Yep, because if I were going to have a classified satellite, I'd put it in orbit near the ISS, where lots of different governments can easily monitor it. That way, they could all cooperate on keeping it a secret from each other.
None of the other observation devices pointed randomly at the sky (including people observing the ISS through their amateur telescopes and stuff, as people are want to do) saw this.
Yes, but every single one of those people are in on it! That is how diabolical this conspiracy is.
The EU, Russians, Chinese and Indians with all their hardware and observation technology (none of whom save possibly the EU have any incentive to cooperate with the US and would, in fact, leap at the chance to discredit and shame them) didn't see it either.
Them too! If there's one thing we all know, it's that humans all over the world always agree to set aside their differences and cooperate for the greater good!
My understanding is that Blizzard would say the server operators are inducing the users (the people playing the game: the clients) to commit copyright infringement.
The Blizzard case way back was fascinating, and they won in court. That was the case where Blizzard essentially claimed they have never, ever sold a game. Not a single copy. "Title was not transferred" is how they put it, because the EULA was magically invoked and retroactively made the sale not have happened.
You probably didn't follow the preceding sentence, because IT'S FUCKING INSANE so go read up. But anyway, from there, it goes like this:
If a user connects to a non-Blizzard server, then the user is violating the EULA. If the user is violating the EULA, then they aren't authorized to possess a copy. If they aren't authorized to possess a copy, then they violated copyright when they installed the software.
MPAA never did anything so evil. Please, people, don't ever pay Blizzard for anything, and if you ever meet an employee of that company, kick them in shin. There are thousands of other game makers.
Ok, you don't know whether or not the iPhone 5C is the first ever 21st-century personal computer that doesn't have a fuckton of bugs. It is theoretically possible that a modern network-enabled mass-market Gigabyte-sized chunk of code written by many teams of people, and never audited by outsiders, rushed to meet marketing deadlines, might not have a fuckton of bugs. And so all the people who are always looking for ways to run their own software on iPhones (of which the FBI is an insignificant under-resourced and under-motivated member) have been wasting their time looking for an exploit, because there is no bug to exploit.
You're right. We don't know. The truth could be anything!
Hey, BTW, what's your guess? Just a guess, idle and acknowledged half-assed uninformed speculation. Want me to go first? Will you tell me your guess if I tell you mine?
No. IoT is totally orthogonal to all this As-A-Service nonsense. You could just as easily say "stop with the spreadsheets" since there already exist people who use Google Docs for that. "Stop with the music," since there are some people streaming from Spotify instead of their locally stored collections.
It's obvious that you have already spotted the absurdity of the twisted marriage between the tech and the idea "but it needs to be in our company's control, rather than in the user's control." So look at IoT through that same lens.
It's most unexpected that MPAA has suddenly flipped to a mens-rea-matters position on speech issues. This is the same organization that purchased DMCA's anti-circumvention provisions, where zero fucks are given as to the reasons for breaking DRM: it was considered intolerably bad, no matter why you'd be doing it.
Unexpected and very late, but nevertheless encouraging. We can all assume that this drastic 180-degree change of heart by MPAA is going to be accompanied by them purchasing a DMCA repeal.
If It's really "contempt of court" then I'd love someone to point at exactly which court we're talking about, since the whole point of NSLs is to deny due process by not having a court.
I don't deny that the government would try to fuck someone up, but surely they'd call it something else.
If I wanted to undermine canaries, I would find popular sites and NSL them for NSL's sake. I don't even have to have a real target user. Just use a NSL to kill the canary. Then later (a month from now, a year from now.. whenever the need arises), I can NSL again for whoever I'm really investigating.
Indeed, if I had that power, it would be irresponsible of me to not do it.
I used to think that webmail was a fundamentally stupid idea mainly because it's impossible for it to be done securely. (The IMAP client is some other computer with which you'd have to share your keys, so there's really no point in even trying to do things sanely.) It inhibits the practice of people signing and encrypting email, and thanks to network effects, an entire dimension of technology is effectively denied to nearly everyone. Spam, phishing, surveillance: they could be gone by now, but we still pay the price thanks to webmail. It's at least a candidate for the title of Neo-Luddism's Most Glorious Victory.
But that's just beating a dead horse. Here it is, early 2013 and nobody cares about security anymore. Nobody is reading our emails and nobody ever gets phished. No reason to update these two paragraphs for 2016 because I'm sure that nothing will happen to make people start thinking about this stuff again.;-)
---
But it never occurred to be that there was a whole other dimension to webmail's stupidity: that the user interface might suddenly change in sneaky ways, without the user telling the computer to install an update. Thanks, Gmail, for being another legitimate reason that people think the software industry is controlled by user-hating morons.
Is it ever in, your opinion, acceptable for the law enforcement to demand (through courts) other parties' cooperation in accessing encrypted data?
Mu.
It's not ever acceptable for other parties to have the capacity to help (except maybe to lend their supercomputers). If a cryptosystem can be modified to reveal (without the attacker knowing the key) something that is already encrypted, then that cryptosystem is hopelessly defective to a comical degree. (Why isn't this bloody-fucking-obvious to everyone?) If GnuPG or LUKS or TrueCrypt could be beaten with "just call the hardware manufacturer" everyone would be totally freaking out. It's unimaginable.
But that said I think the iPhone 5C case is less of a big deal than a hypothetical LUKS screwup, because nobody expects a phone that can be unlocked with a 4-digit PIN to have anything other than a joke toy cryptosystem. (And to Apple's credit, it sounds like their system is a lot better than that, but if you only have 10k possible keys, this is a hopeless situation no matter what.) If I'm mistaken about expectations and Apple actually marketed it as secure by modern standards, to cash in on post-Snowden concerns, then this might be a case for different sorts of lawyers than the ones that work for the ACLU. Better Call Saul. That's totally regardless of whatever the FBI did: it's not a secure system, period, because we know that Apple can beat it by giving it a firmware update. They wouldn't fight unless the attack would work.
...
As to your original question, we need to take it out of its overshadowing absurd context. Once I do that, it sounds like you're asking if we support or oppose The Draft. I'll put myself down as opposing. Thanks for asking.;-) But if Uncle Sam points his gun at my face and says I'm going to Afghanistan, I better think fast or else I still might end up there.
Pull the hard drive out, make a copy, and go to town brute forcing it. Done.
I hope they have plans for relocating their brute forcermachines, because the sun is going to become a red giant a blink-of-an-eye into the project.
If what you're describing were practical, then the FBI could have done it with that phone too. They wouldn't have cared about obtaining the hardware-embedded keys, because who needs keys?
The one small advantage that machines with full-sized keyboards have is that users are slightly more likely to choose a better password. But only slightly
Quit rubbing it in, that you guessed the 12345 combination on my luggage. I have learned so much since then!!
If you go by the simplest explanation (and we receive no further information to help us), then you're going to conclude that someone cracked it.
There is significant fraction-of-a-world of people who think Apple's hardware is generally pretty decent (at worst! a lot of people downright like it). But the hardware, for all its perceived virtues, has one big glaring problem: it tries to prevent people from running whatever software that they want to. So there are a fuckton of people who look for bugs, in order to be able to root their own phones and gain control of the machine that they bought. Some of them find the bugs. It has always been so, and that's how it is on this platform too, unless you are saying that you think Apple is the one company in the history of this industry, who has finally managed to produce bug-free consumer products.
You're not saying that, are you?
If not, then the simplest explanation is that someone with physical access to the device managed to gain control of it, since that sort of thing happens all the time anyway, with or without the FBI backing the effort.
they were losing big-time in the court of public opinion and they could not force the richest company IN THE WORLD to do their petty bidding. they knew they'd lose
Believe it or not, you're actually overstating how much the FBI was winning; they were far more doomed and already-defeated than you describe. They've probably won the battle for the iPhone 5c, and they might possibly (it's iffy, but possible) win on some newer handheld/toy PCs. But they have no chance, ever, when it comes to solving the general problem. If users actively try to protect their data then the data will be really encrypted, such that subverting the device doesn't get you the key (or 10k possible keys, where one is really it). And then attackers can go crying or threatening whatever manufacturers they want, and it won't help them a bit.
This time, they couldn't wave their $5 wrench at the user (dead men are hard to intimidate), so they waved it at someone else. (It was either a miracle or technological travesty (pick your PoV) that someone else could actually help them.) Next time, there is no "someone else" unless the user is just as incompetent (or more likely: apathetic) as Farook was.
Or maybe a copy might have been leaked by an Apple employee for whatever personal reason.
Apple is the party the government wants the exploit to not get leaked to. The entire point of the anonymous official's quotation is that if the FBI ever uses (in court) evidence gained through this exploit, then Apple will be able to fix..
..uhh..
..their obsolete product from a few years ago. Which nobody cares about, since the entire reason this whole FBI-Apple story exists is because the PC in question had unusually bad security. (This is not an Apple flame, BTW: I think dealing with passphrases on handheld PCs is a fairly hard user interface problem. But nevertheless, it's a problem that goes away once you put the device on a desk, which is why the security is effectively so prehistoric. And the newer-than-5C devices, while they are still deeply flawed (the user is not the device's prime authority -- aha, there is my Apple flame), are also a lot better than the 5C.)
But make no mistake: the effectiveness of the security system that we're talking about, is decades behind what we're otherwise used to. If in 2006 (or 1996) the FBI had asked a hardware manufacturer, "hey, can you crack open these files?" Dell's response would have been to forward them to their supercomputer sales department.
Some day you'll hear a new word that you haven't heard yet: "Archeology." I promise, you'll be amazed by all the things that people have figured out about the past, without using books.
Look on the bright side: some of us make $1.39 for every dollar we might have otherwise made. If this doesn't show that Man is progressing, I don't know what does!
This is like asking if you're excited about LG's new 34.5-inch monitor/TV which fills in the gap between their 30-inch and 39-inch models.
"OMG! OMG! I have this entertainment system where the bigger TV doesn't fit, an whenever my friends are over, they laugh at me and say I have a tiny penis because I have only a 30-inch monitor in there!! This is just what I needed! OMG!"
By that logic, we should also have labeling to indicate whether or not people with red shirts ever worked on packaging the food. If redshirts working on the food isn't something that needs to be hidden, then why hide it?
Some people speculate the FBI would like to mandate broken security. That's a believable speculation (and it got more believable after the president's "black boxes" comment); I am not going to say you're wrong.
But if you're trying to imply the Farook iPhone 5C case is about mandating broken security, then you are definitely wrong. That particular phone already has broken security.
(How do we know it's already broken? Because the FBI has identified a plan to bruteforce the crypto in a reasonable amount of time (with a little help from Apple), and Apple knows that their attack will work (and make them look bad, I guess?). Apple can already break the iPhone 5C. That's why the FBI is trying to get their help.)
It's not normal that your computer manufacturer can break into your computer. If you buy a Dell machine and the FBI asks Dell to crack your GnuPC files, they're going to be forwarded to Sales about their bruteforcing supercomputers inquiry. This whole phone thing is really weird and you should think about all the reasons why it's weird.
None of this relevant anyway, to whether or not your car is running some really bad code. Nor does it have bearing on whether or not you can audit and maintain that code.
The FBI is warning the public that it should take steps to protect itself from people breaking into computers? Isn't it in a legal battle with Apple because Apply is taking steps to protect consumers from people breaking into computers?
No.
The FBI is in a legal battle with Apple, because back in 2013 Apple didn't try hard enough (in hindsight) to protect consumers from people breaking into the computer Apple was selling at the time. Thus it turns out that with some minor changes to its firmware, it'll be practical to bruteforce that computer's crypto. (Think about how unusual that is!)
If they had found a newer computer which is harder to break into, there's no order they would have been able to reasonably ask the court to give to Apple. What would the order have been, "Apple, perform magic?"
Slashdot Mirror
Yep, because if I were going to have a classified satellite, I'd put it in orbit near the ISS, where lots of different governments can easily monitor it. That way, they could all cooperate on keeping it a secret from each other.
Yes, but every single one of those people are in on it! That is how diabolical this conspiracy is.
Them too! If there's one thing we all know, it's that humans all over the world always agree to set aside their differences and cooperate for the greater good!
That might be fine for your desktop-like UIs but it would sure suck for web pages.
My understanding is that Blizzard would say the server operators are inducing the users (the people playing the game: the clients) to commit copyright infringement.
The Blizzard case way back was fascinating, and they won in court. That was the case where Blizzard essentially claimed they have never, ever sold a game. Not a single copy. "Title was not transferred" is how they put it, because the EULA was magically invoked and retroactively made the sale not have happened.
You probably didn't follow the preceding sentence, because IT'S FUCKING INSANE so go read up. But anyway, from there, it goes like this:
If a user connects to a non-Blizzard server, then the user is violating the EULA. If the user is violating the EULA, then they aren't authorized to possess a copy. If they aren't authorized to possess a copy, then they violated copyright when they installed the software.
MPAA never did anything so evil. Please, people, don't ever pay Blizzard for anything, and if you ever meet an employee of that company, kick them in shin. There are thousands of other game makers.
Ok, you don't know whether or not the iPhone 5C is the first ever 21st-century personal computer that doesn't have a fuckton of bugs. It is theoretically possible that a modern network-enabled mass-market Gigabyte-sized chunk of code written by many teams of people, and never audited by outsiders, rushed to meet marketing deadlines, might not have a fuckton of bugs. And so all the people who are always looking for ways to run their own software on iPhones (of which the FBI is an insignificant under-resourced and under-motivated member) have been wasting their time looking for an exploit, because there is no bug to exploit.
You're right. We don't know. The truth could be anything!
Hey, BTW, what's your guess? Just a guess, idle and acknowledged half-assed uninformed speculation. Want me to go first? Will you tell me your guess if I tell you mine?
No. IoT is totally orthogonal to all this As-A-Service nonsense. You could just as easily say "stop with the spreadsheets" since there already exist people who use Google Docs for that. "Stop with the music," since there are some people streaming from Spotify instead of their locally stored collections.
It's obvious that you have already spotted the absurdity of the twisted marriage between the tech and the idea "but it needs to be in our company's control, rather than in the user's control." So look at IoT through that same lens.
It's most unexpected that MPAA has suddenly flipped to a mens-rea-matters position on speech issues. This is the same organization that purchased DMCA's anti-circumvention provisions, where zero fucks are given as to the reasons for breaking DRM: it was considered intolerably bad, no matter why you'd be doing it.
Unexpected and very late, but nevertheless encouraging. We can all assume that this drastic 180-degree change of heart by MPAA is going to be accompanied by them purchasing a DMCA repeal.
Yep. Everyone's wondering: What happened to the Marilyn Monroe and Lucy Liu prototypes?
The associated press deserves the style that gets hacked upon them.
If It's really "contempt of court" then I'd love someone to point at exactly which court we're talking about, since the whole point of NSLs is to deny due process by not having a court.
I don't deny that the government would try to fuck someone up, but surely they'd call it something else.
If I wanted to undermine canaries, I would find popular sites and NSL them for NSL's sake. I don't even have to have a real target user. Just use a NSL to kill the canary. Then later (a month from now, a year from now .. whenever the need arises), I can NSL again for whoever I'm really investigating.
Indeed, if I had that power, it would be irresponsible of me to not do it.
I take your point. You're right.
Now let's try to help. Please stop using the word "password." It's "passphrase." Thanks.
(ObXKCD.)
I used to think that webmail was a fundamentally stupid idea mainly because it's impossible for it to be done securely. (The IMAP client is some other computer with which you'd have to share your keys, so there's really no point in even trying to do things sanely.) It inhibits the practice of people signing and encrypting email, and thanks to network effects, an entire dimension of technology is effectively denied to nearly everyone. Spam, phishing, surveillance: they could be gone by now, but we still pay the price thanks to webmail. It's at least a candidate for the title of Neo-Luddism's Most Glorious Victory.
But that's just beating a dead horse. Here it is, early 2013 and nobody cares about security anymore. Nobody is reading our emails and nobody ever gets phished. No reason to update these two paragraphs for 2016 because I'm sure that nothing will happen to make people start thinking about this stuff again. ;-)
---
But it never occurred to be that there was a whole other dimension to webmail's stupidity: that the user interface might suddenly change in sneaky ways, without the user telling the computer to install an update. Thanks, Gmail, for being another legitimate reason that people think the software industry is controlled by user-hating morons.
Mu.
It's not ever acceptable for other parties to have the capacity to help (except maybe to lend their supercomputers). If a cryptosystem can be modified to reveal (without the attacker knowing the key) something that is already encrypted, then that cryptosystem is hopelessly defective to a comical degree. (Why isn't this bloody-fucking-obvious to everyone?) If GnuPG or LUKS or TrueCrypt could be beaten with "just call the hardware manufacturer" everyone would be totally freaking out. It's unimaginable.
But that said I think the iPhone 5C case is less of a big deal than a hypothetical LUKS screwup, because nobody expects a phone that can be unlocked with a 4-digit PIN to have anything other than a joke toy cryptosystem. (And to Apple's credit, it sounds like their system is a lot better than that, but if you only have 10k possible keys, this is a hopeless situation no matter what.) If I'm mistaken about expectations and Apple actually marketed it as secure by modern standards, to cash in on post-Snowden concerns, then this might be a case for different sorts of lawyers than the ones that work for the ACLU. Better Call Saul. That's totally regardless of whatever the FBI did: it's not a secure system, period, because we know that Apple can beat it by giving it a firmware update. They wouldn't fight unless the attack would work.
...
As to your original question, we need to take it out of its overshadowing absurd context. Once I do that, it sounds like you're asking if we support or oppose The Draft. I'll put myself down as opposing. Thanks for asking. ;-) But if Uncle Sam points his gun at my face and says I'm going to Afghanistan, I better think fast or else I still might end up there.
I hope they have plans for relocating their brute forcermachines, because the sun is going to become a red giant a blink-of-an-eye into the project.
If what you're describing were practical, then the FBI could have done it with that phone too. They wouldn't have cared about obtaining the hardware-embedded keys, because who needs keys?
Quit rubbing it in, that you guessed the 12345 combination on my luggage. I have learned so much since then!!
If you go by the simplest explanation (and we receive no further information to help us), then you're going to conclude that someone cracked it.
There is significant fraction-of-a-world of people who think Apple's hardware is generally pretty decent (at worst! a lot of people downright like it). But the hardware, for all its perceived virtues, has one big glaring problem: it tries to prevent people from running whatever software that they want to. So there are a fuckton of people who look for bugs, in order to be able to root their own phones and gain control of the machine that they bought. Some of them find the bugs. It has always been so, and that's how it is on this platform too, unless you are saying that you think Apple is the one company in the history of this industry, who has finally managed to produce bug-free consumer products.
You're not saying that, are you?
If not, then the simplest explanation is that someone with physical access to the device managed to gain control of it, since that sort of thing happens all the time anyway, with or without the FBI backing the effort.
Believe it or not, you're actually overstating how much the FBI was winning; they were far more doomed and already-defeated than you describe. They've probably won the battle for the iPhone 5c, and they might possibly (it's iffy, but possible) win on some newer handheld/toy PCs. But they have no chance, ever, when it comes to solving the general problem. If users actively try to protect their data then the data will be really encrypted, such that subverting the device doesn't get you the key (or 10k possible keys, where one is really it). And then attackers can go crying or threatening whatever manufacturers they want, and it won't help them a bit.
This time, they couldn't wave their $5 wrench at the user (dead men are hard to intimidate), so they waved it at someone else. (It was either a miracle or technological travesty (pick your PoV) that someone else could actually help them.) Next time, there is no "someone else" unless the user is just as incompetent (or more likely: apathetic) as Farook was.
Apple is the party the government wants the exploit to not get leaked to. The entire point of the anonymous official's quotation is that if the FBI ever uses (in court) evidence gained through this exploit, then Apple will be able to fix ..
But make no mistake: the effectiveness of the security system that we're talking about, is decades behind what we're otherwise used to. If in 2006 (or 1996) the FBI had asked a hardware manufacturer, "hey, can you crack open these files?" Dell's response would have been to forward them to their supercomputer sales department.
Some day you'll hear a new word that you haven't heard yet: "Archeology." I promise, you'll be amazed by all the things that people have figured out about the past, without using books.
Look on the bright side: some of us make $1.39 for every dollar we might have otherwise made. If this doesn't show that Man is progressing, I don't know what does!
And yet it still doesn't sound quite as stupid as "digital downloads."
This is like asking if you're excited about LG's new 34.5-inch monitor/TV which fills in the gap between their 30-inch and 39-inch models.
"OMG! OMG! I have this entertainment system where the bigger TV doesn't fit, an whenever my friends are over, they laugh at me and say I have a tiny penis because I have only a 30-inch monitor in there!! This is just what I needed! OMG!"
By that logic, we should also have labeling to indicate whether or not people with red shirts ever worked on packaging the food. If redshirts working on the food isn't something that needs to be hidden, then why hide it?
Some people speculate the FBI would like to mandate broken security. That's a believable speculation (and it got more believable after the president's "black boxes" comment); I am not going to say you're wrong.
But if you're trying to imply the Farook iPhone 5C case is about mandating broken security, then you are definitely wrong. That particular phone already has broken security.
(How do we know it's already broken? Because the FBI has identified a plan to bruteforce the crypto in a reasonable amount of time (with a little help from Apple), and Apple knows that their attack will work (and make them look bad, I guess?). Apple can already break the iPhone 5C. That's why the FBI is trying to get their help.)
It's not normal that your computer manufacturer can break into your computer. If you buy a Dell machine and the FBI asks Dell to crack your GnuPC files, they're going to be forwarded to Sales about their bruteforcing supercomputers inquiry. This whole phone thing is really weird and you should think about all the reasons why it's weird.
None of this relevant anyway, to whether or not your car is running some really bad code. Nor does it have bearing on whether or not you can audit and maintain that code.
No.
The FBI is in a legal battle with Apple, because back in 2013 Apple didn't try hard enough (in hindsight) to protect consumers from people breaking into the computer Apple was selling at the time. Thus it turns out that with some minor changes to its firmware, it'll be practical to bruteforce that computer's crypto. (Think about how unusual that is!)
If they had found a newer computer which is harder to break into, there's no order they would have been able to reasonably ask the court to give to Apple. What would the order have been, "Apple, perform magic?"
I think he's talking about car salespeople, not tech people.