Moderators: richierich, ua900, PanAm_DC10, hOMSaR

 
wingman
Posts: 4174
Joined: Thu May 27, 1999 4:25 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 3:36 pm

If anyone was hoping for an event that might reignite Apple iPhone sales worldwide, this might be it. I always thought it would be a new product feature, ironic that it might be a political stance about privacy and government.

Hats off to Tim Cook, just by reading the near total consensus on this thread (with an OP like fr8mech no less!) I'd say Apple has sided squarely with The People.
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 4:15 pm

Quoting fr8mech (Reply 46):
And, Google weighs in:

http://finance.yahoo.com/news/heres-...ogles-ceo-just-said-000854021.html

In a series of tweets, Pichai wrote that although Google gives "law enforcement access to data based on valid legal orders," that is "wholly different than requiring companies to enable hacking of customer devices and data," which could set a "troubling precedent."

Exactly what I've been saying.

What makes it a troubling precedent? The government already has the authority to "hack" our houses and physical files, even the notes of reporters etc. Hack is just a word for accessing without an owners consent etc.

Quoting Klaus (Reply 47):
Quoting Tugger (Reply 13):
In general I think Apple should comply as it will not endanger other phones unless they are physically obtained.

It would endanger all iOS devices at the very least using the same processor worldwide.

Not really, Only the ones that were in the custody of Apple as they are the ones that would hold the "key" to open it. The government does not get "the key", only the device that has the wipe limit removed/adjusted.

Quoting Klaus (Reply 47):
Which would be coming automatically after that – particularly in China.

Which would – among other things – also put crucial american interests at risk.

Yes, that is an issue. Doesn't mean Apple shouldn't do it or that any other nation states won't do it any way so American interests already are not protected.

Quoting rfields5421 (Reply 48):
The FBI is asking for a master key that will open every safe the manufacturer ever made. They don't want only this phone opened, they want Apple to give them the ability to open every iPhone in the entire world.

The FBI is hypothetically asking that the manufacturer to keep the key and open the safe and give them the safe afterwards. And this only after going to court, having the request reviewed by a judge and the court approving the request.

This is not a blank check, where access is given forever.

Quoting rfields5421 (Reply 48):
The amazing thing is that the government (FBI) has alleged that they cannot get into the phone, or rather are afraid to try to get into the phone for fear that it will automatically delete the data. They want a master key created so that any iPhone in the world can be opened if they can obtain physical possession of the device.

I believe it is more they prefer to do it in the way that provides the maximum likelihood of success in as quick a time as possible. I suspect another way to do it would be to copy the phone (or have Apple do it) and then do ten attempts at a time until they get it open.

Quoting Klaus (Reply 49):
Well, they say that they really, honestly only want access to this one particular device, but it is inherent in the nature of what exactly the security downgrade for that would have to be that it would be usable to downgrade the security of any device at least of the same series of processors, and there's the rub regarding the privacy of all the other users of such devices...

(Including, by the way, any US government officials using such devices on foreign trips, for instance...)

Except again, this is a court reviewed action, this is not a dictatorial government action. It is controlled and reviewed separate of the governments desires by the independent judiciary of the United States. And it has been shown time and time again that the courts in the USA are independent.

Tugg

[Edited 2016-02-18 08:31:34]
 
Mir
Posts: 19491
Joined: Mon Jan 05, 2004 3:55 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 4:46 pm

Quoting seb146 (Reply 31):
In the specific case of the San Burnardino shooters, Apple should help the government. However, for Joe Blow walking down Main St. USA, the government should not get involved.

I agree. But the question is how you can ensure that one happens without the other, and how you can ensure that the backdoor that would be built would not be exploited by non-government actors. If you can answer those questions, then there's your solution.

-Mir
 
User avatar
einsteinboricua
Posts: 8711
Joined: Thu Apr 15, 2010 4:11 pm

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 5:11 pm

Can't Apple (and all other phone manufacturers) set up their own criminal center where they alone possess the methods to open and extract info from their own phones?

I agree that having a backdoor would set a dangerous precedent but this IS a criminal investigation going on (though frankly, you'd think people would be relaxed about it considering they think the NSA already spies on you, but I digress). Who knows what information that phone could contain?

Forcing Apple to build a new iOS is probably not the way to go. However, in cases like these, then Apple should step up and provide a way for the information to be extracted in a way that still respects the privacy of those not involved.

In other words, no backdoor and only with a required court order, within Apple facilities, and with a method unique to Apple. No way to access the data wirelessly or remotely. The phone HAS to be within Apple custody, and to ensure that the phone is not bugged, once the data is extracted, the phone itself will be infinitely retained or destroyed.
 
Klaus
Posts: 21642
Joined: Wed Jul 11, 2001 7:41 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 5:25 pm

Quoting einsteinboricua (Reply 53):
In other words, no backdoor and only with a required court order, within Apple facilities, and with a method unique to Apple.

The chinese government would immediately demand the same for their persecution of chinese dissidents.

What then?

And the massive chinese-state-led hacking departments would seize any weakness to attack iOS devices anywhere in the world, as would many other countries.

Apple's evenhanded refusal to let anyone crack iOS devices is among the most important anchors which keep their security from getting ripped apart.
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 5:31 pm

Quoting Klaus (Reply 54):
The chinese government would immediately demand the same for their persecution of chinese dissidents.

What then?

Then they present their case in court and get a court order. A US court order as that is where the Apple facilities are.

Tugg
 
mham001
Posts: 5745
Joined: Thu Feb 03, 2005 4:52 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 5:47 pm

Quoting Klaus (Reply 47):
This is causing quite a stir abroad as well. It was a major news item over here, and he's effectively mobilizing global public and political support for his position.

And what will Apple investors feel when the Chinese ban the sale of iphones, Apple's single largest market? Will they care about public support? The Chinese government does not. And their constituents won't even hear about this controversy.

Quoting Klaus (Reply 54):
The chinese government would immediately demand the same for their persecution of chinese dissidents.

They will anyway. This is a losing battle. Never before has man had this kind of protection from prosecution. Buying an iphone is not going to change that. If you don't want your secrets known, don't put them in your pocket.
 
User avatar
einsteinboricua
Posts: 8711
Joined: Thu Apr 15, 2010 4:11 pm

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 6:28 pm

Quoting Klaus (Reply 54):
Apple's evenhanded refusal to let anyone crack iOS devices is among the most important anchors which keep their security from getting ripped apart.

Which is why I'm advocating a middle of the road approach wherein they alone have the means to get into the phone and will not use it unless the phone is in their custody, with a court order for criminal proceedings (not suspicions or just because), plugged to a system they alone possess.

Quoting Tugger (Reply 55):
Quoting Klaus (Reply 54):
The chinese government would immediately demand the same for their persecution of chinese dissidents.

What then?

Then they present their case in court and get a court order. A US court order as that is where the Apple facilities are.

  As Apple is headquartered in the US, they're under US jurisdiction. If China or Russia wants to hack phones, they have to convince the US to issue an order. I seriously doubt the US will order Apple to open those phones just because their governments have beef against dissidents. Bring about a Russian terrorist suspect that committed an attack on both Russian and US interests, then we'll talk.
 
tommy1808
Posts: 14664
Joined: Thu Nov 21, 2013 3:24 pm

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 6:33 pm

Quoting rfields5421 (Reply 48):

CIA isn't that good a cryptography and hacking - the NSA on the other hand.... Knows everything about you.

They do, but they get that info out of transit, not so much from hacking devices.
A good implementation of a good security concept may actually be uncrackable with realistic effort. Look how long game consoles resist the same folks that have a new zero day exploit for windows almost every other day.

Quoting rfields5421 (Reply 48):
NSA can recover most of the data from a hard drive which hasn't been shredded, or erased thumb drives or almost any other media. Heck the company I used to work for paid a specialist to recover a reformatted hard drive that was overwritten with a new OS. They got 90+ % of the original data back - in 2006.

That is just because of how the data is stored and overwritten. If you wipe a drive, nothing is bringing the data back, if your drive is self encrypting with a decent implementation all data is gone when you delete the key.

Quoting Klaus (Reply 47):
It would endanger all iOS devices at the very least using the same processor worldwide.

Well, Apple could develop the fix for the exploited weakness and roll that out to all users before unlocking the phone in question.
And in the next hardware revision making it impossible to use that avenue ever again by tweaking the security architecture.

Best regards
Thomas
 
StarAC17
Posts: 4169
Joined: Thu Aug 07, 2003 11:54 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 6:47 pm

Quoting fr8mech (Reply 36):
Why? What's the difference? We have the current administration bending over backwards trying to treat terrorists as average run-of-the-mill criminals. Why differentiate?

Not on topic to the issue at hand but terrorists are criminals and treating them like comic book villains actually helps their cause, they are at the end of the day criminals and terrorism is a law enforcement issue to prevent.

Quoting mham001 (Reply 29):
Quoting Tugger (Reply 13):
The big reason Apple does not want to have this is because they do not want to deal with the constant requests from various nation-state authorities to access their citizens data.

They will have quite a financial conundrum when China cuts off iphone sales. Apple has created a fine little mess with this.

I would love to see that and although I am an Android user, I love Tim Cook and his balls to actually defend his consumers and products.

Blackberry caved on this years ago and while that isn't the only reason for their decline it didn't help them.


Quoting Klaus (Reply 47):
Yeah, they're adamantly against the government spying on people Google wants to be spying on exclusively!   

Which is why Google is unable to make any privacy arguments here – but they sure don't want the government looking in on Google's own snooping!

Neither does Apple, MS, Blackberry etc.

All the major tech companies do the same thing in one way or another. Apple knows what is on your phone just like google knows what is on mine and if any of us actually read the terms and conditions to an operating system we are all agreeing to this.

Quoting einsteinboricua (Reply 53):
I agree that having a backdoor would set a dangerous precedent but this IS a criminal investigation going on (though frankly, you'd think people would be relaxed about it considering they think the NSA already spies on you, but I digress). Who knows what information that phone could contain?

I will say that due process was handled appropriately here by the FBI as they obtained a warrant for the information held on the phone and Apple should be forthcoming in providing as much information as they possible can from their servers on what was held on this phone. I do side with Apple on sticking to their guns on their operating system and they can use the security as a marketing tool.

Furthermore I don't know whether the NSA can access these new operating systems. We all assume they can but in recent years since Snowden's revelations the tech companies have invested a huge amount of resources and brought in the top talent to ensure that their devices are secure.
 
MD11Engineer
Posts: 13899
Joined: Sun Oct 26, 2003 5:25 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 6:58 pm

Quoting Klaus (Reply 49):
Quoting rfields5421 (Reply 48):
The FBI is asking for a master key that will open every safe the manufacturer ever made. They don't want only this phone opened, they want Apple to give them the ability to open every iPhone in the entire world.

Well, they say that they really, honestly only want access to this one particular device, but it is inherent in the nature of what exactly the security downgrade for that would have to be that it would be usable to downgrade the security of any device at least of the same series of processors, and there's the rub regarding the privacy of all the other users of such devices...

(Including, by the way, any US government officials using such devices on foreign trips, for instance...)

And if the FBI gets through, then any foreign government will want to have the same rights, including Russia or Mainland China.
Blackberry used to have a salespoint in strong encryption and two types of servers: Those owned by the customer, where Blackberry had no access at all, and Blackberry owned servers, where the data was encrypted, but under relatively strict Canadian law. Suddenly several countries, including India, demanded that Blackberry would set up mirror servers in their countries, with backdoors, so that the local governments could access the data. Blackberry was forced to pull out of several markets, or else compromise their brand.

Similarly several countries ban satellite telephones altogether (Cuba, India, North Korea), or demand that they will be locally registered (Russia, AFIAK Mainland China), because satellite telephones bypass the local telephone network and make it impossible for the local authorities to wiretap them.

Jan
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 8:03 pm

Quoting Klaus (Reply 54):
And the massive chinese-state-led hacking departments would seize any weakness to attack iOS devices anywhere in the world, as would many other countries.

China is already beginning to require encryption keys. I would not put it past China to block Apple sales there if they refused a request that they felt serious enough about (and a terrorist killing 14 people would be very serious). China already requires some technology companies and banks to provide encryption keys upon request in order to do business in China (this is different from the "security checks" Apple already allows China to perform).

Quoting tommy1808 (Reply 58):
consoles resist the same folks that have a new zero day exploit for windows almost every other day.

This is just not that true anymore. Microsoft is acknowledged as having vastly improved their system security. The holes are often now found to be either legacy software (with old versions of IE being the most obvious) and outside vendors programs interacting with MS that is the problem.

As to zero-day exploits NSA doesn't use them much:

Quote:
“A lot of people think that nation-states are running on zero-days,” Joyce explained. “But there are so many more vectors that are easier, less risky than going down that route.”
http://bgr.com/2016/01/29/nsa-hackin...rob-joyce-security-best-practices/

Quoting StarAC17 (Reply 59):
Furthermore I don't know whether the NSA can access these new operating systems. We all assume they can but in recent years since Snowden's revelations the tech companies have invested a huge amount of resources and brought in the top talent to ensure that their devices are secure.

And very interesting presentation by the TAO team Chief at NSA indicated that they don't often have to hack like that, instead the primary means is someone making a mistake. If you are interested I think it is a good presentation. As informative as one could expect from the NSA without sharing anything significant:
http://www.youtube.com/watch?v=bDJb8WOJYdA
Quoting MD11Engineer (Reply 60):
And if the FBI gets through, then any foreign government will want to have the same rights, including Russia or Mainland China.

But they will have to go through the courts.

Quoting MD11Engineer (Reply 60):
Blackberry used to have a salespoint in strong encryption and two types of servers: Those owned by the customer, where Blackberry had no access at all, and Blackberry owned servers, where the data was encrypted, but under relatively strict Canadian law. Suddenly several countries, including India, demanded that Blackberry would set up mirror servers in their countries, with backdoors, so that the local governments could access the data. Blackberry was forced to pull out of several markets, or else compromise their brand.

That is a big question and concern. If a nation like China demands encryption keys or access (and Apple has supposedly already provided them with source code to review and confirm there is no NSA access in there.), what will a company do? If they don't then the China market is plenty big enough to develop its own systems and processes, grow them and fine tune them. And then those Chinese companies will then challenge the companies outside China and with a base market that large, have a distinct advantage going forward.

Also everyone should remember that this is about a very specific instance, a single phone. This is not nation-state hacking or surveillance, which goes on regardless and has different tasking and goals. Goals that are much greater than individuals. The US government is doing this the right way, the best way possible. But it will not stop others from doing it in more blatant and mischievous ways. I am not a big supporter of this, I know the risks, but I would rather this way than they other. We know here what is being done.

Tugg
 
slider
Posts: 7751
Joined: Wed Feb 25, 2004 11:42 pm

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 8:11 pm

Quoting Airstud (Reply 12):
I think it is, in an elliptical way, a Fourth Amendment issue; even without arguing that the Apple corporation is "people" and thus entitled to Fourth Amendment protections. Apple is, after, all, arguing that the government is trying to compel them to create something whose explicit purpose is the violation of privacy.

Nothing elliptical about it. It absolutely IS a 4th Amendment issue.

Quoting mham001 (Reply 29):
What a fool is Tim Cook for taking this to the court of public opinion and forcing a public fight with his most powerful ally.

I'm not so sure. It could be that Apple was getting squeezed pretty hard by the government and decided to call the bluff and go public. A company of Apple's size and breadth doesn't act in this manner without fully thinking it through. Something--other than what we know--prompted the outburst.


Gosh, if only there were a POTUS candidate who made fundamental personal liberty, privacy rights and Constitutional limits of government a campaign issue. Oh wait, Rand did.  
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 8:22 pm

Quoting slider (Reply 62):
Quoting Airstud (Reply 12):
I think it is, in an elliptical way, a Fourth Amendment issue; even without arguing that the Apple corporation is "people" and thus entitled to Fourth Amendment protections. Apple is, after, all, arguing that the government is trying to compel them to create something whose explicit purpose is the violation of privacy.

Nothing elliptical about it. It absolutely IS a 4th Amendment issue.

There is no right to privacy in the US Constitution. Sad but true.

Tugg
 
Klaus
Posts: 21642
Joined: Wed Jul 11, 2001 7:41 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 10:20 pm

Quoting slider (Reply 62):
I'm not so sure. It could be that Apple was getting squeezed pretty hard by the government and decided to call the bluff and go public. A company of Apple's size and breadth doesn't act in this manner without fully thinking it through. Something--other than what we know--prompted the outburst.
Quoting slider (Reply 62):
Gosh, if only there were a POTUS candidate who made fundamental personal liberty, privacy rights and Constitutional limits of government a campaign issue. Oh wait, Rand did.

Ah, of course: It's a conspiracy!

What else could it have been anyway? We all know there is not a single issue in the world that's not explainable with a conspiracy!

(And no: Apple has been making statements to the same effect for years. The only thing that's changed for you is that you have finally taken notice of it!)

Quoting Tugger (Reply 55):
Then they present their case in court and get a court order. A US court order as that is where the Apple facilities are.

The chinese demands would be addressed to the chinese representation of Apple and would be dealt with before a chinese court, if at all. Strange that you would expect anything else.

Quoting mham001 (Reply 56):
They will anyway. This is a losing battle. Never before has man had this kind of protection from prosecution. Buying an iphone is not going to change that. If you don't want your secrets known, don't put them in your pocket.

This is exactly the same thinking that justified torture, because nobody supposedly had the right to have secrets in their heads either!

Ethical reasoning should at some point draw certain lines, especially from recent experiences...

Quoting tommy1808 (Reply 58):
All the major tech companies do the same thing in one way or another. Apple knows what is on your phone just like google knows what is on mine and if any of us actually read the terms and conditions to an operating system we are all agreeing to this.

That is simply wrong on all counts.

a) Google and Apple (to take just these two) have directly opposite business models: Google makes almost all their money by selling ads to third parties (with exploited user data being used for targeting), while Apple makes almost all their money by selling devices to their actual users.

Unsurprisingly, this also results in directly opposed interests as far as the users are concerned.

b) You simply seem to expect that every company had the same kinds of terms and conditions without actually bothering to check, but that is also not a fact. Apple does not claim any access or usage rights to customer data (they've actually explicitly rejected that). They only have the provision that data they are manging (such as in iCloud) may be subject to valid law enforcement requests. That's it.

Your expectations are simply wrong there.

Quoting StarAC17 (Reply 59):
I will say that due process was handled appropriately here by the FBI as they obtained a warrant for the information held on the phone and Apple should be forthcoming in providing as much information as they possible can from their servers on what was held on this phone. I do side with Apple on sticking to their guns on their operating system and they can use the security as a marketing tool.

Apple has already produced the iCloud data of the terrorist's phone, but they are fighting requests to aid in the cracking of the device itself because of the broader consequences.

Quoting MD11Engineer (Reply 60):
And if the FBI gets through, then any foreign government will want to have the same rights, including Russia or Mainland China.

It's been a delicate balance so far – but the FBI is upsetting that severely now.
 
D L X
Posts: 12726
Joined: Thu May 27, 1999 3:30 am

RE: Let's Talk Apple And The US Government

Thu Feb 18, 2016 10:40 pm

Quoting photopilot (Reply 1):
While I'm not an Apple user it also brings up a novel issue. What if Apple says to the US Gov't that it Can't do as requested because it's technologically impossible?

That's fairly likely to happen. These things weren't designed to be broken. Quite the opposite.

Quoting fr8mech (Reply 3):
I'm sure this has implications beyond Apple. Like I wrote, I've no real clue about encryption, etc., but I suspect Google, Blackberry, Microsoft, et al. share similar exposure to this court ruling.

  

Quoting Tugger (Reply 51):
This is not a blank check, where access is given forever.
Quoting Tugger (Reply 51):
The FBI is hypothetically asking that the manufacturer to keep the key and open the safe and give them the safe afterwards

No, this is a case where the government is asking Apple to make a key that did not previously exist, and use it JUST THIS ONCE... until the next time they want to use it.

But if Apple makes this key, they will not be the only ones that use it. As Klaus says,

wait, hold up.

KLAUS IS BACK!


Anyway, China will want it. So will Israel. So will Russia. So will any nation in which Apple sells its products. On top of that, since Apple didn't make the security system (or at least not the guts to it), the key will likely work with only simple modifications on all Android devices as well. And perhaps on devices such as ATMs, your web browser, your Boeing 787, your credit card... anything that uses this kind of encryption.

It strikes me that this court is exceptionally naive about technology here. Dangerously naive.


Quoting Tugger (Reply 55):

Quoting Klaus (Reply 54):
The chinese government would immediately demand the same for their persecution of chinese dissidents.

What then?

Then they present their case in court and get a court order. A US court order as that is where the Apple facilities are.
Quoting einsteinboricua (Reply 57):
As Apple is headquartered in the US, they're under US jurisdiction. If China or Russia wants to hack phones, they have to convince the US to issue an order.

WHAAAAAAAAAT?

  

All of these countries have jurisdiction over Apple just like the US has jurisdiction over Samsung. Or Sony. Or BMW.
Jurisdiction is never exclusive. If you do business there, you're almost assuredly under their jurisdiction.

Quoting einsteinboricua (Reply 57):
If China or Russia wants to hack phones, they have to convince the US to issue an order.

No. If China or Russia wants to hack phones, they can simply tell Apple to let them in or they'll turn off access to all their products and/or forbid them from selling them in their countries.
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 12:10 am

Quoting D L X (Reply 65):
All of these countries have jurisdiction over Apple just like the US has jurisdiction over Samsung. Or Sony. Or BMW.
Jurisdiction is never exclusive. If you do business there, you're almost assuredly under their jurisdiction.

Then it is a completely moot point and the point you are trying to make is moot. The other states will declare that a key MUST be made, and apparently they will be able to get an enforceable court order to have one made. Period. No reason not to do that based on what you are saying.

Quoting D L X (Reply 65):
No, this is a case where the government is asking Apple to make a key that did not previously exist, and use it JUST THIS ONCE... until the next time they want to use it.

But if Apple makes this key, they will not be the only ones that use it.

This will be the case anyway then based on your reasoning above. But I have also read that Apple will likely be able to tweak the Secure Enclave firmware so that any changes wipe current passwords. Of course that will limit Apples ability to make changes themselves but we are talking personal security and privacy, it trumps all.

Quoting D L X (Reply 65):
Anyway, China will want it. So will Israel. So will Russia. So will any nation in which Apple sells its products. On top of that, since Apple didn't make the security system (or at least not the guts to it), the key will likely work with only simple modifications on all Android devices as well. And perhaps on devices such as ATMs, your web browser, your Boeing 787, your credit card... anything that uses this kind of encryption.

It strikes me that this court is exceptionally naive about technology here. Dangerously naive.

Actually you are sounding naive. The tool being requested does not directly break encryption. It ALLOWS the encryption to be brute force attack more quickly.

Quote:
And despite suggestions Apple can’t facilitate this on iPhones, security experts say it can, even on the latest hardware. “Apple can provide a signed custom firmware image that can allow the FBI to bruteforce the PIN without having to worry about the phone wiping after 10 failed attempts,” Wardle noted, pointing towards an excellent blog at Trail of Bits.
http://www.forbes.com/sites/thomasbr...phone-apple-san-bernardino-attacks

And this is the blog that is mentioned in the article above:
http://blog.trailofbits.com/2016/02/...n-comply-with-the-fbi-court-order/

And what is stopping China from demanding this be done, why would they not do this anyway? In fact, the US government forcing this now will protect more people later as it will allow Apple to close another door.

As I said and as we all know, this is a cat and mouse game. If someone builds a better lock someone else will build a better lock breaker to break it, and when that is made then a new better lock will be built. That is how it is.

And truthfully the encryption and "locks" won't matter because you will inadvertently click on something, open something, or accept something that will allow a malware to enter your system. That is the most effective way for any hack, the weakest link, humans. And we will always be part of the security loop.

Tugg
 
Klaus
Posts: 21642
Joined: Wed Jul 11, 2001 7:41 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 12:47 am

Quoting D L X (Reply 65):
But if Apple makes this key, they will not be the only ones that use it. As Klaus says,

wait, hold up.

KLAUS IS BACK!

Hi there again...!   

Quoting D L X (Reply 65):
On top of that, since Apple didn't make the security system (or at least not the guts to it), the key will likely work with only simple modifications on all Android devices as well. And perhaps on devices such as ATMs, your web browser, your Boeing 787, your credit card... anything that uses this kind of encryption.

Actually, Apple did make the iOS security system themselves. They used known cryptographic building blocks for it, but the actual safeguards built from those are Apple-specific:
https://www.apple.com/business/docs/iOS_Security_Guide.pdf

And so would be the security downgrade to iOS which might enable the FBI to crack that specific device (and potentially many others).

Quoting D L X (Reply 65):
If China or Russia wants to hack phones, they can simply tell Apple to let them in or they'll turn off access to all their products and/or forbid them from selling them in their countries.

In the case of Russia Apple could well play hardball and pull out if necessary without too much pain. With China they would not have that easy option, given that most of their manufacturers are located there (and one of their most important customer markets).

Quoting Tugger (Reply 66):
And what is stopping China from demanding this be done, why would they not do this anyway?

At this point both China and the USA are in a kind of standoff – both are moderately certain that Apple does not provide back doors to the other.

Once Apple does do that to the american government, all bets are off on the chinese side as well.

Quoting Tugger (Reply 66):
In fact, the US government forcing this now will protect more people later as it will allow Apple to close another door.

Nope. This has absolutely zero positive effects. This demand provides exactly zero opportunities or ideas which hadn't existed before. That an attack as now proposed by the FBI would be technically feasible (once Apple's resistance might be overcome) was already known long before.

This attack is entirely negative for the privacy of every user of a device of that series (and likely others).

Quoting Tugger (Reply 66):
And truthfully the encryption and "locks" won't matter because you will inadvertently click on something, open something, or accept something that will allow a malware to enter your system. That is the most effective way for any hack, the weakest link, humans. And we will always be part of the security loop.

Nope. The very high security level against this kind of thing is exactly one of the advantages of iOS, based in part on mandatory code signing, sandboxing and third-party execution restrictions.
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 1:04 am

Quoting Klaus (Reply 67):
Once Apple does do that to the american government, all bets are off on the chinese side as well.

You do know that China is already requiring backdoors and "keys", right? Regardless of the USA China will do what it wants to do in this arena.

Quoting Klaus (Reply 67):
Nope. This has absolutely zero positive effects. This demand provides exactly zero opportunities or ideas which hadn't existed before. That an attack as now proposed by the FBI would be technically feasible (once Apple's resistance might be overcome) was already known long before.

This attack is entirely negative for the privacy of every user of a device of that series (and likely others).

How? Others have clearly stated that the "attack" (which is actually a two stage attack) is possible and also possible to prevent with future updates. Why would Apple not update the firmware to prevent this type of request/attack just as it has already done with past firmware revisions.

To quote the article above again:

Quote:
In order to limit the risk of abuse, Apple can lock the customized version of iOS to only work on the specific recovered iPhone and perform all recovery on their own, without sharing the firmware image with the FBI.

And regarding future fixes to prevent it from being done again:

Quote:
if one attempted to rewrite the firmware for SE, it would wipe all existing keys stored within it and effectively make the device inaccessible to anyone. That would have meant any special version of iOS created by Apple for the FBI would not have helped on later models protected by SE.

The thing is Apple does not want to lock out their ability to update firmware without wiping the data. However there are ways around this and if they don't lock it then as so many here have said, a nation-state, in particular one with a market that is to big for any tech company to ignore and not obey, will require it to be done (if they don't just outright require a key because they do not want to be bothered with eh possibility of year of brute force hacking attempts)

Tugg
 
opethfan
Posts: 940
Joined: Mon Dec 31, 2012 6:35 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 1:25 am

Quoting fr8mech (Reply 45):
No, they aren't. Once we understand that and act on that understanding, we will be better off. But, so long as we support the fiction that they are criminals, they should be treated like any other criminal...and other criminals should be treated like them.

Terrorists are criminals. And all criminals need due process and legal prosecution and detention.

Quoting mham001 (Reply 29):
They will have quite a financial conundrum when China cuts off iphone sales. Apple has created a fine little mess with this.

Absolutely not. What would be a better symbol of Western technology and freedom being denied to the Chinese people than a ban on a popular product that is already available. It'd be sowing the seeds for another Tienanmen Square. Really.

Quoting Tugger (Reply 51):
This is not a blank check, where access is given forever.
Quoting seb146 (Reply 31):
In the specific case of the San Burnardino shooters, Apple should help the government. However, for Joe Blow walking down Main St. USA, the government should not get involved.

You do not build a nuclear weapon and say "just you guys, this one time." The USSR had the bomb 5 years after the Manhattan Project.

This is regarding a case of domestic Islamic terrorism on US soil. The FBI resources on this case must be damn near unlimited. The largest, best funded, most technically advanced law enforcement and intelligence agencies in the world, with physical access to a device (and likely the computer it was used to synchronize with, and access to the synced online accounts) cannot access the data on board a consumer smartphone.

If you need to use the computing power to break the 128 bit AES (or whatever it's using) encryption, then I'm sure Uncle Sam can provide it. Or if it's mathematically impossible, hire your own engineers to produce such a software exploit. You cannot expect the provider of a device to be complicit in the circumvention of its security (hello devices confiscated from spies)

But deliberately making a software hole makes it available to everyone. Government, foreign government, hackers, script kiddies, employers, anyone.

So this is a case about the public's opinion on the circumvention of security systems, and so far it doesn't seem to be going the government's way, even with the threat of terrrrrrrrrorism behind it. Hopefully the question gets asked to presidential candidates as well.

But no matter what, you can't depend on others for your security. There will always be someone wanting to break into your system, be they your own government, a foreign government, or hackers (acting alone or for a gov't). You can't legislate that the entire world behave like good boys and girls. You need to protect your data yourself with strong, widely vetted encryption and use best practices. It's a neverending process and you only need to get it wrong once.

And since we don't have access to the entire iOS bootchain, we can't vet and correct it ourselves, either. That's a big part of why we must demand free and open source software and hardware as much as possible, as true security is not possible without it.

Quoting fr8mech (Thread starter):
But, I just can't get behind the government forcing a private entity to produce a "product" that goes contrary to its culture and can be used to harm its customers.

What if that company's culture is to not pay taxes? Or serve gays? "culture" is far too broad a term.
 
Klaus
Posts: 21642
Joined: Wed Jul 11, 2001 7:41 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 1:54 am

Quoting opethfan (Reply 69):
If you need to use the computing power to break the 128 bit AES (or whatever it's using) encryption, then I'm sure Uncle Sam can provide it.

iOS devices use AES256 encryption for their flash storage, plus multiple additional encryption layers on top of that for various different kinds of code and data.

Quoting opethfan (Reply 69):
And since we don't have access to the entire iOS bootchain, we can't vet and correct it ourselves, either.

Not true. Both the boot ROM and iOS itself can be examined and vetted. iOS is just signature-protected, but not encrypted. And such independent validation is in fact done by multiple parties.

The system core of OS X (Darwin) is even Open Source (if not the exact kernel configuration used in iOS).

Quote:
That's a big part of why we must demand free and open source software and hardware as much as possible, as true security is not possible without it.

That is a fallacy. Some of the worst vulnerabilities in recent years have sat unrecognized out in the Open Source, and some of the most secure systems are Closed Source, on the other hand.

The promise of Open Source is just a chance for easier validation, but just that.

The actual, final validation must by necessity be done with the executable code in any case, and that is accessible and verifiable with iOS as well. Open Source is just facilitating validation, it makes no crucial distinction in actually doing the validation!
 
solarflyer22
Posts: 1517
Joined: Wed Nov 25, 2009 7:07 pm

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 3:22 am

Quoting Klaus (Reply 70):

iOS devices use AES256 encryption for their flash storage

It's definitely AES because it has a related security certification and I believe is in 256B

Quoting Klaus (Reply 67):
They used known cryptographic building blocks for it, but the actual safeguards built from those are Apple-specific:

Correct again. Finally someone on ANET that has an opinion and facts.

The immediate issue is caused by Apple's time blocking too. After 5 failed password attempts you have to pause x minutes. By the 10th attempt it will erase the data.

I can see the value for the FBI from a Forensic point of view but the crime is over and the attackers are dead. Developing the know how for a exploit will take a lot of Apple's time and money (unreimbursed) and delay their internal projects. It will inevitably be leaked or stolen and then used to compromise hundreds of millions of iOS devices.

This actually happened before in the US where the government asks for a backdoor, which becomes and exploit, and is then used by Evil Doers. I forgot the name of the system in the late 90s they pulled this on.

Government will win though. They'll either tax them or ban them from government contracts. Just wait until they go after Apple's $100 billion cash pile overseas.
 
opethfan
Posts: 940
Joined: Mon Dec 31, 2012 6:35 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 3:52 am

Quoting Klaus (Reply 70):
Not true. Both the boot ROM and iOS itself can be examined and vetted.

The source code is not publicly available to be looked at. https://opensource.apple.com/release/ios-90/ is practically empty. Yes Darwin is FOSS, but as you stated it is not in the configuration that ships. What we get in our pockets can not be seen from beginning to end, even for the most crucial components.

Quoting Klaus (Reply 70):
That is a fallacy. Some of the worst vulnerabilities in recent years have sat unrecognized out in the Open Source, and some of the most secure systems are Closed Source, on the other hand.

Sure, there have been some noteworthy and quite serious bugs in FOSS projects. That doesn't mean that closed software has had 0, nor does it override the main point which is that while a closed piece of software may be better made, if it is, no one can fully understand the full workings and effectively correct flaws unless it is made publicly available for review and modification, a la a permissive or copyleft licence.

Quoting Klaus (Reply 70):
The actual, final validation must by necessity be done with the executable code in any case, and that is accessible and verifiable with iOS as well. Open Source is just facilitating validation, it makes no crucial distinction in actually doing the validation!

You can validate the installer package on iOS via a computer, I guess, using an MD5 sum if Apple has published one, but that still relies on your own trust of Apple. The ol' chain of trust: Apple say this is legit. Do I trust Apple? Do I trust the people who say I should trust Apple? Can I trust the people that Apple say are trustworthy? Can they ensure that all the way down the bootchain? (In this case, probably - based on the cryptographic signing) Can I ensure that no one has entered a particular failsafe that allows access to the encryption keys or elevated permissions or unverified software installation? That's a tricky one, even more so if you can't read the pre-compiled code.
 
Klaus
Posts: 21642
Joined: Wed Jul 11, 2001 7:41 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 3:55 am

Quoting solarflyer22 (Reply 71):
I can see the value for the FBI from a Forensic point of view but the crime is over and the attackers are dead.

Specifically, as far as I'm aware that iPhone has only been his work-issued phone. They smashed and physically destroyed their personal devices. So in all likelihood there's no actually relevant information on the device the FBI is producing all that song and dance about: It's apparently just a fishing expedition for a useful precedent.
 
Klaus
Posts: 21642
Joined: Wed Jul 11, 2001 7:41 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 4:33 am

Quoting opethfan (Reply 72):
Sure, there have been some noteworthy and quite serious bugs in FOSS projects. That doesn't mean that closed software has had 0, nor does it override the main point which is that while a closed piece of software may be better made, if it is, no one can fully understand the full workings and effectively correct flaws unless it is made publicly available for review and modification, a la a permissive or copyleft licence.

The actual executable binary code is the only authoritative version of a program, since that is exactly what is run on the actual machine.

Source code is only an aid to that – by itself it has no probative value.

Quoting opethfan (Reply 72):
You can validate the installer package on iOS via a computer, I guess, using an MD5 sum if Apple has published one, but that still relies on your own trust of Apple. The ol' chain of trust: Apple say this is legit. Do I trust Apple? Do I trust the people who say I should trust Apple? Can I trust the people that Apple say are trustworthy? Can they ensure that all the way down the bootchain? (In this case, probably - based on the cryptographic signing)

a) When an iOS firmware package has been downloaded from Apple servers using a certificate-secured protocol such as https and if it can be installed on a regular iPhone, the probability that it could have been tampered with by a third party is very remote at this time, since that would require both the domain certificate and the device signing key having been broken, which is at the very least highly implausible.

b) This has practically nothing to do with the topic at hand. Even if a manipulated firmware package was successfully installed on an iPhone, the binary executable would still be accessible for validation, completely regardless of the availability of any source code.

Quoting opethfan (Reply 72):
Can I ensure that no one has entered a particular failsafe that allows access to the encryption keys or elevated permissions or unverified software installation? That's a tricky one, even more so if you can't read the pre-compiled code.

That's a regular algorithmic validation objective and has nothing to do with Open Source or not.
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 4:52 am

Quoting opethfan (Reply 69):
You do not build a nuclear weapon and say "just you guys, this one time." The USSR had the bomb 5 years after the Manhattan Project.

Boy talk about over drama. No this is not a nuclear bomb. No doing this one will not expose every other phone forever into the future to the threat of death.

the hole can be patched if Apple so desires.



Quoting opethfan (Reply 69):
This is regarding a case of domestic Islamic terrorism on US soil. The FBI resources on this case must be damn near unlimited. The largest, best funded, most technically advanced law enforcement and intelligence agencies in the world, with physical access to a device (and likely the computer it was used to synchronize with, and access to the synced online accounts) cannot access the data on board a consumer smartphone.

If you need to use the computing power to break the 128 bit AES (or whatever it's using) encryption, then I'm sure Uncle Sam can provide it. Or if it's mathematically impossible, hire your own engineers to produce such a software exploit. You cannot expect the provider of a device to be complicit in the circumvention of its security (hello devices confiscated from spies)

OK, but why spend that much money and time and a higher risk of destroying the data your are wanting when the company that produces the device is able to do it in a much better manner.

And this is about accessing the phones of people who killed 14 people. People died after planning and thought by these two murderers and that phone may help resolve how that happened. Those 14 dead people and their families are not being considered or valued by Apple. Tech companies will need to address these issues going forward as in the past we used to go through these peoples homes and files and records etc. That we can go through their credit cards transactions and review shopping habits and many other tech aspects but tech companies seem to think they cannot assist when requests are made is arrogant.

Quoting opethfan (Reply 69):
But deliberately making a software hole makes it available to everyone. Government, foreign government, hackers, script kiddies, employers, anyone.

Let me repeat: THIS DOES NOT DO THAT!

According to many knowledgeable experts this will not cause the downfall of all privacy and technology. This is limited and isolated. You can spew empty statements that it will cause the end of the world but at least cite sources that actually cover this particular event instead of pontificating on the end of all privacy.

Quoting opethfan (Reply 69):
So this is a case about the public's opinion on the circumvention of security systems, and so far it doesn't seem to be going the government's way, even with the threat of terrrrrrrrrorism behind it. Hopefully the question gets asked to presidential candidates as well.

NO this is a case about a single phone that was used by someone that murdered 14 people and would have killed any more if possible. And Apple is unwilling (not unable) to assist in the investigation of these people.

Quoting Klaus (Reply 73):
Specifically, as far as I'm aware that iPhone has only been his work-issued phone. They smashed and physically destroyed their personal devices. So in all likelihood there's no actually relevant information on the device the FBI is producing all that song and dance about: It's apparently just a fishing expedition for a useful precedent.

One thing it can provide is six weeks of location data.

Tugg
 
Klaus
Posts: 21642
Joined: Wed Jul 11, 2001 7:41 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 4:58 am

Quoting Tugger (Reply 75):
One thing it can provide is six weeks of location data.

Nope. That is a myth.

Quoting Tugger (Reply 75):
Let me repeat: THIS DOES NOT DO THAT!

According to many knowledgeable experts this will not cause the downfall of all privacy and technology. This is limited and isolated. You can spew empty statements that it will cause the end of the world but at least cite sources that actually cover this particular event instead of pontificating on the end of all privacy.

Apparently my views on the international implications are shared by others:

http://daringfireball.net/

Quoting Daring_Fireball:
Edward Snowden noted the following passage from this NYT report, but it was subsequently removed from the article:

China is watching the dispute closely. Analysts say the Chinese government does take cues from United States when it comes to encryption regulations, and that it would most likely demand that multinational companies provide accommodations similar to those in United States.

Last year, Beijing backed off several proposals that would have mandated that foreign firms providing encryption keys for devices sold in China after heavy pressure from foreign trade groups. …

“… a push from American law enforcement agencies to unlock iPhones would embolden Beijing to demand the same.”



Screen shot here:
https://mobile.twitter.com/readDanwrite/status/700533461334024192

[Edited 2016-02-18 20:58:54]
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 6:00 am

Quoting Klaus (Reply 76):
“… a push from American law enforcement agencies to unlock iPhones would embolden Beijing to demand the same.”

Except again I will reiterate: This does not "unlock iPhones". This a known potential tool to help law enforcement and China would have to go through the same route to do this to a single other phone. This isn't some mass software change that allows access remotely of all iPhones out there.

How can you seriously cite him when e is presenting misinformation?

Tugg
 
L-188
Posts: 29881
Joined: Wed Jul 07, 1999 11:27 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 9:30 am

Quoting fr8mech (Reply 25):

Quoting Aaron747 (Reply 24):
My FB feed is lighting up with people going apeshit about Apple thumbing their nose at safety and security CUZ TERRORISM!

Funny, my feed is is comprised of folks who are in complete agreement with Apple (and me). I suspect I have a bunch more "Foxies" as "friends" then you do...but, maybe not.

Most of my feeds have been very pro-Apple.

Quoting mham001 (Reply 29):

They will have quite a financial conundrum when China cuts off iphone sales.

Probably not so much since all those phones are made in China to begin with.

Quoting solarflyer22 (Reply 71):


I can see the value for the FBI from a Forensic point of view but the crime is over and the attackers are dead.

Actually since we are talking about his employer supplied phone, and they had enough trade craft knowledge to destroy their other hard drives and personal phones, I think we are safe to work on the assumption there is not data on there that would be useful to any investigation since they didn't destroy it.

Quoting Tugger (Reply 77):
How can you seriously cite him when e is presenting misinformation?

Because he is more reliable that the information that we get from the public information officers of the federal government. The feds have not shown themselves trustworthy in at least the last 16 years
 
tommy1808
Posts: 14664
Joined: Thu Nov 21, 2013 3:24 pm

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 10:12 am

Quoting Klaus (Reply 64):
That is simply wrong on all counts.

I didn´t write that.

Quoting opethfan (Reply 69):
If you need to use the computing power to break the 128 bit AES (or whatever it's using) encryption, then I'm sure Uncle Sam can provide it.

If you have something on the order of a few million times the age of the universe and the fastest Supercomputer. .... for all practical purposes, 128 Bit AES can´t be brute forced in the foreseeable future. For 256-Bit AES there isn´t enough energy in our universe to brute force it.

Quoting Tugger (Reply 77):
This a known potential tool to help law enforcement and China would have to go through the same route to do this to a single other phone. This isn't some mass software change that allows access remotely of all iPhones out there.

Well, or they just order it to be factory installed on all iPhones. And why stop there? Why not make it remote accessible. If one nation can order to breach the security system in one way, what is stopping them from ordering another way? Right, nothing.

Quoting D L X (Reply 65):
No, this is a case where the government is asking Apple to make a key that did not previously exist, and use it JUST THIS ONCE... until the next time they want to use it.

  
The police kicks down doors by themselves, they don´t order the Janitor to do it. Hence, they have to break into the phone themselves.

Quoting Tugger (Reply 61):
China is already beginning to require encryption keys. I would not put it past China to block Apple sales there if they refused a request that they felt serious enough about (and a terrorist killing 14 people would be very serious).

How come so far they didn´t block Apple sales? May it be because they know that torch and pitchfork time might be coming if they start taking their citizens favorite toys away? Bread and games is still valid today,
Plus of course foreign investments drying up faster then you can say encryption key. And i would not be surprised at all if a sales ban for iPhones in Communist China leads to a sales ban on all Chinese mobile phones and Backend Equipment in the US.

Best regards
Thomas
 
Klaus
Posts: 21642
Joined: Wed Jul 11, 2001 7:41 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 12:49 pm

Quoting Tugger (Reply 77):
Except again I will reiterate: This does not "unlock iPhones". This a known potential tool to help law enforcement and China would have to go through the same route to do this to a single other phone. This isn't some mass software change that allows access remotely of all iPhones out there.

There's no way areound it: It would crack the first line of defense of the devices, and for instance via infections of people's PCs an attack firmware could very much be usable for remote attacks.

Quoting tommy1808 (Reply 79):
Quoting Klaus (Reply 64):
That is simply wrong on all counts.

I didn´t write that.

Sorry fo the misquote. It was StarAC17, in fact.

[Edited 2016-02-19 04:52:34]
 
User avatar
seb146
Posts: 23970
Joined: Wed Dec 01, 1999 7:19 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 5:06 pm

Quoting Klaus (Reply 73):
as far as I'm aware that iPhone has only been his work-issued phone.

I am curious and asking because I genuinely do not know:

How many iPhones did the SBD couple have?
How many people use their work phone strictly for work 100% of the time?

Let me be clear that I do believe that the government, specifically China, Russia, and the United States, have the ability to hack into anyone's phones. As was brought up earlier, this is probably a way for the US government to set precedent for the future. In other words: instead of just hacking with no questions or paperwork, the US government is actually trying to do the legal thing now.
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 5:25 pm

Quoting tommy1808 (Reply 79):
How come so far they didn´t block Apple sales? May it be because they know that torch and pitchfork time might be coming if they start taking their citizens favorite toys away? Bread and games is still valid today,
Plus of course foreign investments drying up faster then you can say encryption key. And i would not be surprised at all if a sales ban for iPhones in Communist China leads to a sales ban on all Chinese mobile phones and Backend Equipment in the US.

Mostly because China (and Russia is moving that way) already have access to the communication chain of a cellular client and can "see" what they do that way. I am positive that either country will demand some kind of "key" if there is an attack or other state reason to have access to an individuals phone. In this case it is because these people murdered 14 people. They gunned down and ended the lives of 14 innocent people in a self proclaimed "terrorist" attack. That is a very valid reason for the police to go to court to get an order to get Apple to help in the investigation. And that is OK with me.

Now how do you think that Russia or China will go through that process based on the excellent example of due process the US government has provided? Or do you think Russia and China will do what they feel is best and most expedient in a similar situation? Honestly I think they would ignore the phone and the potentially long brute force attack time frame and just arrest any and all friends and family and contacts involved until they get what they want. But that's just me.

Quoting Klaus (Reply 76):
Quoting Tugger (Reply 75):
One thing it can provide is six weeks of location data.

Nope. That is a myth.

OK its not a "time based" (i.e. six weeks) element, it a record of past location information to a certain quantitative limit. But it is done:
http://www.businessinsider.com/how-t...see-location-history-iphone-2015-4

Quoting L-188 (Reply 78):
Because he is more reliable that the information that we get from the public information officers of the federal government. The feds have not shown themselves trustworthy in at least the last 16 years

IT is not the government that is saying this can be done and done safely without world-ending consequences to privacy. It is other independent tech experts.

Quoting L-188 (Reply 78):
Actually since we are talking about his employer supplied phone, and they had enough trade craft knowledge to destroy their other hard drives and personal phones, I think we are safe to work on the assumption there is not data on there that would be useful to any investigation since they didn't destroy it.

And if it was your daughter lying on a slab somewhere after being killed by these people would you feel the same? If the police did not turn over every rock and use every tool at their disposal to get to the bottom of your kids murder, you would be fine? And if another cell is out there, and kills your kids in another attack, you are OK with that because "there probably isn't anything there anyway".

I am not advocating trading freedom for security, this is a case where the proper process was followed and the requested "assistance" from Apple does not destroy all security and privacy. Nor is it a nuclear weapon, nor is it the jack-booted government kicking in doors and heads without due process. This is a sensible request for assistance, and in fact Apple can then close this door in future updates to their product if they so wish.

Quoting tommy1808 (Reply 79):
Well, or they just order it to be factory installed on all iPhones. And why stop there? Why not make it remote accessible. If one nation can order to breach the security system in one way, what is stopping them from ordering another way? Right, nothing.

Uhhh.... they have a court order for this. They went to court over this, followed the proper legal process to get to this point. So I do not know what "police state" you are thinking you live in (a similar process could be followed in Germany) but you are being over dramatic. IF what you are implying is true then your point is moot and no one is safe anyway.

Quoting Klaus (Reply 80):
There's no way areound it: It would crack the first line of defense of the devices, and for instance via infections of people's PCs an attack firmware could very much be usable for remote attacks.

So you are saying that outside entities will be able to use this attack, which requires Apple's own authenticated certificate to work and for the phone to be connected to the computer, to randomly hack into people phones (while they are attached to a computer!) and begin a brute force attack of guessing the persons password that could take hours, days, or even years?

Is that what you are trying to sell as a threat to all cell phone security and privacy?

Really?

Tugg
 
L-188
Posts: 29881
Joined: Wed Jul 07, 1999 11:27 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 9:16 pm

Quoting Tugger (Reply 82):
Uhhh.... they have a court order for this. They went to court over this, followed the proper legal process to get to this point.

You mean that hearing that Apple was not allowed to participate in....yeah some flipping legal system, Some just process there.

Quoting Tugger (Reply 82):
IF what you are implying is true then your point is moot and no one is safe anyway.

Nobody in this day and age is safe from the federal government, that doesn't mean we shouldn't fight to keep them from usurping our human rights.

Needless say being proud to be an American isn't what it used to be, in many ways it is a sign of ignorance.
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 9:26 pm

Quoting L-188 (Reply 83):
You mean that hearing that Apple was not allowed to participate in....yeah some flipping legal system, Some just process there.

You do realize they are in the process of appealing the request don't you. That is the process.

Quoting L-188 (Reply 83):

Nobody in this day and age is safe from the federal government, that doesn't mean we shouldn't fight to keep them from usurping our human rights.

So you feel our human rights have been usurped since warrants etc. to enter your home and reveal your records have been allowed to be issued. Correct?

McAffee just made an interesting offer, that he would hack the phone for free in three weeks: "I will, for free, decrypt the information on the San Bernardino iPhone with my team. We will primarily use social engineering and it will take us three weeks. If you accept my offer, then you will not need to ask Apple to place a backdoor in their product, which will be the beginning of the end of America."
http://www.ibtimes.co.uk/john-mcafee...or-like-giving-our-enemies-1544651

Though I am curious how to "socially engineer" a hack on a locked unused phone would be done, I say go for it. Though his comment that a "backdoor" is being sought leads me to think he cannot do it as he is obviously confused.

Tugg
 
L-188
Posts: 29881
Joined: Wed Jul 07, 1999 11:27 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 11:02 pm

Quoting Tugger (Reply 84):

Though I am curious how to "socially engineer" a hack on a locked unused phone would be done,

It means that they will go through and do the research to figure out their likes/dislikes, friends pet ect to figure out the passwords used.

Which is why most IT departments that are smart no longer allow certain passwords.
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 11:18 pm

Quoting L-188 (Reply 85):
It means that they will go through and do the research to figure out their likes/dislikes, friends pet ect to figure out the passwords used.

Which is why most IT departments that are smart no longer allow certain passwords.


Gotcha! Makes sense!

They get ten attempts before it wipes. And the delay between each attempt gets longer and longer. So they won't get that many attempts. I'd give them 5 maybe a few more. The "guarantee" is nice and all but cannot be an actual absolute guarantee.

Tugg

[Edited 2016-02-19 15:20:25]
 
User avatar
LAX772LR
Posts: 14186
Joined: Sun Nov 09, 2014 11:06 pm

RE: Let's Talk Apple And The US Government

Fri Feb 19, 2016 11:24 pm

Here we go:

Trump calls for nationwide boycott of Apple
 
User avatar
Tugger
Posts: 11484
Joined: Tue Apr 18, 2006 8:38 am

RE: Let's Talk Apple And The US Government

Sat Feb 20, 2016 12:15 am

Quoting LAX772LR (Reply 87):

Jeeez.... Suddenly I support Apple....   



Tugg
 
mham001
Posts: 5745
Joined: Thu Feb 03, 2005 4:52 am

RE: Let's Talk Apple And The US Government

Sat Feb 20, 2016 12:33 am

Quoting L-188 (Reply 83):
Nobody in this day and age is safe from the federal government, that doesn't mean we shouldn't fight to keep them from usurping our human rights.

I don't know about you but I trust the feds a lot more than I do the state and local governments and in fact, their upsurping of my rights have had far, far more impact on my life than anything the feds have done. Mostly related to the war on drugs.

Many seem to buying the hype about the mass-surveillance and the malarkey of "the end of America". This is not that, this is a simple subpeona in a criminal investigation. This has been going on legally, forever. The privacy argument by Cook is self-serving nonsense. Since when do dead mass-murderers get "privacy"? I read today the NY DA had 150 cases in which they cannot unlock iphones.

Iphones - the choice of criminals worldwide.
 
BMI727
Posts: 11300
Joined: Mon Feb 02, 2009 9:29 pm

RE: Let's Talk Apple And The US Government

Sat Feb 20, 2016 1:30 am

Quoting fr8mech (Reply 17):
Corporations were protected by The Fourth Amendment long before the Citizens United opinion.

Even so it's also a First Amendment issue i.e. I can do things but I don't have to discuss it.

Furthermore, even if it only helps in the US, couldn't Apple just assert their Fifth Amendment rights. Just say that the government cannot unlock the software because they may find something illegal Apple put in there, whether something illegal exists or not.

Quoting Tugger (Reply 30):
The government already has the power to bust down doors to your house, to arrest you based on suspicions, and the only thing that prevent its abuse is the law and courts and policies and procedures that are in place to protect the public.

They bust the door themselves. I have no issue with the government doing their damndest to crack the phone. I don't even mind them asking Apple to unlock if for them. But the government trying to force Apple to unlock the phone for them is beyond the pale.

Quoting Tugger (Reply 63):
There is no right to privacy in the US Constitution. Sad but true.

It is, but the First and Fourth Amendments do cover most of it.

Quoting mham001 (Reply 89):
Iphones - the choice of criminals worldwide.

Sorry, I'm too busy being pissed at Ford for manufacturing OJ's Bronco.
 
User avatar
LAX772LR
Posts: 14186
Joined: Sun Nov 09, 2014 11:06 pm

RE: Let's Talk Apple And The US Government

Sat Feb 20, 2016 2:06 am

Quoting Tugger (Reply 88):
Jeeez.... Suddenly I support Apple.

He's already walking it back a little bit, but still overall calling for a boycott.

http://www.cnn.com/2016/02/19/politi...ald-trump-apple-boycott/index.html
 
mham001
Posts: 5745
Joined: Thu Feb 03, 2005 4:52 am

RE: Let's Talk Apple And The US Government

Sat Feb 20, 2016 4:49 am

Quoting LAX772LR (Reply 91):
He's already walking it back a little bit, but still overall calling for a boycott.

I think the Chinese and others will do it for him. Tim Cook is a fool.
 
User avatar
seb146
Posts: 23970
Joined: Wed Dec 01, 1999 7:19 am

RE: Let's Talk Apple And The US Government

Sat Feb 20, 2016 6:19 am

Quoting LAX772LR (Reply 87):
Trump calls for nationwide boycott of Apple

I am due for an upgrade. I had been so against the iPhone but, now....

Also, this was not an issue for Apple in the past, so I wonder what has changed?

http://www.nydailynews.com/news/nati...-iphones-refusal-article-1.2536178

I know NY Daily News may not be the best source, but I also read the same thing in our local paper, the Press Democrat.
 
slider
Posts: 7751
Joined: Wed Feb 25, 2004 11:42 pm

RE: Let's Talk Apple And The US Government

Sat Feb 20, 2016 3:46 pm

Quoting Klaus (Reply 64):
Ah, of course: It's a conspiracy!

What else could it have been anyway?

Now don't read into what I stated. But something obviously prompted Cook to make such a strong public proclamation, don't you think? Otherwise this is the sort of thing I'd think Apple's government affairs people would be engaged in as a course of business, not a public campaign.

So coming out in the manner they did may insulate them from some reprisal threatened by the feds. Nothing would surprise me. Our government is no one's friend. That's hardly conspiratorial thinking: it's the cold hard reality and to give the government the benefit of the doubt in any matter is dangerous and naive.
 
User avatar
casinterest
Posts: 13952
Joined: Sat Feb 12, 2005 5:30 am

RE: Let's Talk Apple And The US Government

Sun Feb 21, 2016 1:56 am

Quoting seb146 (Reply 93):
I am due for an upgrade. I had been so against the iPhone but, now....

Also, this was not an issue for Apple in the past, so I wonder what has changed?

http://www.nydailynews.com/news/nati...-iphones-refusal-article-1.2536178

I know NY Daily News may not be the best source, but I also read the same thing in our local paper, the Press Democrat.

It's there in the article why not.

"For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess," Apple said on its privacy website.


They changed the encryption to make it very secure, add the 10 strikes you are out data wipe, and you can see how tough and secure the phone can be now.
 
photopilot
Posts: 3101
Joined: Mon Jul 15, 2002 11:16 am

RE: Let's Talk Apple And The US Government

Sun Feb 21, 2016 3:55 am

Quoting casinterest (Reply 95):
"For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess," Apple said on its privacy website.

Here's some interesting information that came out earlier today......

The password for the San Bernardino shooter's iCloud account associated with his iPhone was reset hours after authorities took possession of the device.

The Justice Department acknowledged in its court filing that the password of Syed Farook's iCloud account had been reset. The filing states, "the owner [San Bernardino County Department of Public Health], in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup."


More on this article here.......

https://ca.news.yahoo.com/san-bernar...34003785--abc-news-topstories.html


Does this open up a new avenue of thought to anyone? I don't know the Apple system to analyze what this means to data security.
 
ThePointblank
Posts: 3829
Joined: Sat Jan 17, 2009 11:39 pm

RE: Let's Talk Apple And The US Government

Sun Feb 21, 2016 4:27 am

Quoting photopilot (Reply 96):

Does this open up a new avenue of thought to anyone? I don't know the Apple system to analyze what this means to data security.

From my reading, this is my understanding:

1. Due to how iOS 08 and 09 secures data, there is no way that one could decrypt data from the phone without knowing the pass code;

2. Apple can and is able to provide the backups from iCloud storage; this isn't an issue. However, because the government had the iCloud password reset, if the iPhone was plugged in with power and was connected to a network that is known to the iPhone, it could remotely back itself up to iCloud. That backup could potentially contain the missing information between the October backup and December 2, when the San Bernardino massacre occurred;

3. Apple did send technicians to assist the US government in to try this out, but they discovered that the Apple ID password associated with the iPhone had been changed after the phone entered US government custody;

4. As the phone in question discovers that its no longer able to authenticate with iCloud anymore, for whatever reason, it gives up trying until you force it to re-authenticate by entering your password again, which means you need the pass code to begin within;

5. This may all be a moot issue as one can actually disable iCloud backup manually from within the phone, and it was very likely that the terrorist did so because the phone stopped uploading backups for over a month prior to the attack

6. There are other ways to gain access to the data on the phone, even in the encrypted state, such as a flash memory dump which would copy everything on the memory on the phone to another storage device, and attack the copied information that way... and that's assuming that the terrorists didn't wipe the iPhone to begin with...
 
tommy1808
Posts: 14664
Joined: Thu Nov 21, 2013 3:24 pm

RE: Let's Talk Apple And The US Government

Sun Feb 21, 2016 7:17 am

Quoting ThePointblank (Reply 97):
and attack the copied information that way...

Unless the implementation has an error you can forget about that.

Best regards
Thomas
 
Klaus
Posts: 21642
Joined: Wed Jul 11, 2001 7:41 am

RE: Let's Talk Apple And The US Government

Sun Feb 21, 2016 3:07 pm

Quoting Tugger (Reply 82):
Quoting Klaus (Reply 76):
Quoting Tugger (Reply 75):
One thing it can provide is six weeks of location data.

Nope. That is a myth.

OK its not a "time based" (i.e. six weeks) element, it a record of past location information to a certain quantitative limit. But it is done:
http://www.businessinsider.com/how-t...see-location-history-iphone-2015-4

The user would have to have actively enabled that particular option. It is not on by default.

Quoting Tugger (Reply 82):
So you are saying that outside entities will be able to use this attack, which requires Apple's own authenticated certificate to work and for the phone to be connected to the computer, to randomly hack into people phones (while they are attached to a computer!) and begin a brute force attack of guessing the persons password that could take hours, days, or even years?

Is that what you are trying to sell as a threat to all cell phone security and privacy?

A firmware on an iPhone which allows for such an attack, properly signed by Apple, would indeed open up all other iPhones of at least that processor type to this kind of attack.

Quoting Tugger (Reply 84):
So you feel our human rights have been usurped since warrants etc. to enter your home and reveal your records have been allowed to be issued. Correct?

You're missing the point completely.

The problem here is not primarily that the FBI demands access to one particular device, but that it demands a general key to all devices of that kind, substantially weakening the protections of every user worldwide!

Quoting mham001 (Reply 92):
Quoting LAX772LR (Reply 91):
He's already walking it back a little bit, but still overall calling for a boycott.

I think the Chinese and others will do it for him. Tim Cook is a fool.

Who's the greater fool?
The fool himself, or someone the fool is just trying to smear-attack?
Or even the people still following the obvious fool around?

Quoting slider (Reply 94):
Quoting Klaus (Reply 64):
Ah, of course: It's a conspiracy!

What else could it have been anyway?

Now don't read into what I stated. But something obviously prompted Cook to make such a strong public proclamation, don't you think? Otherwise this is the sort of thing I'd think Apple's government affairs people would be engaged in as a course of business, not a public campaign.

Your favourite news source apparently has failed to inform you that Apple represented by Tim Cook has had that exact same position for years already, and explicitly so, as expressed in numerous speeches, interviews and other statements.

Nothing has changed at Apple – only the US government has now chosen to ride a very public attack on Apple's protections because a likely completely irrelevant device (which was ignored by the perpetrator while he thoroughly destroyed the couple's personal devices!) is being used for a presumably easy precedent in a terrorism case which they can then conveniently refer to in any subsequent case.

Quoting ThePointblank (Reply 97):
6. There are other ways to gain access to the data on the phone, even in the encrypted state, such as a flash memory dump which would copy everything on the memory on the phone to another storage device, and attack the copied information that way... and that's assuming that the terrorists didn't wipe the iPhone to begin with...

Nope. That option has not existed since the iPhone 3GS already – since then flash memory is always and fully AES-encrypted in any iPhone which is effectively unbreakable even if the memory chicp is removed from the phone and read out separately.

That's the foundation on which the other protections can even be effective in the first place!

Who is online

Users browsing this forum: einsteinboricua, MohawkWeekend and 21 guests

Popular Searches On Airliners.net

Top Photos of Last:   24 Hours  •  48 Hours  •  7 Days  •  30 Days  •  180 Days  •  365 Days  •  All Time

Military Aircraft Every type from fighters to helicopters from air forces around the globe

Classic Airliners Props and jets from the good old days

Flight Decks Views from inside the cockpit

Aircraft Cabins Passenger cabin shots showing seat arrangements as well as cargo aircraft interior

Cargo Aircraft Pictures of great freighter aircraft

Government Aircraft Aircraft flying government officials

Helicopters Our large helicopter section. Both military and civil versions

Blimps / Airships Everything from the Goodyear blimp to the Zeppelin

Night Photos Beautiful shots taken while the sun is below the horizon

Accidents Accident, incident and crash related photos

Air to Air Photos taken by airborne photographers of airborne aircraft

Special Paint Schemes Aircraft painted in beautiful and original liveries

Airport Overviews Airport overviews from the air or ground

Tails and Winglets Tail and Winglet closeups with beautiful airline logos