Impressed Apple vs the FBI

[Job]

I have every grasp of the end game of encryption, it will all start to fall about very soon, allready the GSM encryption is close to being hacked...what next...GPS?
Then payment terminals, it can be done now...in 20 years your phone could probably do it...move on to quantum encryption, maybe unbreakable...probably not, we will just chase ourselves into bottomless pit and the more we rely on secrecy, the more suspicious we will be.

 

[Deebs]

As you say Apples response is carefully worded with no outright statement that it's 100% not technically possible, just that they can't bypass the current iOS version. The current theory is that the FBI request is also worded in a very particular way suggesting they know Apple won't & can't bypass the protection as it stands but instead are asking for Apple to install a customer firmware / boot loader / iOS to get around it. Legally the former would get rejected by a judge in court but the latter can still be argued.

I know what the FBI are asking but if Apple cave in this once, what happens when the next request and the one after that comes?

After the 5C Apple installed a secure enclave which makes it even more difficult to bypass and I bet that Tim has called his Senior Engineers into a room and said "Design me something that no one can get into even with a court order" for the next iPhone.

 

[Scouse]

I have every grasp of the end game of encryption.........what next...GPS?.

You're a babbling raving maniac who has no idea what he's talking about. You're the Mystic Meg travelling snake oil homeopathic salesman of encryption.

Example: GPS? Why would GPS be encrypted? The whole point of GPS is that it isn't encrypted and that anything can pick it up and read it easily.

Stop reading whatever whack-job websites you're reading m8. They're turning you into a tool.

 

[Ormorof]

The tin foil hatter in me says all this bluster (and quiet from other manufacturers) is to cover up the fact there already is a backdoor into most systems

 

[Job]

You're a babbling raving maniac who has no idea what he's talking about. You're the Mystic Meg travelling snake oil homeopathic salesman of encryption.

Example: GPS? Why would GPS be encrypted? The whole point of GPS is that it isn't encrypted and that anything can pick it up and read it easily.

Stop reading whatever whack-job websites you're reading m8. They're turning you into a tool.

Duh Scouse...of course GPS is encrypted...not the position signals, the upload links to the sats...if someone hacks them they can take over the entire network from anywhere...well not strictly true, because they only talk to home when over the states, but I'm sure it's doable.

 

[Scouse]

/tinfoil

 

[Wij]

It's nothing to do with the encryption so the 'backdoor for one == backdoor for all' argument is irrelevant here. The Reg had a good explainer but I'll summarise.

They asked Apple to allow them a means of going through all 10,000 PIN combinations without the device delaying them or wiping the device due to too many retries.

Because the device is a 5C and not a more modern iPhone Apple could do this by uploading a new (unique to the phone if necessary) version of iOS, via USB, that has no restrictions on PIN attempts. On the 5C these restrictions are implemented in iOS. In more modern iPhones these restrictions are implemented in a special doohicky in the phone that can't be tampered with so this would not be possible.

So, no backdoor, and it's not something that could be used in future without Apple doing it again, and it would only give a bad name to Apple's older phones. On the other hand Apple doesn't want to set a precedent and wants customers' trust.

 

[Gwadien]

John McAfee offers to unlock killer's iPhone for FBI - BBC News

lololololol

Why say anything? - All he's doing now is splitting his customers in half.

 

[Shagrat]

John McAfee offers to unlock killer's iPhone for FBI - BBC News

lololololol

Why say anything? - All he's doing now is splitting his customers in half.

the blokes a loon, that's why.

 

[Job]

Apple is in a very dodgy place here, you think the FBI are going to put their hands up and say 'they got principles'.
Anyone selling encryption is a borderline traitor if they don't hand over the keys.

 

[Gwadien]

Apple is in a very dodgy place here, you think the FBI are going to put their hands up and say 'they got principles'.
Anyone selling encryption is a borderline traitor if they don't hand over the keys.

Absolutely completely wrong.

It's America.

Private companies > The Government - In theory.

 

[Job]

Not when it comes to National security.

 

[Scouse]

Anyone selling encryption is a borderline traitor if they don't hand over the keys.

Apple don't have the keys.

That's how you do strong security. If you weren't an encryption luddite then you'd understand that. But you are, you know nothing about the subject you're dishing out judgements on - which renders your waffle utterly meaningless.

 

[Job]

Well yes I have wandered off the actual position in the Apple case which is simply an OS problem with repeat pin entries.
But my point remains the same that any blockage of FBI attempts to find info will not go down well, and I'm sure they believe Apple could crack the phone if they really wanted to.

 

[Moriath]

The government is way too powerful and even if apple had the keys itwould be betrayal of privacy. Fine line but i am on the majority over the minority or crims in this case.

 

[SilverHood]

Apple is in a very dodgy place here, you think the FBI are going to put their hands up and say 'they got principles'.
Anyone selling encryption is a borderline traitor if they don't hand over the keys.

They don't have the keys. They have been asked to provide a new operating system, which comes built with a backdoor, so that the FBI can bypass the inherent security of the iPhone. The software does not need to leave Apple HQ. The question that needs to be asked is then: "Where does it end?". A court order? When I worked at a web hosting company, our rule was "if the Sun can publish it, we can host it". If you didn't like it, get a court order, and we'd gladly take it down.

So lets assume that Apple customers would know that in the case of a criminal investigation, their phone security would be bypassed... would it make a difference in the number of iphone users? Unlikely. If it was a company like PGP being asked to bypass their own security, then it would be a whole other ballgame. I don't expect my android phone to be secure in the case of a government investigation. Not sure why Apple customers would except otherwise

 

[Job]

It"d a court order...game over, and the judge accused Apple of putting their marketing before criminal investigation...though now Apple are claiming the password was changed after the phone was seized...which is confusing me.

 

[Gwadien]

I'm fairly sure the FBI have tapped into these peoples phones anyway, but done it unethically, ie tapped into calls etc so they want to hack the phones so they can say look we got proof legitimately.

If I were a wealthy individual texting and messaging trade secrets or personal information, and then I bought an iPhone for this exact purpose, and it was known for top dog security, just for Apple to say 'Oh, the Government have made us release an update where you're hackable' I'd be pissed, at the Government, not at Apple.

People need to stop looking at an individual event, and think 'yeah that warrants a total overhaul of security for the benefit of Government bodies.' A little bit of tinfoil hattery is not a bad things.

 

[Embattle]

Although probably unpopular with the majority I personally favour a master key, although with considerable legal and security underpinnings.

 

[Gwadien]

Although probably unpopular with the majority I personally favour a master key, although with considerable legal and security underpinnings.

Again, can of worms.

'Considerable legal and security underpinnings'

It's more like 'QQ Apple, why won't you let us illegally hack into peoples private property?!'

 

[Scouse]

Although probably unpopular with the majority I personally favour a master key, although with considerable legal and security underpinnings.

Again, you don't understand how a lot of encryption works if you think this.

But to humour you - if a "master" key was present then that master key is hackable and open to compromise - therefore lowering the security available to everyone and everything.

So the question would be (based on this hypothetical and non-existent situation), is a criminal investigation into a single person and a single event worth potentially compromising the security of billions? Especially since serious criminals will simply stop using that encryption and use their own.

I.E. And to be quite clear to all: Compromise encryption and the *only* possible victims are the innocent. Competent criminals will simply use something else.


Edit: And to tin-foil hat for a moment to make @Gwadien happy: Governments know exactly that. So why would they still push for it if they know that? Incompetence or subterfuge are the only two explanations, and I don't believe that they're incompetent.

 

[Embattle]

Please not this can of worms argument again, it is something that could be said about nearly everything no matter which option you choose.

I'm looking at the practical realities of the situation in the modern world, I know the security services have/can over step the mark but I also know they do play a vital role in our own security.

So here is a fuzzy rough outline of what I would propose regarding keys/process, the first thing to realise is that no government organisation has any direct access to them. In essence if a government body wants access then it would be much like search warrant requests etc it in essence requires a certain level of judiciary oversight, if it was granted the requesting party gives the device over to the relevant technology company who then unlock or aid them with the whole system being very secure and very private.

Late additions to Scouse: A lot of us humour your replies on these boards all the time.

Also I do know that master keys went out of encryption a while ago due to security issues, perhaps a wrong word but in essence a process should exist to enable access when given the authority to do so.

This whole actual case isn't even asking to break that encryption but rather to give the FBI the ability to brute force the phone.

You are rather stupid to somehow claim that it wouldn't capture any one, either way it removes another ability for them to use to avoid detection/incrimination and I suspect the services are hoping it moves it back to more easily detectable methods.

 

[Gwadien]

Please not this can of worms argument again, it is something that could be said about nearly everything no matter which option you choose.

I'm looking at the practical realities of the situation in the modern world, I know the security services have/can over step the mark but I also know they do play a vital role in our own security.

So here is a fuzzy rough outline of what I would propose regarding keys/process, the first thing to realise is that no government organisation has any direct access to them. In essence if a government body wants access then it would be much like search warrant requests etc it in essence requires a certain level of judiciary oversight, if it was granted the requesting party gives the device over to the relevant technology company who then unlock or aid them with the whole system being very secure and very private.

Late addition to Scouse: A lot of us humour your replies on these boards all the time.

Okay then.

To humour you a little bit more.

Why does it take a Terrorist for the FBI to ask Apple to do this?

Why didn't they use a standard murderer/paedophile etc? They could easily uncover loads of paedophile rings etc.

 

[Scouse]

I'm looking at the practical realities of the situation in the modern world

But you're not. Demonstrably so.

You've ignored the fact that most encryption doesn't have "keys" that people have access to. So how are you supposed to have a "master key" that you can turn over to the authorities?

That is the "practical reality" of encryption and it doesn't fit with what you're proposing. And I'm saying that even if it did - it'd be futile and pointless anyway.


I took and treated your argument very seriously Emb m8. Have you a counter-argument that addresses those inconvenient realities?

 

[Gwadien]

But you're not. Demonstrably so.

You've ignored the fact that most encryption doesn't have "keys" that people have access to. So how are you supposed to have a "master key" that you can turn over to the authorities?

That is the "practical reality" of encryption and it doesn't fit with what you're proposing. And I'm saying that even if it did - it'd be futile and pointless anyway.


I took and treated your argument very seriously Emb m8. Have you a counter-argument that addresses those inconvenient realities?

Well to be fair, Apple can easily release a release which complies which what the FBI want - surely.

But that brings in the argument I made earlier, that goes against the principles of why people may have bought their product.

I'm pretty sure it'll turn into a People > Apple > Government courtcase.

 

[Embattle]

Okay then.

To humour you a little bit more.

Why does it take a Terrorist for the FBI to ask Apple to do this?

Why didn't they use a standard murderer/paedophile etc? They could easily uncover loads of paedophile rings etc.

No idea, it probably didn't occur to them right away to do it and I suspect this is them finally testing the water although it is likely to be highly limited due to hardware being used in this case.

I'm pretty sure it'll turn into a People > Apple > Government courtcase.

At the moment in America that may well be true.

I took and treated your argument very seriously Emb m8. Have you a counter-argument that addresses those inconvenient realities?

See additional parts to previous post.

 

[Gwadien]

No idea, it probably didn't occur to them right away to do it and I suspect this is them finally testing the water although it is likely to be highly limited due to hardware being used in this case.



At the moment in America that may well be true.



See additional parts to previous post.

Right, so you're implying that this is the first time that they've ever come across an iPhone which they can't access?

If it were a stand alone law which stated 'We should be able to access EVERYONES phones for national security' I'd have time and respect for it.

But since it's been portrayed as 'Look, we need to access this terrorists phone so we can stop more terrorists' It's just hard to swallow.

 

[Embattle]

Right, so you're implying that this is the first time that they've ever come across an iPhone which they can't access?

Nope.

 

[Gwadien]

Nope.

So then why wouldn't they have asked in the past?

 

[Embattle]

So then why wouldn't they have asked in the past?

I suspect either they gained access another way or, besides what Scouse may think, the terrorists left easier trails.