Slashdot Mirror
FBI Looks Into Unlocking Minnesota Mall Stabber's iPhone (cnet.com)
An anonymous reader quotes a report from CNET: The Minnesota man suspected of stabbing 10 people in a mall before police fatally shot him left behind his iPhone. Now, FBI agents are looking into unlocking his iPhone as part of the investigation. The FBI says Dahir Adan, 20, attacked several shoppers on September 17 in a frenzy, asking his victims if they were Muslim before he stabbed them. ISIS claimed responsibility for attack shortly after. FBI director James Comey told the House Judiciary Committee his agency is reviewing Adan's electronic devices -- but is having issues getting into his iPhone. The device remains locked, as agents are "exploring technical and legal options," Minneapolis FBI spokesman Jeff Van Nest said. He declined to specify what model the iPhone was.
ISIS took credit for my stubbed toe last week and these god damn dipshits eat it up ever time. Thanks for being a bunch of fucking gullible retards, America. Begin so incapable of generating even a modicum of rational thought, you deserve every single bad thing that happens to you. Smarten up, you stupid assholes.
http://www.dailymail.co.uk/new...
Can we start using background checks for knife purchases. How many more incidents like this one before America gets smart and passes sensible knife laws.
Every terrorist that has been killed has had an iPhone. The only logical conclusion is that iPhones make you a terrorist.
The new line for the Johnnie Cochran's of the world: "If you can't unlock, you must acquit." The reality is that police do have a right, with a court order to search everything related to you, especially if you commit multiple attempted murders. The public has a vested interest in knowing if you had any co-conspirators among other things. That said I am all for strong encryption on all electronics. I think the best solution is some middle ground. I don't know where that middle ground is. The reality is that we the people need to start by requiring the federal government to treat our computers, email and cell phones with the same level of respect for privacy as is given to the US mail (i.e. its a felony to tamper/interfere/gain unauthorized access). Once that is established we can have a conversation about giving access with court order to some or all of these items.
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
Said right does not require a safe manufacturer to build backdoors into their safes, nor alter the complexity of math.
Easier said than done. The contents of a letter remain secret because people treat it that way. The contents of a safe remain secret because people treat it that way... and have a physical impediment to easy access. The contents of an encrypted device remain secret because the system is designed not to be easily be openable by anyone other than those the legitimate owner has chosen thanks to lots of math.
Currently, there is no legal requirement for a company like Apple to have a way that they & only can unlock a phone, in fact they've purposely engineered ways to make it more difficult.
It's easy to say "but in the case of terrorism, we should have the right to compel them!" ok... where do you want that right to end? Are you & Apple ready for divorcing spouses to be going to court to order the seizing of their spouses cell phone and ordering Apple to decrypt it to prove infidelity?
Such an ability also lowers the bar not only for law enforcement to legitimately investigate (via search warrant) suspects, but also the ability to plenty of others in law enforcement & government to go fishing.
Help Brendan pay off his student loans
There is no middle ground. Strong crypto does not allow for the possibility you suggest.
I do not read or respond to AC's. If you want a discussion, log in. Otherwise, don't waste your time.
The current U.S. administration has said (at least in internal documents) that all conservative Christians are potential terrorists and are a bigger threat to security in the U.S. than ISIS. Since this policy has gone uncontested for at least 6 years despite all evidence and statistics to the contrary, I guess all the bureaucrats don't have a problem with this. If we say that encryption must have back doors "because terrorists" then aren't we saying that any group that is out of favor politically should loose their 4th & 5th amendment rights?
Giving any government backdoor keys will always be bad.
What about physical access to device. Should the device contain the decryption key, so that it could be decrypted if the flash chip is removed?
Disassembly that might take a tech an hour or two?
I ask not for government but for other third parties. If you die should your spouse gave legal right to access your phone and encrypted storages?
i thought once I was found, but it was only a dream.
There are workarounds... the most recent notable example/request being requiring Apple to push a one time update to the San Bernardino terrorists device which would remove the pin lockout counter so that the FBI could try every single combo without fear of wiping the device.
This idea runs into legal issues as given such an update would be required to be signed by Apple (so that the device trusts the update), it constitute government compelled speech... which the first amendment tends to prevent.
The bugger is that there is always a way, it's just a matter as to how much time/money/leverage is available.
Help Brendan pay off his student loans
There also has to be a limit to how much work the government can compel people to do for free to help them uncover evidence. Creating, testing and pushing an OS update is pushing it in my mind.
Otherwise, why bother paying for infrastructure projects? Just start pressing people into evidence-discovering gangs: "You, you and you. We think there's a corpse buried somewhere under here, start digging. You brought your own shovel, right?"
If I have been able to see further than others, it is because I bought a pair of binoculars.
The device always contains a decryption key... it's just a matter of how hard it is to get to... and it may not actually be located in flash memory.
Disassembly yes, retrieval, no.
What do you know about focused ion beam hacking? http://semiengineering.com/eve...
Short version: A reverse engineer can take a dozen or two chips of the same kind, slowly grind them down layer by later, selecting the best example of each level, then continue the process. Once you've gone through all of the layers you can actually construct a pretty accurate design of the internals. From there, you can use a FIB and some probes to actually get access to the inner workings of the chip.
Chip designers for years have to various extents attempted to take steps to prevent this. The one advantage they have is doing so is very difficult & expensive... but a successful hack can more than pay for itself.
Which is a fair point. If your loved one goes missing and leaves their phone behind, unlocking it to find out who they were recently talking with may be difficult if not impossible. If someone dies, your window to use their finger to unlock the device is quite short.
This is only a wider version of a long standing problem... as I don't know many people who make it a point to stash a BitLocker/TrueCrypt/etc keys to a safe spot that will be discoverable upon their disappearance or death, but secure enough that an angry spouse or law enforcement agent wouldn't be able to uncover.
Help Brendan pay off his student loans
Given the suspect is dead, they have no remaining privacy rights... and a warrant to search such a device is trivial to get.
Help Brendan pay off his student loans
The bugger is that there is always a way, it's just a matter as to how much time/money/leverage is available.
How much time and money and leverage do you need to decipher a message encrypted with a one time pad that was burned to ash in the explosion?
Currently, there is no legal requirement for a company like Apple to have a way that they & only can unlock a phone, in fact they've purposely engineered ways to make it more difficult.
Absolutely. A "masterkey" system like that would be such a huge target for corporate/government espionage. It becomes the Golden Snitch. Even if it took decades to plant someone at Apple and have them work their way up to gain access, it would still be worth it.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
We must not allow an infinite monkey gap to exist!
Help Brendan pay off his student loans
The Minnesota man suspected of stabbing 10 people in a mall before police fatally shot him left behind his iPhone.
I didn't realize taking it with you was an option.
Local mall. Local police. Why is the FBI in on this gig?
Yeah for sure they shouldn't get another bite at the [encryption debate] Apple... but why are they even involved and why won't someone say "Hey they have no standing here. This was a simple case of a stabbing and a shooting and it's all local and the FBI has NO JURISmyDICTION here!!!" ?
E
Or they could, you know, stay the fuck out of our personal communications and solve crimes the way they always have. You make it sound like nobody ever solved a crime before computers were invented.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
That is beside the point, since this is all about *Uncle Sam* knowing what is up with Clarise without Clarise's husband ever having an inkling.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
They didn't gain unauthorized access. Yahoo was complicit. They no doubt have as a terms of their use that they can access your emails.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Today it is about Uncle Sam wanting to know, just as it was long ago just about Uncle Sam being able to send a subpoena to Google or Microsoft for the contents of someones inbox. Once that ability exists, private lawyers will find sympathetic judges who will agree to use it in private legal matters as well.
Don't believe me? Chat with a divorce lawyer sometime as to the weapons one or both members of the case end up using against each other.
Help Brendan pay off his student loans
There also has to be a limit to how much work the government can compel people to do for free to help them uncover evidence
That's an easy answer, nothing for free. The government is willing to pay for this work. No involved is talking about unpaid work.
It would sicken me if mundane crime, or even terrorism, in this country, lead the way for places like China and Russia to have backdoors so they could continue with their boot stamping on a human face, forever.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Well, there were hand-written documents (the bad guy's "blackbook" of phone numbers, for example). There were wiretaps for phone surveillance, and the murderer had to make his phone calls from actual physical locations - not an ever-changing array of cellular and/or IP devices. If he sent a letter, the USPS could intercept it and send it on its way again undetected after the LEO folks read it. While a given operator with sufficient training could manually encrypt or obfuscate these communications, most didn't have that training.
Now the "blackbook", the phone conversations (including various forms of electronic text messaging), and email can all be automatically locked up tight with excellent, free, encryption software; little if any training is needed.
With the content out of reach, some "privacy" folks are complaining even that cellular and other electronic metadata is being captured and examined.
So I think that a little bit of understanding ought to accompany the criticisms of the FBI's stance.
Says the person who has offered a single argument as to why an investigatory tool created for government would not later be available to private cases.
Stored data is stored data, and the law and court history is pretty clear as to who can get access and when (where there exists an access method).
Help Brendan pay off his student loans
Given the suspect is dead, they have no remaining privacy rights... and a warrant to search such a device is trivial to get.
Just don't forget that Apple has no ability to decrypt this single device.
The FBI however has officially stated they can decrypt any iPhone, so it is the FBI that needs to be served the warrant, and is obstructing justice if they refuse to do so.
Before claiming Apple could do so with a hackory firmware update, don't forget your own words:
This one given subject is dead and has no privacy rights.
But the rest of us are alive and well, and DO have privacy rights, so this is clearly not a legal option.
Also be very careful before pointing out the FBI may have lied about their capabilities in this area.
After claiming they could decrypt any iPhone, there were lawsuits filed against the FBI to obtain specific details on which phone models and iOS versions they could or couldn't decrypt.
This information was then classified as "secret", court documents were sealed, and the cases dismissed.
Publicizing information from classified documents and court sealed records is a crime you'll very likely go to prison for committing.
Even if you flee justice, say perhaps to Russia or something, also keep in mind around 60% of the American population still believes you are guilty of treason and believe you should be put to death as is allowed by law.
Let's not forget how we got here. Once upon a time, phones didn't encrypt and nobody cared. Then we got secret courts with no working knowledge of the word no, an NSA that decided to ignore the bit about only spying on foreigners, an FBI that decided to get into the spy business, LEOs all the way down to the local yokels thinking it's OK to go fishing and read everyone's papers and effects based on less than probable cause as long as it's electronic, and judges bending over backwards to avoid addressing 4th and 5th amendment issues with all of the above.
Now nobody trusts any of them (and with ample good reason) and wants strong encryption on their phones. Address all of the above and we can perhaps talk about finding them some way to get in, but only with a great deal more oversight than they have seen in the last 2 decades. No more taking their word for it, we know that's not worth a damn.
Given that encryption came due to pressure from celebrities and Apple's failure to unlock to help cases impacting ordinary individuals, it's a bad thing.
Citation?
apple can make an ios build that does not auto wipe
Why should I give up my right to have a secure phone just because some idiot can't keep his sword in his scabbard? It doesn't matter what he's done or if he's alive or dead, I'm not required to have useless encryption on my devices.
Sure, the police have the right to search his stuff all day long. They can disassemble his phone, unsolder the flash chip, clone it, and try PIN after PIN against the image as many times as they want. They can hire Bruce Schneier, they can subpoena Apple, they can send his phone to the NSA, they can even ask Chuck Norris to roundhouse kick it open. They absolutely have the right to try anything to get in to the phone. But they don't have the right to succeed. They don't have the right to make us make this task easier for them.
And despite your most fervent wishing that some middle ground exists somewhere, the fact is no middle ground is possible. This is simple logic we're talking about here -- encrypted data is either secure, or it's broken. It's a boolean, not a tri-state value. And law enforcement and intelligence agencies have proven with every leaked secret that they abuse whatever trust or tools they're given, and the volume of abuse increases over time. They have constantly violated our rights and abused our trust, and every single time they start down that path the leaked data shows they've overextended their reach. It's not only irresponsible to trust them again, it's reckless. We can't trust them with a key escrow system, not even with a court protecting us - they'll just stand up another secret FISA court to get around the rules.
Besides, the existing system worked pretty darn well. Bad guy starts stabbing people, policeman shoots him dead. I don't care what his stupid motives were, because they truly do not matter to anyone. Why should we bother giving his fetid ideas a single extra minute of daylight? Let his defective brain and rancid motives lie buried in the ground with the rest of his corpse in an unmarked grave, and never be shared with the public or media. It's not like learning his motives is useful to anyone. We can't just arrest people who simply share those ideas - people always have the right to think extremely stupid and anti-social thoughts; they just don't have the right to act on them.
John
If we say that encryption must have back doors "because terrorists" then aren't we saying that any group that is out of favor politically should loose their 4th & 5th amendment rights?
They want to deny 2nd amendment rights to those placed on the no-fly list so why not?
The device always contains a decryption key... it's just a matter of how hard it is to get to... and it may not actually be located in flash memory.
The device may only contain the decryption key in the same sense that the device contains the plaintext. If the decryption key is produced from data stored in the device and data entered by the user, then a brute force attack will depend on whichever one has the least entropy which will normally be the user's key. Usually this is small because large passwords are inconvenient but if the password is strong, then there will be no practical attack which relies only on the device.
I like the thought that this intersects with copyright law. The time and resources needed to brute force the cryptographic key is "limited" in the same sense that the Supreme Court ruled that any definite duration specified by Congress is limited. So if it only takes a "limited" amount of time to brute force any cryptographic key, why is the FBI complaining?
That's an easy answer, nothing for free. The government is willing to pay for this work. No involved is talking about unpaid work.
I want to see the government pay for a brute force attack against a strong key. Given the rate of currency inflation, it will be practically free.
How much time and money and leverage do you need to decipher a message encrypted with a one time pad that was burned to ash in the explosion?
It takes the same amount of time and money to decipher a message encrypted with 128 bit AES or any equivalently strong cypher and key, all of it.
Crypto like AES is only theoretically secure, and we know the spooks have had their hands in the design all major crypto algorithms in use today.
XOR is mathematically proven.
Given that encryption came due to pressure from immodestly exposed celebrities and Apple's failure to unlock to help cases impacting decent, hard-working, ordinary individuals, it's a bad thing.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
It would certainly be pretty big and devastating news if it was discovered that AES was compromised and even more so that it was compromised by design. There are alternatives to AES like the 4 other finalists of the Advanced Encryption Standard process: MARS, RC6, Serpent, and Twofish.
There is no third option for encryption right now, but that does not mean there can never be one. You argue that there are only two solutions, either good encryption or weak security, and while that may be true right now, and may even always be true from a technical standpoint, there may be other creative options available over time. Maybe it boils down to as you said pulling the phone memory physically and then cloning it and running every possible password until it works. As long as there is a way to get at the info on the phone for sufficiently important situations. OTOH, I do kinda wonder if this is all a kabuik theater where the feds have figured out an easy crack (or Apple handed it to them under the table) and they are doing this to try and shift all the Islamic terrorists to use Apple products.
If we had a single, mentally deranged individual I would tend to agree with you that once he is dead, the rest is a non-issue. The problem arises when it is neither an isolated individual nor an isolated incident. What you have with radical Islam is essentially a fragmented conspiracy around a certain set of ideas. These guys are usually killed, but it is a 50% chance that he was not alone and he either had money or other forms of assistance/encouragement to do what he did.
Islam has ~1 billion active followers globally and around 3.3 million in the US. 25% of US muslims think violent jihad is OK against their fellow Americans, at the very least should be doing our best to gather information on any and all who back or support violence against us.
http://www.breitbart.com/natio...
And before anyone complains about Islamophobia and discrimination against Muslims, that is a canard. We are all adults here and fully capable of discerning the difference between normal, peaceful fellow citizens who also happen to be Muslims and those radicals who want to do us harm. That is probably why Muslims only accounted for 16% of US hate crimes, vs 57% against Jews.
http://www.cnsnews.com/blog/mi...
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
I see nothing that goes against the fourth or fifth here.
The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
For the Fifth in fact, it doesn't even apply, the guy is dead.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
https://assets.documentcloud.o...
The actual court order did not compel Apple to do anything for free, and offered one possible way for them to do it, but also left Apple open to suggest another method. It asked Apple to do an estimate of how much they wanted to be paid, and the way they wanted to do it, to be approved by the FBI.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?