Apple and the FBI password search.....

[Deleted member 29692]

Apples implementation is very good. They have a custom chip which handles a lot of it. Not even apple knows the UID of a device. See page 7
https://www.apple.com/business/docs/iOS_Security_Guide.pdf

I didn't realise it was quite that good.

That document also provides the comprehensive technical explanation for the "error 53" story that people were getting so excited about the other day. I suppose the monkeys carrying out the unauthorised repairs just assumed it was another plug and play component.

 

[Gromett]

I didn't realise it was quite that good.

That document also provides the comprehensive technical explanation for the "error 53" story that people were getting so excited about the other day. I suppose the monkeys carrying out the unauthorised repairs just assumed it was another plug and play component.

I do slam Apple a lot but on this front they are extremely good.

 

[GJH]

Of course it could well be that (as with so much software these days) the documentation of the software is so crap that Apple hasn't a clue how to go about doing what the FBI want

 

[Gromett]

PS: The text in that encrypted file simply says.

"This is not a terrorist plot!!!"

 

[Deleted member 29692]

We'll have to agree to differ. If you put online privacy on one side of the scales and fighting terrorism on the other then in my mind the privacy argument carries no weight whatsoever.

From this article:

Manhattan prosecutor Cyrus Vance has said he has a backlog of 175 locked iPhones awaiting the resolution of the Apple-FBI fight, which is almost certain to be decided in high federal courts.

175.

Just in Manhattan.

Do you think any of them, let alone all of them, are terrorist related? I doubt it.

^{_{Subscribers  do not see these advertisements}}

 

[sdc77]

The way I see it is simple. If you are using a product such as an iPhone to harm or try to harm a state then the state should be able to access that (legal by court order) just the same way that they can apply for a search warrant.
I really don't care what precedent it sets as I don't really like terrorists (and let's not forget that's what they were) using an iPhone to plot or communicate with their friends to kill people.
By Apple not allowing the government access to the contents of that phone they are in effect helping terrorists and other criminals hide from the law.
Im pretty sure that what's being asked for is not a back door.
We can hypothesise all we want as to what will happen in the future and in the meantime potential evidence is being witheld.

I am on the side of the fbi here. 100%
And I know I'm not alone
Please don't assume that anyone who thinks this way doesn't know what they are talking about.
Also if someone is a using their phone in the commission of serious crimes. Hard luck. Let's get it seized and examined for evidence.

Also as a last minute edit ..
MHET .. clipper chip.. I'm fine with them.

 

[Gromett]

The way I see it is simple. If you are using a product such as an iPhone to harm or try to harm a state then the state should be able to access that (legal by court order) just the same way that they can apply for a search warrant.
I really don't care what precedent it sets as I don't really like terrorists (and let's not forget that's what they were) using an iPhone to plot or communicate with their friends to kill people.
By Apple not allowing the government access to the contents of that phone they are in effect helping terrorists and other criminals hide from the law.
Im pretty sure that what's being asked for is not a back door.
We can hypothesise all we want as to what will happen in the future and in the meantime potential evidence is being witheld.

I am on the side of the fbi here. 100%
And I know I'm not alone
Please don't assume that anyone who thinks this way doesn't know what they are talking about.
Also if someone is a using their phone in the commission of serious crimes. Hard luck. Let's get it seized and examined for evidence.

Also as a last minute edit ..
MHET .. clipper chip.. I'm fine with them.

You are of course entitled to your opinion.

There is more to this debate than simply allowing the authorities access to data. It is much more nuanced than that.

I am all for police seizing phones of criminals for evidence. But that seizure must be within the law and with due process. The laws when they are created must take care not to have secondary and tertiary effects (unintended consequences) and in this case there is no law supporting the courts action directly. The court is misusing another law.

Please see the document for the reasons why Apple is resisting this. It is the thin end of the wedge and there was no due process or supporting law to allow for the order.

https://assets.documentcloud.org/do...-Vacate-Brief-and-Supporting-Declarations.pdf

If you haven't read the document can you really be in a position to judge which side to come down on in this debate?

Start on page 14. Most of it is plain English with references to legal cases etc. It is an interesting argument and one which I am watching closely and with great interest.

 

[sdc77]

@Gromett yes I can come down on the side of the authorities. I don't care about apple and I have no interest in reading that document. If the law doesn't support apple being forced to comply then I expect the courts to force them to.
An interesting argument doesn't protect innocent people from terrorism. A court should be able to order cooperation and no one should be able to hide from the law of the land.
Your 'misusing' a law is another judges stated case.

 

[Gromett]

@Gromett yes I can come down on the side of the authorities. I don't care about apple and I have no interest in reading that document. If the law doesn't support apple being forced to comply then I expect the courts to force them to.
An interesting argument doesn't protect innocent people from terrorism. A court should be able to order cooperation and no one should be able to hide from the law of the land.

The problem is the law of the land doesn't support the court order. They overstretched it a lot.

The courts are unelected. The courts are there to enforce the law as created by the elected representatives.

Forcing companies to provide technical services without recompense and without due thought to the consequences is not only criminal it is negligent.

You are forming an opinion without reading the details of the debate. That removes any weight from your opinion.

The courts need to apply the law not make it.

 

[Deleted member 29692]

If the law doesn't support apple being forced to comply then I expect the courts to force them to.

That's the point.

The courts can't force anyone to do anything if there is no applicable law. Courts apply existing laws. They don't get to make up new ones to suit themselves.

As James Comey has said, ultimately this won't be decided by the courts as they simply don't have the power. Congress will need to deal with it one way or the other.

A court should be able to order cooperation and no one should be able to hide from the law of the land.

Nobody is hiding from anything. There is no US law that places any responsibility on Apple to do what the FBI is asking. As it stands if they did comply they would probably be breaking quite a few US laws.

^{_{Subscribers  do not see these advertisements}}

 

[Tootles]

@Gromett yes I can come down on the side of the authorities. I don't care about apple and I have no interest in reading that document. If the law doesn't support apple being forced to comply then I expect the courts to force them to.
An interesting argument doesn't protect innocent people from terrorism. A court should be able to order cooperation and no one should be able to hide from the law of the land.
Your 'misusing' a law is another judges stated case.

It matters not a jot what Apple do or don't do in relation to terrorism. Terrorists will ALWAYS find a way around stuff, they always have. The only way to stop them is to kill them, and you do that with pre intelligence, not post intelligence. Don't you think that within seconds of this guy and his wife being chopped, that anyone remotely associated with them wont have covered their tracks? Any 'clues' will be long dead, as will any tracks to follow, KemoSabe.
This is just a thinly veiled excuse for the FBI to get their hands on stuff they don't have. They care not a jot about a dead bomber.

 

[Abacist]

It all seems a bit of a joke when a UK 16 year old can supposedly hack into a senior CIA officer's email account. If that's it at face value then they are not fit to be entrusted with any secrets!

 

[sdc77]

I'm sorry @Tootles there is a law here isn't there.. the US fall back if nothing works law .. which essentially is the law that says .. help law enforcement .
This is the act that's been used against some other phones and those cases are still open aren't they. So it's not the wrong law. It's the only one left and as often happens with laws it's down to interpretation.
I hope they succeed in forcing apple. .. and then they can crack on and draft a new law to make these things happen a little quicker like they used to before Apple started allowing people to hide behind their phones.

 

[sdc77]

It matters not a jot what Apple do or don't do in relation to terrorism. Terrorists will ALWAYS find a way around stuff, they always have. The only way to stop them is to kill them, and you do that with pre intelligence, not post intelligence. Don't you think that within seconds of this guy and his wife being chopped, that anyone remotely associated with them wont have covered their tracks? Any 'clues' will be long dead, as will any tracks to follow, KemoSabe.
This is just a thinly veiled excuse for the FBI to get their hands on stuff they don't have. They care not a jot about a dead bomber.

Thats a great theory in principle but fortunately lots of intelligence is gained after the fact as was nicely demonstrated by the often inept Belgian Police and the switched on French Polce after the Paris atrocity.
Intelligence is intelligence

 

[Tootles]

Thats a great theory in principle but fortunately lots of intelligence is gained after the fact as was nicely demonstrated by the often inept Belgian Police and the switched on French Polce after the Paris atrocity.
Intelligence is intelligence

Sorry, but that's not the case. 90% of the information they obtained was either 'old news', or pertained to stuff they already knew. If their had been any pre intelligence, then the atrocity you mention would never have taken place. And as for the 'switched on' French police, who knew that the attack on Charlie Hebdo was on the cards, but failed to act on the information they had. (Except for the positioning of a poorly armed single police officer, who paid for that stupidness with his life).

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

I'm sorry @Tootles there is a law here isn't there.. the US fall back if nothing works law .. which essentially is the law that says .. help law enforcement .
This is the act that's been used against some other phones and those cases are still open aren't they. So it's not the wrong law. It's the only one left and as often happens with laws it's down to interpretation.
I hope they succeed in forcing apple. .. and then they can crack on and draft a new law to make these things happen a little quicker like they used to before Apple started allowing people to hide behind their phones.

There isn't a law there. Previous attempts to make a law to force manufacturers to do work have been rejected as unconstitutional and are therefore illegal. They are trying to misuse a law to achieve the same ends. The All Writs Act is specifically there to allow courts to fill gaps in existing laws not make new laws that have already been rejected by the Legislative branch. In case you didn't know America has 3 branches of Government. Executive, Legislative and Judicial. It is the elected members of the Legislative branch that makes the laws and the Judicial branch that enforces them. They are independent of each other. If the Judicial branch starts creating laws or abusing laws for different purposes they are not doing their job. You really should read the link I gave which explains all this.

Read up on the All Writs Act as well. It is an interesting piece of law making and the 1977 case against a telephone company makes for interesting reading. There are limits on what this Act can be used for and the Courts are overstepping their boundaries...

 

[Gromett]

PS: Apple has assisted greatly in this case. They have provided free consultancy, advice and technical assistance. They have given over information that is available that was on their servers and much more. In accordance with their moral obligations and within the law. This step is one too far and they contend is an illegal order. I agree with them.

 

[sdc77]

So these cases have been thrown out then?
I don't think they have.
As laws tend to fall behind technology having a catch all .. stop gap that relies on interpretation seems fine to me.
Also this argument tends to draw people away from the reason behind all this. Catching criminals who want to hurt people or steal from people.

 

[Gromett]

So these cases have been thrown out then?
I don't think they have.
As laws tend to fall behind technology having a catch all .. stop gap that relies on interpretation seems fine to me.
Also this argument tends to draw people away from the reason behind all this. Catching criminals who want to hurt people or steal from people.

The cases are up in court at the moment.
Stop gap interpretation is not the place of the courts. If the need is urgent the Legislature can make emergency legislation. The people involved in this case are dead there is no immediate rush. The data is not going anywhere and even the police involved doubt there is anything of value on this.

Legislation on this issue has been put before the legislature before and been voted down as unconstitutional. Please read the links I provided they explain all this.

 

[olley]

We cracked the supposedly uncrackable Enigma machine in WW2, are these encryptions really uncrackable?

Ian

^{_{Subscribers  do not see these advertisements}}

 

[Deleted member 29692]

I'm sorry @Tootles there is a law here isn't there.. the US fall back if nothing works law .. which essentially is the law that says .. help law enforcement .

I don't know where you think you heard that but I'm afraid it's utter nonsense.

Of the top of my head that would be contrary to the 4th, possibly the 5th depending on the circumstances, the 9th and possibly the 10th Amendments to the US constitution.

 

[Deleted member 29692]

We cracked the supposedly uncrackable Enigma machine in WW2, are these encryptions really uncrackable?

Ian

PGP encryption, as Karl says, properly implemented really is uncrackable.

With the iPhone example the 4 digit pass code could be brute forced given enough time as there are only 10,000 possible combinations. The issue is that it is possible to set an iPhone to erase itself after a certain number of incorrect tries and there's no way of knowing if this is switched on.

 

[Gromett]

As laws tend to fall behind technology having a catch all .. stop gap that relies on interpretation seems fine to me.

If the law is so far behind why are they using a law originally created in 1789? I know nit picking here but.....

Of the top of my head that would be contrary to the 4th, possibly the 5th depending on the circumstances

Apple are using the 1st and the 5th amongst other arguments.

 

[Deleted member 29692]

Apple are using the 1st and the 5th amongst other arguments.

I did think about the 1st but couldn't come up with anything obvious.

 

[mariner]

I'm sorry @Tootles there is a law here isn't there.. the US fall back if nothing works law .. which essentially is the law that says .. help law enforcement .
This is the act that's been used against some other phones and those cases are still open aren't they. So it's not the wrong law. It's the only one left and as often happens with laws it's down to interpretation.
I hope they succeed in forcing apple. .. and then they can crack on and draft a new law to make these things happen a little quicker like they used to before Apple started allowing people to hide behind their phones.

The means to bypass Apple encryption in the hands of an organisation that can't stop a 16 year old hacking into their systems!
If Apple are forced to give them that means, then all other encrypted services will be forced to follow and that will mean the end of Banking and all the other sensitive things ordinary people going about their daily lives, do on line, not to mention security services!

^{_{Subscribers  do not see these advertisements}}

 

[olley]

Other makes of phones don't have this level of encryption, but the banking system hasn't collapsed, so why should it if Apple give a back door into their phone?

Ian

 

[Gromett]

We cracked the supposedly uncrackable Enigma machine in WW2, are these encryptions really uncrackable?

Ian

As I understand it and I am not a crypto expert.
768 Bit public key encryption has been cracked but it is not doable without a serious amount of work. Each bit you add more than doubles the complexity. 1024 bit encryption used by the bulk of todays SSL certificates is considered a baseline for currently uncrackable. But this is under threat. We have moved to 2048 bit keys on our certificates. This is not double the complexity. 1025 would be double. 2048 is a magnitude more complex. GPG and PGP are capabable of 4096 bit keys. That is what I used in my example. 2048 is uncrackable and is not predicted to be cracked without quantum computing. Even with quantum computing 4096 bit keys are not considered unsafe.

The enigma machine used a very basic method of encryption which would be trivial to crack today. Public key encryption however is a mathematically intense method that is extremely hard to crack.

To give you some idea of the difference. The level of complexity for the enigma has been calculated by some people as being about 34-40 bits. Using a single desktop computer and only test 1,000 per second it would take 2-3 weeks to process the entire key space. Modern multi-core computers or using a GPU which is massively parallel would bring this down to hours if not minutes. As a comparison a 700 bit RSA key equivalent was cracked in 11 months using 400 computer. We are also moving over to Eliptic curve. Eliptic curve is a magnitude more difficult. A 256 Eliptic key is considered to be equivalent to a 3072 bit RSA key. You can see how they difficulty has ramped up.

PGP encryption, as Karl says, properly implemented really is uncrackable.

With the iPhone example the 4 digit pass code could be brute forced given enough time as there are only 10,000 possible combinations. The issue is that it is possible to set an iPhone to erase itself after a certain number of incorrect tries and there's no way of knowing if this is switched on.

It is 6 digits I believe not 4 and it is alphanumeric not just numeric? 10,000 is a magnitude too small.

 

[Gromett]

Other makes of phones don't have this level of encryption, but the banking system hasn't collapsed, so why should it if Apple give a back door into their phone?

Ian

IT won't cause the banking system to collapse. There are lots of points to the argument against Apple doing this. But one is that forcing a company to provide a back door will be the thin end of the wedge. Once one company has been forced to do so others will follow. Eventually ALL encryption implemented by US companies will have back doors and be useless. U.S. companies would then be at a disadvantage on the world stage. Secondly. Encryption needs to be secure at both ends for it to work. If one end is compromised then both ends are. If a phone is used for banking and the phone is compromised the banks are compromised by default.

Once this technology is available, other governments will compel Apple to provide it. Think about it China and Russia having access?

There is a lot more to it than this one argument though.....

 

[Gromett]

I did think about the 1st but couldn't come up with anything obvious.

It is covered here
https://assets.documentcloud.org/do...-Vacate-Brief-and-Supporting-Declarations.pdf

Page 30 and 31. It also covers ISIS guidance on encryption.

 

[olley]

Say Apple is forced to provide a method that allows a "Brute force attack" for that the bad guys need your phone, shoulder surfing seems to me a much easier way for crims to get access to your bank account. So I still don't see the problem, and their are some very clever people with government funds (China) to support them who could possibly alter Apples software themselves, after all, aren't the chips made there?

Ian

^{_{Subscribers  do not see these advertisements}}