but John can unlock the phone.
Matt Smith owns an iPhone 6. Matt Smith keeps kiddie porn on his iPhone 6. If Matt doesn't use a finger print, nobody but Matt can unlock the phone.
Now if Matt & John both use WhatsApp, they can send each other kiddie porn all day long and nobody can determine that they're doing it. Even if their phones are captured, if they're taken locked, evidence of what was happening or being exchanged can never be obtained.
Rinse and repeat with any other sort of crime that you find offensive. Trading drugs, plotting to kill the president, plotting to kill you, plotting to steal your car, rob your house, traders colluding on stocks, bank managers talking about risk, etc. It protects *ALL* conversation.
WhatsApp makes possible the ubiquitous use of encryption that cannot be defeated by law enforcement.
Before WhatsApp and the iPhone, there weren't any real obstacles. Given time and equipment, any physical safe can be opened.
I don't think that WhatsApp really understands what this means.
The problem for the FBI that this is all in response to the NSA led drag net surveillance. Government shooting itself in the foot.
Is this really what we want - for evidence of crimes to be unobtainable?
"law enforcement around the country with court orders to be able to use our tool"
Getting court approval isn't the problem: Getting a universal back-door is the problem.
We don't have to prove we're the good guys. We need parallel construction to hide our dirty tricks.
They're bad because any old file can be presented as coming from the encrypted device. It would be very easy for the fuzz to "plant evidence", so to speak. As in:
"Did you find this photo of the defendant wielding an ISIS flag on the defendant's phone Officer?"
"Yes your honor."
"How did you recover it?"
"I can't say your honor."
Good luck proving the phone only had lolcats on it.
The FBI director openly discussing how to subvert the justice system is yet another sign that the US is now a fully fledged totalitarian state.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Congress has the right to impeach any federal employee. Write to your congressman and ask for a vote on the matter.
So the claim is terrorists use "whatsapp" - then what are their names?
I think the claim, like many others, is a lie.
How many terrorists even use a timer on bombs let alone more advanced technology? They are just being used as an excuse to lie and push an agenda.
Given that it doesn't want to be subject to US harassment, it should find another country to be based in - and in which to pay
TAXES
it's only when the government is hit in its finances will it stop drifting towards a police state.
The vast majority of people living in houses are decent law abiding citizens with nothing to hide. However, some are drug users, paedophiles and/or copyright infringing terrorists. Therefore all houses should be made of glass.
"WhatsApp has over a billion customers, overwhelmingly good people,"
And they live in 194 countries, 193 of them not giving a shit what the FBI wants.
This is exactly what Apple was saying would happen if they released the patch. This hack is now to be used for all other phones that have some information, which have no bearing to the original case. This is exactly the slippery slope we where warning about would happen.
Terrorists and good people lock their doors. Both use safes. Both drive cars. Should we ban these things as well to make your job easier cop? No. Fuck you, do your job, don't compromise my security and privacy to do so.
Silence is a state of mime.
FTA:
"WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house."
Translation:
"The United States has over 300 million people, overwhelmingly good people," Comey said. "But in that 300 million people are terrorists and criminals, and so that now-under-siege document called The Constitution will be further undermined by law enforcement agencies."
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
One of the interesting aspects of the Assault on Freedom being conducted by governments the world over is the incredibly selective, distorting arguments that they make. In this case, one of the FBI's central themes has been that "terrorists, criminals and paedophiles" use encryption to hide behind. The inference is that "general purpose encryption" is being used "to do or hide bad things".
Even assuming that this argument were true, or had been substantiated by the claimant [neither in this case] it seems to be somewhat self-defeating.
If we apply the same logic to, say, the right to private ownership of firearms [and, sorry for all those who wish to retain their Second Amendment rights, because I truly don't mean to come across as a troll] provides a very similar argument and case. The United States has some of the highest personal firearm ownership levels anywhere in the world, and some of the highest levels of firearms related murders and woundings. So if the FBI were to stand up and say, "Well, because so many people with firearms use them for criminal purposes, we'll just outlaw all personal firearm ownership..." Whether or not you consider that argument right or wrong is irrelevant in this case, because I am using it as a good example of the way that law enforcement are so selective when it comes to their arguments.
We have also seen how acts of states that are conducted behind closed doors and without full public scrutiny (Wikileaks, Snowden, Panama Papers, etc) lead to corruption and vast amounts of white-collar crime. So if we apply the same logic that the FBI are using to attack encryption - and in attempting to stamp out bribery, corruption, fraud and tax evasion, obviously the FBI will also be demanding completely transparent government, all key decisions made before public hearings, complete financial transparency, with additional requirements for anyone worth more than say $10 Million and so on?
What's that you say? No? Didn't think so...
People that care little about staying on the bleeding edge still have a 5c or older. What good is a "tool" that cracks old phones, in a year or two it will be able to crack what 5% or less of iPhones. That is, if there's a tool at all. I'd venture to guess that there is no tool, and if there is, they act like they're under the assumption that Apple has no control over their own operating system. There are only so many ways a phone can be decrypted... Good luck if you do have a tool to crack old phones FBI, but you're running out of time.
They want full control of data, period. The claim of having a tool whether true or not is just a fulcrum for socially engineering judges/juries. They've never needed a "tool" to lie in court before... They are paid to lie with he intent of getting people to incriminate themselves.
You better just ban mathematics beyond basic arithmetic. It's the only way you win the crypto war, 4-6 generations after you stop teaching advanced mathematics. Lets see how that works out for you. Yes im being ironic and condescending at the same time.
... when Comey was still telling everyone he wasn't obsessed with encryption, back doors, and such. Nowadays he doesn't even bother to lie about it.
CUR ALLOC 20195.....5804M
These articles really need to stop confusing "encryption" with password security. They've broken Apple's password security, probably an altogether trivial thing to do as security exploits in iPhones are fairly common. They can't "break [good] encryption" anymore than they can break gravity - it's math - it's fundamental laws of the universe. They can break software security measures designed to artificially bolster security of weak passwords though. Nothing to see here, use strong passwords folks, as always.
If it ain't broke, don't fix it.
The ultimate end to their demands will not make people more secure, but make people less secure. The companies, including VPN manufacturers, that the US government itself relies on will be making weaker products. But the criminals, do not have to obey this law, so they will create their own encryption routines, contrary to the FBI's beliefs,encryption isn't an "American Only" skill.
The other problems that come up, is that it wold allow foreign countries and even the same terrorists they are trying to prevent from having these private communications. And would just cause job losses as companies decide to move out of the country.
Somebody help me out here. Since pgp is, essentially, open-sourced, how do government agencies expect to regulate encryption? Even if they force this company or that company to give them a "back door", what is there to prevent someone from running their own app? Do they not realize that criminal and terrorist organizations are capable of easily building their own encryption applications?
Proverbs 21:19
As the FBI explains, WhatsApp has over a billion users. If they charge each user a $0.25 government litigation fee, they'll have $250 million to fight the FBI in court.
Very Very sad I cannot mod this up.
As long as they rely on hacking the system, and not forcing the system provider to fork over security keys. Let's just hope that Apple keeps on top of their security and continually fixes the holes that the FBI finds.
"Hi, I'm FBI Director James Comey, and I have no interest in or regard for the consequences of my actions.
Privacy, what's that? Due process? Are you a communist? Constitution? OK, that's it, get in the paddy wagon you terrorist!"
... or until the other inmates find out what they are in for, if they happen to be in general population. Whichever comes first.
That's not justice, that's vigilante-ism. That is actually just a variation on the lynch mobs that sought 'justice' early US history. Justice is not to throw bad men into a small enclosed room with another bad man (or several bad men) and let what happens, happen. That's a cop-out and should be considered cruel and unusual punishment.
In the case of repeat offenders, if they need to be executed, then appoint someone to do so. If they need to be kept in a small box for the rest of their life (because by their own admission or actions) they'll never stop, then do that instead. If the second option is 'too cruel', then see the first option.
Posting anonymous because my name says it all.
Clinton, Bush, Cameron and the rest of this Spartan bunch of people will churn out anti-crypto propaganda.
And all their cocksuckers will say that computers must be hackable, so that the mentioned corrupt elite can never be challenged, not even in speech.
By 2021 the spartans will require you and everybody else to wear an Electronic Necklace with microfone and direct connection to the Communist Central Computer (CCC).
All to "defeat fascism" and so on.
If you vote for Clinton, Bush or Fiorina, that is.
All future TVs must be doing the NSAs bidding and secondly millions of Muselmans must be imported in order to justify the first measure.
The effect will be Total Control By 1%.
And all the commie suckers will aid her.
1.) Use four-digit numbers instead of the funny characters. That way it can be communicated via any voice channel.
2.) Your KEY should have at least 80 bits of entropy. English provides about 1 bits per character on average. Look up md5
What are these idiots worrying about? What does our government care about stopping criminals, rapist, and terrorist when at the same time they leave out borders wide open to them?