Slashdot Mirror
FBI Has Sights On Larger Battle Over Encryption After Apple Feud (bloomberg.com)
An anonymous reader writes from a report via Bloomberg: FBI Director James Comey said the FBI is exploring how to make broader use of the hack, used to access a San Bernardino terrorist's encrypted iPhone, while bracing for a larger battle involving encrypted text messages, e-mails and other data. The tool could "in theory be used in any case where there's a court order" to access data on an iPhone 5c running Apple's iOS 9 OS, Comey told reporters in Washington on Wednesday. However, accessing content on a phone, known as "data at rest," is only part of the challenge that encryption poses for U.S. investigators. Software applications and other services that encrypts texts, e-mails and other information in transit over the Internet, known as "data in motion," are "hugely significant," especially for national security investigations, Comey said. He said criminals are increasingly using services that encrypt data in motion, and he didn't rule out litigation against companies such as WhatsApp. "WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house." As for whether or not there will be litigation against WhatsApp down the road, Comey says, "I don't know." The FBI is trying to figure out how to allow "law enforcement around the country with court orders to be able to use our tool," Comey said. It's "tricky," he said, because using the tool to help state and local criminal investigations could mean that it would have to be revealed in a court preceding if there isn't a procedure in place to prohibit testimony about how it works.
...yet they're just itching to let local law enforcement use their tool for what plainly is not a matter of national security. I really hope that Americans aren't quite as dumb as I perceive and can see things for the way they are. Also, the more I hear Comey speaking, the more I wish somebody would just put a sock in him. The 1990's called and wants its Clipper chip back.
I can walk down the street with a friend and have a conversation that is not recorded, is never discoverable in the future. Although millions of us are honest people, terrorists could have these types of conversations as well. I just don't know how we can let that happen. It seems that the government should require us to record conversations so that if there is a warrant in the future we can get that data. Why it is just unfathomable that there could be information that the government cannot discover! How could we have let this happen for so long?! It's just SO GREAT that the FBI is trying to protect us...
If the prosecution's case relies on evidence gathered by secret means then the data cannot be verified and it does not meet the standard of beyond reasonable doubt.
"We have evidence that proves his guilt but we can't tell you about it" -- then you don't have evidence.
"Grab them by the pussy" -- President of the United States of America
"FISA court" is an oxymoron. In a court of law, an issue is contested by opposing sides before a neutral judge (and jury, if there's felony liability at stake, or funds in excess of twenty dollars in controversy).
A rubber-stamp procedure where one government employee pretends to be an advocate for the government's target while another one pretends to be a neutral magistrate, and a third pretends to be a legitimate officer of the court asking for a legal warrant, is not a court of law at all, and everyone participating in such a farce is complicit in a conspiracy to deny civil rights under color of authority.
If we ever have a functioning justice system in this country again, a hell of a lot of apparatchiki will be in deep shit.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Secret investigations are often necessary for a time to allow law enforcement investigations to proceed.
Right up until the moment when you take someone to court. If you don't disclose how evidence was obtained, then there is nothing to prevent en masse violation of the Constitution--no matter how good your intentions or how bad the people you are going after.
Real lawyers write in C++
FBI Director James Comey needs to resign because he's made it very clear he does not have the American public's best interests in mind.
Anons need not reply. Questions end with a question mark.
Yes, they will go for requiring backdoors into everything. It is no surprise that ever since Hoover was in charge, the FBI loves backdooring anything and anyone they can.
Sleep your way to a whiter smile...date a dentist!
It is understandable the FBI wants to not have to deal with encryption. It is their sworn duty to uphold the law, and to them, encryption is something a crook can use to keep them from answering for their crimes.
However, the problem is that it creates a blowback effect. Before Biden and Lieberman introduced laws to ban encryption completely, nobody gave a rat's ass about it. What encryption there was was absolute shit and at best, just homegrown (lets seed and use rand.c and XOR that.) Want FDE? Stacker and setting a password was the way on the MS-DOS or OS/2 side. On the Mac side, FWB Hard Disk Toolkit had a driver that did two rounds of DES. Archiving utilities at best had 1-2 rounds of DES as well, due to speed.
When the Congrescritters started trying to ban it, it woke people up. Especially after Operation Sun Devil. Those two events (the government going after and raiding people, coupled with wanting to ban encryption, then have their own key escrowed stuff) created the Cypherpunks list. Eventually, after Clipper was killed, Skipjack publicized, encryption got boring, and the college students went on to other things.
Now, we have a similar situation. Again, Congrescritters wanting encryption bans, people being thrown in jail for the rest of their lives without trial until they cough up a password.
It isn't just the US. Other countries will seize businessmen's laptops as a matter of routine.
Then, there is Apple's halo effect. Apple is seen as the "good guys" by many people. Pushing on Apple is not good PR. Hell, even the EU which routinely drags Google and Microsoft into their kangaroo courts so that they can keep relevant (anti-Americanism is a sure way to keep your job), those guys don't even get near Apple, even when laws are passed (like the one forcing companies to standardize on one charging/data adapter.)
The FBI shouldn't keep on this route. If the government starts pushing too much against encryption, we all know about the War on Drugs and Prohibition... there would be a renaissance on encryption that would make Tim C. May, Black Unicorn, and PRZ seem like amateur hacks, with what products would be produced, with real security. Virtually everything would "go dark". Hardware backdoors? If consumers were willing to pay for it, there will be some company selling "trusted" hardware, with the only guessed backdoors, that country's intelligence department.
Look at the firearm industry in the US... if people started really fearing that they might be tossed in a private prison, to only see their family on some shitty Skype-esque thing for $10 a minute for the rest of their lives, you will see that factor of fear causing a lot of people to pay a lot of money for heavy duty encryption.
They're bad because any old file can be presented as coming from the encrypted device. It would be very easy for the fuzz to "plant evidence", so to speak. As in:
"Did you find this photo of the defendant wielding an ISIS flag on the defendant's phone Officer?"
"Yes your honor."
"How did you recover it?"
"I can't say your honor."
Good luck proving the phone only had lolcats on it.
The FBI director openly discussing how to subvert the justice system is yet another sign that the US is now a fully fledged totalitarian state.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Given that it doesn't want to be subject to US harassment, it should find another country to be based in - and in which to pay
TAXES
it's only when the government is hit in its finances will it stop drifting towards a police state.
Before WhatsApp and the iPhone, there weren't any real obstacles. Given time and equipment, any physical safe can be opened.
It *can* be, but it won't be. John DOE, Petitioner v. UNITED STATES. 487 U.S. 201 (108 S.Ct. 2341, 101 L.Ed.2d 184).
"A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the prosecution in convicting him of a crime? I think not. He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe —- by word or deed."
The police did not subsequently obtain a warrant to break open the safe, because they could not produce probable cause that the safe contained the bank records which the police were seeking.
So no: there is no difference between encryption and a combination lock.
What's interesting, however, is that there is, likewise, no difference between a lockbox key and a fingerprint to unlock a phone. So if you are stupid enough to use a fingerprint lock, they can compel you to put your finger on the sensor.
The only difference here is that an iPhone is treated differently than a safe, because the iPhone isn't (yet) as secure as a safe, and the iPhone isn't (yet) treated as a container for data, rather than personal property. Obviously, the first time someone is smart enough to raise that precedent in an evidentiary hearing and get an iPhone hack in as an illegal search, things will go to hell for the police, and then for the FBI.
So for right now, I think they will use it only where they've used it so far: where the perp doesn't own the device, and the actual owner gives permission.
Of course, this means that, for most of the U.S., which buys their iPhone over time as part of agreeing to a service contract, until they go off contract, it's actually the telephone company which owns the iPhone, not the person in whose possession it happens to currently reside.
That should make a nice court case, as well: when the police go to the telephone company and obtain permission. Expect if e.g. AT&T actually grants permission, that the week following, there's going to be a LOT of new T-Mobile, Verizon, and Sprint customers.
I don't think that WhatsApp really understands what this means.
I think they do. I think they have a pretty damned good idea, in fact, having talked to a number of executive officers of the company personally about the issue.
Is this really what we want - for evidence of crimes to be unobtainable?
No.
In the "think of the children" argument you are making, this is what we want:
We want the police to arrest the child pornographers at the point of the creation of the pornography, prior to its distribution, and prior to the further abuse of the children in question. If they can't do that, then what good are they to anyone?
Great, you break into an iPhone, and find someone has a picture on it that was illegally created, and is illegal to posses. Big deal. For every copy you find, there are dozens or hundreds still out there. You haven't prevented the social harm by breaking into Guido The Child Perv's iPhone. You haven't even ameliorated it a bit, if Guido is a "leaf node" (i.e. he doesn't distribute the material himself).
Marching in after a crime has been committed and figuratively beating the crap out of the perpetrator, while the victim is still lying in a pool of blood is not a useful operation. It clearly does not prevent future victims, particularly for things like murder, where the penalty takes so freaking long to enact that someone can start by getting their GED and have multiple PhDs before they ever
"WhatsApp has over a billion customers, overwhelmingly good people,"
And they live in 194 countries, 193 of them not giving a shit what the FBI wants.
> it's actually the telephone company which owns the iPhone
I hate to do this, mostly 'cause I like you, but that's simply not true - by precedent. To give two good examples:
1. Your home. If you're paid and current with your mortgage and the bank has not foreclosed and taken possession then the lending agency can not grant rights.
2. Your car, just like the above. The dealership or credit agency can not give the police permission to search your vehicle. Well, they can. It won't hold up in court.
So long as you're current then you have most every right you'd have with complete ownership. You own your house even while the bank owns it. You have the deed, they have a lien on the deed. The same thing for your car if it is not yet fully paid off. I'm not positive but I strongly suspect that if you're incarcerated and unable to make your payment then they still can't give permission to search.
"So long and thanks for all the fish."
This is exactly what Apple was saying would happen if they released the patch. This hack is now to be used for all other phones that have some information, which have no bearing to the original case. This is exactly the slippery slope we where warning about would happen.
Terrorists and good people lock their doors. Both use safes. Both drive cars. Should we ban these things as well to make your job easier cop? No. Fuck you, do your job, don't compromise my security and privacy to do so.
Silence is a state of mime.
FTA:
"WhatsApp has over a billion customers, overwhelmingly good people," Comey said. "But in that billion customers are terrorists and criminals, and so that now ubiquitous feature of all WhatsApp products will affect both sides of the house."
Translation:
"The United States has over 300 million people, overwhelmingly good people," Comey said. "But in that 300 million people are terrorists and criminals, and so that now-under-siege document called The Constitution will be further undermined by law enforcement agencies."
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
One of the interesting aspects of the Assault on Freedom being conducted by governments the world over is the incredibly selective, distorting arguments that they make. In this case, one of the FBI's central themes has been that "terrorists, criminals and paedophiles" use encryption to hide behind. The inference is that "general purpose encryption" is being used "to do or hide bad things".
Even assuming that this argument were true, or had been substantiated by the claimant [neither in this case] it seems to be somewhat self-defeating.
If we apply the same logic to, say, the right to private ownership of firearms [and, sorry for all those who wish to retain their Second Amendment rights, because I truly don't mean to come across as a troll] provides a very similar argument and case. The United States has some of the highest personal firearm ownership levels anywhere in the world, and some of the highest levels of firearms related murders and woundings. So if the FBI were to stand up and say, "Well, because so many people with firearms use them for criminal purposes, we'll just outlaw all personal firearm ownership..." Whether or not you consider that argument right or wrong is irrelevant in this case, because I am using it as a good example of the way that law enforcement are so selective when it comes to their arguments.
We have also seen how acts of states that are conducted behind closed doors and without full public scrutiny (Wikileaks, Snowden, Panama Papers, etc) lead to corruption and vast amounts of white-collar crime. So if we apply the same logic that the FBI are using to attack encryption - and in attempting to stamp out bribery, corruption, fraud and tax evasion, obviously the FBI will also be demanding completely transparent government, all key decisions made before public hearings, complete financial transparency, with additional requirements for anyone worth more than say $10 Million and so on?
What's that you say? No? Didn't think so...
Somebody help me out here. Since pgp is, essentially, open-sourced, how do government agencies expect to regulate encryption? Even if they force this company or that company to give them a "back door", what is there to prevent someone from running their own app? Do they not realize that criminal and terrorist organizations are capable of easily building their own encryption applications?
Proverbs 21:19
Apple could only decrypt the drive. Each app can (and should) be encrypting its own data how it sees fit. Each session of a 3rd party messaging app should have a one-time key. Messages sent between 3rd party apps do not even need to be stored long-term. Having Apple unlock the phone is only going to help if criminals are using the built-in apps, which they're probably not. In the end, this just pisses off the law abiding citizens who enjoy their privacy, except now they now Apple can eavesdrop.