Or even more obviously, the operating system is responsible for connecting the input method to the security hardware... so if the operating system is able to for example log the touch screen presses...
Being able to make the operating system log touch screen presses doesn't do you any good when the person who knows the password isn't available or won't talk.
Gee. if only the FBI put as much work into making sure automatic weapons don't get into the hands of criminals as much as they worried about telephones getting into the hands of criminals.
Well, given the fact that no crimes or acts of terrorism are committed with automatic weapons in the US, you can't really say they've got that wrong. If you want to talk about semi-automatic weapons then at least there's a discussion to be had, but not automatics.
and what do you "think" make people "freak out" when they get to know that google, (with likes of jared cohen basically working in both state department and google,) was eager to please state department to achieve its illegal regime change goals in syria by "helping and encouraging an opposition" that consisted of people who go around cutting people head off ( or crucifying them hear the news today ?)and suicide bombs?
Your'e completely mischaracterizing the whole thing. Cohen thought it would be cool, and useful, to help visualize high-level defectors from one oppressive regime that he (for whatever reason) cared about. The state department didn't ask for it. It was probably someone's 20% project, which Google management saw no reason to oppose. ISIS wasn't in the picture yet so the "cutting people [sic] head off" opposition wasn't considered.
The problem is that if Apple knows what they are doing, they can try and push for a legal precedent to use against the government in the future.
Maybe. Declarative judgments of that sort are often hard to get because courts only like to look at specific cases where there is specific harm.
However, what is certain is that "Apple is unable to decrypt devices, period" has become an explicit security requirement for all new designs. I'm sure in the past it was a requirement only in the way that all good security designers try to build systems that they themselves cannot break, not a core goal. In most systems, if you've ensured that only someone with access to the signing keys can compromise it, and you've done a good job of security those keys, you figure you're done. Not any more.
Given unlimited resources I imagine they can probably crack any consumer level device eventually.
The FBI doesn't have unlimited resources. Certainly not unlimited resources to devote to a single device.
I'm not claiming that consumer devices will ever be secure against nation states willing to throw millions at a single device. That's foolishness. But I think consumer devices can be sufficiently secure that governments will generally not be willing to spend what it takes. That matters because there are other large organizations which, while they don't have pockets as deep as national governments, can also throw large amounts of money and expertise against the problem, and even if we assume all governments are 100% on the side of the angels, we still want our devices to be fairly secure against other potential intruders.
Yes. However, it's still worth pointing out that the software on the security chip is also likely updatable. Hopefully it only accepts updates when the user's password is provided. If it doesn't work that way, I expect that it will after the next update, unless that's technically infeasible for some reason, in which case it'll work that way in the next generation of devices.
I'm not saying there's a conspiracy of any sort. I'm just saying that I think the FBI sees an ongoing problem with their inability to get information from mobile devices of suspects, and an opportunity to set a precedent that will help them. The ACLU, et al, cherry pick the cases they choose to push in order to get favorable precedents all the time. I see no reason why the FBI isn't smart enough to try to do the same. And their attempt to do so isn't "evil", it's just how the game is played. Which doesn't mean we shouldn't point out what they're doing, and courts shouldn't consider the long-term precedential aspects of their decisions (they absolutely should!).
I see what you mean and have to concede that you are most likely right. The data is how Google makes their money so they are likely only to hand it over when pried from their (cold, dead) fingers!
Plus it would just be a bad idea. Bad for customer relations and bad for the world -- which is actually something that the people involved at Google think about quite a bit.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
It's not a big problem if Apple's PR does their job (and they're very good at their job). The 5C didn't have the separate security chip and was known to be less secure for that reason. The 5S and newer do, and should be harder to penetrate. If the FBI had gotten into one of the latest models, that would have been a bigger issue.
Also, it's worth pointing out that we don't actually know that the FBI did get Farook's phone decrypted. Odds are they never cared about that anyway, but only about setting the precedent by requiring Apple to help them, then when they saw the ruling was likely to go against them decided back down. Claiming to have gotten in another way just helps the FBI save face... and maybe attempts to make Apple look bad, both by making their devices appear insecure and by making the company appear to be needlessly obstructionist.
Yeah, aggregate google search results data by arbitrarily-specific-location is "public" like the Vogon plans to demolish Earth to create a galactic superhighway were public.
The data in question wasn't from Google search results. It was a tool which Al Jazeera could use to visually map publicly-available data.
"That project just collected and mapped publicly-available information"
everything above board and clean huh? that is why "keep this very close hold "
Because people freak out, I'm guessing. Case in point.
why did google, "believed" "in encouraging more to defect and giving confidence to the opposition"?
Because the Syrian government was (and is) an oppressive regime? There's really no debate about that.
for an opposition that turned out to consist, in terms of actual substance, in mainly of islamic state and al nusra front (al-qaeda 's syrian arm)?
"Opposition" is a catchall term. Cohen obviously wasn't referring to IS or Al Nusra, and lots of people defected from Syria to escape it, rather than to join the terrorists. In fact, I don't think the app would have tracked those who did, because they didn't leave Syria and ask for asylum elsewhere.
how far will they go conceal the illegality and guilty blood ?
WTF are you talking about? What illegality, what blood? How did an app tracking the number of defectors from an oppressive regime cause "illegality and guilty blood"?
There was a time when the NSA handing the data over to China would have been a crackpot conspiracy theory and the only citations would have been some sort of circular conspiracy theorist references. But given some of the well-documented behavior of our three-letter agencies, this is a suspicion that a rational person can hold. That's what's troubling here.
Absolutely. What I'm questioning is the assertion that Google hands the data over. Google has consistently maintained that they only provide information in response to proper legal processes and only after careful review to determine that the response is required by law.
I won't comment on that project, though I've heard Jared Cohen's side of the story and it's quite different from how it's being painted, but that has absolutely nothing to do with providing Google logs to the US government. That project just collected and mapped publicly-available information, nothing whatsoever from inside Google.
A mountain of bricks huh: that did not happen on this occasion
That was not an occasion of partisans marching with guns and using that freedom to force their will, so your use of the GPs phrase is out of context.
it is the daily slaughter by accident and casual gun use
Not so much. You should look up the actual statistics. The accidental death numbers are actually very small, and falling every year in spite of increases in both population and numbers of guns. Yes, the individual stories are heartbreaking, but there are lots of heartbreaking stories. If you really want to prevent accidental deaths by children, you should ban swimming pools. You'll save two orders of magnitude more lives, and won't have to fight the constitution to do it.
All the pro-gun state laws that I've seen have an exception for carrying guns in the state's own legislature.
Idaho, Utah, Texas, Arizona, New Hampshire and Alaska allow carry in the legislature. I think most pro-gun states do allow carry in the statehouse, and during sessions. Do you have any example of one that doesn't? Your "Informative" post is misinformation, AFAICT.
And all the courts have an exception for carrying guns in their own courtroom.
Aside: there's an interesting dispute about that in Utah. State law allows courts to ban carry, but places some requirements on them. The courts ban carry, but ignore the requirements, arguing that they're doing it on their own authority rather than as provided by law. The legislature says the courts have to obey the law. The courts say they don't, that as a co-equal branch of government they can regulate their own operations without regard to the wishes of the legislature. The issue hasn't been raised to the supreme court, though there is a 19th-century precedent that probably supports the courts' position, and anyway many of the judges sitting on the supreme court were involved in the decision to ignore the legislative requirements so there's little question about which way they'd decide.
I actually installed the Steam client and set up an account for this. I was whipping out my credit card to make the $17 purchase... then I saw that it's only available on Windows. Oh, well. Hopefully they'll port it to Linux before too long. Or even OS X.
Slashdot Mirror
Sooooo why isn't the same thing happening in the Arctic then?
The Arctic land ice can't melt, because there isn't any. Land, I mean.
That's why Zuckerberg, for example, has claimed that having multiple online identities is fundamentally "dishonest."
Never mind that Zuckerberg uses Limited Liability Companies (LLC) to conceal his real estate purchases and keep his name off the public records.
Well, to be fair, he never said it was dishonest to have multiple real-world identities.
Or even more obviously, the operating system is responsible for connecting the input method to the security hardware... so if the operating system is able to for example log the touch screen presses...
Being able to make the operating system log touch screen presses doesn't do you any good when the person who knows the password isn't available or won't talk.
I want mine to be secure against the common asshole.
Lots of people also want them to be secure against corporate espionage.
Gee. if only the FBI put as much work into making sure automatic weapons don't get into the hands of criminals as much as they worried about telephones getting into the hands of criminals.
Well, given the fact that no crimes or acts of terrorism are committed with automatic weapons in the US, you can't really say they've got that wrong. If you want to talk about semi-automatic weapons then at least there's a discussion to be had, but not automatics.
Dude, you should consider seeing someone. Seriously.
and what do you "think" make people "freak out" when they get to know that google, (with likes of jared cohen basically working in both state department and google,) was eager to please state department to achieve its illegal regime change goals in syria by "helping and encouraging an opposition" that consisted of people who go around cutting people head off ( or crucifying them hear the news today ?)and suicide bombs?
Your'e completely mischaracterizing the whole thing. Cohen thought it would be cool, and useful, to help visualize high-level defectors from one oppressive regime that he (for whatever reason) cared about. The state department didn't ask for it. It was probably someone's 20% project, which Google management saw no reason to oppose. ISIS wasn't in the picture yet so the "cutting people [sic] head off" opposition wasn't considered.
The problem is that if Apple knows what they are doing, they can try and push for a legal precedent to use against the government in the future.
Maybe. Declarative judgments of that sort are often hard to get because courts only like to look at specific cases where there is specific harm.
However, what is certain is that "Apple is unable to decrypt devices, period" has become an explicit security requirement for all new designs. I'm sure in the past it was a requirement only in the way that all good security designers try to build systems that they themselves cannot break, not a core goal. In most systems, if you've ensured that only someone with access to the signing keys can compromise it, and you've done a good job of security those keys, you figure you're done. Not any more.
Given unlimited resources I imagine they can probably crack any consumer level device eventually.
The FBI doesn't have unlimited resources. Certainly not unlimited resources to devote to a single device.
I'm not claiming that consumer devices will ever be secure against nation states willing to throw millions at a single device. That's foolishness. But I think consumer devices can be sufficiently secure that governments will generally not be willing to spend what it takes. That matters because there are other large organizations which, while they don't have pockets as deep as national governments, can also throw large amounts of money and expertise against the problem, and even if we assume all governments are 100% on the side of the angels, we still want our devices to be fairly secure against other potential intruders.
You didn't read the post you responded to.
Yes. However, it's still worth pointing out that the software on the security chip is also likely updatable. Hopefully it only accepts updates when the user's password is provided. If it doesn't work that way, I expect that it will after the next update, unless that's technically infeasible for some reason, in which case it'll work that way in the next generation of devices.
I'm not saying there's a conspiracy of any sort. I'm just saying that I think the FBI sees an ongoing problem with their inability to get information from mobile devices of suspects, and an opportunity to set a precedent that will help them. The ACLU, et al, cherry pick the cases they choose to push in order to get favorable precedents all the time. I see no reason why the FBI isn't smart enough to try to do the same. And their attempt to do so isn't "evil", it's just how the game is played. Which doesn't mean we shouldn't point out what they're doing, and courts shouldn't consider the long-term precedential aspects of their decisions (they absolutely should!).
I see what you mean and have to concede that you are most likely right. The data is how Google makes their money so they are likely only to hand it over when pried from their (cold, dead) fingers!
Plus it would just be a bad idea. Bad for customer relations and bad for the world -- which is actually something that the people involved at Google think about quite a bit.
So, how does this now play for Apple, who banked on their phones being secure as a selling point?
It's not a big problem if Apple's PR does their job (and they're very good at their job). The 5C didn't have the separate security chip and was known to be less secure for that reason. The 5S and newer do, and should be harder to penetrate. If the FBI had gotten into one of the latest models, that would have been a bigger issue.
Also, it's worth pointing out that we don't actually know that the FBI did get Farook's phone decrypted. Odds are they never cared about that anyway, but only about setting the precedent by requiring Apple to help them, then when they saw the ruling was likely to go against them decided back down. Claiming to have gotten in another way just helps the FBI save face... and maybe attempts to make Apple look bad, both by making their devices appear insecure and by making the company appear to be needlessly obstructionist.
Yeah, aggregate google search results data by arbitrarily-specific-location is "public" like the Vogon plans to demolish Earth to create a galactic superhighway were public.
The data in question wasn't from Google search results. It was a tool which Al Jazeera could use to visually map publicly-available data.
"That project just collected and mapped publicly-available information" everything above board and clean huh? that is why "keep this very close hold "
Because people freak out, I'm guessing. Case in point.
why did google, "believed" "in encouraging more to defect and giving confidence to the opposition"?
Because the Syrian government was (and is) an oppressive regime? There's really no debate about that.
for an opposition that turned out to consist, in terms of actual substance, in mainly of islamic state and al nusra front (al-qaeda 's syrian arm)?
"Opposition" is a catchall term. Cohen obviously wasn't referring to IS or Al Nusra, and lots of people defected from Syria to escape it, rather than to join the terrorists. In fact, I don't think the app would have tracked those who did, because they didn't leave Syria and ask for asylum elsewhere.
how far will they go conceal the illegality and guilty blood ?
WTF are you talking about? What illegality, what blood? How did an app tracking the number of defectors from an oppressive regime cause "illegality and guilty blood"?
There was a time when the NSA handing the data over to China would have been a crackpot conspiracy theory and the only citations would have been some sort of circular conspiracy theorist references. But given some of the well-documented behavior of our three-letter agencies, this is a suspicion that a rational person can hold. That's what's troubling here.
Absolutely. What I'm questioning is the assertion that Google hands the data over. Google has consistently maintained that they only provide information in response to proper legal processes and only after careful review to determine that the response is required by law.
I won't comment on that project, though I've heard Jared Cohen's side of the story and it's quite different from how it's being painted, but that has absolutely nothing to do with providing Google logs to the US government. That project just collected and mapped publicly-available information, nothing whatsoever from inside Google.
faithfully handed over as usual, by almighty goog.
Cite?
A mountain of bricks huh: that did not happen on this occasion
That was not an occasion of partisans marching with guns and using that freedom to force their will, so your use of the GPs phrase is out of context.
it is the daily slaughter by accident and casual gun use
Not so much. You should look up the actual statistics. The accidental death numbers are actually very small, and falling every year in spite of increases in both population and numbers of guns. Yes, the individual stories are heartbreaking, but there are lots of heartbreaking stories. If you really want to prevent accidental deaths by children, you should ban swimming pools. You'll save two orders of magnitude more lives, and won't have to fight the constitution to do it.
All the pro-gun state laws that I've seen have an exception for carrying guns in the state's own legislature.
Idaho, Utah, Texas, Arizona, New Hampshire and Alaska allow carry in the legislature. I think most pro-gun states do allow carry in the statehouse, and during sessions. Do you have any example of one that doesn't? Your "Informative" post is misinformation, AFAICT.
And all the courts have an exception for carrying guns in their own courtroom.
Aside: there's an interesting dispute about that in Utah. State law allows courts to ban carry, but places some requirements on them. The courts ban carry, but ignore the requirements, arguing that they're doing it on their own authority rather than as provided by law. The legislature says the courts have to obey the law. The courts say they don't, that as a co-equal branch of government they can regulate their own operations without regard to the wishes of the legislature. The issue hasn't been raised to the supreme court, though there is a 19th-century precedent that probably supports the courts' position, and anyway many of the judges sitting on the supreme court were involved in the decision to ignore the legislative requirements so there's little question about which way they'd decide.
the Linux version is coming shortly
Awesome! Thanks for the information.
I'm so sick of you shilling for Google here. If you were at least critical but, no, they're always "making the world better" in your eyes.
If you think I'm never critical, either you've missed a lot of my posts or (more likely) you're suffering from a case of confirmation bias.
Serves you right. Next time use a real OS.
Are you seriously trying to call Windows a real OS? I don't think that word means what you think it means.
I actually installed the Steam client and set up an account for this. I was whipping out my credit card to make the $17 purchase... then I saw that it's only available on Windows. Oh, well. Hopefully they'll port it to Linux before too long. Or even OS X.