In order to ensure that this thread continues to meet TL standards and follows the proper guidelines, we will be enforcing the rules in the OP more strictly. Be sure to give them a re-read to refresh your memory! The vast majority of you are contributing in a healthy way, keep it up!
NOTE: When providing a source, explain why you feel it is relevant and what purpose it adds to the discussion if it's not obvious. Also take note that unsubstantiated tweets/posts meant only to rekindle old arguments can result in a mod action.
On February 19 2016 03:56 Plansix wrote: [quote] From a legal standpoint, that makes it very hard to prove a lot of things. If they can never open an Iphone for review, you could harass someone from it forever, sending death threats and other terrible thing and never be charged. As long as you did it all on the phone, including the creation of the address, it could be impossible to prove you sent the threats.
A tiny computer that can never be opened by anyone but the owner is the dream of almost every slightly smart criminal.
This exists already, and it's called the human brain.
Realistically, everything you send out on a phone still exists on the receiver's phone, and the records of some message being sent to that exact destination which align perfectly with the time stamps still exist. You don't need to break open a criminal's phone to prove that they were transmitting the incriminating messages beyond a reasonable doubt.
Honestly, people pretend that secrets didn't exist before computers, and that the situation is somehow worse. In reality it's far, far better for law enforcement, even with encryption, because you can't brute force or hack a person (legally) who is keeping secrets in their head. but a phone has no rights.
Courts require all evidence be authenticated by a witness, confirming that the evidence is what the attorney claims it is. So in the case of an email, they would need a witness that could testify that the email was sent from that specific phone while the witness is under oath. And that witness is open to cross examination, where the other side can as if they are 100% sure. If they can never open the phone, I question how they would ever prove that it came from that specific phone and not someplace else. The same goes for twitter and all other forms of social media that allow for anonymous log in.
IP addresses. If the phone sends data through the internet, it has a very specific address.
Just as an aside, the legal problem is not proving that device X sent the data. Its to prove the suspect was the one using device X at the time.
And you prove that by saying they have sole access to the device or had the device at the time the criminal activity took place. But to do that, you need to prove that the device sent the data and was the one used. Its a hurdle in all internet based crime and digital evidence.
On a side, note, the Judge specifically ordered that Apple assist with bypassing the auto delete feature, which appears to be no small task. Also removing the limit on the number of password attempts. If they cannot currently do that, they need to write software that will allow them.
So the order isn't for them to create a back door, but remove the defenses they put in place so the FBI can force the phone open. With those in place, every iphone is completely immune to being forced open. I don't see anything unreasonable about that order.
Sorry but have you ever felt that maybe lawschool did not make you an expert in cryptography? Does american law have no form of: de.wikipedia.org? The gain of hacking that phone is insignificantly low, but it's detriments are unpredictably large and severe. There is no compelling argument to do it. And "fuck i have no clue how stuff works, i will force the apple guys to do my bidding" just doesn't cut it.
First of all, I am a paralegal. Second, don't be an asshole. That second one might be hard for you.
Its a piece of tech. Apple has created a system where it is marketing and selling communication devices that cannot be forced opened without destroying the evidence. They either comply or the FBI is going to push congress to make this form of encryption illegal without some way of opening it.
Ok, sorry i will try.
Please look at that legal concept, i hope google autotranslate makes it kinda understandable. Approprietness of means of law enforcement is an issue that we can talk about in a politics thread, giving advice on how encryption should get circumvented by people not knowing how said encryption works however is pointless.
I agree with you that it might happen this way, and i am saying it is a bad outcome for society overall.
Let me put it to you this way, you understand encryption. I understand how hard it is to get evidence entered into a court. Even physical evidence is challenging at times. We have had documents that are worthless because we couldn't provide a witness to confirm they were authentic. Same with photos, because no one could testify when they we needed to prove they were taken in a specific time frame. Emails are a nightmare if one side won't admit they sent it. You need to call the system administrator and have them confirm where the email came from and then prove that the person in question had sole access to the machine. If you can't access the phone to provide proof to the jury that the email/text/tweet was sent from that phone, it will likely be impossible to prove who send it. That is just a reality of the legal process for almost all evidence.
May it suprise you when i say: "so what?", why should proving something being easy be the highest standard our (/your) society strifes for?
The point is that i don't trust the FBI with that kind of access. US agencies are known to ignore the law if it benefits them when working with data. If the FBI has that access, i give it at most a year or two until it turns out that they weren't only using it with legitimate court orders.
Second point: When that access possibility exists, it is less secure than when it doesn't exist. Currently, noone has to keep it safe because it doesn't exist. If you build intentional backdoors into programs, they become less secure. (And it is a back door, not a fucking front door, stop using that word, it does not mean what you think it means.) And if you force apple and US companies to provide backdoors to their products via law and thus open them up to abuse from criminals, you just have to wait for the first time when someone breaks into that backdoor to lose a giant amount of market share to non-US companies who are not forced to compromise security to satisfy the governments unending need to spy on its citizens.
oneofthem, you should bear in mind that the NSA let random contractors who didn't even work for the NSA have access to all their shit and one of them was able to just take stuff home with him, get on a plane to HK and give it all away. The only defence against human incompetence hacking is to limit the ability of the humans to cause damage. When someone with a strong Chinese accent calls the FBI and claims to be President Obema who has forgotten the pin to his iphone and needs the algorithm to unlock it someone will give it up.
On February 19 2016 03:56 Plansix wrote: [quote] From a legal standpoint, that makes it very hard to prove a lot of things. If they can never open an Iphone for review, you could harass someone from it forever, sending death threats and other terrible thing and never be charged. As long as you did it all on the phone, including the creation of the address, it could be impossible to prove you sent the threats.
A tiny computer that can never be opened by anyone but the owner is the dream of almost every slightly smart criminal.
This exists already, and it's called the human brain.
Realistically, everything you send out on a phone still exists on the receiver's phone, and the records of some message being sent to that exact destination which align perfectly with the time stamps still exist. You don't need to break open a criminal's phone to prove that they were transmitting the incriminating messages beyond a reasonable doubt.
Honestly, people pretend that secrets didn't exist before computers, and that the situation is somehow worse. In reality it's far, far better for law enforcement, even with encryption, because you can't brute force or hack a person (legally) who is keeping secrets in their head. but a phone has no rights.
Courts require all evidence be authenticated by a witness, confirming that the evidence is what the attorney claims it is. So in the case of an email, they would need a witness that could testify that the email was sent from that specific phone while the witness is under oath. And that witness is open to cross examination, where the other side can as if they are 100% sure. If they can never open the phone, I question how they would ever prove that it came from that specific phone and not someplace else. The same goes for twitter and all other forms of social media that allow for anonymous log in.
IP addresses. If the phone sends data through the internet, it has a very specific address.
Just as an aside, the legal problem is not proving that device X sent the data. Its to prove the suspect was the one using device X at the time.
And you prove that by saying they have sole access to the device or had the device at the time the criminal activity took place. But to do that, you need to prove that the device sent the data and was the one used. Its a hurdle in all internet based crime and digital evidence.
On a side, note, the Judge specifically ordered that Apple assist with bypassing the auto delete feature, which appears to be no small task. Also removing the limit on the number of password attempts. If they cannot currently do that, they need to write software that will allow them.
So the order isn't for them to create a back door, but remove the defenses they put in place so the FBI can force the phone open. With those in place, every iphone is completely immune to being forced open. I don't see anything unreasonable about that order.
Sorry but have you ever felt that maybe lawschool did not make you an expert in cryptography? Does american law have no form of: de.wikipedia.org? The gain of hacking that phone is insignificantly low, but it's detriments are unpredictably large and severe. There is no compelling argument to do it. And "fuck i have no clue how stuff works, i will force the apple guys to do my bidding" just doesn't cut it.
First of all, I am a paralegal. Second, don't be an asshole. That second one might be hard for you.
Its a piece of tech. Apple has created a system where it is marketing and selling communication devices that cannot be forced opened without destroying the evidence. They either comply or the FBI is going to push congress to make this form of encryption illegal without some way of opening it.
Ok, sorry i will try.
Please look at that legal concept, i hope google autotranslate makes it kinda understandable. Approprietness of means of law enforcement is an issue that we can talk about in a politics thread, giving advice on how encryption should get circumvented by people not knowing how said encryption works however is pointless.
I agree with you that it might happen this way, and i am saying it is a bad outcome for society overall.
Let me put it to you this way, you understand encryption. I understand how hard it is to get evidence entered into a court. Even physical evidence is challenging at times. We have had documents that are worthless because we couldn't provide a witness to confirm they were authentic. Same with photos, because no one could testify when they we needed to prove they were taken in a specific time frame. Emails are a nightmare if one side won't admit they sent it. You need to call the system administrator and have them confirm where the email came from and then prove that the person in question had sole access to the machine. If you can't access the phone to provide proof to the jury that the email/text/tweet was sent from that phone, it will likely be impossible to prove who send it. That is just a reality of the legal process for almost all evidence.
It's Ben Franklin time! One of your own founding fathers: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
On February 19 2016 04:13 oneofthem wrote: [quote]so what is the problem with creating another similarly secure front door mechanism that authorized access can open?
The problem, as stated a hundred times already, is that your use of the word "authorized" is not in line with reality.
You think it means "only the people we want".
The reality is "only people who have the key".
And there is a gigantic difference.
that is not what i think at all, try again. a front door works the same way but with proper safeguards that a 'back door' lacks. you might as well say the fact the owner can use the phone is a security flaw.
OK. So the front door requires a special key that the user can configure. He sets his code to fjord$^_fhrid4568nrtbr÷==AT&TIEN
He memorized this key and doesn't tell anybody. He subsequently dies, leaving the front door locked forever.
Now what you're proposing is that somehow Apple magically has this key too? How?
EDIT: and just to be clear this, and only this is the front door. Amy other access mechanism is, by its very definition, a back door.
the front door would be a secured access option with the fbi or whoever holding the key. i am talking about designing the security process so as to avoid both unsecure backdoors and inability to access device in the process of investigation and so on.
You know that the analogy is a house with two doors. One with your key and one with the FBI's key. Except that the FBI's key also opens everybody else's door in the entire world. It's a single point of failure as about 100 ppl here have pointed out, and by its very definition insecure. You seem to be throwing words around without knowing their technical definition in this context.
uh it does not have to be a passcode key obviously. there can be device specific code that requires a secured algorithm to decrypt. it would not be a universal one point of failure, and this is just a technical challenge that should not define the tradeoff in question.
Except that now your golden algorithm has taken the place of your golden key. I am literally repeating the wired article I posted not 1 page back. Please read a wiki page on information security or something... It is either device specific, or universally usable whenever the FBI wants to. In the latter, it is a single point of failure. And while at first that key/algorithm will be fairly safe with just the FBI having access, I give it a few months/year at most before it is reproduced, copied or stolen.
you can't reverse engineer some encrypted locks to find the solver algorithm, so just properly secure the golden algorithm and we are okay. the overall landscape is that strength of encryption can get very high, so if your question is on the security of the government door then it should not be an unsolvable problem, except when there is so much dismissal for want of a solution.
Nothing is impenetrable.
Security is about making things so hard to break into that it's prohibitively expensive to do so.
The problem you are creating, however, is that this golden widget will be almost indescribably valuable to a lot of ppl, ranging from organized crime to foreign agencies. It also cannot be changed sufficiently often to not give these organizations a lot of time and data to Crack the system.
Combine the two, and I give any such system between a few months and a year before it is blown wide open, and with it, all data on all smartphones... or at least all American ones. I give it about a week before Samsung and all Chinese brands drop Android and switch to Tizen or some other homebrew OS, and the rest of the world laughs at how stupid the US was to purposefully expose their entire population.
And you thought the Ashley Madison hack was bad...
it would certainly be subjected to attacks but the public exposure is to the individual devices, and not the FBI portion of the mechanism or the manufacturer portion. you can have encryption dependent on a code per device that apple holds, going through a decrypter the government holds, and all the device has is a non-communicative door.
again the standard is not really impossible to crack. it just has to be nonfragile and be at least as secure as the regular security feature on the device.
On February 19 2016 04:11 WolfintheSheep wrote: [quote] This exists already, and it's called the human brain.
Realistically, everything you send out on a phone still exists on the receiver's phone, and the records of some message being sent to that exact destination which align perfectly with the time stamps still exist. You don't need to break open a criminal's phone to prove that they were transmitting the incriminating messages beyond a reasonable doubt.
Honestly, people pretend that secrets didn't exist before computers, and that the situation is somehow worse. In reality it's far, far better for law enforcement, even with encryption, because you can't brute force or hack a person (legally) who is keeping secrets in their head. but a phone has no rights.
Courts require all evidence be authenticated by a witness, confirming that the evidence is what the attorney claims it is. So in the case of an email, they would need a witness that could testify that the email was sent from that specific phone while the witness is under oath. And that witness is open to cross examination, where the other side can as if they are 100% sure. If they can never open the phone, I question how they would ever prove that it came from that specific phone and not someplace else. The same goes for twitter and all other forms of social media that allow for anonymous log in.
IP addresses. If the phone sends data through the internet, it has a very specific address.
Just as an aside, the legal problem is not proving that device X sent the data. Its to prove the suspect was the one using device X at the time.
And you prove that by saying they have sole access to the device or had the device at the time the criminal activity took place. But to do that, you need to prove that the device sent the data and was the one used. Its a hurdle in all internet based crime and digital evidence.
On a side, note, the Judge specifically ordered that Apple assist with bypassing the auto delete feature, which appears to be no small task. Also removing the limit on the number of password attempts. If they cannot currently do that, they need to write software that will allow them.
So the order isn't for them to create a back door, but remove the defenses they put in place so the FBI can force the phone open. With those in place, every iphone is completely immune to being forced open. I don't see anything unreasonable about that order.
Sorry but have you ever felt that maybe lawschool did not make you an expert in cryptography? Does american law have no form of: de.wikipedia.org? The gain of hacking that phone is insignificantly low, but it's detriments are unpredictably large and severe. There is no compelling argument to do it. And "fuck i have no clue how stuff works, i will force the apple guys to do my bidding" just doesn't cut it.
First of all, I am a paralegal. Second, don't be an asshole. That second one might be hard for you.
Its a piece of tech. Apple has created a system where it is marketing and selling communication devices that cannot be forced opened without destroying the evidence. They either comply or the FBI is going to push congress to make this form of encryption illegal without some way of opening it.
Ok, sorry i will try.
Please look at that legal concept, i hope google autotranslate makes it kinda understandable. Approprietness of means of law enforcement is an issue that we can talk about in a politics thread, giving advice on how encryption should get circumvented by people not knowing how said encryption works however is pointless.
I agree with you that it might happen this way, and i am saying it is a bad outcome for society overall.
Let me put it to you this way, you understand encryption. I understand how hard it is to get evidence entered into a court. Even physical evidence is challenging at times. We have had documents that are worthless because we couldn't provide a witness to confirm they were authentic. Same with photos, because no one could testify when they we needed to prove they were taken in a specific time frame. Emails are a nightmare if one side won't admit they sent it. If you can't access the phone to provide proof to the jury that the email/text/tweet was sent from that phone, it will likely be impossible to prove who send it. That is just a reality of the legal process for almost all evidence.
And you think the solution is to throw everything out on the street instead? (since it is almost inevitable that it will be broken once introduced) Sometimes the privacy of everyone is more important then your ability to convict one man.
What if that personal is going to harm me or my family? Or is harassing me? Plotting to steal from me? Taking photos of my children and stalking them when I am not around? That isn't a hard drive, its a computer that is connected to a network. Its not a safe. The key part is the majority of crimes harm another person. Does privacy extend so far that this man made system makes them immune a search if they own an Iphone?
I'd like to throw in that one of the heads of the Paris attacks was literally interviewed by ISIS self proclaimed 'lifestyle magazine' half a year before the attacks, so before the intelligence agencies try to hack phones they maybe should start browsing Facebook
Courts require all evidence be authenticated by a witness, confirming that the evidence is what the attorney claims it is. So in the case of an email, they would need a witness that could testify that the email was sent from that specific phone while the witness is under oath. And that witness is open to cross examination, where the other side can as if they are 100% sure. If they can never open the phone, I question how they would ever prove that it came from that specific phone and not someplace else. The same goes for twitter and all other forms of social media that allow for anonymous log in.
IP addresses. If the phone sends data through the internet, it has a very specific address.
Just as an aside, the legal problem is not proving that device X sent the data. Its to prove the suspect was the one using device X at the time.
And you prove that by saying they have sole access to the device or had the device at the time the criminal activity took place. But to do that, you need to prove that the device sent the data and was the one used. Its a hurdle in all internet based crime and digital evidence.
On a side, note, the Judge specifically ordered that Apple assist with bypassing the auto delete feature, which appears to be no small task. Also removing the limit on the number of password attempts. If they cannot currently do that, they need to write software that will allow them.
So the order isn't for them to create a back door, but remove the defenses they put in place so the FBI can force the phone open. With those in place, every iphone is completely immune to being forced open. I don't see anything unreasonable about that order.
Sorry but have you ever felt that maybe lawschool did not make you an expert in cryptography? Does american law have no form of: de.wikipedia.org? The gain of hacking that phone is insignificantly low, but it's detriments are unpredictably large and severe. There is no compelling argument to do it. And "fuck i have no clue how stuff works, i will force the apple guys to do my bidding" just doesn't cut it.
First of all, I am a paralegal. Second, don't be an asshole. That second one might be hard for you.
Its a piece of tech. Apple has created a system where it is marketing and selling communication devices that cannot be forced opened without destroying the evidence. They either comply or the FBI is going to push congress to make this form of encryption illegal without some way of opening it.
Ok, sorry i will try.
Please look at that legal concept, i hope google autotranslate makes it kinda understandable. Approprietness of means of law enforcement is an issue that we can talk about in a politics thread, giving advice on how encryption should get circumvented by people not knowing how said encryption works however is pointless.
I agree with you that it might happen this way, and i am saying it is a bad outcome for society overall.
Let me put it to you this way, you understand encryption. I understand how hard it is to get evidence entered into a court. Even physical evidence is challenging at times. We have had documents that are worthless because we couldn't provide a witness to confirm they were authentic. Same with photos, because no one could testify when they we needed to prove they were taken in a specific time frame. Emails are a nightmare if one side won't admit they sent it. If you can't access the phone to provide proof to the jury that the email/text/tweet was sent from that phone, it will likely be impossible to prove who send it. That is just a reality of the legal process for almost all evidence.
And you think the solution is to throw everything out on the street instead? (since it is almost inevitable that it will be broken once introduced) Sometimes the privacy of everyone is more important then your ability to convict one man.
What if that personal is going to harm me or my family? Or is harassing me? Plotting to steal from me? Taking photos of my children and stalking them when I am not around? That isn't a hard drive, its a computer that is connected to a network. Its not a safe. The key part is the majority of crimes harm another person. Does privacy extend so far that this man made system makes them immune a search if they own an Iphone?
For someone who works with the courts you have a very bad understanding of why we have so many limits in place.
On February 19 2016 05:24 Nyxisto wrote: I'd like to throw in that one of the heads of the Paris attacks was literally interviewed by ISIS self proclaimed 'lifestyle magazine' half a year before the attacks, so before the intelligence agencies try to hack phones they maybe should start browsing Facebook
Man so much for our beautiful intelligence community that they couldn't fucking stop 9/11. The whole bureaucracy is loaded with incompetence.
In December 2015, Juniper Networks announced that some revisions of their ScreenOS firmware used Dual_EC_DRGB with the suspect P and Q points, creating a backdoor in their firewall. Originally it was supposed to use a Q point chosen by Juniper which may or may not have been generated in provably safe way. Dual_EC_DRGB was then used to seed ANSI X9.17 PRNG. This would have obfuscated the Dual_EC_DRGB output thus killing the backdoor. However, a "bug" in the code exposed the raw output of the Dual_EC_DRGB, hence compromising the security of the system. This backdoor was then backdoored itself by an unknown party which changed the Q point and some test vectors. Allegations that the NSA had persistent backdoor access through Juniper firewalls had already been published in 2013 by Der Spiegel.
Courts require all evidence be authenticated by a witness, confirming that the evidence is what the attorney claims it is. So in the case of an email, they would need a witness that could testify that the email was sent from that specific phone while the witness is under oath. And that witness is open to cross examination, where the other side can as if they are 100% sure. If they can never open the phone, I question how they would ever prove that it came from that specific phone and not someplace else. The same goes for twitter and all other forms of social media that allow for anonymous log in.
IP addresses. If the phone sends data through the internet, it has a very specific address.
Just as an aside, the legal problem is not proving that device X sent the data. Its to prove the suspect was the one using device X at the time.
And you prove that by saying they have sole access to the device or had the device at the time the criminal activity took place. But to do that, you need to prove that the device sent the data and was the one used. Its a hurdle in all internet based crime and digital evidence.
On a side, note, the Judge specifically ordered that Apple assist with bypassing the auto delete feature, which appears to be no small task. Also removing the limit on the number of password attempts. If they cannot currently do that, they need to write software that will allow them.
So the order isn't for them to create a back door, but remove the defenses they put in place so the FBI can force the phone open. With those in place, every iphone is completely immune to being forced open. I don't see anything unreasonable about that order.
Sorry but have you ever felt that maybe lawschool did not make you an expert in cryptography? Does american law have no form of: de.wikipedia.org? The gain of hacking that phone is insignificantly low, but it's detriments are unpredictably large and severe. There is no compelling argument to do it. And "fuck i have no clue how stuff works, i will force the apple guys to do my bidding" just doesn't cut it.
First of all, I am a paralegal. Second, don't be an asshole. That second one might be hard for you.
Its a piece of tech. Apple has created a system where it is marketing and selling communication devices that cannot be forced opened without destroying the evidence. They either comply or the FBI is going to push congress to make this form of encryption illegal without some way of opening it.
Ok, sorry i will try.
Please look at that legal concept, i hope google autotranslate makes it kinda understandable. Approprietness of means of law enforcement is an issue that we can talk about in a politics thread, giving advice on how encryption should get circumvented by people not knowing how said encryption works however is pointless.
I agree with you that it might happen this way, and i am saying it is a bad outcome for society overall.
Let me put it to you this way, you understand encryption. I understand how hard it is to get evidence entered into a court. Even physical evidence is challenging at times. We have had documents that are worthless because we couldn't provide a witness to confirm they were authentic. Same with photos, because no one could testify when they we needed to prove they were taken in a specific time frame. Emails are a nightmare if one side won't admit they sent it. If you can't access the phone to provide proof to the jury that the email/text/tweet was sent from that phone, it will likely be impossible to prove who send it. That is just a reality of the legal process for almost all evidence.
And you think the solution is to throw everything out on the street instead? (since it is almost inevitable that it will be broken once introduced) Sometimes the privacy of everyone is more important then your ability to convict one man.
What if that personal is going to harm me or my family? Or is harassing me? Plotting to steal from me? Taking photos of my children and stalking them when I am not around? That isn't a hard drive, its a computer that is connected to a network. Its not a safe. The key part is the majority of crimes harm another person. Does privacy extend so far that this man made system makes them immune a search if they own an Iphone?
Dude wtf are you even talking about anymore? How does encryption prevent prosecution of a person for doing any of those things?
And "a computer is not a safe"? What the fuck? What is a "safe"?
On February 19 2016 04:20 WolfintheSheep wrote: [quote] The problem, as stated a hundred times already, is that your use of the word "authorized" is not in line with reality.
You think it means "only the people we want".
The reality is "only people who have the key".
And there is a gigantic difference.
that is not what i think at all, try again. a front door works the same way but with proper safeguards that a 'back door' lacks. you might as well say the fact the owner can use the phone is a security flaw.
OK. So the front door requires a special key that the user can configure. He sets his code to fjord$^_fhrid4568nrtbr÷==AT&TIEN
He memorized this key and doesn't tell anybody. He subsequently dies, leaving the front door locked forever.
Now what you're proposing is that somehow Apple magically has this key too? How?
EDIT: and just to be clear this, and only this is the front door. Amy other access mechanism is, by its very definition, a back door.
the front door would be a secured access option with the fbi or whoever holding the key. i am talking about designing the security process so as to avoid both unsecure backdoors and inability to access device in the process of investigation and so on.
You know that the analogy is a house with two doors. One with your key and one with the FBI's key. Except that the FBI's key also opens everybody else's door in the entire world. It's a single point of failure as about 100 ppl here have pointed out, and by its very definition insecure. You seem to be throwing words around without knowing their technical definition in this context.
uh it does not have to be a passcode key obviously. there can be device specific code that requires a secured algorithm to decrypt. it would not be a universal one point of failure, and this is just a technical challenge that should not define the tradeoff in question.
Except that now your golden algorithm has taken the place of your golden key. I am literally repeating the wired article I posted not 1 page back. Please read a wiki page on information security or something... It is either device specific, or universally usable whenever the FBI wants to. In the latter, it is a single point of failure. And while at first that key/algorithm will be fairly safe with just the FBI having access, I give it a few months/year at most before it is reproduced, copied or stolen.
you can't reverse engineer some encrypted locks to find the solver algorithm, so just properly secure the golden algorithm and we are okay. the overall landscape is that strength of encryption can get very high, so if your question is on the security of the government door then it should not be an unsolvable problem, except when there is so much dismissal for want of a solution.
Nothing is impenetrable.
Security is about making things so hard to break into that it's prohibitively expensive to do so.
The problem you are creating, however, is that this golden widget will be almost indescribably valuable to a lot of ppl, ranging from organized crime to foreign agencies. It also cannot be changed sufficiently often to not give these organizations a lot of time and data to Crack the system.
Combine the two, and I give any such system between a few months and a year before it is blown wide open, and with it, all data on all smartphones... or at least all American ones. I give it about a week before Samsung and all Chinese brands drop Android and switch to Tizen or some other homebrew OS, and the rest of the world laughs at how stupid the US was to purposefully expose their entire population.
And you thought the Ashley Madison hack was bad...
it would certainly be subjected to attacks but the public exposure is to the individual devices, and not the FBI portion of the mechanism or the manufacturer portion. you can have encryption dependent on a code per device that apple holds, going through a decrypter the government holds, and all the device has is a non-communicative door.
again the standard is not really impossible to crack. it just has to be nonfragile and be at least as secure as the regular security feature on the device.
No. It has to be about 100 million times as secure, because instead of giving access to 1 phone, it'll give access to a 100 million phones.
Also, why the focus on Apple? Do you think Google and Microsoft are immune? So suddenly the firmware system jiggerydo can be accessed by a couple of dozen people. It'll take a few weeks for that part to leak. The FBI will be harder. But soon someone will be chopping off Bobby Jr's fingers and that'll be the end of that.
IP addresses. If the phone sends data through the internet, it has a very specific address.
Just as an aside, the legal problem is not proving that device X sent the data. Its to prove the suspect was the one using device X at the time.
And you prove that by saying they have sole access to the device or had the device at the time the criminal activity took place. But to do that, you need to prove that the device sent the data and was the one used. Its a hurdle in all internet based crime and digital evidence.
On a side, note, the Judge specifically ordered that Apple assist with bypassing the auto delete feature, which appears to be no small task. Also removing the limit on the number of password attempts. If they cannot currently do that, they need to write software that will allow them.
So the order isn't for them to create a back door, but remove the defenses they put in place so the FBI can force the phone open. With those in place, every iphone is completely immune to being forced open. I don't see anything unreasonable about that order.
Sorry but have you ever felt that maybe lawschool did not make you an expert in cryptography? Does american law have no form of: de.wikipedia.org? The gain of hacking that phone is insignificantly low, but it's detriments are unpredictably large and severe. There is no compelling argument to do it. And "fuck i have no clue how stuff works, i will force the apple guys to do my bidding" just doesn't cut it.
First of all, I am a paralegal. Second, don't be an asshole. That second one might be hard for you.
Its a piece of tech. Apple has created a system where it is marketing and selling communication devices that cannot be forced opened without destroying the evidence. They either comply or the FBI is going to push congress to make this form of encryption illegal without some way of opening it.
Ok, sorry i will try.
Please look at that legal concept, i hope google autotranslate makes it kinda understandable. Approprietness of means of law enforcement is an issue that we can talk about in a politics thread, giving advice on how encryption should get circumvented by people not knowing how said encryption works however is pointless.
I agree with you that it might happen this way, and i am saying it is a bad outcome for society overall.
Let me put it to you this way, you understand encryption. I understand how hard it is to get evidence entered into a court. Even physical evidence is challenging at times. We have had documents that are worthless because we couldn't provide a witness to confirm they were authentic. Same with photos, because no one could testify when they we needed to prove they were taken in a specific time frame. Emails are a nightmare if one side won't admit they sent it. If you can't access the phone to provide proof to the jury that the email/text/tweet was sent from that phone, it will likely be impossible to prove who send it. That is just a reality of the legal process for almost all evidence.
And you think the solution is to throw everything out on the street instead? (since it is almost inevitable that it will be broken once introduced) Sometimes the privacy of everyone is more important then your ability to convict one man.
What if that personal is going to harm me or my family? Or is harassing me? Plotting to steal from me? Taking photos of my children and stalking them when I am not around? That isn't a hard drive, its a computer that is connected to a network. Its not a safe. The key part is the majority of crimes harm another person. Does privacy extend so far that this man made system makes them immune a search if they own an Iphone?
Dude wtf are you even talking about anymore? How does encryption prevent prosecution of a person for doing any of those things?
And "a computer is not a safe"? What the fuck? What is a "safe"?
He stated that privacy was more important than the ability to convict someone. And I pointed out that crimes are normally the result on one person harming another in some way, that we weight the rights of privacy to the right of the victim not to be harmed. That is why we have search warrants.
On February 19 2016 04:25 oneofthem wrote: [quote] that is not what i think at all, try again. a front door works the same way but with proper safeguards that a 'back door' lacks. you might as well say the fact the owner can use the phone is a security flaw.
OK. So the front door requires a special key that the user can configure. He sets his code to fjord$^_fhrid4568nrtbr÷==AT&TIEN
He memorized this key and doesn't tell anybody. He subsequently dies, leaving the front door locked forever.
Now what you're proposing is that somehow Apple magically has this key too? How?
EDIT: and just to be clear this, and only this is the front door. Amy other access mechanism is, by its very definition, a back door.
the front door would be a secured access option with the fbi or whoever holding the key. i am talking about designing the security process so as to avoid both unsecure backdoors and inability to access device in the process of investigation and so on.
You know that the analogy is a house with two doors. One with your key and one with the FBI's key. Except that the FBI's key also opens everybody else's door in the entire world. It's a single point of failure as about 100 ppl here have pointed out, and by its very definition insecure. You seem to be throwing words around without knowing their technical definition in this context.
uh it does not have to be a passcode key obviously. there can be device specific code that requires a secured algorithm to decrypt. it would not be a universal one point of failure, and this is just a technical challenge that should not define the tradeoff in question.
Except that now your golden algorithm has taken the place of your golden key. I am literally repeating the wired article I posted not 1 page back. Please read a wiki page on information security or something... It is either device specific, or universally usable whenever the FBI wants to. In the latter, it is a single point of failure. And while at first that key/algorithm will be fairly safe with just the FBI having access, I give it a few months/year at most before it is reproduced, copied or stolen.
you can't reverse engineer some encrypted locks to find the solver algorithm, so just properly secure the golden algorithm and we are okay. the overall landscape is that strength of encryption can get very high, so if your question is on the security of the government door then it should not be an unsolvable problem, except when there is so much dismissal for want of a solution.
This is why the technologically inept should not comment on these things.
"Just properly secure it" is not a solution, it's a wish.
this is as technical as holding gold in a vault, since we are really talking about securing the method not a piece of passcode. learn to read.
You fail to understand that there is no difference between the pass code and the method.
Whether you use a key or a sequence of genetically modified monkeys that have to dance in a specific order, it is only the complexity that increases, not the underlying principles. And give enough incentive, that complexity can be overcome (usually because some FBI shmoe leaves his laptop in his car)
the point is you can have physical security method on top of the encryption. the former would at least prevent access and provide knowledge of loss which can then be signal to do something about it before the sufficient time passes for the device to be rendered ineffective.
this random contractor situation is pretty bad but we are talking about future plans. i do agree political risk is probably unacceptable at this moment but having a discovery proof space of operations is going to breed all sorts of illegal activities.
On February 19 2016 05:24 Nyxisto wrote: I'd like to throw in that one of the heads of the Paris attacks was literally interviewed by ISIS self proclaimed 'lifestyle magazine' half a year before the attacks, so before the intelligence agencies try to hack phones they maybe should start browsing Facebook
the u.s. at least is refraining from watching social media due to civil rights concerns.
On February 19 2016 05:23 Plansix wrote: Does privacy extend so far that this man made system makes them immune a search if they own an Iphone?
This isn't the crux of the issue. The crux of the issue is over encryption. Privacy does not and should not make one immune to legal searches and seizures. But that's not the issue at all.
Do I have a right to encrypt my data? Do I have the right to private communication?
On February 19 2016 04:20 WolfintheSheep wrote: [quote] The problem, as stated a hundred times already, is that your use of the word "authorized" is not in line with reality.
You think it means "only the people we want".
The reality is "only people who have the key".
And there is a gigantic difference.
that is not what i think at all, try again. a front door works the same way but with proper safeguards that a 'back door' lacks. you might as well say the fact the owner can use the phone is a security flaw.
OK. So the front door requires a special key that the user can configure. He sets his code to fjord$^_fhrid4568nrtbr÷==AT&TIEN
He memorized this key and doesn't tell anybody. He subsequently dies, leaving the front door locked forever.
Now what you're proposing is that somehow Apple magically has this key too? How?
EDIT: and just to be clear this, and only this is the front door. Amy other access mechanism is, by its very definition, a back door.
the front door would be a secured access option with the fbi or whoever holding the key. i am talking about designing the security process so as to avoid both unsecure backdoors and inability to access device in the process of investigation and so on.
You know that the analogy is a house with two doors. One with your key and one with the FBI's key. Except that the FBI's key also opens everybody else's door in the entire world. It's a single point of failure as about 100 ppl here have pointed out, and by its very definition insecure. You seem to be throwing words around without knowing their technical definition in this context.
uh it does not have to be a passcode key obviously. there can be device specific code that requires a secured algorithm to decrypt. it would not be a universal one point of failure, and this is just a technical challenge that should not define the tradeoff in question.
Except that now your golden algorithm has taken the place of your golden key. I am literally repeating the wired article I posted not 1 page back. Please read a wiki page on information security or something... It is either device specific, or universally usable whenever the FBI wants to. In the latter, it is a single point of failure. And while at first that key/algorithm will be fairly safe with just the FBI having access, I give it a few months/year at most before it is reproduced, copied or stolen.
you can't reverse engineer some encrypted locks to find the solver algorithm, so just properly secure the golden algorithm and we are okay. the overall landscape is that strength of encryption can get very high, so if your question is on the security of the government door then it should not be an unsolvable problem, except when there is so much dismissal for want of a solution.
This is why the technologically inept should not comment on these things.
"Just properly secure it" is not a solution, it's a wish.
They should remove the auto delete feature, that is a little much. From reports, it takes a really long time to crack these phones by brute force, so that should be enough.
Well, reality of this (assuming it's confirmed) is that being able to update the firmware and overwrite security settings is already a gigantic security hole.
On February 19 2016 04:20 WolfintheSheep wrote: [quote] The problem, as stated a hundred times already, is that your use of the word "authorized" is not in line with reality.
You think it means "only the people we want".
The reality is "only people who have the key".
And there is a gigantic difference.
that is not what i think at all, try again. a front door works the same way but with proper safeguards that a 'back door' lacks. you might as well say the fact the owner can use the phone is a security flaw.
OK. So the front door requires a special key that the user can configure. He sets his code to fjord$^_fhrid4568nrtbr÷==AT&TIEN
He memorized this key and doesn't tell anybody. He subsequently dies, leaving the front door locked forever.
Now what you're proposing is that somehow Apple magically has this key too? How?
EDIT: and just to be clear this, and only this is the front door. Amy other access mechanism is, by its very definition, a back door.
the front door would be a secured access option with the fbi or whoever holding the key. i am talking about designing the security process so as to avoid both unsecure backdoors and inability to access device in the process of investigation and so on.
You know that the analogy is a house with two doors. One with your key and one with the FBI's key. Except that the FBI's key also opens everybody else's door in the entire world. It's a single point of failure as about 100 ppl here have pointed out, and by its very definition insecure. You seem to be throwing words around without knowing their technical definition in this context.
uh it does not have to be a passcode key obviously. there can be device specific code that requires a secured algorithm to decrypt. it would not be a universal one point of failure, and this is just a technical challenge that should not define the tradeoff in question.
Except that now your golden algorithm has taken the place of your golden key. I am literally repeating the wired article I posted not 1 page back. Please read a wiki page on information security or something... It is either device specific, or universally usable whenever the FBI wants to. In the latter, it is a single point of failure. And while at first that key/algorithm will be fairly safe with just the FBI having access, I give it a few months/year at most before it is reproduced, copied or stolen.
you can't reverse engineer some encrypted locks to find the solver algorithm, so just properly secure the golden algorithm and we are okay. the overall landscape is that strength of encryption can get very high, so if your question is on the security of the government door then it should not be an unsolvable problem, except when there is so much dismissal for want of a solution.
Nothing is impenetrable.
Security is about making things so hard to break into that it's prohibitively expensive to do so.
The problem you are creating, however, is that this golden widget will be almost indescribably valuable to a lot of ppl, ranging from organized crime to foreign agencies. It also cannot be changed sufficiently often to not give these organizations a lot of time and data to Crack the system.
Combine the two, and I give any such system between a few months and a year before it is blown wide open, and with it, all data on all smartphones... or at least all American ones. I give it about a week before Samsung and all Chinese brands drop Android and switch to Tizen or some other homebrew OS, and the rest of the world laughs at how stupid the US was to purposefully expose their entire population.
And you thought the Ashley Madison hack was bad...
it would certainly be subjected to attacks but the public exposure is to the individual devices, and not the FBI portion of the mechanism or the manufacturer portion. you can have encryption dependent on a code per device that apple holds, going through a decrypter the government holds, and all the device has is a non-communicative door.
again the standard is not really impossible to crack. it just has to be nonfragile and be at least as secure as the regular security feature on the device.
Obscurity is one of the strongest security measures you can have. Breaking your personal security is not really that hard, just time intensive and not worth the ROI. (which is really the FBI's issue. They could probably break the phone's encryption with enough time and resources, they just want Apple to make it easier and faster)
Breaking everyone's security all at once, though, that's worth a lot.
On February 19 2016 05:24 Nyxisto wrote: I'd like to throw in that one of the heads of the Paris attacks was literally interviewed by ISIS self proclaimed 'lifestyle magazine' half a year before the attacks, so before the intelligence agencies try to hack phones they maybe should start browsing Facebook
the u.s. at least is refraining from watching social media due to civil rights concerns.
So they're not watching stuff people consciously put out in public but they demand to get access to private information? Is this bizarro world? I'm pretty sure the Boston marathon guys put stuff on their social media pages as well.
EPT
![[image loading]](https://images-na.ssl-images-amazon.com/images/G/01/th/aplus/sentrysafe/B005P12C5A-2.jpg)
