Let's Talk Mobile Encryption/Security

[LAwLz]

10 hours ago, Hexram said:

Why couldn't they have made a cyptographically signed program that only works with the one serial number? 

Because

1) It would set a precedent, which means that Apple would have to comply with future requests as well. Like I showed earlier in the thread, the day after the judge asked Apple to help the FBI, FBI sent requests for Apple to unlock another 12 devices.

2) The FBI might have been able to remove the "only works on this serial number" part. I mean, if the judge forced Apple to comply and Apple did it, the FBI could argue that Apple should just hand over the tools to them completely. The DOJ even filed to have Apple hand over the source code for iOS and their private keys so that the FBI could do the modifications themselves.

 

It was extremely important for everyone that Apple stood their ground on this, and they did it.

 

 

9 hours ago, ALwin said:

If I had the technical know how, I'd design a tool that lets the FBI crack any and all encryption, and give it to them for free.

Then you would put us all at even bigger danger than terrorists does. If such a tool was to leak (stuff from the FBI leaks all the time) then the would would spiral into utter chaos. Hell it would be dangerous even just in the hands of the FBI. They would use it to hunt down people such as Bradley Manning, who among other things leaked videos of US soldiers killing civilians for fun, and documents showing that US soldiers in Iraq had killed over 66 thousand civilians (Bradley could have gotten sentenced to death for the leak, but right now is "just" facing up to 90 years in prison).

[ALwin]

7 minutes ago, LAwLz said:

Then you would put us all at even bigger danger than terrorists does. If such a tool was to leak (stuff from the FBI leaks all the time) then the would would spiral into utter chaos. Hell it would be dangerous even just in the hands of the FBI. They would use it to hunt down people such as Bradley Manning, who among other things leaked videos of US soldiers killing civilians for fun, and documents showing that US soldiers in Iraq had killed over 66 thousand civilians (Bradley could have gotten sentenced to death for the leak, but right now is "just" facing up to 90 years in prison).

Not my problem.

[SansVarnic]

6 hours ago, Orangeator said:

Oh my bad, I never saw that and searched my title and keywords of it before posting and figured no one has posted about it. Sorry.

No worries, People have a tendency to not post the thread titled with the news title.

Its not a requirement but it is suggested and makes thing easier.

[Thomp]

On 3/29/2016 at 7:37 PM, Potato_King said:

The government is still probably gonna do it because they can. That's what the government does!

 

As for the FBI randomly backing out, I agree it's a bit fishy. It's like saying "only you could save the world"(like in every single video game) and 1 day later saying "hey check this out! We did it ourselves! Cool right?"

 

Just the government doing government things.

The "only you could save the world" thing, was never said.  If you want something unlocked, you ask the people who made it first.  It's the ethical, honest thing to do. Not go behind their backs and have some shady dealer do the deed in a dark room.  

 

Had Apple cooperated, the method by which the device was unlocked, and the methods going forward, could have been monitored, protected, and controlled by the company itself.  They chose to force the FBI to seek outside assistance.  

 

No man's home, car, phone, boat, or whatever else should be protected from search and seizure beyond the law of the 4th Amendment.  Everything will always be subject to search, given the proper cause & warrant, no matter what has to be done to uphold this.  This will drive the need for stronger encryption forward, and the everlasting struggle between the corporations & government, profit & power, market share & public safety, and those civilians ignorant enough to blindly stand on either side.

[ShadowCaptain]

10 hours ago, ALwin said:

Not my problem.

So you don't live on this planet?

its your problem, its my problem, its everyones problem, chances are it could end up effecting your life too somewhere down the line

if you let them get around any encryption, that renders encryption useless, and if somebody can make a tool for the FBI then the criminals and terrorists can make the same tools
 

Plus any other shit that could be pulled and monitored by the government (or by criminals) if we could just so easily bypass security

[LAwLz]

1 hour ago, Thomp said:

The "only you could save the world" thing, was never said.  If you want something unlocked, you ask the people who made it first.  It's the ethical, honest thing to do. Not go behind their backs and have some shady dealer do the deed in a dark room.  

 

No... This was not the case of the FBI going "we would like Apple to unlock it so that we don't have to hire a third party to do it". The DOJ said, while under oath, that only Apple could remove the barriers to let the FBI search the phone. The FBI meanwhile, also under oath, said that they had been talking to experts and were unable to find any other method of obtaining the data.

 

1 hour ago, Thomp said:

Had Apple cooperated, the method by which the device was unlocked, and the methods going forward, could have been monitored, protected, and controlled by the company itself.  They chose to force the FBI to seek outside assistance.  

That is just a huge assumption. Like I said earlier in the thread:

1) If Apple lost the case then they would have had to do the same thing on lots of phones. The FBI alone submitted 12 other iOS devices the day after the judge asked Apple to cooperate. Local police and other organizations have also reportedly asked Apple to unlock devices. If Apple had lost this court case, they could have been forced to help with those device as well. I wouldn't call being forced to unlock maybe 30 phones each month a "monitored, protected and controlled by the company itself". Apple would just have ended up being an extended arm for the government agencies in that case.

 

 

1 hour ago, Thomp said:

No man's home, car, phone, boat, or whatever else should be protected from search and seizure beyond the law of the 4th Amendment.  Everything will always be subject to search, given the proper cause & warrant, no matter what has to be done to uphold this.  This will drive the need for stronger encryption forward, and the everlasting struggle between the corporations & government, profit & power, market share & public safety, and those civilians ignorant enough to blindly stand on either side.

So should we make it illegal to have locks on doors/safes unless the government can get in with a master key?

Here is the thing though, the government does not agree with you. They do want privacy in the form of unbreakable encryption. The problem is that they only want it for themselves and nobody else. Take the UK as an example. They are currently trying to pass a terrible bill (and they are trying to rush it like crazy) and the only amendment politicians are trying to get passed is that they should not be spied on.

Another example would be Angela Merkel. She defended the NSA for spying for years... Then when it was speculated that the NSA had bugged her phone she personally told Obama that "unmistakably disapproves of and views as completely unacceptable such practices".

 

There is also the problem of Apple just becoming an extended arm for the government. Apple is not a security research firm for the government, so why should they be forced to spend time and money developing tools to allow the government to break into private property of their customers?

 

 

Side note: The DOJ is still trying to force Apple to work for them in other cases around the country, such as this one: The DOJ Is Still Pursuing Apple Over an iPhone in New York.

[ALwin]

1 hour ago, ShadowCaptain said:

snip

Some people just want to see the world burn. 

[ShadowCaptain]

3 minutes ago, ALwin said:

Some people just want to see the world burn. 

Maybe but I intend on living with safety and security for the rest of my life if I can help it

[ALwin]

19 minutes ago, ShadowCaptain said:

Maybe but I intend on living with safety and security for the rest of my life if I can help it

Here's how I see it.

 

The person responsible for maintaining my privacy: ME!

I don't expect corporations or any second/third party to give a crap about my privacy.  So everything I don't want people to know, I keep it in the one place that I consider most secure: inside my head.

 

As for safety and security, the only truly safe place would be a room inside a solidly built house where the walls, floors and ceilings are padded with mattresses.  The real world is always full of risks, but those risks can be minimised if you take certain precautions (e.g. wait for the crosswalk light to turn green).  You don't know what other people are thinking inside their heads, you don't know what they are planning to do.  I may walk into an airport or train station one day to travel somewhere and who knows, I may coincidentally be there at the same time that someone I don't know is planning to cause a lot of harm.  I won't be able to avoid it.  But we have the government and government agencies doing what they can to prevent such tragedies from occurring, they can't be everywhere and watch everyone.  But I have to put my faith that they are doing their best at their jobs.  Government law enforcement and intelligence agencies are neither omnipotent or omnipresence, they don't have unlimited manpower or resources.  Just like everyone else, they have to prioritise where they use their resources.  If the Middle East is troublesome right now they will shift their priority to keep an eye on the Middle East and another place like Central Africa or East Asia could become low on their list and they might miss something in those regions.  While I believe that the government and its various agencies/employees should be held accountable for their actions if they break the law, I also believe that we shouldn't be putting too many reins that hamper them from doing the job we expect them to do.

 

Terrorists are not professional soldiers of a professional army.  They have no rules of engagement or abide by any international conventions.  All they want to do is cause terror, hence the reason they are called "Terrorists".

 

When I think about security concerns, government "big brother" spying, etc. I don't think about it for the individual like myself.  I think about huge populations, what is necessary to keep the maximum number of people safe while minimising casualties as much as possible.  It's impossible to keep every single civilian from harm, so the next best thing is to do the best that can be done to minimise civilian harm.

[ShadowCaptain]

1 minute ago, ALwin said:

The person responsible for maintaining my privacy: ME!

Sadly in the modern age, if you want to DO anything, then you are NOT responsible for your privacy

I want to use the App store, I want to use Apple pay, I want to use email and whatsapp, I want to facebook my friends, etc etc maybe just online banking or messaging a client for work

That means putting information out there, and we require encryption and privacy

Unless you want to be a caveman, the sad truth is we are relying on a 3rd party to protect us, just like I rely on the goverment to protectme

that also means the goverment should have laws in place to PROTECT my data, from bad people, criminals, etc etc

Should they have access because of terrorism? I am not sure, but I dont think giving up the security of everyone else in the world is price I am willing to pay

[ALwin]

1 minute ago, ShadowCaptain said:

Sadly in the modern age, if you want to DO anything, then you are NOT responsible for your privacy

I want to use the App store, I want to use Apple pay, I want to use email and whatsapp, I want to facebook my friends, etc etc maybe just online banking or messaging a client for work

That means putting information out there, and we require encryption and privacy

Life is full of risks.  The things you mentioned might be necessary risks people need to take, in which case I expect the bank or FB or someone else not to share my information without my permission or letting me know.  However if the government finds some suspicious activity, I do expect them to investigate.  Except I know I haven't done anything wrong so the chances of them issuing a warrant to sift through my data is close to nil.  And there are already laws to protect our private data and information, they may not always be the best and may need reform and change, but there are laws.  If my bank didn't abide by those laws, I wouldn't be putting my money in their vaults.

[ShadowCaptain]

1 minute ago, ALwin said:

I know I haven't done anything wrong so the chances of them issuing a warrant to sift through my data is close to nil

Hence why a backdoor would be bad if they could just monitor whatever they wanted since they would not need access

 

If I was being investigated, I would have to give my password, I would not expect them to undermined the security of the company by hacking in

[LukeTim]

On 3/29/2016 at 1:09 AM, TechFnatic said:

Most main stream phones use very good encryption, take the iphone for example, they use AES-256 bit encryption which has  2^256 different possible keys. In other words, the average Joe isn't going to get into your smart phone, at least not easily. The govt. has supercomputers, but even with those it's very hard to break the encryption, basically you'd have to be important enough for the government to waste resources on cracking your device.

Even supercomputers can't crack AES 256.

There is not enough energy in the entire universe to go through all the different permutations of a 256 bit number.

Check out Landauer's Principle

[LAwLz]

6 hours ago, ALwin said:

Except I know I haven't done anything wrong so the chances of them issuing a warrant to sift through my data is close to nil.

Yes you have. There are thousands of laws and you are probably breaking one or more every day. Hell, the average person in the UK breaks it I think 3 times a day, without even thinking about it.

On top of that, there might be things that gets outlawed in the future. The Japanese people in the US during WW2 did nothing wrong either, and yet they got treated like criminals simply because they were Japanese. Wasn't there an article a while ago saying that if you as much as went to the Tor project's website you got flagged as suspicious and worth monitoring?

 

Also, your data is most likely being sift through all the time. There is quite a bit of talk in the big data world about predicting behavior using all of this data that's collected. It might not be a human sitting there reading everything you do, but it does get collected and analyzed.

 

6 hours ago, ALwin said:

And there are already laws to protect our private data and information, they may not always be the best and may need reform and change, but there are laws.

Maybe you didn't get the memo, but agencies like the NSA don't give a damn about the law. They operate under secrecy and therefore don't have to tell anyone what they are doing, and when they are caught nobody gets punished or in the worst cases, the law gets changed. Here is an article about an internal audit made by the NSA which found that they broke rules and court orders 2776 times within a 1 year time frame. They were not small things either. Doing things like using methods that were deemed unconstitutional by a court, or telling employees to change reports before sending them to the DOJ, removing some info and details just so that they do not give "extraneous information".

[Okjoek]

At what point do Personal Privacy and Collective Security go too far?  I agree that the authorities (FBI) indeed needed to get inside that phone. It's irresponsible for a company to believe it's above the law in terms of refusing to cooperate with a federal investigation regarding a piece of technology. If a court orders a warrant for information in a device by a brand, that brand should be 100% supporting that effort. A corporation does not decide what is right for us. If there were another terror attack and it came out that a subject on this persons phone was responsible and wasn't caught in time because of Apple's cooperation then I would be upset with them.

 

Just look what happened in Belgium after that dude was caught his friends hurriedly set their evil plan into effect. If that guy who was first caught had a phone with the needed information on it and it came out after that the authorities were unable to get into the device because of corporate stance I think they would be run out of town on a rail to put it mildly.

 

On the other hand there's the matter of fear that the government will use the skills they learn to spy on us just as the original telephone could be wire tapped. To be honest though I have nothing to hide from the government. I don't break any laws therefore I have nothing to hide. Even if I were looking at lewd pictures (hypothetically speaking) it's not like it breaks any laws in this country so IDC what the government thinks about it if they see it. I'm not going to live every waking moment in fear and paranoia that I'm being watched by the state.

 

Now I actually do use an iPhone. I like it very much and the quality product Apple sold me and I would buy another, but there's a difference between disagreeing the intent of the government and preventing them from doing their job.

[ShadowCaptain]

2 hours ago, Okjoek said:

SNIP

Apple were complying and have done in the past and they will always comply with law enforcement, asking them to crack their OS is a step too far