18
   

Should the government be able to require a "backdoor" into our phones?

 
 
Robert Gentel
 
  1  
Reply Fri 19 Feb, 2016 09:54 am
@maxdancona,
maxdancona wrote:
If I understand this correctly, Apple has plans to fix this loophole so that the government won't be able to ask them to do this the next time.


This particular weakness has already been addressed in later versions of the iPhone. Now the hardware requires user authentication to install an update. It is not merely a requirement that the code be signed by Apple, you need the user to authenticate their phone to install a software update.

But Apple is really fighting this from a precedent standpoint, not a technical standpoint.
maxdancona
 
  1  
Reply Fri 19 Feb, 2016 10:07 am
@Robert Gentel,
I don't usually cheer for Apple.

But in this case... Bravo Apple!!!
0 Replies
 
Robert Gentel
 
  1  
Reply Fri 19 Feb, 2016 10:10 am
@Lordyaswas,
Lordyaswas wrote:
I wouldn't be surprised if Apple had already supplied the FBI with the required stuff, on the condition that the public never hears about it, or indeed is led to believe that Apple are refusing to do it.


For some reason the FBI made this demand unsealed. I think they are picking this as a legal battle to win a legal precedent in public.

If the government wanted in without any of us being the wiser they could have used a secret Foreign Intelligence Surveillance Court for this and legally prevent Apple from talking about it.


Quote:
Having lived in a capital city that has been targeted and regularly bombed by various terrorists since the 1960's, I come down on the side of gaining any inside information from these bastards, including decryption, although it should always be cleared by the highest level of judicial review before such action is taken.


The issue is that by making it possible for any third party to decrypt you have created a digital master key to everyone's phones that you cannot revoke. You may want only the highest level of judicial review to have it but once this hole is built it is out there and can be used by anyone who can get the key.

Now you are relying on Apple and the government keeping a super master key secret to be safe instead of the process inherently being secure against third parties.
rosborne979
 
  1  
Reply Fri 19 Feb, 2016 10:15 am
@Lordyaswas,

This is a good link.

It seems that the FBI is not asking Apple to decrypt anything (which is virtually impossible anyway). And that's good.

The FBI is essentially asking that Apple create a special update to iOS which bypasses the "auto erase" feature of normal iOS.

This doesn't bother me as much as an order to decrypt would bother me. I do see a risk in creating special updates which bypass the security protocols of the OS, because they might escape into the wild and compromise all iPhones. But the mere fact that such an update could be created (by Apple) implies that it could also be created by a skilled hacker (and may have already happened and we don't know it). What the FBI is really doing here is asking for Apple to help them gain access to this particular device, BEFORE the device encrypts itself due to bad-password attempts.
maxdancona
 
  1  
Reply Fri 19 Feb, 2016 10:25 am
@rosborne979,
I don't see the difference Rosborne.

The FBI is asking Apple to make it possible for them to break the password using a brute force attack. The end result is that they will be able to access the encrypted data on the phone.

There is no difference between doing this and decrypting the data using any other hack, and no less danger that criminals or oppressive governments will gain access to other phones should this hack "escape into the wild".
Lordyaswas
 
  2  
Reply Fri 19 Feb, 2016 10:50 am
@Robert Gentel,
"For some reason the FBI made this demand unsealed. "

This sort of reinforces my point, no?
Apple agree, provided a mock battle ensues, that no doubt Apple will "win", thereby allowing the Company to gain massive PR kudos around the world, even though the deal had been done at the outset.



"The issue is that by making it possible for any third party to decrypt you have created a digital master key......etc...."

I see the argument and wholeheartedly support personal privacy, but I have no problem in having a mass murderer having his/her home turned over and ripped apart using a warrant, so why should organised teams of murdering fanatical bastards have protection against what would effectively be a technological warrant being served?

Robert Gentel
 
  1  
Reply Fri 19 Feb, 2016 11:31 am
@rosborne979,
rosborne979 wrote:
The FBI is essentially asking that Apple create a special update to iOS which bypasses the "auto erase" feature of normal iOS.


This feature is critical to prevent brute force decryption, so weakening it is to poke a hole in the security stack for encryption.

Quote:
This doesn't bother me as much as an order to decrypt would bother me.


It should. That feature is one of the only things that protects the encryption of the iPhone against the primary attack vector against encryption.

Quote:
I do see a risk in creating special updates which bypass the security protocols of the OS, because they might escape into the wild and compromise all iPhones. But the mere fact that such an update could be created (by Apple) implies that it could also be created by a skilled hacker (and may have already happened and we don't know it).


The part that you are missing to the puzzle is that the phone will only run the code if signed by Apple. Yes anyone can create what the government is asking for, but the phone is designed not to run said insecure code and because of this the government is trying to force Apple to write said code and sign it for them.

Quote:
What the FBI is really doing here is asking for Apple to help them gain access to this particular device, BEFORE the device encrypts itself due to bad-password attempts.


Nope, the device is already encrypted. They want to prevent their attempts to hack it from erasing the device, which is one of the few security features that prevent brute force decryption of our phones.
0 Replies
 
Robert Gentel
 
  1  
Reply Fri 19 Feb, 2016 11:38 am
@Lordyaswas,
Lordyaswas wrote:
"For some reason the FBI made this demand unsealed. "

This sort of reinforces my point, no?


To me it strongly suggests the opposite but that is obviously open to different interpretations.

Quote:
Apple agree, provided a mock battle ensues, that no doubt Apple will "win", thereby allowing the Company to gain massive PR kudos around the world, even though the deal had been done at the outset.


This doesn't look like a battle the FBI wants to lose and it is far from clear that they will.

Quote:
I see the argument and wholeheartedly support personal privacy, but I have no problem in having a mass murderer having his/her home turned over and ripped apart using a warrant, so why should organised teams of murdering fanatical bastards have protection against what would effectively be a technological warrant being served?


Because there is a way to open just one house without making a way to open all houses. This would be more like the government insisting on a digital key that can open any house any time.

It's really tough to explain concepts about encryption, it is a very complex subject that even programmers who work with it every day are mostly not experts in (my company has made software that encrypts passwords and secrets for teams to share, we understand it well enough in concept but none of us are encryption experts even as programmers who deal with encryption). I mention that because there's really no shame in not understanding it and I don't think most people involved in the debate do (which is why you see a united tech front against lawmakers etc). The people who understand it generally understand why it's obviously a bad idea, the people who want it generally do not fundamentally understand it.

Encryption is something that needs to be done right to provide the value that it does, it is designed specifically to prevent third parties to snoop on it. That is the whole point. Designing the technical stack so that any third party can snoop on it weakens it inherently.

This is not getting into one house, this is rewriting the laws on what keys you are allowed to use and insisting that every house, every car, every lock out there be allowed to be opened by a digital master key.

This is weakening the institution of house keys, not asking for one key. Weakening encryption does not merely grant access to just one person's information, it weakens security for us all. And encryption is a fundamental building block that a lot of what we take for granted is built upon.
0 Replies
 
rosborne979
 
  1  
Reply Fri 19 Feb, 2016 12:33 pm
@maxdancona,
maxdancona wrote:
The FBI is asking Apple to make it possible for them to break the password using a brute force attack. The end result is that they will be able to access the encrypted data on the phone.

Ok. I take back my lack of concern.

I didn't realize that the access passcode was the same code used to encrypt the data on the phone. I thought there was a secondary level of encryption which could be selected by the user to specifically encrypt all the data with a much longer code... but I don't see such an option (my mistake).
0 Replies
 
Finn dAbuzz
 
  1  
Reply Fri 19 Feb, 2016 12:58 pm
For every right we hold dear there is the potential for it to be abused.

I think Lordy's response to this question is particularly cogent because he is answering from the perspective of someone who has experienced the abuse personally.

This doesn't mean that the issue should be decided on this basis, but it does point out how melodramatic quotations of Ben Franklin can come across as insipid if the context Lordy adds is absent.

This is a very tough question, and anyone who has argued that "slippery slope" propositions are logical fallacies should probably recuse themselves from this discussion, especially if they come down on the side of Apple.

This single instance can probably be worked out to give the FBI what it needs without compromising privacy, but it is valid to wonder what it might lead to. The Slippery Slope.

I am someone who has an inherent distrust of people who hold and wield power and that is a fine definition of the Government. Anything that can be abused will be abused, and I always laugh when progressives declare their confidence in the integrity of government but are the absolute last ones to come to it's defense when abuses are claimed, and , in fact, generally believing the worst of it.

We have a system of government that is, in large measure, structured as a response to a proven, valid distrust of concentrated and unrestrained power. When in doubt, I will decide in concert with this wise reservation.

I believe I understand the consequences of limiting the government's access to private information and I completely understand why people who, rightly, fear those consequences might disagree with me.

Unfortunately the written histories of America that are generally present to students tend to either dismiss or focus on government abuses. Very, very few young people in this country have any idea of the abuses perpetrated by the Wilson administration (just as one example), however the people living during those years who were the victims of the abuse surely were acutely aware.

If I should become, personally, a victim of the threat that the FBI is seeking to combat, I might very well change my mind on this issue, but I don't think the change will come from intellectual consideration.

I'm not happy declaring my support of Apple, but I must.
McGentrix
 
  1  
Reply Fri 19 Feb, 2016 01:25 pm
http://imgs.xkcd.com/comics/security.png
rosborne979
 
  1  
Reply Fri 19 Feb, 2016 01:34 pm
I think this whole issue really boils down to "are people allowed to encrypt their stuff in an unbreakable way"?

I think the answer to that should be, "yes", but it should be incumbent on the user to choose an encryption which is unbreakable. We shouldn't have to rely on the FBI not to compel the decryption and we shouldn't have to rely on Apple not to put back doors in their code. We as users, should remove the option from outside hands by implementing unbreakable encryption (if we care about it enough to actually do it).
0 Replies
 
DrewDad
 
  1  
Reply Fri 19 Feb, 2016 02:20 pm
@Robert Gentel,
Robert Gentel wrote:
This particular weakness has already been addressed in later versions of the iPhone. Now the hardware requires user authentication to install an update. It is not merely a requirement that the code be signed by Apple, you need the user to authenticate their phone to install a software update.

Techdirt is reporting the opposite. Modern iPhones are still vulnerable to this.

https://www.techdirt.com/articles/20160218/10371233643/yes-backdoor-that-fbi-is-requesting-can-work-modern-iphones-too.shtml
DrewDad
 
  1  
Reply Fri 19 Feb, 2016 02:23 pm
@DrewDad,
The real weakness, here, is that Apple doesn't allow folks to create a long enough PIN code. With a long enough PIN, folks could make this brute force attack unfeasably long. (Assuming people actually took advantage of the feature, which is another issue altogether.)
Fil Albuquerque
 
  1  
Reply Fri 19 Feb, 2016 02:28 pm
@jcboy,
jcboy wrote:

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." Benjamin Franklin.


Bullseye ! /Thread.
0 Replies
 
Setanta
 
  2  
Reply Fri 19 Feb, 2016 02:50 pm
I would like to highlight what his Lordyship said, and what RG said:

Lordyaswas wrote:
. . . although it should always be cleared by the highest level of judicial review before such action is taken.


This is what the fourth amendment is about. The cops (including the FBI) cannot just come by and toss your house without a warrant, obtained by showing probable cause to a judge. Certainly the standards for alleging probable cause are loosely enough established as it is without creating the situation which RG mentioned:

Robert Gentel wrote:
Because there is a way to open just one house without making a way to open all houses. This would be more like the government insisting on a digital key that can open any house any time.


The FBI doesn't need this power, and the history of law enforcement in our country doesn't inspire confidence that such a power would never be abused. In fact, all the Feds would need to do (or any other police force) is set up a stooge to send a tendentious and ambiguous text to your phone, and then slip in their back door saying: "See, see . . . this guy is as dirty as a mud puddle."
Robert Gentel
 
  1  
Reply Fri 19 Feb, 2016 03:01 pm
@DrewDad,
Thanks I hadn't seen the retractions. It had been widely reported earlier this week and I couldn't get my head around how that could possibly work so now I have one less thing to figure out this week.
0 Replies
 
Robert Gentel
 
  1  
Reply Fri 19 Feb, 2016 03:02 pm
@DrewDad,
DrewDad wrote:
The real weakness, here, is that Apple doesn't allow folks to create a long enough PIN code.


I don't think this is an issue unless you want something like thousands of characters. How long do you want to make it? You can change the settings to use a long regular password (not sure if you know that, or want more than that) instead of a 4 digit numeric pin.
Finn dAbuzz
 
  1  
Reply Fri 19 Feb, 2016 03:04 pm
@Robert Gentel,
Whether it's true or not I've been told that a 12 digit pin is virtually impossible to hack.
Robert Gentel
 
  1  
Reply Fri 19 Feb, 2016 03:06 pm
@McGentrix,
Well this guy is dead so the wrench method won't work. The law already prohibits the police from doing that too, they can't use evidence they obtain from beating a password out of you.

They can, however force you to provide fingerprints to unlock the phone as that is not forcing you to provide a "thought" (i.e. password) to incriminate yourself. I haven't yet read it but I wonder if they had tried. You can use a dead person's fingerprints, and they surely must have tried this but alas no juicy details about the attempt (sorry this stuff is interesting to me).
0 Replies
 
 

Related Topics

Philosophy of Technology? It's Significance & Nature - Question by JustifiedReflections
Is technology killing art? - Discussion by Cyracuz
Raspberry Pi - the $5 computer - Question by ehBeth
3D M16 - Discussion by gungasnake
This could be important - Discussion by mysteryman
Norway starts thorium reactor test - Discussion by gungasnake
 
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.06 seconds on 12/22/2024 at 03:23:30