Apple v. FBI

[nevets88]

13 minutes ago, boogielicious said:

Steve beat you to it!

Watch the ad at the end if you watch it all. F***ing hilarious! 

Join us as we dance madly on the lip of the volcano.

[saevel25]

13 minutes ago, boogielicious said:

Steve beat you to it!

I got caught up watching it

[chspeed]

A good, thoughtful take on why the tech industry's position is wrong from a well known, extremely successful Venture Capitalist, Fred Wilson.

http://avc.com/2016/03/privacy-absolutism/

 

[jamo]

1 minute ago, chspeed said:

A good, thoughtful take on why the tech industry's position is wrong from a well known, extremely successful Venture Capitalist, Fred Wilson.

http://avc.com/2016/03/privacy-absolutism/

 

Except it didn't really say or argue much. His conclusion, that the tech companies should "come up with an elegant solution," is the absolute lack of a solution.

Everyone wants a solution to this. If Apple could magically ensure that their encryption could have a backdoor that could never ever be compromised or come into the wrong hands, they would do it. But they can't, so they haven't.

[saevel25]

11 minutes ago, jamo said:

Except it didn't really say or argue much. His conclusion, that the tech companies should "come up with an elegant solution," is the absolute lack of a solution.

Pretty much. It does beg the question should the tech community try to come up with a solution if it does involve something like a secondary system unique to the phone so there is no master lock for all phones?

This solution doesn't really apply toward the current case since the current phone does not have such technology.

[krupa]

38 minutes ago, chspeed said:

A good, thoughtful take on why the tech industry's position is wrong from a well known, extremely successful Venture Capitalist, Fred Wilson.

http://avc.com/2016/03/privacy-absolutism/

 

The summary of that article is, "we had search warrants before, and now we should include backdoors in encryption to execute them."  

Here are multiple, articles by an extremely well known security expert, Bruce Schneier.  (This guy literally wrote the book on cryptography: http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099)

https://www.schneier.com/blog/archives/2016/02/decrypting_an_i.html

Quote

What the FBI wants to do would make us less secure, even though it's in the name of keeping us safe from harm. Powerful governments, democratic and totalitarian alike, want access to user data for both law enforcement and social control. We cannot build a backdoor that only works for a particular type of government, or only in the presence of a particular court order. 

https://www.schneier.com/blog/archives/2016/02/judge_demands_t.html

https://www.schneier.com/blog/archives/2016/03/lots_more_writi.html

This isn't a horrible idea for a future solution, however the technical problems in implementing it are subtle.

http://continuations.com/post/139510663785/key-based-device-unlocking-questionidea-re-apple

Protecting all those keys would be next to impossible.  As I said before, defenders have to be successful 100% of the time.  Attackers only have to be successful once.

Edited March 14, 2016 by krupa

[krupa]

For all you future or current fathers.  Don't forget that allowing people to collect data about your because "you're not doing anything wrong" has some interesting side effects.  One dad was told that his teenage daughter was pregnant... by Target:

http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/#27e0213634c6

Also, an article about the problems with video surveillance.  https://www.aclu.org/whats-wrong-public-video-surveillance

I believe that encryption backdoors provide the same opportunities for abuse as cameras already provide with the same lack of proportion between benefits and risks.

Edited March 14, 2016 by krupa

[SavvySwede]

5 hours ago, nevets88 said:

Last Week Tonight - Encryption

 

Great video. John Oliver really knows how to cover an issue succinctly and get a laugh.

[chspeed]

6 hours ago, krupa said:

The summary of that article is, "we had search warrants before, and now we should include backdoors in encryption to execute them."  

Here are multiple, articles by an extremely well known security expert, Bruce Schneier.  (This guy literally wrote the book on cryptography

The reason I referenced the article is because it was written by someone who has funded quite a few of the technology companies affected by what happens, and who has substantial influence in the world of venture capital. VCs have been pretty quiet so far, and it's interesting to see one coming out against the tech party line.

What I read from the article is that he's disappointed by the hard line taken by some of the tech industry. I agree that if some disaster strikes in the future, and our inability to prevent it can be traced back to the current hard line, that public opinion will sway hard and fast, and that any solution then will be less in the people's best interest than anything negotiated now.

Edited March 14, 2016 by chspeed

[newtogolf]

28 minutes ago, chspeed said:

The reason I referenced the article is because it was written by someone who has funded quite a few of the technology companies affected by what happens, and who has substantial influence in the world of venture capital. VCs have been pretty quiet so far, and it's interesting to see one coming out against the tech party line.

What I read from the article is that he's disappointed by the hard line taken by some of the tech industry. I agree that if some disaster strikes in the future, and our inability to prevent it can be traced back to the current hard line, that public opinion will sway hard and fast, and that any solution then will be less in the people's best interest than anything negotiated now.

Public opinion will sway in whatever way the media wants it to, regardless of the facts.  

Most acts of terror never happen because of the monitoring that is done within the US and overseas.  When terror attacks have happened, like Farook, they want the phone unlocked post attack to learn more.  It's highly unlikely a locked iPhone is going to be the cause of an attack not being prevented and that situation isn't close to being relative to Farook.  

[k-troop]

This article describes precisely why I'm having difficulty debating this with @iacas and @newtogolf  

https://www.lawfareblog.com/apple-v-fbi-shows-lawyers-and-tech-speak-different-language-privacy

[newtogolf]

1 hour ago, k-troop said:

This article describes precisely why I'm having difficulty debating this with @iacas and @newtogolf  

https://www.lawfareblog.com/apple-v-fbi-shows-lawyers-and-tech-speak-different-language-privacy

That was a great piece and accurately represents the difference in our opinions.  I'll give you another example, one of my past jobs was to evaluate computer security.   At that time, most of these computers I was on "Tiger Teams" for were mainframes or mini-computers.  Some of the most secure systems came from Honeywell, Multics, a B2 multi-user mainframe and SCOMP, a multi-user mini-computer with an A1 rating.  

These super secure systems were designed for secure computing at the highest levels of business and government but there was one very simple condition, these computers could not ever connect to the internet (arpanet at that time), a modem, or an unsecured remote terminal.   As soon as any of these computers attached to an outside device, the site and system security rating went down to D1.  

This is the same case with Apple, once the device is broken, hacked or backdoored, it's no longer secure or for the purpose of the above discusion, private.  

[boogielicious]

7 hours ago, newtogolf said:

That was a great piece and accurately represents the difference in our opinions.  I'll give you another example, one of my past jobs was to evaluate computer security.   At that time, most of these computers I was on "Tiger Teams" for were mainframes or mini-computers.  Some of the most secure systems came from Honeywell, Multics, a B2 multi-user mainframe and SCOMP, a multi-user mini-computer with an A1 rating.  

These super secure systems were designed for secure computing at the highest levels of business and government but there was one very simple condition, these computers could not ever connect to the internet (arpanet at that time), a modem, or an unsecured remote terminal.   As soon as any of these computers attached to an outside device, the site and system security rating went down to D1.  

This is the same case with Apple, once the device is broken, hacked or backdoored, it's no longer secure or for the purpose of the above discusion, private.  

Thanks for the perspective. I agree. If Apple help the FBI, it is not "if" the key will be stolen, it is "when". We here all the time about government systems being hacked. This is because they are not new, state-of-the-art systems. Updating computer system costs a lot of money and time. Because the US Government using public money, they have procedural processes to go through to acquire the funds, go out to bid, select a vendor and execute the project. For all we know, the FBI system could be based on code 10-15 years old. Very hackable. Heck, my company uses SAP and that code is 15 years old.

They could be given the key, but they will lose it and we will suffer. Are they going to reimburse me when Russian hackers empty my bank account after hacking my phone? 

The thing I don't understand is what they are trying to find out. They can already get the meta data on the phone from the service provider. They know all the numbers this phone called, texted or communicated with. They can also get the same information from social media providers. What then could possibly be on the phone that they need that would risk all our privacy and finances? Hackers don't want to see pictures of my dog. They want my bank account and credit card information.

[newtogolf]

1 hour ago, boogielicious said:

Thanks for the perspective. I agree. If Apple help the FBI, it is not "if" the key will be stolen, it is "when". We here all the time about government systems being hacked. This is because they are not new, state-of-the-art systems. Updating computer system costs a lot of money and time. Because the US Government using public money, they have procedural processes to go through to acquire the funds, go out to bid, select a vendor and execute the project. For all we know, the FBI system could be based on code 10-15 years old. Very hackable. Heck, my company uses SAP and that code is 15 years old.

They could be given the key, but they will lose it and we will suffer. Are they going to reimburse me when Russian hackers empty my bank account after hacking my phone? 

The thing I don't understand is what they are trying to find out. They can already get the meta data on the phone from the service provider. They know all the numbers this phone called, texted or communicated with. They can also get the same information from social media providers. What then could possibly be on the phone that they need that would risk all our privacy and finances? Hackers don't want to see pictures of my dog. They want my bank account and credit card information.

Thanks, and you're 100% right about why these older systems are being hacked, they were never designed to be hack proof, especially not from outside their brick and mortar walls.  Most people don't understand or appreciate Computer Risks and how these older systems have very little security to stop someone from gaining access to critical data from outside hackers.  These systems really shouldn't be connected to the internet and depend on network appliances and firewalls for their protection, once those devices are compromised the actual systems are pretty defenseless

As for the FBI vs Apple case, my understanding is the phone stopped backing up to iCloud about 4 weeks prior to the attack so there is some concern that there was information on the phone that they do not have access to.  Apple gave the police / FBI a remedy to get the phone to backup to iCloud but by that time someone from the police / FBI had unlocked the phone and re-locked it with a password they can't remember (very suspicious) which made the automatic backup option not possible.  

[ghalfaire]

On 3/14/2016 at 3:27 PM, newtogolf said:

Public opinion will sway in whatever way the media wants it to, regardless of the facts.  

Most acts of terror never happen because of the monitoring that is done within the US and overseas.  When terror attacks have happened, like Farook, they want the phone unlocked post attack to learn more.  It's highly unlikely a locked iPhone is going to be the cause of an attack not being prevented and that situation isn't close to being relative to Farook.  

How can you possibly know this?  I have heard this before but there really is no way to evaluate the truth of that statement if you don't work at NSA, FBI, CIA, etc. and be in a position to have access.  Maybe I am overly suspicious but the people who make these sort of statement have self serving motives.  Doesn't mean it isn't true but I don't know of any evidence that supports such a contention either.  Because of that I would view such statements with "a grain of salt". 

[jsgolfer]

Looks like the FBI may have found a way in without Apple? If someone can hack into it, doesn't that create the backdoor for all phones?  Would Apple then increase the security on the IPhone so this can't happen again?

http://www.usatoday.com/story/tech/2016/03/21/justice-asks-apple-hearing-delay/82094354/

" Justice lawyers claimed in court documents filed late Monday that an undisclosed "outside party'' demonstrated a "possible method'' to the FBI for unlocking Farook's phone"

[newtogolf]

1 hour ago, jsgolfer said:

Looks like the FBI may have found a way in without Apple? If someone can hack into it, doesn't that create the backdoor for all phones?  Would Apple then increase the security on the IPhone so this can't happen again?

http://www.usatoday.com/story/tech/2016/03/21/justice-asks-apple-hearing-delay/82094354/

" Justice lawyers claimed in court documents filed late Monday that an undisclosed "outside party'' demonstrated a "possible method'' to the FBI for unlocking Farook's phone"

Could be legit or posturing on the part of the government.  Letting this case go to court while emotions are high and there's so much attention being dedicated to it could be bad for all parties, a cooling off period makes sense.  

The announcement on the part of the FBI that an "outside party" might have a solution discredits Apple and their security which could hurt Apple financially regardless of whether the solution works.  I call it posturing because Apple has rightfully stood fast in not creating a back door but now the government is suggesting the phone isn't that secure if an outside agency can unlock the phone without Apple's help.  It seems like the government is going to make Apple pay for their lack of cooperation one way or another.  

[k-troop]

I don't see it as making Apple Pay for anything. If the FBI has figured a way into the phone without Apple's help then there is no issue. If there is a security/privacy issue then it's Apple's own doing for not making their device secure enough.