Quote:
[/QUOTE] |
I understand perfectly how keys and encryption works (just to clarify such things ...), but I simply don't believe that Apple actually engineered a system such that they could not "clone" a non-working phone into a replacement device. And this necessarily means extracting the data from the phone. Also, although I've never opened-up the case of such a thing, on many phones the memory is more or less removable.
Presumably, the key-file is still in there: it might well be encrypted by a passcode, but the OS still has to be able to verify the code and use it to decrypt the data. These are things that government engineers would know. Apple certainly can make the data "unrecoverable" to the casual thief, but if this seriously stymies FBI, and/or the other three-letter agencies that FBI can call upon, then I want to know why my tax-dollars are being wasted. :) I'm sure that it doesn't, and that it never did. |
Quote:
Also, I don't buy your original argument of hitting it a little more personally. In general, if there's a way to hand over the government data related to an incident then it should be handed over. However, purposefully weakening future security is not only unethical it puts more people at risk. Here's a summary of what has been argued so far as I see it within this thread and beyond.
Beyond that there's also the recent attack on the iPhone of which the FBI has yet to release any details. They're not likely to either. An attack which is supposedly safe enough that the FBI used it without harming existing data and with limited risk. I stand by my earlier statement that purposefully weakening encryption and security is unethical. However, if there's a known vulnerability which can get law enforcement the data they need... then exploit said vulnerability and do a re-design or patch to make it no longer possible. |
US pushes Apple for access to iPhones in criminal cases
"The US Department of Justice has said it will pursue its request for Apple to help unlock an iPhone that is part of a drugs case in New York."
http://www.bbc.com/news/technology-35996566 |
Reality is that everyone has always known that there was nothing on that phone. Just as everyone knew from the start that there were no WMDs in Iraq. There were people who might have thought or pretended they didn't, but they actually did.
(And if you actually didn't, then that's not something to admit in public). http://www.cbsnews.com/news/source-n...ardino-iphone/ |
Quote:
|
Are you freaking kidding me? In dugan's link, FBI Director actually admitted intentionally not disclosing the vulnerability so Apple doesn't fix it.
Quote:
|
Quote:
|
I expect that everyone, at this point, is looking to save face ... both with the public and with the Federal Court.
As I've said before (and most recently in this blog post, I don't see in this "a government conspiracy to drill a hole through all civilian encryption, to require secret (sic ...) back doors, and to impose a duty upon the vendors of electronic products to furnish on-demand a plaintext copy of any encrypted data that the device owner might have stored." I also do not believe that the government is asking, or Constitutionally can ask for, "a way to transform the security of the device into an illusion." The rights of government are set forth in the second half of the Fourth Amendment, but the rights of citizens, as set forth in the first half, remain. The government can't ask you to remove the lock from your front door, and they can't demand that you stop posting letters in envelopes. If the Constitution says that "The right of the people to be secure [...] shall not be violated," then it follows that they are entitled to be "at least as secure as they think they are, and not to be deceived in this." In other words, I don't think that the sky is actually falling. This is a two-way street, and both sides have Constitutional protection. At the same time that citizens have a Constitutionally protected right to privacy, the government also has a Constitutionally protected(!), albeit tightly constrained, right to search and seize. Law-enforcement agencies, and the Court, do(es) have the right to compel the production of evidence. and to conduct limited searches "whether you like it or not," as an intrinsic part of their public duty to solve and punish crimes. Therefore, in my view, it isn't wrong to ask ... or to compel, if need be ... the vendor of a device to provide technical assistance to law enforcement to the full extent that they can do so. This does not mean that "you provide the citizen with a set of 'the Emperor's clothes,' and decline to tell him that his derriere is 'in the air.'" If you are "searching" and/or "seizing," then the party in question has the legal right to know. I think that it's high time that the parties on both sides realize that they cannot accomplish anything by camping-out on one extreme or the other. Instead, they must work together to find what is the middle ground. "Yes, you have a valid, Constitutionally-ordained point. But, so do I." There are computers to be developed and sold, there is a law-abiding public whose privacy must be upheld, and there is a gruesome crime to be solved. The only way to accomplish all three lawful aims is: "somewhere in the middle ground." And, it's up to both of you to find it, so that everyone can stop wasting public time and money, and get on with their work. |
Quote:
Providing readily readable files means one of three things -- back door, collect keys in a central place so the government can demand them, or cripple encryption so that the FBI or local constabulary can break it easily. Next would be to ban the possession of strong encryption tools. |
I wonder when the new Clipper Chip is to be announced? ;)
|
Quote:
|
Quote:
Basically, an encryption device made by the NSA with a built-in backdoor. |
Quote:
Yes, the Government has the right to regulate Interstate commerce, imports and exports. But, people also have a guaranteed right to privacy if they did not murder fifteen people. Also, we have this new thingy called "the Internet," which allows data to be sent anywhere (and which dynamically routes that data). The Internet would be rendered useless if people could not encrypt what passes through it. Personal computers etc. would also be rendered fairly useless if people could not encrypt what is stored on them. We cannot have "commerce," in our modern world, without (strong) encryption. All of this is known. An "extreme" position is similar to this analogy: Quote:
I prefer to adopt a much narrower interpretation of what is being asked-for here, and not to see it as a bellwether of "the end of encryption as we know it." A very violent and gruesome criminal act was committed, and the FBI's public duty is to figure out what happened, so as to prevent it from happening again. It is within their prerogatives to seize and to search evidence. Apple's duty to assist, IMHO, begins and ends with extracting the data from the device and with providing full technical details as to how it was protected, cooperating with the Federal agents (who are law-enforcement officers, not programmers). I do not choose to interpret this mandate so strictly as to say that the vendor must circumvent the key and render it moot: if subsequently there is now a job for government code-breakers, so be it. (it is in fact quite sensible that this would be a next step.) But, a Federal agent does not have to wear-out his fingers, and the Agency does not have to risk the evidence being destroyed by a mechanism meant to stymie a bathroom thief. There is a middle-ground here, upon which the sky is not in danger of falling. Neither party can reasonably say, "the US Constitution trumps 'my' viewpoint over 'yours,'" because it very clearly doesn't. The two-part Fourth Amendment guarantees(!) both at the same time. I also think that it's important for both sides to be publicly saying this, and to be working together with reasonable and expeditious cooperation. There's a murder to be solved here, and it isn't going to be the last one. Criminals will continue to possess and to use our wondrous electronic gadgets, and it is not our public purpose to give them an impregnable hiding-place! So, "given that a middle-ground position exists, what and where should it be, and why? What is the most appropriate compromise?" That is the discussion that we need to be having right now, with both sides represented. The US Congress will act ... is already working on a new Act ... to legally define that "middle ground," and we'd better have our hand in now, guiding what the new legislation says. If we instead are truculent, we're gonna get what we get ... and deserve it. :eek: - - - - - It would be even better if Apple would publicly disclose :hattip: the mechanisms by which data can be extracted from an iPhone, and the details of how the data is protected, to one and all, in the spirit of "no 'security through obscurity.'" (Why not disclose "the source-code" to this?) If their mechanism has been properly designed ... and I presume that it has ... then there really should be no secret of "how it works." Corporately, Apple could publish a policy of exactly how and under what circumstances (law-enforcement and otherwise) it will extract and furnish the data that is on a device made by them. If their system is well-made, this will not compromise a customer's interests, and will further affirm that their interests really are being protected by Apple's technology. All other vendors should follow suit. "No security by obscurity ... no security by obscurity ... the mechanisms are not secret, but your data is, and this statement is available for peer review." |
Quote:
Yes, the Government has the right to regulate Interstate commerce, imports and exports. But, people also have a guaranteed right to privacy if they did not murder fifteen people. Also, we have this new thingy called "the Internet," which allows data to be sent anywhere (and which dynamically routes that data). The Internet would be rendered useless if people could not encrypt what passes through it. Personal computers etc. would also be rendered fairly useless if people could not encrypt what is stored on them. All of this is known. An "extreme" position is similar to this analogy: Quote:
I prefer to adopt a much narrower interpretation of what is being asked-for here, and not to see it as a bellwether of "the end of encryption as we know it." A very violent and gruesome criminal act was committed, and the FBI's public duty is to figure out what happened, so as to prevent it from happening again. It is within their prerogatives to seize and to search evidence. Apple's duty to assist, IMHO, begins and ends with extracting the data from the device and with providing full technical details as to how it was protected, cooperating with the Federal agents (who are law-enforcement officers, not programmers). I do not choose to interpret this mandate so strictly as to say that the vendor must circumvent the key and render it moot: if subsequently there is now a job for government code-breakers, so be it. (it is in fact quite sensible that this would be a next step.) But, a Federal agent does not have to wear-out his fingers, and the Agency does not have to risk the evidence being destroyed by a mechanism meant to stymie a bathroom thief. There is a middle-ground here, upon which the sky is not in danger of falling. Neither party can reasonably say, "the US Constitution trumps 'my' viewpoint over 'yours,'" because it very clearly doesn't. I also think that it's important for both sides to be publicly saying this, and to be working together with reasonable and expeditious cooperation. There's a murder to be solved here, and it isn't going to be the last one. Criminals will continue to possess and to use our wondrous electronic gadgets, and it is not our public purpose to give them an impregnable hiding-place! So, "given that a middle-ground position exists, what and where should it be, and why? What is the most appropriate compromise?" The US Congress will act ... is already working on a new Act ... to legally define that "middle ground," and we'd better have our hand in now, guiding what the new legislation says. If we instead are truculent, we're gonna get what we get ... and deserve it. :eek: - - - - - It would be even better if Apple would publicly disclose :hattip: the mechanisms by which data can be extracted from an iPhone, and the details of how the data is protected, to one and all, in the spirit of "no 'security through obscurity.'" (Why not publish "the source code," for peer review?) If their mechanism has been properly designed ... and I presume that it has ... then there really should be no secret of "how it works." Corporately, Apple could publish a policy of exactly how and under what circumstances (law-enforcement and otherwise) it will extract and furnish the data that is on a device made by them. If their system is well-made, this will not compromise a customer's interests, and will further affirm that (and, exactly how) their interests are being protected by Apple's technology. All other vendors should follow suit. "No security by obscurity ... no security by obscurity ... the mechanisms are not secret, but your data is, and we welcome and facilitate peer-review to prove it." |
All times are GMT -5. The time now is 11:56 AM. |