Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Sunday October 14 2018, @12:21PM   Printer-friendly
from the I-aint-checkin-all-those-links-buster dept.

Apple argues stronger encryption will thwart criminals in letter to Australian government

Apple has long been a proponent for strong on-device encryption, most notably for its iPhones and the iOS operating system. This has often frustrated law enforcement agencies both in the US and overseas, many of which claim the company's encryption tools and policies are letting criminals avoid capture by masking communications and securing data from the hands of investigators.

Now, in a letter to the Australian government, Apple says it thinks encryption is in fact a benefit and public good that will only strength our protections against cyberattacks and terrorism. In Apple's eyes, encryption makes everyone's devices harder to hack and less vulnerable to take-overs, viruses, and other malicious attacks that could undermine personal and corporate security, as well as public infrastructure and services. Apple is specifically responding to the Australian Parliament's Assistance and Access Bill, which was introduced late last month and is designed to help the government more easily access the devices and data of criminals during active investigations.

Letter here (#53), or at Scribd and DocumentCloud.

Also at Ars Technica, Engadget, 9to5Mac, and AppleInsider.

Police told to avoid looking at recent iPhones to avoid lockouts

Police have yet to completely wrap their heads around modern iPhones like the X and XS, and that's clearer than ever thanks to a leak. Motherboard has obtained a presentation slide from forensics company Elcomsoft telling law enforcement to avoid looking at iPhones with Face ID. If they gaze at it too many times (five), the company said, they risk being locked out much like Apple's Craig Federighi was during the iPhone X launch event. They'd then have to enter a passcode that they likely can't obtain under the US Constitution's Fifth Amendment, which protects suspects from having to provide self-incriminating testimony.

Also at 9to5Mac.

Related:


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by bzipitidoo on Sunday October 14 2018, @01:13PM (10 children)

    by bzipitidoo (4388) on Sunday October 14 2018, @01:13PM (#748595) Journal

    I really do not like the practice of locking an account or device after a mere 10 or 5 attempts. It shouldn't be done at all. Slow it down, sure, maybe add a 3 second delay between attempts, but don't completely lock the user out. Or, if they must have lock out, make the trigger a minimum of 100 attempts. Seen too many legit users locked out by this so called security measure. It's a great attack point for a Denial of Service attempt.

    Lock out implies a lack of confidence in the verification method. Is it so easy for the wrong face to gain access the phone? It shouldn't be.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 4, Insightful) by sjames on Sunday October 14 2018, @01:42PM (7 children)

    by sjames (2882) on Sunday October 14 2018, @01:42PM (#748602) Journal

    It's not a total lockout, it just requires the password rather than the face ID. No authentication scheme can withstand infinite tries. There has to be a lockout at some point.

    Of course, all of this is only confusion because the courts are using sophistry in an attempt to get around the fifth. If police can't force you to grant access to your phone with a password, there is no rational argument that they should be allowed to force you to use fingerprint or face id either.

    • (Score: 0, Redundant) by c0lo on Sunday October 14 2018, @02:51PM

      by c0lo (156) Subscriber Badge on Sunday October 14 2018, @02:51PM (#748620) Journal

      No authentication scheme can withstand infinite tries.

      There's no such thing as infinite tries.
      A few tens for the exponent of base 10 as the number of configurations to try usually does the trick in practical terms - considering that the age of Universe is about 4.34e+26 nanoseconds.

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 4, Insightful) by BK on Sunday October 14 2018, @05:33PM (5 children)

      by BK (4868) on Sunday October 14 2018, @05:33PM (#748665)

      If police can't force you to grant access to your phone with a password, there is no rational argument that they should be allowed to force you to use fingerprint or face id either.

      Nonsense. For so many reasons. But one of those is force.

      The constitutional principle is that you cannot force a person to reveal the information that incriminates them. A password is a piece of information that (in theory) only the owner of the phone knows. Forcing them to disclose it is a clear violation of the principle that does not require logical constructs or analogies to relate to 18th century technology.

      Fingerprints, by contrast, are a fact about you. Your face and its appearance is a fact about you. Fundamentally different.

      Don't like it? Don't want your cat videos revealed so easily?

      Turn. Biometric. ID. OFF.

      --
      ...but you HAVE heard of me.
      • (Score: 2) by sjames on Monday October 15 2018, @01:34AM (4 children)

        by sjames (2882) on Monday October 15 2018, @01:34AM (#748778) Journal

        But to use your face or fingerprint, they need some sort of action from you. Effectively conscripting you to perform some action for them that grants them access to your papers and effects.

        • (Score: 3, Informative) by BK on Monday October 15 2018, @04:02AM (3 children)

          by BK (4868) on Monday October 15 2018, @04:02AM (#748815)

          they need some sort of action from you

          They need you to exist. I'm not sure that's an action.

          They need you to be present with your device. They'll bring the device to you; no action needed.

          They may need you to look at the device. Or they can move it to wherever you prefer to gaze.

          It sure seems like your *presence* is something that they can reasonably seek a warrant for. That's what they do for DNA now. And fingerprints.

          --
          ...but you HAVE heard of me.
          • (Score: 2) by sjames on Monday October 15 2018, @03:01PM (2 children)

            by sjames (2882) on Monday October 15 2018, @03:01PM (#749074) Journal

            They may need you to look at the device.

            • (Score: 2) by BK on Monday October 15 2018, @04:21PM (1 child)

              by BK (4868) on Monday October 15 2018, @04:21PM (#749112)

              They may need you to look at the device.

              Or they can move it to wherever you prefer to gaze.
              It sure seems like... something that they can reasonably seek a warrant for.

              I guess we've exhausted this one?

              --
              ...but you HAVE heard of me.
              • (Score: 2) by sjames on Monday October 15 2018, @04:35PM

                by sjames (2882) on Monday October 15 2018, @04:35PM (#749117) Journal

                So if I close my eyes and the face ID wants them open, they're cool with that?

                Seems that what we need is Face ID where if you wink, it does a secure delete.

  • (Score: 2) by takyon on Sunday October 14 2018, @03:06PM (1 child)

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Sunday October 14 2018, @03:06PM (#748624) Journal

    The users should have a pen and paper backup of their contacts and important notes, and then be able to survive having to do a full reset of the phone. Or just not use security features at all if they don't "need" them.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    • (Score: 0) by Anonymous Coward on Sunday October 14 2018, @08:36PM

      by Anonymous Coward on Sunday October 14 2018, @08:36PM (#748706)

      If all your important stuff is out in the cloud, all you need to remember is one password... after you safely leave with your erased phone, set it up again.