First off, the FBI bought the technology from Cellebrite, most likely spending untold millions of tax payers funds. This shouldn't be real news to anyone, it's not the first time the US has depended upon Israeli intelligence to do what they weren't capable of (Betancourt rescue).
First, there is such a thing as budgets. The FBI cannot just pay "untold millions" for stuff. Second, we know the price: $15,000. Well within the budget.
Second, whatever Cellebrite was selling, wasn't actually used by the FBI.
They don't have any problem identifying photos of Hitler as Hitler. The problem is false positives: If the software mistook the photo of some living person as Hitler, and that was somehow published, that person would not be happy, and might start a lawsuit.
Problem is easily solved by telling the software "if you think it is Hitler, you say you don't recognise it". There was a case a while ago where some photo analysis software mistook a woman for a gorilla. Highly embarrassing for everyone involved.
I would think that software makers would nowadays add precautions to make particularly embarrassing mistakes less likely. (Mistaking a gorilla for a woman is no big deal, the other way round it's very bad).
Many people would _love_ to buy a 17" MacBook. The problem is that very few people actually did. When they stopped selling the 17" MacBook, "refurbished" ones were available for almost a year (in the UK, didn't check elsewhere) at very good prices, so they can't have sold well at all. (Whenever Apple starts selling a product, it will soon after appear as "refurbished". I very much suspect that many of those are brand new).
Not to be tortured is really just a basic human right that no decent person would even consider to violate, no matter what the other side does.
Donald Trump promised America a lot more of it - waterboarding and a lot worse (whatever that is). As you said, no decent person would even consider it.
Garbage collection doesn't detect cycles. Garbage collection ignores a second reference to an object (as would be created by a reachable cycle, but also happens just normally), and garbage collection ignores unreachable objects (which may include complete cycles that are unreachable, but also any other object or a tree structure that isn't reachable).
or wasn't there some law about circumventing security measures on a computer device?
Police has the right to break into a phone any way they can if they have a search warrant. If they come to your door with a search warrant, and you don't let the police in, they will break the door open. If they have a search warrant for your phone, it may be harder to break in, but absolutely legal.
Nice try, but by that logic, guns, knives, cars, bats, hockey sticks, martial arts schools, etc should all be banned since they COULD be misused for crimes.
We should really care about people getting killed, and not people getting killed by crime. And the greatest killer are stepladders.
Apparently 450 Americans die every year from falling out of their bed. I wonder how that compares to people killed by terrorists.
Does anyone actually believe that facebook doesn't have access to the messages, even though they are supposedly using 'end to end' encryption? And if you do believe that, can you explain why facebook would have spent 19 billion acquiring the company, only to not be able to show or target ads at it's users?
I don't know details about WhatsApp, but with iMessage this can be verified if you have two hacked iPhones. If you send a message from A to B, then Apple says that they ask B for a public key, send that key to A, A encrypts the message, Apple sends the message to B, and B decrypts it. Apple could obviously create a man-in-the-middle attack. But if you have both phones, A and B, under your control, then you would find in that case that the public key that A used to encrypt the message is not B's public key.
I would suspect that something similar would be the case with WhatsApp, that a man-in-the-middle attack could be detected.
If one billion WhatsApp users are using the app to hide their terrorist or criminal activities, then the FBI is right to be worried. I would be worried as well.
From a technical standpoint, it seems extraordiary to claim that it's "all or none" when it comes to iPhone security and then offer no technical indication why this is the case.
A major security feature that prevents hackers from getting into an iPhone is the fact that an iPhone only accepts new firmware if it is signed by Apple. It's very hard to get firmware onto an iPhone. But it is easy to copy firmware including the signing key off an iPhone! And once the FBI has done that, they can install the same software, because it _is_ signed by Apple, on any other iPhone.
It's like your burglar proof home - it may be hard to break in, but you probably have nothing that prevents someone from breaking out. Apple had and has no reason to prevent anyone from copying their firmware.
Let's assume you purchased an unbreakable lock from Acme Inc. There's reasonable suspicion you've comitted a crime and we need access to your locked items to prove it. Society needs to function in a way that we can identify and prosecute criminals so there are two options:
Let's assume some conspirators conspire without writing anything down about their plans. There is reasonable suspicion they have committed a crime and we need access to the thoughts locked in their brains to prove it. Society needs to function in a way that we can identify and prosecute cimrinals so there are two options...
Your argument is nonsense. There are plenty of criminals who are not identified, prosecuted, or convicted, and society functions just nice. The police _wants_ evidence (but only sometimes, when it's a less interesting case you can _hand_ them the evidence on a silver platter and they _still_ do nothing).
And Acme Inc has not done anything wrong. They are not criminals. One of their customers is a criminal, but Acme isn't. So why should the state have any way whatsoever to force them to do something?
The FBI had a search warrant, plus permission by the owner of the phone. Apple quite rightfully said that the whole mess has nothing to do with them. They sold the phone a while ago, they gave the FBI all the information they had about the phone, and that's it. And they didn't mind giving the FBI information, what they did mind officially was being told to destroy the security of all their customers' phones, and inofficially hearing about a court case against them in the press and not from the FBI or the court.
Clearly since Apple didn't want to do what they are told, their lawyers, like every good lawyer would do, lists every single argument, no matter how reasonable or unreasonale, why Apple shouldn't have to do as they were told. One of these arguments, one of many, was the argument that creating this software is speech, and you can't be prevented by the state to use your right of free speech, _or_ to be forced to speak. But that's just one thing in a long list.
You didn't pay attention. The government can hack your iPhone 5c _with a four digit passcode_ _by paying $15,000_.
Things are different with a six digit passcode (which is default when you use a fingerprint sensor) and very, very different if you use an eight digit passcode.
However, I doubt the phone is bricked. I expect a factory reset at full data-loss (including the iCloud account) is possible.
There is separately a passcode (which locks the phone) and the combination of iTunes account name and password.
If you don't have the passcode, you can't get into the phone (unless it's a four digit passcode and you're patient). You can reset the phone. If you don't have the iTunes account name and password, the phone is bricked, otherwise you can use it. Hopefully restore it from a backup.
Your iTunes account name should be an email address that you can access. In that case, you can reset the account password (a bit more difficult if you have two factor authentication. In that case again, you can use the iPhone again.
Modification to the key escrow: Apple Escrow Service doesn't hold the key, but a code to modify your passcode. For example if that code is 1234, then you choose your passcode X and add 1234 and give that modified code to someone who should be able to unlock your phone. That person (or the FBI) can ask the escrow service to get the code 1234. The trusted person subtracts 1234 from the key they were given and unlock the phone. The FBI or a hacker who can somehow worm their way into the escrow service gets the code 1234 and knows just as much as before because they don't know which number to subtract it from.
First, most people don't turn on "erase phone after ten incorrect attempts". In that case, and if there is a four digit passcode, then there is a simple solution. Two days of typing, and the phone is unlocked.
Six digits or higher passcode: Simple solution for absolute emergencies if you don't want to violate the kid's trust: Ask for the last two or four digits of the passcode, so that you need four more. Now criminals or FBI can't get in, the parents can get into the phone in a day or two. Asking for the last digits makes it easy to verify: Kid types in the first four digits, you type in the rest, and unlock the phone immediately.
Realy? How many times has that happened at gun shows were there are crowds of armed people?
Well, I read in a book (about the world's most stupid criminals) about some guy who went with his knife to rob a gun store in the USA. There was the (armed) store owner, plus seven armed customers present in the store, including a police officer. No gun shots were fired.
Outselling both Android wear/Samsung/LG/HTC/Apple almost 2 to one COMBINED.
That's a new one. I've heard people claiming that Samsung made 100 times more profit than Apple (because some idiot didn't notice one number was Korean won and the other number was US dollars). This time it seems you are confusing Pebble's revenue in dollars with the others' unit sales.
The FBI would just argue in court that Apple can't substantiate that cost, and get the court to find that they don't have to pay, or only have to pay a reduced amount. Especially for the nth device.
Apple would then argue in court that since the FBI refuses to pay Apple's cost, this constitutes an unacceptable burden.
Oh, and then re-create it for each of the next 200 phones the FBI wants into... making sure that no copies every leak, each time.
One possibility would be to unlock the phone, send an appropriate bill (some major six digit number), and see if they really want the next phone unlocked at that cost.
If the device was properly encrypted, nothing short of the actual passphrase, or the encryption key itself that's normally protected by that passphrase, would open up the data. They would have to observe the device being unlocked, which would require the co-operation of the suspect (who obviously isn't co-operating at the moment).
Wrong. The FBI still needs to find the passcode. But the killer turned on a security feature that the iPhone erases its content after ten incorrect passcode attempts. Apparently he used a four digit passcode, and without the extra security feature some intern could unlock the phone in two days. The FBI wants Apple to change the phone's firmware so it doesn't automatically erase itself. They still need to enter the right passcode.
I don't give a flying f*ck what the FBI does about the San Bernadino shooter data. What I do care about is the fact that Apple and the FBI both are pretending that security through obscurity works, and that a lot of tech geeks are eating up that bullshit instead of demanding that Apple make their phones actually secure.
First, this is a rather old phone, an iPhone 5C, that we are talking about. The story is that from the iPhone 5s upwards, the security feature (phone gets erased after 10 incorrect PINs) cannot be disabled on a locked phone, because it is controlled by hardware that isn't controlled by the firmware. To change the setting, you need to run software that only becomes available after unlocking the phone. So Apple _makes_ their phones actually secure.
Second, this isn't "security through obscurity". "Obscurity" means something that a determined hacker can find out, but is maybe too lazy to find out. That kind of obscurity doesn't protect against a really determined hacker. In this case, the security comes from the fact that the hack is only possible if you have Apple's firmware signing key, and Apple protects that from all access. What you do is like calling password protection "security by obscurity". Obviously if you knew my password you could break in. But that's not what is meant by "obscurity" in this situation.
Another important source of these errors is cancellation of terms. In math, a * B / B = a, no matter how big B is relative to A. In numerical computation if you add a large number and then subtract the large number, you would lose so many digits of accuracy. Similar thing happens when you multiply and then divide by a large number.
Not so, unless an intermediate result overflows and underflows. Without overflow or underflow, calculating c = (a * b) / b may give a result slightly different from a, with a small relative error, but then calculating (c * b) / b actually gives c again. Same for c = (a / b) * b and (c / b) * b.
With addition and subtraction, the error is small compared to the maximum of a and b.
Double precision numbers use a 53 bit mantissa. For the number pi â 3.14 the last bit of the mantissa has a value of 2^-51. Any real number between 2 and 4 can be represented with an error less than 2^-52.
At a radius of 12.5 billion miles, the error in calculating the product times pi before rounding would less than 12.5 billion miles times 2^-52 times 2, which is 0.352 inches or 8.94 mm.
The result in miles is about 78 billion, somehow bigger than 2^36. The rounding error would be up to 2^-17 miles or 0.483 inches or 12.3 mm. So the bounds for the rounding error alone is already higher than the bounds due to the error in pi.
Slashdot Mirror
First off, the FBI bought the technology from Cellebrite, most likely spending untold millions of tax payers funds. This shouldn't be real news to anyone, it's not the first time the US has depended upon Israeli intelligence to do what they weren't capable of (Betancourt rescue).
First, there is such a thing as budgets. The FBI cannot just pay "untold millions" for stuff. Second, we know the price: $15,000. Well within the budget.
Second, whatever Cellebrite was selling, wasn't actually used by the FBI.
They don't have any problem identifying photos of Hitler as Hitler. The problem is false positives: If the software mistook the photo of some living person as Hitler, and that was somehow published, that person would not be happy, and might start a lawsuit.
Problem is easily solved by telling the software "if you think it is Hitler, you say you don't recognise it". There was a case a while ago where some photo analysis software mistook a woman for a gorilla. Highly embarrassing for everyone involved.
I would think that software makers would nowadays add precautions to make particularly embarrassing mistakes less likely. (Mistaking a gorilla for a woman is no big deal, the other way round it's very bad).
I would LOVE to replace my 17" macbook pro.....
Many people would _love_ to buy a 17" MacBook. The problem is that very few people actually did. When they stopped selling the 17" MacBook, "refurbished" ones were available for almost a year (in the UK, didn't check elsewhere) at very good prices, so they can't have sold well at all. (Whenever Apple starts selling a product, it will soon after appear as "refurbished". I very much suspect that many of those are brand new).
Apple doesn't "expect" customers to replace their phones after three years. Apple "assumes" that they do this, which is very different.
Not to be tortured is really just a basic human right that no decent person would even consider to violate, no matter what the other side does.
Donald Trump promised America a lot more of it - waterboarding and a lot worse (whatever that is). As you said, no decent person would even consider it.
Garbage collection doesn't detect cycles. Garbage collection ignores a second reference to an object (as would be created by a reachable cycle, but also happens just normally), and garbage collection ignores unreachable objects (which may include complete cycles that are unreachable, but also any other object or a tree structure that isn't reachable).
or wasn't there some law about circumventing security measures on a computer device?
Police has the right to break into a phone any way they can if they have a search warrant. If they come to your door with a search warrant, and you don't let the police in, they will break the door open. If they have a search warrant for your phone, it may be harder to break in, but absolutely legal.
Nice try, but by that logic, guns, knives, cars, bats, hockey sticks, martial arts schools, etc should all be banned since they COULD be misused for crimes.
We should really care about people getting killed, and not people getting killed by crime. And the greatest killer are stepladders.
Apparently 450 Americans die every year from falling out of their bed. I wonder how that compares to people killed by terrorists.
Does anyone actually believe that facebook doesn't have access to the messages, even though they are supposedly using 'end to end' encryption? And if you do believe that, can you explain why facebook would have spent 19 billion acquiring the company, only to not be able to show or target ads at it's users?
I don't know details about WhatsApp, but with iMessage this can be verified if you have two hacked iPhones. If you send a message from A to B, then Apple says that they ask B for a public key, send that key to A, A encrypts the message, Apple sends the message to B, and B decrypts it. Apple could obviously create a man-in-the-middle attack. But if you have both phones, A and B, under your control, then you would find in that case that the public key that A used to encrypt the message is not B's public key.
I would suspect that something similar would be the case with WhatsApp, that a man-in-the-middle attack could be detected.
If one billion WhatsApp users are using the app to hide their terrorist or criminal activities, then the FBI is right to be worried. I would be worried as well.
From a technical standpoint, it seems extraordiary to claim that it's "all or none" when it comes to iPhone security and then offer no technical indication why this is the case.
A major security feature that prevents hackers from getting into an iPhone is the fact that an iPhone only accepts new firmware if it is signed by Apple. It's very hard to get firmware onto an iPhone. But it is easy to copy firmware including the signing key off an iPhone! And once the FBI has done that, they can install the same software, because it _is_ signed by Apple, on any other iPhone.
It's like your burglar proof home - it may be hard to break in, but you probably have nothing that prevents someone from breaking out. Apple had and has no reason to prevent anyone from copying their firmware.
Let's assume you purchased an unbreakable lock from Acme Inc. There's reasonable suspicion you've comitted a crime and we need access to your locked items to prove it. Society needs to function in a way that we can identify and prosecute criminals so there are two options:
Let's assume some conspirators conspire without writing anything down about their plans. There is reasonable suspicion they have committed a crime and we need access to the thoughts locked in their brains to prove it. Society needs to function in a way that we can identify and prosecute cimrinals so there are two options...
Your argument is nonsense. There are plenty of criminals who are not identified, prosecuted, or convicted, and society functions just nice. The police _wants_ evidence (but only sometimes, when it's a less interesting case you can _hand_ them the evidence on a silver platter and they _still_ do nothing).
And Acme Inc has not done anything wrong. They are not criminals. One of their customers is a criminal, but Acme isn't. So why should the state have any way whatsoever to force them to do something?
That's a misrepresentation.
The FBI had a search warrant, plus permission by the owner of the phone. Apple quite rightfully said that the whole mess has nothing to do with them. They sold the phone a while ago, they gave the FBI all the information they had about the phone, and that's it. And they didn't mind giving the FBI information, what they did mind officially was being told to destroy the security of all their customers' phones, and inofficially hearing about a court case against them in the press and not from the FBI or the court.
Clearly since Apple didn't want to do what they are told, their lawyers, like every good lawyer would do, lists every single argument, no matter how reasonable or unreasonale, why Apple shouldn't have to do as they were told. One of these arguments, one of many, was the argument that creating this software is speech, and you can't be prevented by the state to use your right of free speech, _or_ to be forced to speak. But that's just one thing in a long list.
The government can hack your iPhone 5c at will.
You didn't pay attention. The government can hack your iPhone 5c _with a four digit passcode_ _by paying $15,000_.
Things are different with a six digit passcode (which is default when you use a fingerprint sensor) and very, very different if you use an eight digit passcode.
However, I doubt the phone is bricked. I expect a factory reset at full data-loss (including the iCloud account) is possible.
There is separately a passcode (which locks the phone) and the combination of iTunes account name and password.
If you don't have the passcode, you can't get into the phone (unless it's a four digit passcode and you're patient). You can reset the phone. If you don't have the iTunes account name and password, the phone is bricked, otherwise you can use it. Hopefully restore it from a backup.
Your iTunes account name should be an email address that you can access. In that case, you can reset the account password (a bit more difficult if you have two factor authentication. In that case again, you can use the iPhone again.
Modification to the key escrow: Apple Escrow Service doesn't hold the key, but a code to modify your passcode. For example if that code is 1234, then you choose your passcode X and add 1234 and give that modified code to someone who should be able to unlock your phone. That person (or the FBI) can ask the escrow service to get the code 1234. The trusted person subtracts 1234 from the key they were given and unlock the phone. The FBI or a hacker who can somehow worm their way into the escrow service gets the code 1234 and knows just as much as before because they don't know which number to subtract it from.
First, most people don't turn on "erase phone after ten incorrect attempts". In that case, and if there is a four digit passcode, then there is a simple solution. Two days of typing, and the phone is unlocked.
Six digits or higher passcode: Simple solution for absolute emergencies if you don't want to violate the kid's trust: Ask for the last two or four digits of the passcode, so that you need four more. Now criminals or FBI can't get in, the parents can get into the phone in a day or two. Asking for the last digits makes it easy to verify: Kid types in the first four digits, you type in the rest, and unlock the phone immediately.
Realy? How many times has that happened at gun shows were there are crowds of armed people?
Well, I read in a book (about the world's most stupid criminals) about some guy who went with his knife to rob a gun store in the USA. There was the (armed) store owner, plus seven armed customers present in the store, including a police officer. No gun shots were fired.
Outselling both Android wear/Samsung/LG/HTC/Apple almost 2 to one COMBINED.
That's a new one. I've heard people claiming that Samsung made 100 times more profit than Apple (because some idiot didn't notice one number was Korean won and the other number was US dollars). This time it seems you are confusing Pebble's revenue in dollars with the others' unit sales.
The FBI would just argue in court that Apple can't substantiate that cost, and get the court to find that they don't have to pay, or only have to pay a reduced amount. Especially for the nth device.
Apple would then argue in court that since the FBI refuses to pay Apple's cost, this constitutes an unacceptable burden.
Oh, and then re-create it for each of the next 200 phones the FBI wants into... making sure that no copies every leak, each time.
One possibility would be to unlock the phone, send an appropriate bill (some major six digit number), and see if they really want the next phone unlocked at that cost.
If the device was properly encrypted, nothing short of the actual passphrase, or the encryption key itself that's normally protected by that passphrase, would open up the data. They would have to observe the device being unlocked, which would require the co-operation of the suspect (who obviously isn't co-operating at the moment).
Wrong. The FBI still needs to find the passcode. But the killer turned on a security feature that the iPhone erases its content after ten incorrect passcode attempts. Apparently he used a four digit passcode, and without the extra security feature some intern could unlock the phone in two days. The FBI wants Apple to change the phone's firmware so it doesn't automatically erase itself. They still need to enter the right passcode.
I don't give a flying f*ck what the FBI does about the San Bernadino shooter data. What I do care about is the fact that Apple and the FBI both are pretending that security through obscurity works, and that a lot of tech geeks are eating up that bullshit instead of demanding that Apple make their phones actually secure.
First, this is a rather old phone, an iPhone 5C, that we are talking about. The story is that from the iPhone 5s upwards, the security feature (phone gets erased after 10 incorrect PINs) cannot be disabled on a locked phone, because it is controlled by hardware that isn't controlled by the firmware. To change the setting, you need to run software that only becomes available after unlocking the phone. So Apple _makes_ their phones actually secure.
Second, this isn't "security through obscurity". "Obscurity" means something that a determined hacker can find out, but is maybe too lazy to find out. That kind of obscurity doesn't protect against a really determined hacker. In this case, the security comes from the fact that the hack is only possible if you have Apple's firmware signing key, and Apple protects that from all access. What you do is like calling password protection "security by obscurity". Obviously if you knew my password you could break in. But that's not what is meant by "obscurity" in this situation.
Another important source of these errors is cancellation of terms. In math, a * B / B = a, no matter how big B is relative to A. In numerical computation if you add a large number and then subtract the large number, you would lose so many digits of accuracy. Similar thing happens when you multiply and then divide by a large number.
Not so, unless an intermediate result overflows and underflows. Without overflow or underflow, calculating c = (a * b) / b may give a result slightly different from a, with a small relative error, but then calculating (c * b) / b actually gives c again. Same for c = (a / b) * b and (c / b) * b.
With addition and subtraction, the error is small compared to the maximum of a and b.
Double precision numbers use a 53 bit mantissa. For the number pi â 3.14 the last bit of the mantissa has a value of 2^-51. Any real number between 2 and 4 can be represented with an error less than 2^-52.
At a radius of 12.5 billion miles, the error in calculating the product times pi before rounding would less than 12.5 billion miles times 2^-52 times 2, which is 0.352 inches or 8.94 mm.
The result in miles is about 78 billion, somehow bigger than 2^36. The rounding error would be up to 2^-17 miles or 0.483 inches or 12.3 mm. So the bounds for the rounding error alone is already higher than the bounds due to the error in pi.