Google, Twitter, and Facebook joined Apple's side against the FBI

[JustKenny]

Source: http://theusbport.com/facebook-twitter-google-join-apple-encryption-fight-fbi/5419

So we already know about the fight between Apple and the FBI:

Quote

Tuesday evening, a federal court ordered Apple to help the F.B.I. unlock an iPhone used by one of the attackers who killed 14 people in San Bernardino, Calif., in December.

Wednesday morning, Apple said in a strongly worded letter that it would challenge the court’s request. While technology companies recently have resisted government demands, Apple’s letter is one of the industry’s most forceful push backs against a court ruling.

In the hours after Apple’s letter was published, technologists and legal experts have been dissecting what, exactly, the Cupertino, Calif., company can’t — or won’t — do to help the government.

Big companies like Google, Twitter, Facebook, and others start to back up Apple saying:

Quote

“We stand with @tim_cook and Apple (and thank him for his leadership)!” Twitter chief executive Jack Dorsey wrote in a tweet Thursday afternoon.

Quote

Facebook gave a statement that said, “These demands would create a chilling precedent and obstruct companies’ efforts to secure their products.”

Quote

Google CEO Sundar Pichai had earlier voiced support for Apple in a series of tweets. “Forcing companies to enable hacking could compromise users’ privacy,” Pichai wrote on Wednesday, adding that the case “could be a troubling precedent.“.

Quote

“This is asking a company to build a digital defect, a design flaw, into their products,” said Nuala O’Connor of the Center for Democracy and Technology, a Washington-based group that has criticized government surveillance. In a statement, the center warned that other companies could face similar orders in the future.

Quote

“This case is going to affect everyone’s privacy and security around the world,” said Lee Tien, a staff attorney for the Electronic Frontier Foundation, a digital-rights group in San Francisco.

Looks like the FBI stepped on the wrong foot.

I'm taking Apple's side. Its idiotic to ask a company that is trying to make a safe and secure device then the FBI wants them to make a backdoor. That's so stupid...

 

[Linus_torvalds]

Did Google join twice or what?

[Citadelen]

Google, twitter AND Google, didn't know there was more than one Google.  

[JustKenny]

Woops

[SansVarnic]

Must mean Alphabet . . . . 

 

But this is an update should be added it to the original post. Just saying.

[PlayStation 2]

Once again, I see where the FBI is coming from. But in a day and age where privacy and security are stressed, you must have some big ass balls to ask someone to effectively make a backdoor into their OS.

[Deli]

What's the stance of Microsoft?

[JustKenny]

Just now, Deli said:

What's the stand of Microsoft?

We are not completely sure

http://www.theverge.com/2016/2/18/11044646/microsoft-apple-fbi-comment-reform-goverment-surveillance

[SansVarnic]

4 minutes ago, Deli said:

What's the stand of Microsoft?

With all the stance on the supposed spying from MS, they are probably staying passive/neutral about this. *shrugs*

But MS may come out and support to help their stance that they are not spying. 

[Roawoao]

Strange how Google/Alphabet uses could be troubling (Possibly bad) vs Facebook saying would be troubling (Definitely bad).

 

30 minutes ago, SansVarnic said:

With all the stance on the supposed spying from MS, they are probably staying passive/nuetral about this. *shrugs*

Microsoft already has a law enforcement tool kit for windows OS its been around since the xp days I think. It is pretty simple stuff really just offline password editor, regedit, data gathering tool to inspect PCs from what I've heard. Basically the same as the DaRT software IT staff can use just customized for the application.

 

Of course bitlocker throws a wrinkle into that although by default the recovery key is recommended to be saved to the cloud which you know what that means. The best thing about windows however is you can easily get tons of 3rd party solutions that are effective an outside Microsoft's cloud blob.

[Dabombinable]

6 minutes ago, JustKenny said:

We are not completely sure

http://www.theverge.com/2016/2/18/11044646/microsoft-apple-fbi-comment-reform-goverment-surveillance

Microsoft did have its back scratched by Apple though when they went through their own dealings with US federal prosecutors wanting data stored in Ireland. So they probably will support Apple against the FBI.

[SansVarnic]

3 minutes ago, Roawoao said:

Microsoft already has a law enforcement tool kit for windows OS its been around since the xp days I think. It is pretty simple stuff really just offline password editor, regedit, data gathering tool to inspect PCs from what I've heard. Basically the same as the DaRT software IT staff can use just customized for the application.

 

Of course bitlocker throws a wrinkle into that although by default the recovery key is recommended to be saved to the cloud which you know what that means. The best thing about windows however is you can easily get tons of 3rd party solutions that are effective an outside Microsoft's cloud blob.

I agree mostly but having the key all fine but to use it you still need the password to unlock the key and that password can be either be alphanumeric/special character or certificate based, so having the key saved on cloud really doesn't mean much, its only a part of the puzzle.

[Roawoao]

19 minutes ago, SansVarnic said:

I agree mostly but having the key all fine but to use it you still need the password to unlock the key and that password can be either be alphanumeric/special character or certificate based, so having the key saved on cloud really doesn't mean much, its only a part of the puzzle.

In Microsoft's case if you backup the recovery key this is all that is needed. They way bitlocker works is that you can have different protectors but you can also have a master recovery key that bypasses these protections.

 

Basically there is a volume key (what you actually need to decrypt) and then you have things like say a TPM based hardware key (secure element) + user pre-boot pin (user key) + optionally you can also require things like a key file on a usb drive.

 

But these protectors can be bypassed using the recovery key (extremely long random automatic numerical password) which is usually an extremely strong code. With a search space of 1.11 x 10⁴⁸ which is not going to be cracked any time soon. If you back this upto the cloud via the default mechanism don't expect it to be secure against a government order unless you encrypt it first yourself. (Example shown below, I hope however generated that didn't keep using that volume) Since it is rare to use the recovery key it can take a few seconds per try due to algorithmic factors not UX delays.

 

This is required if the TPM detects a security fault as it will invalidate the other protectors (your just one step away from being screwed if you don't have the recovery key handy) and you won't even be able to enter a pin code as it is meant to detect tampering with the boot chain or hardware. What actually occurs is the TPM just erases itself and tells the pre-boot that the master recovery key is needed.

 

Certificates can be regenerated to self signed ones if you want so it would be hard to bypass short of forcing the TPM mfg to hack their product which can be complicated when there are many chip mfg's involved and they might not even be the ones writing the firmware for it. It will get onerous pretty quickly in practical terms. Another advantage of a diverse device ecosystem. (Not that it is perfect either) You have the MB mfg, Microsoft, TPM maker, EFI firmware dev possibly, and so on and so forth. (Make a mistake when your trying to hack at that mesh mash of hardware and you'll accidentally wipe the TPM chip.)

 

TPM only mode is vulnerable to a literally cold attack while PIN only is of course vulnerable to be attacked as just a password. Multifactor is the way to go basically although any cloud based factors won't help you if the government has a court order.

[Stuff_]

It's pretty easy to say for FB, Twitter, and G because they aren't being asked to do this themselves. They might have some resistance if they were.

 

Other way around, Apple would claim compliance of Google were being forced to do this. 

 

PR, PR, PR.

[zMeul]

1 hour ago, Deli said:

What's the stance of Microsoft?

MS gives them the data freely, even if they don't need it 

[Roawoao]

1 minute ago, zMeul said:

MS gives them the data freely, even if they don't need it 

Doubt it otherwise they wouldn't be resisting the Ireland cloud data case. 

26 minutes ago, Stuff_ said:

It's pretty easy to say for FB, Twitter, and G because they aren't being asked to do this themselves. They might have some resistance if they were.

 

Other way around, Apple would claim compliance of Google were being forced to do this. 

 

PR, PR, PR.

Basically all they have to say is some non-committal stuff that can look like support and just keep a low profile till it all blows over in whatever direction it does. Otherwise in the silence people can start wild mass guessing. In the end it is still the same thing especially if you use things like "could" in Google's response.

 

It is almost certain that all those comments went through their PR, Marketing, Legal, Exec, Board, and back around a few times before it was posted.

[Doobeedoo]

All the big companies joined to support, they have a reason for sure. Shit things should not pass.

[AlTech]

8 hours ago, Citadelen said:

Google, twitter AND Google, didn't know there was more than one Google.  

LMAO

 

7 hours ago, Deli said:

What's the stance of Microsoft?

Not 100% positive but I'm guessing they're not too happy.

[Hexram]

I think its a little hypocritical of these companies since they collect as much personal information as they possibly can about people using there services do they actually think they have fooled us into believing that they care about us?

[christianled59]

25 minutes ago, Hexram said:

I think its a little hypocritical of these companies since they collect as much personal information as they possibly can about people using there services do they actually think they have fooled us into believing that they care about us?

Statistical data vs personal data.

[Hexram]

2 hours ago, christianled59 said:

Statistical data vs personal data.

If you think that is the case you are fooling yourself.

[christianled59]

6 minutes ago, Hexram said:

If you think that is the case you are fooling yourself.

I have yet to see any convincing evidence of your statements. However, I've seen many, many proofs that the data they collect are non personal. If you want to argue about that, then talk to @GoodBytes. He does a great job of explaining the whole thing.