Apple and the FBI password search..... (1 Viewer)

[Deleted member 29692]

Bit of a development in this case. Both interesting and worrying if it has any substance.

http://www.bbc.co.uk/news/world-us-canada-35868322

 

[GJH]

Bit of a development in this case. Both interesting and worrying if it has any substance.

http://www.bbc.co.uk/news/world-us-canada-35868322

I saw that this morning and it struck me that Apple might have been better to have just quietly done the business at their HQ and passed the data on to the FBI in private instead of all their grandstanding and pretence.

 

[Deleted member 29692]

I saw that this morning and it struck me that Apple might have been better to have just quietly done the business at their HQ and passed the data on to the FBI in private instead of all their grandstanding and pretence.

Yes, they could have done that and none of us would ever have known about it.

I, for one, am pleased they didn't. I don't want to repeat the last 5 pages but the principle at stake is far bigger than this one case.

^{_{Subscribers  do not see these advertisements}}

 

[DBK]

I can't see the point of any Government requiring access or a backdoor or encryption keys to any electronic device. Criminals, or more especially, terrorists, aren't entirely stupid. For any communication by any means, it's easily possible to create a code that doesn't depend on electronics, can be transmitted in any form (including on paper), and that cannot be cracked. The structure and keys for the code can be changed weekly (or daily) and the key transmitted in plain language wouldn't materially help anyone access the content. The only assumption is that the information is not to be broadcast to large numbers of people as that would require communicating the means by which the code could be cracked to every intended recipient. For important information to be passed around a small group it would work perfectly.

Fortunately terrorists do make mistakes and that is why they are caught, sometimes. Unfortunately, not today. But it is possible the FBI now have a solution not involving Apple. We shall see.

 

[Deleted member 29692]

But it is possible the FBI now have a solution not involving Apple. We shall see.

I wonder if, when they do finally get into the phone, their fishing trip proves to be a waste of time and money, which even James Comey admits is likely, they will have the balls to admit it.

 

[Gromett]

Bit of a development in this case. Both interesting and worrying if it has any substance

I am not too concerned about this news to be honest. The device they are trying to compromise is in their hands for one, second it is an older model that doesn't have the security chip that the new ones do. So I doubt the FBI could access your new iPhone at all, and certainly not remotely even if this is true.

I saw that this morning and it struck me that Apple might have been better to have just quietly done the business at their HQ and passed the data on to the FBI in private instead of all their grandstanding and pretence

I disagree, it is not grandstanding and pretence. The do actually have a customer data policy internally and these actions are fully in accordance with those policies.
http://www.reuters.com/article/us-apple-encryption-privacy-insight-idUSKCN0WN0BO

There are principles on this case that I respect apple for upholding. I do not like Apple as a company and I do not like their practices. However on this I have to admit I am 100% behind them.

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

I can't see the point of any Government requiring access or a backdoor or encryption keys to any electronic device. Criminals, or more especially, terrorists, aren't entirely stupid. For any communication by any means, it's easily possible to create a code that doesn't depend on electronics, can be transmitted in any form (including on paper), and that cannot be cracked. The structure and keys for the code can be changed weekly (or daily) and the key transmitted in plain language wouldn't materially help anyone access the content. The only assumption is that the information is not to be broadcast to large numbers of people as that would require communicating the means by which the code could be cracked to every intended recipient. For important information to be passed around a small group it would work perfectly.

The French/Belgium security services found to their peril that it is even simpler than that. The Attackers in France simply bought loads of anonymous burner phones and dumped them regularly. They stopped using the internet and didn't use smart phone applications.

I think you may have been referring to one time pads. These are effectively uncrackable if used correctly. They can be used over electronic or physical medium such as the postal service. They could even used steganography to put the encrypted message in an image and post it to a public picture site such as imgur or flickr.

 

[DBK]

I wonder if, when they do finally get into the phone, their fishing trip proves to be a waste of time and money, which even James Comey admits is likely, they will have the balls to admit it.

It matters not one jot if there is or is not anything on the phone, speculation is pointless because there just might be something so they have to look. The events in Brussels today are a useful reminder of what this case is about - fighting a terrorism which hasn't the slightest regard for anyone's privacy let alone their lives.

 

[tonyidle]

The French/Belgium security services found to their peril that it is even simpler than that. The Attackers in France simply bought loads of anonymous burner phones and dumped them regularly. They stopped using the internet and didn't use smart phone applications.

I think you may have been referring to one time pads. These are effectively uncrackable if used correctly. They can be used over electronic or physical medium such as the postal service. They could even used steganography to put the encrypted message in an image and post it to a public picture site such as imgur or flickr.

I was thinking of dead simple (as long as it's planned in advance). I don't know what it's called but it would involve reference to a book and the message would consist of numbers (or meaningless strings of letters) unless the book (or two or more books if it needed to be virtually indecipherable in a reasonable length of time). Used over the years successfully before computers became available.

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

I was thinking of dead simple (as long as it's planned in advance). I don't know what it's called but it would involve reference to a book and the message would consist of numbers (or meaningless strings of letters) unless the book (or two or more books if it needed to be virtually indecipherable in a reasonable length of time). Used over the years successfully before computers became available.

Sounds like one type pad to me. You can generate a random page of letters and that page is shared by both parties for encryption/decryption or use an existing book only known to both parties. The advantage of the book is that it can be shared without a physical copy having to be transported. The downside of the book method is that there is enough computing power now to go through each book and attempt a brute force attack.

 

[Gromett]

PS: I got curious about the relative security of one time pads vs book based one time pads.
Interesting read.
http://crypto.stackexchange.com/questions/1317/is-a-book-cipher-provably-secure

 

[jonandshell]

Maybe Apple's corporation tax assessment should be proportional to their protection of terrorists?

^{_{Subscribers  do not see these advertisements}}

 

[GJH]

Yes, they could have done that and none of us would ever have known about it.

I, for one, am pleased they didn't. I don't want to repeat the last 5 pages but the principle at stake is far bigger than this one case.

I am not too concerned about this news to be honest. The device they are trying to compromise is in their hands for one, second it is an older model that doesn't have the security chip that the new ones do. So I doubt the FBI could access your new iPhone at all, and certainly not remotely even if this is true.

I disagree, it is not grandstanding and pretence. The do actually have a customer data policy internally and these actions are fully in accordance with those policies.
http://www.reuters.com/article/us-apple-encryption-privacy-insight-idUSKCN0WN0BO

There are principles on this case that I respect apple for upholding. I do not like Apple as a company and I do not like their practices. However on this I have to admit I am 100% behind them.

Just because a company says it has a customer data policy it does not mean that the policy works for the benefit of the customer - the difficulty in obtaining information from private companies without an equivalent of FoIA demonstrates that. Indeed, the lack of transparency of too many companies indicates that (whatever they say publicly) customer interest is very low down on their list of priorities.
Apple is famed for strictly controlling what it allows its customers to do with the devices they sell. That is hardly promotion of customer freedoms. Their bleating and grandstanding has more to do with the boot being on the other foot than with customer interest.
The over-riding principle in law enforcement, throughout society, is that we give up "freedoms" for the greater good. We are not talking about giving any law enforcement agency carte blanche to obtain whatever information it wants whenever it wants but simply allowing access in specific cases where, like this one, a proportionate requirement can be demonstrated.

 

[Gromett]

The over-riding principle in law enforcement, throughout society, is that we give up "freedoms" for the greater good. We are not talking about giving any law enforcement agency carte blanche to obtain whatever information it wants whenever it wants but simply allowing access in specific cases where, like this one, a proportionate requirement can be demonstrated.

I agree that we do accept the loss of some freedoms for the greater good. This case is not just about allowing access in this one specific case. It sets a precedent and there are 100's of phones in the queue to take advantage. The American legal system is different to ours and this action breaches articles in their constitution. There are knock on effects from the success of this case that will catastrophic on a global scale. I am not going to re-iterate the points that both myself and others have made. It is not a simple case of the FBI needs access, Apple must give it for the greater good.

 

[Deleted member 29692]

We are not talking about giving any law enforcement agency carte blanche to obtain whatever information it wants whenever it wants but simply allowing access in specific cases where, like this one, a proportionate requirement can be demonstrated.

It sets a precedent and there are 100's of phones in the queue to take advantage.

175 so far just in Manhattan plus who knows how many in the rest of the country. None are terrorist related and no "proportionate requirement" has been shown. In most cases, as in this one, the authorities/prosecutors are just fishing.

It would effectively mean carte blanche and once they have it for serious criminal cases the definition when it's acceptable to use the power will just widen and widen. Once that starts to happen Apple, Google/Android and Microsoft may as well just do away with all security on all their devices.

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

175 so far just in Manhattan plus who knows how many in the rest of the country. None are terrorist related and no "proportionate requirement" has been shown. In most cases, as in this one, the authorities/prosecutors are just fishing.

It would effectively mean carte blanche and once they have it for serious criminal cases the definition when it's acceptable to use the power will just widen and widen. Once that starts to happen Apple, Google/Android and Microsoft may as well just do away with all security on all their devices.

And once the capability is proven other governments will demand it.

 

[GJH]

I agree that we do accept the loss of some freedoms for the greater good. This case is not just about allowing access in this one specific case. It sets a precedent and there are 100's of phones in the queue to take advantage. The American legal system is different to ours and this action breaches articles in their constitution. There are knock on effects from the success of this case that will catastrophic on a global scale. I am not going to re-iterate the points that both myself and others have made. It is not a simple case of the FBI needs access, Apple must give it for the greater good.

175 so far just in Manhattan plus who knows how many in the rest of the country. None are terrorist related and no "proportionate requirement" has been shown. In most cases, as in this one, the authorities/prosecutors are just fishing.

It would effectively mean carte blanche and once they have it for serious criminal cases the definition when it's acceptable to use the power will just widen and widen. Once that starts to happen Apple, Google/Android and Microsoft may as well just do away with all security on all their devices.

And once the capability is proven other governments will demand it.

The greater good - which is not carte blanche - is best served by allowing law enforcement officers to do their jobs properly. The fact that such widespread abuse did not happen in this country before the HRA restricted the ability to investigate crime shows that power did not just widen and widen.

 

[Deleted member 29692]

The greater good - which is not carte blanche - is best served by allowing law enforcement officers to do their jobs properly. The fact that such widespread abuse did not happen in this country before the HRA restricted the ability to investigate crime shows that power did not just widen and widen.

Mentioning the the HRA or anything else to do with this country is irrelevant and misleading. The subject at hand is what is happening in the US and that is a very different place with very different laws.

What you appear to be saying is that any time a law enforcement agency or prosecuting authority wants access to any device, for any reason, they should get it? That's basically what is happening with the hundreds of cases backed up before the American courts.

I think you have far more faith in the integrity of law enforcement agencies than I do, particularly American ones although I wouldn't be comfortable with UK agencies having such power either.

^{_{Subscribers  do not see these advertisements}}

 

[GJH]

Mentioning the the HRA or anything else to do with this country is irrelevant and misleading. The subject at hand is what is happening in the US and that is a very different place with very different laws.

What you appear to be saying is that any time a law enforcement agency or prosecuting authority wants access to any device, for any reason, they should get it? That's basically what is happening with the hundreds of cases backed up before the American courts.

I think you have far more faith in the integrity of law enforcement agencies than I do, particularly American ones although I wouldn't be comfortable with UK agencies having such power either.

I don't have much faith in anything American but my concern is that Apple and the like would try the same with this country. In that context the HRA is integral because it introduced blanket restrictions on investigatory powers whose value had been proven for years, without any assessment of the merits of doing so.

Perhaps I do have more faith, because I have been part of it and seen the benefit of enabling proper investigation rather than denying it just because some company or individual thinks they are more important.

 

[tonyidle]

Sounds like one type pad to me. You can generate a random page of letters and that page is shared by both parties for encryption/decryption or use an existing book only known to both parties. The advantage of the book is that it can be shared without a physical copy having to be transported. The downside of the book method is that there is enough computing power now to go through each book and attempt a brute force attack.

Very true - but for one-time communication prior to a crime it would more than suffice. I agree it wouldn't hold up well enough to prevent access to evidence after the event but terrorists in particular wouldn't much care.

 

[DBK]

Some info on the company which might be helping the Fri. http://www.timesofisrael.com/how-israels-cellebrite-could-unlock-the-san-bernadino-iphone/

BBC News website also has a piece on this. However, the phone in question is thought to have IoS 9 which is an extra challenge as I understand it.

^{_{Subscribers  do not see these advertisements}}

 

[Deleted member 29692]

Sounds like one type pad to me. You can generate a random page of letters and that page is shared by both parties for encryption/decryption or use an existing book only known to both parties. The advantage of the book is that it can be shared without a physical copy having to be transported. The downside of the book method is that there is enough computing power now to go through each book and attempt a brute force attack.

The added level of security when using one time pads is to use a fresh pad for each word.

If you use randomly generated pads rather than books it makes it very difficult to break.

 

[gus-lopez]

@Gromett yes I can come down on the side of the authorities.

You have more faith in them than I ever had.

I think you have far more faith in the integrity of law enforcement agencies than I do, particularly American ones although I wouldn't be comfortable with UK agencies having such power either.

None of them can lie in bed straight.

 

[DBK]

BBC News website is reporting the phone has now been accessed. It doesn't surprise me given the collective effort applied to the problem. I think all systems have vulnerabilities, it is just a question of finding them. Alternatively, it might have been some sort of hardware based attack where, for example, they accessed the ROM directly.

^{_{Subscribers  do not see these advertisements}}

 

[sdc77]

Hallelujah. .. I'm happy that the FBI gained access to the phone. Let's hope they can now use that knowledge to legally access any other phones they want.
All those on this thread advocating the total security that people apparently need above and beyond the security of their country must be slightly upset (or worried).
I am a little suprised though that people think that a criminal (any criminal) should be above the law of the land.
As for searching a phone being a fishing exercise. Of course it is. As is any search warrant. You just have to persuade the relevant authority that theres a likelihood of evidence being found.
Hopefully there's a few pedophiles, fraudsters and drug dealers in the US worried now.

 

[GJH]

Let's hope they can now use that knowledge to legally access any other phones they want.

The significant point is that now, presumably, they can - and can do so whenever they want, without having to demonstrate any proportionality.

If Apple hadn't been so far up their own backsides, though, they could have kept the code in house so that any future access would have had to have had a sound case made for it. Aren't Apple clever?

 

[Cavs]

I'd like to thank Gromett for his time and patience in explaining a lot of the issues in this case. This thread is one of the most interesting and informative I have read on here for a long time.

^{_{Subscribers  do not see these advertisements}}

 

[Cavs]

If I understand it correctly, the means of getting access to the phone data was available and known to some technicians before the FBI started its case against Apple. The method would be unwieldy and time consuming, but not essentially difficult.

If that is correct, the rationale for the FBI's approach must have been to get the widespread access that Gromett and others warn about, not just accessing that one phone. I don't like Apple's approach as a company (but I do like their kit) but in this case I'm with Gromett in supporting Apple.

 

[DBK]

I'd like to thank Gromett for his time and patience in explaining a lot of the issues in this case. This thread is one of the most interesting and informative I have read on here for a long time.

I suspect the whole thread will now have to be encrypted.

 

[GJH]

If I understand it correctly, the means of getting access to the phone data was available and known to some technicians before the FBI started its case against Apple. The method would be unwieldy and time consuming, but not essentially difficult.

If that is correct, the rationale for the FBI's approach must have been to get the widespread access that Gromett and others warn about, not just accessing that one phone. I don't like Apple's approach as a company (but I do like their kit) but in this case I'm with Gromett in supporting Apple.

If the means of getting access was available anyway then it must have been available for all phones, not just one - i.e. widespread access was already available

^{_{Subscribers  do not see these advertisements}}