SoylentNews is people
SoylentNews
Senate Judiciary Committee Interrogates Apple, Facebook About Crypto
In a hearing of the Senate Judiciary Committee yesterday, while their counterparts in the House were busy with articles of impeachment, senators questioned New York District Attorney Cyrus Vance, University of Texas Professor Matt Tait, and experts from Apple and Facebook over the issue of gaining legal access to data in encrypted devices and messages. And committee chairman Sen. Lindsey Graham (R-S.C.) warned the representatives of the tech companies, "You're gonna find a way to do this or we're going to do it for you."
The hearing, entitled "Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety and Privacy," was very heavy on the public safety with a few passing words about privacy. Graham said that he appreciated "the fact that people cannot hack into my phone, listen to my phone calls, follow the messages, the texts that I receive. I think all of us want devices that protect our privacy." However, he said, "no American should want a device that is a safe haven for criminality," citing "encrypted apps that child molesters use" as an example.
"When they get a warrant or court order, I want the government to be able to look and find all relevant information," Graham declared. "In American law there is no place that's immune from inquiry if criminality is involved... I'm not about to create a safe haven for criminals where they can plan their misdeeds and store information in a place that law enforcement can never access it."
(Score: 0) by Anonymous Coward on Sunday December 15 2019, @06:24PM (8 children)
One of the things that was said was grabbing encryption keys stored in a way that is accessible if you have physical, hardware, disassemble-the-phone access.
This obviously doesn't apply to Facebook/whatsapp - things that are entirely software - but what about the hardware phone? Isn't it plausible to have a special pin on Apple's encryption chip that can be used to read out the internal secret key and decrypt the data?
Drawbacks are theft of phone, and you have to destroy the phone to get access to the data. You dump the data, read the private key, and decrypt.
Whereas shared secrets have their obvious drawback, what is the argument against such physical key exposure? The only one that i can think is if a determined attacker has a good deal of money and resources to disassemble the phone, read a key, and decrypt the data - and they're willing to steal a phone to get to it. Probably not going to affect government officials as much, but this might apply to wealthy business leaders.
(Score: 0) by Anonymous Coward on Sunday December 15 2019, @06:34PM (1 child)
If there is a way to get to your special "decrypt" pin by taking the phone apart...it won't be long before some clever hackers work out how to get to that pin without ruining the phone. Maybe a tiny hole is drilled in just the right spot? Or some other clever way.
(Score: 2) by Freeman on Monday December 16 2019, @06:13PM
If you've lost physical access to your device. You've lost half the battle or more.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 1, Insightful) by Anonymous Coward on Sunday December 15 2019, @06:37PM (2 children)
Lindsey Graham was "surprised" that the FBI abused the FISA courts to start a farcical investigation of Trump, apparently he will also be "surprised" when they abuse this.
(Score: -1, Offtopic) by Anonymous Coward on Sunday December 15 2019, @06:56PM (1 child)
One would think US citizens would appalud efforts to root out treasonous corruption, yet here we are. #SAD #LowPatriotism
(Score: 0) by Anonymous Coward on Sunday December 15 2019, @07:24PM
Even Adam Schiff is publically admitting it now:
https://dailycaller.com/2019/12/15/adam-schiff-dodges-fisa-abuse/ [dailycaller.com]
This guy is like years behind anyone who has been paying attention.
(Score: 2) by sjames on Sunday December 15 2019, @06:45PM
Bad guy steals your phone, wrecks it getting the secret key, hoovers your bank account and offers not to share embarrassing but perfectly legal secrets with your contact list for only $2000 in bitcoin...
(Score: 0) by Anonymous Coward on Sunday December 15 2019, @07:20PM (1 child)
are you talking about a pin on a sticker inside the phone or stored in some super secure closed source firmware piece of shit chip? b/c i think either would be vulnerable eventually without opening up the phone or in the latter case even having physical access.
(Score: 0) by Anonymous Coward on Sunday December 15 2019, @09:18PM
He's talking about a physical electrical connector on a microchip on the phone's circuit boards.
A pin, not a PIN.