Computers and code are dumb and mechanical The same input leads to the same output. Prima Facie you can break the security of all or none. The burden of proof is on those who propose a back-door on why this would not be so.
The FBI might be able to keep this special "recovery" image secret, but if you add in the other agencies of other nations that would also demand it once it was written, somewhere someone will leak it. Apple keeps the ability to boot into a recovery environment because their techs may need to run software of a device that has corrupt, faulty, or replaced flash memory to repair, replace or update the primary OS. It has to run where there may not be network access and thereby can't run a device-specific approval request by Apple on every boot (like the update mechanism does), the only way to guard against a malicious/backdoor "recovery" image would be for apple to revoke the signing key, but such a revocation would only help phones that actually receive that update. (That phone you lost with racy picture of your mistress three months ago, still vulnerable if your wife actually decided to steal your phone and sit on it... good luck in family court)
Re: Anti-theft. Not forced speech. Apple was left in a position where they could modify the phone or not sell any more phones. The law applies only to new phones sold in California. It did not require specific performance.
Did you actually read the LA article you posted. Creating the back-door the FBI wanted would greatly decrease the value of the product in both China and the U.S, the U.S being afraid of Chinese exploits and vice versa. You would in effect set up a situation where smart phone vendors would be locked into a single government and unable to sell to potential adversaries due to security fears. There would be huge incentive for these exploits and backdoors to be leaked anyway. Next to follow hardware designers and chip fabricators. We are much better off with a few neutrally secure smart-phone vendors then dozens of fragmented hegemonies.
Your link to free speech being revoked is simply bullshit. Missing from the link is any order to divulge passwords, and missing from the summary is the accusation that actually got Terry Child prison time: mainly the pattern of behaviour and UNAUTHORIZED COMPUTER ACCESS to put himself in the position as the only person to know the passwords. It was not simple accident, but allegedly result of criminal behaviour that led to his position of sole password knower, criminal behaviour which he was thrown in jail for.
The kill switch is necessary to prevent brute force attacks from unauthorized users of the phone. It provides a real security purpose and protects real users in real use-cases. It was not designed for the purpose of thwarting legal investigation, it is largely an unintended and necessary effect of the prior mentioned protection.
Apple had good reasons for challenging any warrants issued. Reason supported by case law and affirmed in by Magistrate Judge James Orenstein in a related mater. While Apple could build what the FBI requested having such a creature in the wild would be very detrimental to apple. Such a build also runs afoul of freedom of speech, coercing creative expression, and coercing a digital signature. Every other country would also want a piece of this back-door, increasing the liklihood of escape into the wild and into the hands of the very same people the feature was intended to protect against.
How the fuck is code supposed to distinguish between a valid court warrant, and the corrupt IT guy who sold the government's backdoor key to a North Korean intelligence agent? The Code doesn't care and can only follow instructions. The jurisdiction of U.S law is not global and any exception carved out for the US will be given at the very least to all of the EU nations and the G13, which includes Russia and China, potential economic and military adversaries of the U.S in the future.
Additionally Apple is irrelevant as a company. There is open source and manufacturing capacity out there that people can maintain a non-backdoored phone in one-off groups buys from fly-by night operators.
Strong encryption is a vital aspect of any free culture in a digital era. The benefits are such that I willing to accept them even if it means on rare occasions very bad people get away with bad things or it more costly to investigate and convict such activities. There is no technological protection that can stop the back-doors of the "good guys" today from becoming the back-doors of the "bad guys" tomorrow. There is also no mechanism compatible with a free society that could actually stop a determined group of people from developing software and building devices that actually implemented strong encryption without the backdoor.
The self-destruct can be disable via some very expensive hardware, which Apple does not produce, nor maintains the experts necessary to use it.
(The alternative explanation is that a thrid party by some nefarious means gained access to Apple's signing keys, or are exploiting a zero-day a bug in the firmware validation code. )
The case law around the all-writs act shows that warrant which create undue burdens are not authorized. Once the cat is out of the bag, Apples has no way to prevent it from being used agains all prior iOS versions or guaranteeing only the FBI has it. Additionally, once the cat is out of the bag they can't really deny it from, France, the UK, Russia, China.... all the way down really excluding the worst of the worst where Apple won't do business in in the first place. Either everyone has security (yes even the terrorist and child pornographers) or nobody really does (you can be compromised by any nation or other sufficiently large organized crime ring)
Most residential electric bills in the U.S are charged in terms of kW/hr, the kilowatt hour. For a battery bank you calculate the potential deliverable kW/hr , you roughly take capacity X cycles. The cost is the cost of the battery. Divide total cost by the potential deliverable. To be even more accurate correct for efficiency loses.
20% of the cost of Lithium ion per unit capacity is still not cheap compared to the cost of electricity from the grid. For widespread home storage you need to bring costs down to less than 5 cents per kW/hr, (1/2 grid costs... significantly less than grid to combine with rooftop solar) and grid you likely need less than 2 cents per kWhr. (1/10-1/4 retail,) (the difference between the spot costs from base-load or fuel-less sources of (nuclear coal, wind, solar) and that of oil/fast-start natural gas)
How do you make a block-chain authoritative on data that originates outside of it, like ICANN compliant domain names? Alternatives like the PGP web of trust or the GNU name system will explicit show you the chain of trust, but these webs aren't authoritative.
High high cost of housing if the bay area is not the fault of Yelp, but due to the policies of local government. The only way to make it more affordable it to bring down the cost by adding supply. This includes the nearby suburbs.
No, the all writs act only authorizes the coercion of someone to help execute a specific warrant. To force apple to do something to all phones with a warrant, would mean the warrant would functionally be a general warrant, a type of warrant specifically prohibited by constitution.
The problem with this analogy is the you only bury bodies in concrete is to hide criminal activity. It's no lake a blackout drape company. Yes sometimes they are used to hide criminal activity, but more often they are used to privacy and protection from criminal activity.
Fingerprint ID tokens expire and are expunged after a certain about of time has passed. Additionally fingerprintID can be disabled on iPhones that have it.
Actually using sentences decreases the search space by quite a bit. Mining Lyric and quote sites is sufficient to break most sentence passwords in a reasonable brute-force time. Pronouncible passwords, diceware are better ways to into your lingual memory.
Yes Apple could do that, but whey the fuck should the have to? As is obvious from your posts there are other people with the expertise and experience to do it cheaper and faster than apple could. Apple may be forced to provide assistance by revealing where on a specific model of chip the unique device keys are stored, and protocol of how the file-system keys are generated from the unique device key and the pin/password. However there is nothing that requires Apple to develop the tools and expertise needed to break thier own security protocols.
It's also like to see an option to erase data on boot if last successful login was more than X days ago. How likely are you not to pick up your phone for a week unless it's stolen or lost?
Trust-zone provides strong guarantees of memory isolation. If you want to spy on the memory you could probe at the hardware level, but that increases the cost of the attack dramatically.
Slashdot Mirror
Computers and code are dumb and mechanical The same input leads to the same output. Prima Facie you can break the security of all or none. The burden of proof is on those who propose a back-door on why this would not be so.
The FBI might be able to keep this special "recovery" image secret, but if you add in the other agencies of other nations that would also demand it once it was written, somewhere someone will leak it. Apple keeps the ability to boot into a recovery environment because their techs may need to run software of a device that has corrupt, faulty, or replaced flash memory to repair, replace or update the primary OS. It has to run where there may not be network access and thereby can't run a device-specific approval request by Apple on every boot (like the update mechanism does), the only way to guard against a malicious/backdoor "recovery" image would be for apple to revoke the signing key, but such a revocation would only help phones that actually receive that update. (That phone you lost with racy picture of your mistress three months ago, still vulnerable if your wife actually decided to steal your phone and sit on it... good luck in family court)
Re: Anti-theft. Not forced speech. Apple was left in a position where they could modify the phone or not sell any more phones. The law applies only to new phones sold in California. It did not require specific performance.
Did you actually read the LA article you posted. Creating the back-door the FBI wanted would greatly decrease the value of the product in both China and the U.S, the U.S being afraid of Chinese exploits and vice versa. You would in effect set up a situation where smart phone vendors would be locked into a single government and unable to sell to potential adversaries due to security fears. There would be huge incentive for these exploits and backdoors to be leaked anyway. Next to follow hardware designers and chip fabricators. We are much better off with a few neutrally secure smart-phone vendors then dozens of fragmented hegemonies.
Your link to free speech being revoked is simply bullshit. Missing from the link is any order to divulge passwords, and missing from the summary is the accusation that actually got Terry Child prison time: mainly the pattern of behaviour and UNAUTHORIZED COMPUTER ACCESS to put himself in the position as the only person to know the passwords. It was not simple accident, but allegedly result of criminal behaviour that led to his position of sole password knower, criminal behaviour which he was thrown in jail for.
Countermeasure that maim and kill are illegal. Countermeasure that merely distract, confuse, or discomfort are quite legal.
The kill switch is necessary to prevent brute force attacks from unauthorized users of the phone. It provides a real security purpose and protects real users in real use-cases. It was not designed for the purpose of thwarting legal investigation, it is largely an unintended and necessary effect of the prior mentioned protection.
Apple had good reasons for challenging any warrants issued. Reason supported by case law and affirmed in by Magistrate Judge James Orenstein in a related mater. While Apple could build what the FBI requested having such a creature in the wild would be very detrimental to apple. Such a build also runs afoul of freedom of speech, coercing creative expression, and coercing a digital signature. Every other country would also want a piece of this back-door, increasing the liklihood of escape into the wild and into the hands of the very same people the feature was intended to protect against.
How the fuck is code supposed to distinguish between a valid court warrant, and the corrupt IT guy who sold the government's backdoor key to a North Korean intelligence agent? The Code doesn't care and can only follow instructions. The jurisdiction of U.S law is not global and any exception carved out for the US will be given at the very least to all of the EU nations and the G13, which includes Russia and China, potential economic and military adversaries of the U.S in the future.
Additionally Apple is irrelevant as a company. There is open source and manufacturing capacity out there that people can maintain a non-backdoored phone in one-off groups buys from fly-by night operators.
Strong encryption is a vital aspect of any free culture in a digital era. The benefits are such that I willing to accept them even if it means on rare occasions very bad people get away with bad things or it more costly to investigate and convict such activities. There is no technological protection that can stop the back-doors of the "good guys" today from becoming the back-doors of the "bad guys" tomorrow. There is also no mechanism compatible with a free society that could actually stop a determined group of people from developing software and building devices that actually implemented strong encryption without the backdoor.
The self-destruct can be disable via some very expensive hardware, which Apple does not produce, nor maintains the experts necessary to use it.
(The alternative explanation is that a thrid party by some nefarious means gained access to Apple's signing keys, or are exploiting a zero-day a bug in the firmware validation code. )
The case law around the all-writs act shows that warrant which create undue burdens are not authorized. Once the cat is out of the bag, Apples has no way to prevent it from being used agains all prior iOS versions or guaranteeing only the FBI has it. Additionally, once the cat is out of the bag they can't really deny it from, France, the UK, Russia, China.... all the way down really excluding the worst of the worst where Apple won't do business in in the first place. Either everyone has security (yes even the terrorist and child pornographers) or nobody really does (you can be compromised by any nation or other sufficiently large organized crime ring)
Apparently "`Unbreakable lock" is just a marketing gimmick so the government can also
3) Hire a really good locksmith.
HTML is a mark-up language. Appearently HTML + CSS 3.0 is turing complete, but lets be honest it'sn not a computational language.
Yes, thank you, my mistake.
Most residential electric bills in the U.S are charged in terms of kW/hr, the kilowatt hour. For a battery bank you calculate the potential deliverable kW/hr , you roughly take capacity X cycles. The cost is the cost of the battery. Divide total cost by the potential deliverable. To be even more accurate correct for efficiency loses.
20% of the cost of Lithium ion per unit capacity is still not cheap compared to the cost of electricity from the grid. For widespread home storage you need to bring costs down to less than 5 cents per kW/hr, (1/2 grid costs ... significantly less than grid to combine with rooftop solar) and grid you likely need less than 2 cents per kWhr. (1/10-1/4 retail,) (the difference between the spot costs from base-load or fuel-less sources of (nuclear coal, wind, solar) and that of oil/fast-start natural gas)
How do you make a block-chain authoritative on data that originates outside of it, like ICANN compliant domain names? Alternatives like the PGP web of trust or the GNU name system will explicit show you the chain of trust, but these webs aren't authoritative.
Around here $1250/mo will rent a 1000-1200 sq. foot house on a 5000 sq. foot lot.
High high cost of housing if the bay area is not the fault of Yelp, but due to the policies of local government. The only way to make it more affordable it to bring down the cost by adding supply. This includes the nearby suburbs.
No, the all writs act only authorizes the coercion of someone to help execute a specific warrant. To force apple to do something to all phones with a warrant, would mean the warrant would functionally be a general warrant, a type of warrant specifically prohibited by constitution.
The problem with this analogy is the you only bury bodies in concrete is to hide criminal activity. It's no lake a blackout drape company. Yes sometimes they are used to hide criminal activity, but more often they are used to privacy and protection from criminal activity.
Fingerprint ID tokens expire and are expunged after a certain about of time has passed. Additionally fingerprintID can be disabled on iPhones that have it.
Actually using sentences decreases the search space by quite a bit. Mining Lyric and quote sites is sufficient to break most sentence passwords in a reasonable brute-force time. Pronouncible passwords, diceware are better ways to into your lingual memory.
Yes Apple could do that, but whey the fuck should the have to? As is obvious from your posts there are other people with the expertise and experience to do it cheaper and faster than apple could. Apple may be forced to provide assistance by revealing where on a specific model of chip the unique device keys are stored, and protocol of how the file-system keys are generated from the unique device key and the pin/password. However there is nothing that requires Apple to develop the tools and expertise needed to break thier own security protocols.
It's also like to see an option to erase data on boot if last successful login was more than X days ago. How likely are you not to pick up your phone for a week unless it's stolen or lost?
The default is increase wait, but you can set an option to erase after 10 consecutive fails.
Trust-zone provides strong guarantees of memory isolation. If you want to spy on the memory you could probe at the hardware level, but that increases the cost of the attack dramatically.
Sure, it's 127.0.0.1. Happy Hacking!
Zen Opteron sounds pretty cool, especially if paired with coreboot and a mini-ITX form factor.
I'd be more worried if they could work together. Anytime I hear "bipartisan support" , I know what they really mean: "Get ready to bend over".