Alpha Centauri 2

Community => Recreation Commons => Topic started by: Unorthodox on February 25, 2016, 02:23:35 PM

Title: Apple vs US Government
Post by: Unorthodox on February 25, 2016, 02:23:35 PM

In case anyone hasn't heard about it: 


http://www.cnet.com/news/apple-vs-the-fbi-is-the-big-story-no-ones-talking-about-at-mobile-world-congress/ (http://www.cnet.com/news/apple-vs-the-fbi-is-the-big-story-no-ones-talking-about-at-mobile-world-congress/)

Title: Re: Apple vs US Government
Post by: ColdWizard on February 25, 2016, 06:15:19 PM

FBI should go engage in anatomically impossible physical relations with itself. Also, lose funding for the Science and Technology branch if they're going to make Apple do their work for them.

Title: Re: Apple vs US Government
Post by: Unorthodox on February 25, 2016, 06:41:26 PM

In all honesty, I've only barely paid any attention to this, so honest question: 

Apple has cracked a number of phones based on the court orders in the past.  Why the sudden change of heart?  What's different this time? 

Title: Re: Apple vs US Government
Post by: ColdWizard on February 25, 2016, 07:45:59 PM

It's Apple, so I assume PR is in the mix. Also possible that they think the government is overstepping now.

Title: Re: Apple vs US Government
Post by: Rusty Edge on February 25, 2016, 08:58:04 PM

I don't claim to be informed on the subject.

My political bias says that if anyone is doing something wrong, surely the police can find a judge to specifically authorize the necessary invasion of privacy.

I think there's something more practical in play.

As younger generations are increasingly intermeshed with  their cell phones, iWallets, online banking, and whatnot, - the greatest potential for terrorism and crime increases with each and every gov. mandated back back door into these phones. To virtually deprive generations of their wealth, data, and identity ( to say nothing of their apps and games) in one fell swoop would devastate them more than a plane crash. That would be rather traumatic and paralyzing.

Title: Re: Apple vs US Government
Post by: Unorthodox on February 25, 2016, 09:18:16 PM

Quote from: Rusty Edge on February 25, 2016, 08:58:04 PM

I don't claim to be informed on the subject.

My political bias says that if anyone is doing something wrong, surely the police can find a judge to specifically authorize the necessary invasion of privacy.

I'm confused whether the FBI has asked Apple to crack this one device in question, or provide them with a code that will crack any device they like in the future. 

I have no qualms about the former, and tons over the latter. 

Title: Re: Apple vs US Government
Post by: Buster's Uncle on February 25, 2016, 09:36:23 PM

Have they bothered to just get a court order/warrant?  I've been ignoring headlines about this for days.

Title: Re: Apple vs US Government
Post by: Rusty Edge on February 25, 2016, 10:47:52 PM

Quote from: Unorthodox on February 25, 2016, 09:18:16 PM

Quote from: Rusty Edge on February 25, 2016, 08:58:04 PM

I don't claim to be informed on the subject.

My political bias says that if anyone is doing something wrong, surely the police can find a judge to specifically authorize the necessary invasion of privacy.

I'm confused whether the FBI has asked Apple to crack this one device in question, or provide them with a code that will crack any device they like in the future. 

I have no qualms about the former, and tons over the latter.

Well, maybe it's time I did some digging & reading, but the minute's worth of tv coverage  I saw  suggested that from Apple's perspective it was about building a breach in the firewall of all phones.

Title: Re: Apple vs US Government
Post by: Rusty Edge on February 25, 2016, 11:06:09 PM

I just read the feature article. As the title indicates, nobody much wants to go on record with an opinion.That seemed well written to me. I figure the FBI and Apple lawyers are biased and probably spinning it, so here are quotes from Samsung and LG execs, who should understand the issue.

SAMSUNG-
"DJ Koh, Samsung's new head of mobile, told The Wall Street Journal this week that "privacy was 'the top of the top' as far as priorities go." A spokesman, who didn't want to comment directly about the Apple case, added that Samsung assists law enforcement when required by the law but believes a legally mandated backdoor into a device would hurt customer trust."

HUAWEI-

"Huawei's vice president of external affairs, Bill Plummer, noted that his company is against a backdoor. The Chinese handset maker works within the legal environments of each local market to "balance safeguarding society and ensuring privacy," Plummer said.

LG-
"And Ramchan Woo, the man behind LG's flagship G5 phone, which was unveiled at MWC, said the South Korean company "cannot make backdoors. It's not the LG way."

************************************************

Scroll down, the next article is worth a read, too.


Apple said to be working on unhackable iPhone

Stronger encryption might be aimed at heading off the next battle with the US government over gaining access to iPhones.


"The development appears to be a salvo in the war of words between the FBI and Apple, which has declined to modify its iOS software so the government can skirt security on an iPhone 5C tied to the December massacre in San Bernardino, California, which left 14 dead and 22 injured.

Earlier this month, a federal judge granted a request by the FBI to force Apple to disable the auto-erase function that kicks in when too many erroneous lock screen passcodes are entered into the phone. The FBI hopes the phone's contents will reveal more about the terrorists' activities leading up to the attack. But Apple and CEO Tim Cook, which had been helping with the investigation, say the government's request goes too far and would essentially create a backdoor or master key to millions of iPhones."

Title: Re: Apple vs US Government
Post by: Rusty Edge on February 26, 2016, 12:52:29 AM

I saw some more tv news on it.

Essentially, the FBI and the court want Apple to give them a back door. I suppose they see it as something like TSA luggage locks.

Apple wants to put security on the next generation that only the owner can breach, not even Apple.

Some say this is for Congress to decide. Some say this is dictating that a manufacture produce an inferior/ less safe product, just to make the gov.'s job easier.

I'm not sure what the proper analogy is. Outlawing the safer puncture resistant and self-repairing tires because it makes it harder for police to disable cars that have  them?

Title: Re: Apple vs US Government
Post by: Buster's Uncle on February 26, 2016, 01:05:47 AM

I like to say that the gub'ment is more dangerous to me than Bin Laden - the same principal applies here, and I shouldn't have to explain that to any libertarian.

Title: Re: Apple vs US Government
Post by: DrazharLn on February 26, 2016, 02:31:02 PM

Quote from: Unorthodox on February 25, 2016, 09:18:16 PM

I'm confused whether the FBI has asked Apple to crack this one device in question, or provide them with a code that will crack any device they like in the future. 

I have no qualms about the former, and tons over the latter. 

From the FBI press release I read, it looked like they're asking for a crack valid for this one device and the change they want is to stop the phone self destructing (wiping itself) on incorrect pass-code guesses.

I don't know whether I agree in principle to the state having permission to read devices, given a court order. I'm definitely against mass surveillance, and I'm against secret court orders except with strong supervision, but a public and appropriately targetted court order is a different beast - one I might be inclined to support in principle.

Communication methods have changed and catching sophisticated criminals will be harder than when people had to meet in person or send trusted messengers to communicate, or when they used tappable phones. In the past, monitoring was curtailed by the expense. Right now, mass surveillance is far too cheap, but technology can swing the pendulum back the other way.

In extreme circumstances, when there's clear risk to the public, I think it's appropriate that the police can perform some well-targetted surveillance and data gathering. I'm not sure how one builds the right infrastructure to stop abuse, though.

Title: Re: Apple vs US Government
Post by: Rusty Edge on February 26, 2016, 05:12:31 PM

Quote from: DrazharLn on February 26, 2016, 02:31:02 PM

From the FBI press release I read, it looked like they're asking for a crack valid for this one device and the change they want is to stop the phone self destructing (wiping itself) on incorrect pass-code guesses.

I'm still trying to get past the spin. Well, it seems obvious that the administration now believes that the California killings were  an act of terrorism, rather than senseless gun violence, doesn't it?

Well as near as I can tell today, they aren't giving the phone to Apple and asking for their help in "opening it", they are demanding a "key", and since this "lock" is standard equipment, the requested key would necessarily be a "pass key", which could be used on any apple phone with this lock.   

Does anybody believe that the FBI will then destroy the pass key? Or only use it only under court order? Or keep it as secure as a launch code?  Something like that would be worth a fortune, not that anybody who knew where it was could make a copy.

Or will they keep it just for emergencies?
You know, Counter Terrorism, Counter Espionage, Arms trafficking, The War on Drugs...

But what about the next administration? Or the one after that? What sort of dire national crisis would constitute an emergency? Apprehending and deporting every illegal alien? I don't think it could be possible without some serious surveillance muscle. Could they keep us all safe by monitoring ever Muslim in America?

What is Apple's problem anyway? Obviously this is a necessity. If you're not doing anything wrong, why do you need privacy?

Somebody insert the appropriate ACII leader head, please.

Title: Re: Apple vs US Government
Post by: DrazharLn on February 26, 2016, 08:07:35 PM

My understanding is that they're looking for an altered version of the firmware, signed by apple, valid for this device only (technically simple enough).

Title: Re: Apple vs US Government
Post by: Lord Avalon on February 26, 2016, 11:39:54 PM

"Technically simple enough"??? To create a crack that loads onto the phone without the PIN, disables the limit on how many times the PIN can be entered, so the feds can brute force it??? Uh-huh, sure.

I think the feds are overreaching, and the judge was a techno-idiot for allowing it. I'm no Apple fanboi, but I hope they win. I'm not convinced this would be a one-time thing. Also, I don't think the government should be allowed to make a company take resources away from their normal business to do its bidding, which is also detrimental to their business. Can't the NSA do this?

Title: Re: Apple vs US Government
Post by: DrazharLn on February 27, 2016, 04:32:00 PM

Technical feasibility:

The FBI want a custom firmware for the iPhone that lets them try the PIN code as many times as they like - letting them brute force the phone.

They have physical access to the device, but can't load firmware of their own onto it (even if they could write their own patch) because the iPhone will only trust firmware updates if they're signed by apple.

So, apple could, if they liked, mod their current firmware to remove the PIN code attempt limit, but only on phones were IMEI=blah, for example. They then sign the code and give it to the FBI. The FBI can now load this code onto any iPhone they like, but it will only produce different behaviour for the target device.

The FBI can't change the firmware they get because if they do, the signature won't match and no phone will load it.

If IMEI numbers are stored in vulnerable storage, apple could choose a better unique identifier and/or push an update to all the other phones blacklisting the firmware update that they sent to the FBI.

Technically, this can be done in a limited way. The slippery slope comes from judicial/cultural precedent rather than technical vulnerability.

Title: Re: Apple vs US Government
Post by: Rusty Edge on February 27, 2016, 06:04:00 PM

Quote from: DrazharLn on February 27, 2016, 04:32:00 PM

Technical feasibility:

The FBI want a custom firmware for the iPhone that lets them try the PIN code as many times as they like - letting them brute force the phone.

They have physical access to the device, but can't load firmware of their own onto it (even if they could write their own patch) because the iPhone will only trust firmware updates if they're signed by apple.

So, apple could, if they liked, mod their current firmware to remove the PIN code attempt limit, but only on phones were IMEI=blah, for example. They then sign the code and give it to the FBI. The FBI can now load this code onto any iPhone they like, but it will only produce different behaviour for the target device.

The FBI can't change the firmware they get because if they do, the signature won't match and no phone will load it.

If IMEI numbers are stored in vulnerable storage, apple could choose a better unique identifier and/or push an update to all the other phones blacklisting the firmware update that they sent to the FBI.

Technically, this can be done in a limited way. The slippery slope comes from judicial/cultural precedent rather than technical vulnerability.

Thank you for this explanation.

Title: Re: Apple vs US Government
Post by: DrazharLn on February 27, 2016, 10:21:02 PM

You're welcome :)

Title: Re: Apple vs US Government
Post by: binTravkin on February 29, 2016, 05:24:48 PM

There are quite a few good explanations on the Web on what is going on in this case.

Here are key points.
Q: Why has Apple done this in past but not now?

A1: New system. Strong encryption and borderline unhackable. The phone decides itself whether it wants to trust someone. Even Apple does not have "full access"to it unless they specially code such (and that's one of the things FBI is requesting).
A2: FBI screwed up. Apple can use an iCloud backup and get data out of that. For that to happen, Phone has to have original Apple ID and be connected to "trusted network" (like user's home WiFi). FBI blew both of those like a bunch of people from 20th century with no idea about security or phones.


Q: What does FBI request Apple to do?

A: To make iPhone hackable again. In short, the root of the debate as a whole is - "is strong encryption legal". FBI thinks it shouldn't although they are not explicitly saying it (I guess).

In short, FBI are acting like monkeys in porcelain shop.
They don't know what they are doing with what they have - blew both necessary technical parts that they could use.
They don't realize the super steep slippery slope that is guaranteed to happen (see RIM vs Saudi Arabia encryption case, others) if history is any measure.
They are using a super vague legal ground for it, which is probably long overdue for rehaul/stripping from U.S. legal code - the All Writs Act. This is another slippery slope all by itself.

And the best.
They are (purportedly) doing this because "there may be data on the iPhone which would help the investigation".
May. If not deleted, not never written down to it, not obtained already in other ways (e.g. calls are already available from operators) and not encrypted with additional keys which are outside of Apple's possibilities.