This summer, the Justice Department obtained a court order in a case involving guns and drugs and demanded that Apple turn over iMessages sent between suspects in the case. Apple's response was that it couldn't comply – the encryption prevented it from being able to read the messages, so turning the data over to law enforcement would be useless.
Now, some senior Justice Department and FBI officials are calling for Apple to be taken to court over the issue, reports The New York Times. Earlier this year, FBI director James Comey argued that tech companies who serve lots of message traffic, such as Apple, Google, and WhatsApp, should build in master keys to bypass end-to-end encryption.
Related Stories
The Intercept reports on an email obtained by The Washington Post: Top [Intelligence] Lawyer Says Terror Attack Would Help Push for Anti-Encryption Legislation:
The intelligence community's top lawyer, Robert S. Litt, told colleagues in an August email obtained by the Washington Post that Congressional support for anti-encryption legislation "could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement." So he advised "keeping our options open for such a situation."
[...] A senior official granted anonymity by the Post acknowledged that the law enforcement argument is "just not carrying the day." He told the Post reporters: "People are still not persuaded this is a problem. People think we have not made the case. We do not have the perfect example where you have the dead child or a terrorist act to point to, and that's what people seem to claim you have to have."
On Tuesday, Amy Hess, a top FBI official, told reporters that the bureau has "done a really bad job collecting empirical data" on the encryption problem. FBI Director James Comey has attempted to provide examples of how law enforcement is "going dark," but none have checked out. Only Manhattan District Attorney Cyrus Vance has been able to provide an example of encrypted technology maybe blocking one possible lead in a murder investigation.
Litt was commenting on a draft options paper from the National Security Council that includes three proposals for the Obama Administration: oppose compulsory backdoor legislation and come out in favor of encryption, defer any decisions until after an open consultation, or do nothing. No option calling for backdoors was included.
In other news, the EFF has issued its first certificate as part of the Let's Encrypt initiative. Microsoft researchers have published a paper and code (MIT license) for FourQ, a new and faster elliptic curve cryptography implementation. Cryptome's John Young has announced that some of his public PGP keys have been compromised.
Related:
June 7: FBI Official: "Build Technological Solutions to Prevent Encryption Above All Else"
July 30: Ex-Intelligence Officials Support Encryption in Editorial
September 10: Justice Department Considered Suing Apple Over iMessage Encryption
(Score: 5, Informative) by Anonymous Coward on Friday September 11 2015, @02:43AM
The TSA has been in the news recently because the mainstream news has realized that photos of all the master keys were inadvertently published in an article for the washington post. [boingboing.net] Thus ensuring that all of TSA-compliant luggage locks can be stealthily opened up by pretty much anyone. Even if those photos hadn't been published, it was only a matter of time before that info leaked out one way or another.
That is probably the best possible metaphor anyone could ever come up with for just how stupid encryption "front doors" are.
(Score: 4, Insightful) by Anal Pumpernickel on Friday September 11 2015, @02:55AM
The other problem is that you have to trust the government to do what's right (putting aside the fact that essentially banning certain encryption schemes for being too strong is wrong in and of itself from a freedom standpoint). As history shows, no government is immune from corruption. The US government has proven this time and time again. People who delude themselves into believing the government couldn't possibly abuse its power are being profoundly ignorant.
(Score: 4, Insightful) by Dr Spin on Friday September 11 2015, @07:19AM
Even if the government is not corrupt, you can be absolutely certain it is incompetent.
There is an unlimited supply of evidence that most governments are both.
In all probability, there will be a few "bad apples" as well. They will use the data for
things the government itself does not approve of.
Warning: Opening your mouth may invalidate your brain!
(Score: 2) by snick on Friday September 11 2015, @02:55AM
Does anyone use those locks?
I almost never check a bag, but when I do, I don't lock it. It isn't like those stupid locks would stop anyone, and by not having a lock, my bag is less likely to be damaged when a baggage handler decides to inspect my used underwear.
(Score: 0) by Anonymous Coward on Friday September 11 2015, @02:59AM
> Does anyone use those locks?
Yes.
According to the wikipedia article 500 different companies have licensed the "travel sentry" lock designs.
(Score: 2, Interesting) by Ethanol-fueled on Friday September 11 2015, @03:33AM
I recently flew on a domestic flight seeing all those signs about approved locks and with no idea what the fuck it meant, all the while having an unapproved lock on my Pelican case.
We got in without any scrutiny and flew to the destination with my scary black Pelican case bound by an unapproved lock. However, on the way back, the attendant emphasized approved locks and so I was forced to remove my lock. No biggie. After recovering the case on the way back from the flight I saw that they went through it -- however, my shoes and clothes were organized neater than before, but they had damaged the matte screen-protector on my phone(which was left in).
But on the way there they're fucking assholes and that millimeter-wave scanner fucks your body up. You can feel it briefly afterward, that "something's not quite right" feeling that's the bad aspects of dragging on a cigarette or having an orgasm with none of the good.
(Score: 2) by linuxrocks123 on Friday September 11 2015, @03:48AM
I've never been through one of those scanners. I opt out every single time.
I will say, though, that your claim that you can "feel" the effects sounds a little similar to the claim that people get headaches from WiFi signals ... it's hard to really know for sure it's not psychosomatic. I mean, I can't feel X-rays, and they /DO/ have an effect on the body while the millimeter wave things probably don't.
Can anyone else confirm or deny that you can sense the scanners?
(Score: 1) by anubi on Friday September 11 2015, @04:31AM
If you have metallic tooth fittings, I know from personal experience that one can be quite sensitive to something in the millivolt region... especially if its a fresh job.
Just the voltage differential from a metallic eating utensil touching the tooth is quite painful.
Would not surprise me at all if some people are sensitive to RF. Especially if anyone has some sort of nonlinear conductor implanted in them anywhere ( unintentional diode which was supposed to be a mechanical support pin ).
I have heard anecdotal evidence of those hearing AM radio stations through their dental work.
Now, will RF actually harm anyone? I have known enough amateur radio operators - known to me to be heavily irradiated with all sorts of RF - that seem to be completely unaffected by it other than the occasional RF burn. RF burns are quite nasty, as it does a number on the skin and ranks right up there with a hot-oil burn in painfulness.
There is still a lot of stuff we do not understand about how life works. I am hardly qualified to evaluate someone else's sensitivity to it, just as they are often unqualified to explain what happens to me if I ingest a handful of beans. I have unpredictable reactions to those... and not a one of them pleasant.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 1) by caffeine on Friday September 11 2015, @06:39AM
I used to know a customs officer in Australia about 15 years ago. Her comment was that the locks were never a hindrance, and they were far more likely to search a bag with lock on it.
They also had a few of rules of thumb as to who to search based on things like nationality and the type of bag the person was carrying. I got the impression it was nothing official, just something organic from experience. A bit like fisherman and favourite fishing spots.
(Score: 1, Insightful) by Anonymous Coward on Friday September 11 2015, @03:38PM
'Or cops and black men.
(Score: 0) by Anonymous Coward on Friday September 11 2015, @03:07AM
You can buy a lock pick set from any tool truck or online that includes a "gas cap pick key", it will open just about any single edge tumbler lock.
(Score: 1, Informative) by Anonymous Coward on Friday September 11 2015, @03:36AM
> You can buy a lock pick set from any tool truck or online that includes a "gas cap pick key", it will open just about any single edge tumbler lock.
Indeed, no lock is pick-proof given enough time.
But an amateur with a master key is 100x less conspicuous than an amateur trying to pick a lock.
(Score: 0) by Anonymous Coward on Friday September 11 2015, @03:45AM
No. That is not right at all. Not in facts. Not in terminology. What you are referring to are just common key profiles for gas caps. That's it. That is all they will reasonably open. They might, maybe, possibly open other similar small, simple locks with similar or identical keyways, lengths, and would still require massive luck and a little skill on occasion, but that is it. The same holds true for every key on the planet. "Single edge tumber lock" is not a thing that exists. A tumbler is the part of a lock that interacts with a key. Blade keys can be "single edge" but the proper term is simply one-sided as opposed to two-sided and all locks that have keys are "tumbler locks". That is akin to saying electric smartphone.
(Score: -1, Redundant) by Anonymous Coward on Friday September 11 2015, @04:26AM
Incorrect.
(Score: 4, Interesting) by frojack on Friday September 11 2015, @02:44AM
Without a warrant to seize these messages, I just don't see how they have standing.
If I write my diary in coded language, is the pen manufacturer going to be indited?
However I don't trust the Judiciary to follow their oath to defend the constitution, and I suspect they
will hand the DOJ a victory.
No, you are mistaken. I've always had this sig.
(Score: 3, Informative) by Anonymous Coward on Friday September 11 2015, @02:54AM
> Without a warrant to seize these messages, I just don't see how they have standing.
The rumor [schneier.com] is that there is a fight happening behind closed doors at the FISA court.
(Score: 2) by frojack on Friday September 11 2015, @03:12AM
Who would be fighting? And what about? Who's going to pick up the Lunch tab?
FISA court judges are totally in the tank for the DOJ?
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Friday September 11 2015, @04:33AM
Who do you expect to answer those questions?
(Score: 1, Disagree) by Anonymous Coward on Friday September 11 2015, @05:54AM
CALEA
1994 Communications Assistance for Law Enforcement Act requires all providers of communication systems like telephone, VoIP, ISPs, or IM systems to make wiretapping possible and accessible to law enforcement. A very fucked up thing to exist outside of a totalitarian regime, but there it is.
(Score: 0) by Anonymous Coward on Friday September 11 2015, @06:02AM
Doesn't matter. The constitution is the highest law of the land, and it gives the government no such authority.
(Score: 1, Insightful) by Anonymous Coward on Friday September 11 2015, @06:35AM
> Doesn't matter. The constitution is the highest law of the land, and it gives the government no such authority.
Lol. I like how your "doesn't matter" so simply negates the law that telcos have spent tens, if not hundreds, of millions of dollars complying with over the last two decades.
(Score: 0) by Anonymous Coward on Friday September 11 2015, @03:40PM
Well, what I meant was, "If our government actually obeyed the constitution, this wouldn't matter."
(Score: 0) by Anonymous Coward on Friday September 11 2015, @04:39PM
It does feel that way, but I believe in this case that feeling is misplaced. The law requires wiretapping to be made possible and available. That does not violate the fourth amendment in itself. What would is if the act somehow required wiretapping without a warrant, which is something it does not do.
(Score: 0) by Anonymous Coward on Friday September 11 2015, @12:37PM
A very fucked up thing to exist outside of a totalitarian regime, but there it is.
But this *is* a totalitarian regime. So where is your surprise coming from?
(Score: 0) by Anonymous Coward on Friday September 11 2015, @01:02PM
CALEA is one of those things that is so old and so broadly sweeping....and applicable to modern electronic life yet no one seems to remember it even exists.
It is the ultimate master key for everything.[hardware-based at least]
It should be more than enough reason for everyone to be aware of and using open-source software-based FDE on everything.
(Score: 3, Informative) by frojack on Friday September 11 2015, @06:16PM
CALEA
applies to common carriers, not internet messaging systems.
No, you are mistaken. I've always had this sig.
(Score: 5, Interesting) by Runaway1956 on Friday September 11 2015, @02:45AM
I'm not an Apple fanboy, don't even own an Apple product. But, Apple pretty obviously has encryption right. And, they seem to be rather unique in that they don't even WANT to break into user's encrypted data. MS, Google, and others seem to think they have some inherent right to access user's data, and I don't trust any "solutions" offered by them. But, Apple? Yeah, they've got this right, even if they have nothing else right.
Heck, I may even buy an Apple phone. Aside from the privacy issues, the phones aren't worth the asking price, but privacy is an important consideration today.
(Score: 3, Informative) by frojack on Friday September 11 2015, @03:03AM
There are many messaging systems that do client side encryption, with the server side doesn't know your encryption key.
There are even some where the server simply serves as a directory service, and the actual messages, if any are transferred directly, client to client, encrypted.
Such systems aren't rare, or hard to find. Even whatsapp [mashable.com] is offering end to end encryption.
The thing is, Most people wont bother to use these apps.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Friday September 11 2015, @03:04AM
> I'm not an Apple fanboy, don't even own an Apple product. But, Apple pretty obviously has encryption right.
Except they don't really. [cryptographyengineering.com]
Also there was a little kerfluffle recently, you might have heard about it, where certain Apple photo albums were totally accessible [soylentnews.org] with a brute-forced password - thus proving that even if the data on the icloud was encrypted, the decryption keys were stored on the icloud right next to it.
(Score: 0) by Anonymous Coward on Friday September 11 2015, @03:50AM
After the snowden docs lots of corps started a PR campaign that was pro encryption. What are the chances that it is just PR to make people trust the broken systems? I would like to trust apple's encryption, but the linked article states that it is possible they could rig the system even if unlikely and difficult.
(Score: 0) by Anonymous Coward on Friday September 11 2015, @05:14AM
You can't trust non-free proprietary user-subjugating software in the first place. And it doesn't respect your freedoms, so I wouldn't use it.
(Score: 2) by EvilSS on Friday September 11 2015, @09:28PM
You can't trust non-free proprietary user-subjugating software in the first place
But free proprietary user-subjugating software in the first place is good to go then. Thanks for clearing that up!
(Score: 2, Informative) by danaris on Friday September 11 2015, @12:17PM
There's a big difference between a cloud backup/storage service, and a messaging service.
Apple needs to be able to give you access to anything in iCloud as long as you give them your iCloud password. That's how a cloud service works.
iMessage is, AFAIK, different. It's a messaging service that is secure end-to-end: each device you have registered to send & receive iMessages for your Apple ID has its own keypair, and according to Apple—and backed up by what they're telling the government now—Apple does not keep copies of your devices' private keys.
Dan Aris
(Score: 2) by Runaway1956 on Friday September 11 2015, @01:39PM
Good link on the encryption scheme. But, the "kerfluffle" doesn't seem to be related to encryption, in my mind. Unless the photos were encrypted?
(Score: 0) by Anonymous Coward on Friday September 11 2015, @03:41PM
They were stored in Apple's cloud. So either they were in the clear - which would be absolutely terrible practice, or they were encrypted but the keys were available in the cloud too which is just one step up from absolutely terrible practice. Either option is pretty strong counter evidence for the claim that "apple pretty obviously has encryption right."
(Score: 1) by radu on Friday September 11 2015, @07:49AM
How do you know this? Because they said so?
You ask some random person "could you break into my house?" - what would a thief answer?
(Score: 2) by quacking duck on Friday September 11 2015, @03:03PM
Poor analogy. Apple is not some random person, they're a large multinational who, like Blackberry, has very publicly staked their reputation on protecting user privacy.
And given how many highly technical, freedom-minded detractors they have, there is no shortage of people trying to break that security and prove them wrong.
(Score: 2) by BasilBrush on Friday September 11 2015, @09:39PM
I'm not an Apple fanboy, don't even own an Apple product. But, Apple pretty obviously has encryption right. ... But, Apple? Yeah, they've got this right, even if they have nothing else right.
Heck, I may even buy an Apple phone. Aside from the privacy issues, the phones aren't worth the asking price, but privacy is an important consideration today.
Well when you actually buy one, and stop speaking from ignorance, you'll find that they've got rather a lot right. Which is why they consistently have the highest satisfaction ratings in the industry.
Hurrah! Quoting works now!
(Score: 4, Interesting) by BK on Friday September 11 2015, @02:49AM
1 - They can afford it.
2 - The discovery phase on both sides will be incredible.
Honestly, I think the reason there hasn't been a suit is that discovery would be even worse for the government than Snowden.
...but you HAVE heard of me.
(Score: 4, Informative) by frojack on Friday September 11 2015, @03:07AM
Doesn't the government have some pretty powerful get out of jail free cards with regard to Discovery?
They can invoke executive privileged just about any time they want. They can just state that the information is sensitive and part of an on-going investigation. They can simply decide a whole bunch of memos are not germane, and who's to say differently?
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by c0lo on Friday September 11 2015, @03:51AM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 5, Informative) by Anal Pumpernickel on Friday September 11 2015, @02:49AM
Freedom just hinders the government's ability to arrest bogeymen. We should just surrender all of our freedoms to the government to make its job easier. Because in 'the land of the free and the home of the brave', clearly the most important thing is for the government's job to be easy and for it to convict bogeymen successfully, even if that means the government ignoring the constitution and violating our basic liberties. We should be forced to have government surveillance equipment in all of our houses, just in case. Or at least that's what these authoritarian fools think.
I would think a valid court order would only give the government the authority to make the attempt to retrieve the information it wants, with a chance that it may fail. But it seems they have the position that if some technology can be used to stop them from being successful in their endeavors, that that technology must be banned. They want our rights to vanish to make their jobs easier and to increase their success rate. A police state if practiced consistently, in other words.
(Score: 1) by tftp on Friday September 11 2015, @03:23AM
But it seems they have the position that if some technology can be used to stop them from being successful in their endeavors, that that technology must be banned.
The easiest and most popular way to convey secret messages from one person to another is by meeting them in an isolated place and talking. I am not sure how this technology can be banned.
The next most popular method is steganography. You wear a specific hat, walk to a coffee shop and order a specific coffee. That is the message; it cannot be decoded without a key; it cannot even be recognized as a message. This method is also centuries old, and it cannot be banned at all, unless the government prohibits each and every kind of public activity or inactivity.
(Score: 2) by Anal Pumpernickel on Friday September 11 2015, @05:19AM
The easiest and most popular way to convey secret messages from one person to another is by meeting them in an isolated place and talking. I am not sure how this technology can be banned.
I'm sure they would *try* to ban it if they could. The government also seems to want to create a snitch state where citizens snitch on one another to the government, with their "If you see something, say something." nonsense.
But compromising encryption software would be more effective and realistic, so that is more worrying. I know outlawing the possession or even development of certain encryption software that isn't compromised would be futile (we've seen similar failed attempts with enforcing copyrights), but that would become yet another thing the government could use to destroy whatever targets they have; another tool in its malicious toolbox.
(Score: 2) by Dr Spin on Friday September 11 2015, @07:28AM
ISIS (Putin, etc) do not actually need to do any serious hacking any more.
The US government security foot-shooting epidemic is reaching the scale where all
American secret information will be readily available from the average market stall in
Pakistan (or on Alibaba).
Warning: Opening your mouth may invalidate your brain!
(Score: 2) by mendax on Friday September 11 2015, @03:51AM
Does anyone in the government really think that if Apple is forced into creating backdoors into iMessage that someone else is not going to create an app for encrypted messaging? Given the industrial strength encryption software available now, the government is doomed to fail in the long term. If bad guys and those normal and abnormal paranoids among us want to keep their messages secret, they are going to find a way... and someone is going to provide it for them for a fee.
Incidentally, I believe being paranoid about government snooping of Internet traffic is not only a healthy thing, it's the patriotic thing to do. Paranoia makes for more responsible government in a democracy. Of course, in a non-democratic system, paranoia keeps you out of prison.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 1) by Francis on Friday September 11 2015, @04:03AM
They're not thinking that far ahead. They're also not thinking about the consequences of having a backdoor implanted in the software. It means that not only would the US government be able to, but damn near every other government and quite a few black hats would as well.
But, they'll worry about that if and when it becomes convenient.
(Score: 2) by dyingtolive on Friday September 11 2015, @04:15AM
I look forward to it being printed on shirts. I just want to see some non-black shirts for once. Seriously. I'm not exactly fashion conscious, in fact I'm colorblind and don't know the color of the shirt I'm wearing half the time, but white on black is tired.
Don't blame me, I voted for moose wang!
(Score: 1, Insightful) by Anonymous Coward on Friday September 11 2015, @04:43AM
1/ Criminals are not usually geeks. In fact, most of them are pretty dumb. Much too dumb to evaluate encryption schemes and pick the unbreakable one.
2/ Every time they can make it NOT the default, then those still using good encryption stand out a little more. Eventually just using unbackdoored encryption will be probable cause for a warrent.
(Score: 2) by jcross on Friday September 11 2015, @02:41PM
Yeah, it seems like this is akin to an old-school telephone company offering a handset with voice scrambling. Sure, the government can tap the line, but they get gibberish. Forcing the phone company to stop selling such a handset wouldn't prevent anyone else from selling one, and they would still be in the same boat, except probably with fewer calls being scrambled. The distinction I guess is whether the job of a communications system is to deliver meaningful messages or just data. It's kind of naive to assume the first (even for radio, which anyone can tap, coded transmissions have been used for ages), and if we assume the second, then a communications system can be CALEA-compliant without doing the government a bit of good.
(Score: 2) by takyon on Friday September 11 2015, @04:13AM
FBI Director Claims Tor and the "Dark Web" Won't Let Criminals Hide From His Agents [theintercept.com]
EFF Applauds Apple's Refusal of Government Demand for iMessage Backdoor [eff.org]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by jasassin on Friday September 11 2015, @07:35AM
Considered is the key word. No they didn't consider anything, besides trying to fool you into believing your encrypted iPhone messages are secure. Don't believe it.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 2) by EvilSS on Friday September 11 2015, @09:30PM
You're obviously James Comey trying to fool us into believing that they are not secure!
(Score: 1) by Pax on Friday September 11 2015, @11:29AM
it's not like the US Govt agencies have a good record of keeping master keys safe is it?
(Score: 2) by chewbacon on Saturday September 12 2015, @01:06AM
I doubt government officials involved have given this much thought. Building master keys into encryption presents the risk the key will be compromised and then many users will fall victim to a myriad of different crimes. So breezing encryption as we know it may save s trickle of victims, but there will be a flood of news ones.