Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Saturday February 20 2016, @12:29AM   Printer-friendly
from the crypto-battle dept.

Previously on SoylentNews: Apple Ordered by Judge to Help Decrypt San Bernadino Shooter's phone

Former NSA Director Claims Many Top Gov't Officials Side With Apple

Choice quotes from an interview with Gen. Michael Hayden (archive.is) on Wednesday:

"The issue here is end-to-end, unbreakable encryption—should American firms be allowed to create such a thing?" he told the Wall Street Journal editor John Bussey. "You've got [FBI director] Jim Comey on one side saying, I am really going to suffer if I can't read Tony Soprano's email. Or, if I've got to ask Tony for the PIN number before I get to read Tony's emails. Jim Comey makes that complaint, and I get it. That is right. There is an unarguable downside to unbreakable encryption."

"I think Jim Comey is wrong...Jim's logic is based on the belief that he remains the main body. That you should accommodate your movements to him, which is the main body. And I'm telling you, with regard to the cyber domain, he's not. You are."

And by the way? If I were in Jim Comey's job, I'd have Jim Comey's point of view. I understand. But I've never been in Jim Comey's job...my view on encryption is the same as [former Secretary of Homeland Security] Mike Chertoff's, it's the same as [former Deputy Secretary of Defense] Bill Lynn's, and it's the same as [former NSA director] Mike McConnell, who is one of my predecessors."

It's interesting for this opinion to be coming from this source.

[Continues.]

Another Take on FBI vs. Apple

There's a plenty of reason to believe that Apple complying with the FBI order is bad policy, it's legally shaky, and at least one of the people who makes the strongest arguments in this direction is now voting on a secret government board? What the heck is going on here?

What's going on is Justice Antonin Scalia is dead.

Had Justice Scalia not died unexpectedly a few days ago (notably before the Apple/FBI dustup) and had the FBI pursued the case with it landing finally in the Supreme Court, well the FBI would have probably won the case 5-4. Maybe not, but probably.

With Justice Scalia dead and any possible replacement locked in a Republican-induced coma, the now eight-member Supreme Court has nominally four liberal and four conservative justices but at least 1.5 of those conservatives (Justice Kennedy and sometimes Chief Justice Roberts) have been known to turn moderate on certain decisions. This smaller court, which will apparently judge all cases for the next couple years, is likely to be more moderate than the Scalia Court ever was.

So if you are a President who is a lawyer and former teacher of constitutional law and you've come over time to see that this idea of secret backdoors into encrypted devices is not really a good idea, but one that's going to come up again and again pushed by nearly everyone from the other political party (and even a few from your own) wouldn't right now be the best of all possible times to kinda-sorta fight this fight all the way to the Supreme Court and lose?

If it doesn't go all the way to the Supremes, there's no chance to set a strong legal precedent and this issue will come back again and again and again. That's what I am pretty sure is happening.

takyon: Apple's deadline to respond to the court's order has been extended from Tuesday to Friday. Twitter, Facebook, and Steve Wozniak have expressed support for Apple's position. Here's a blog post describing how Apple could potentially comply with the FBI's request.


Original Submission #1Original Submission #2

Related Stories

Apple Ordered by Judge to Help Decrypt San Bernadino Shooter's phone 97 comments

Judge Orders Apple to Unlock iPhone Belonging to San Bernardino Shooter

Apple has been ordered to assist in the unlocking of an iPhone belonging to one of the San Bernardino shooters. This may require updating the firmware to bypass restrictions on PIN unlock attempts:

Apple must assist the FBI in unlocking the passcode-protected encrypted iPhone belonging to one of the San Bernardino shooters in California. US magistrate Sheri Pym says Cupertino must supply software that prevents the phone from automatically annihilating its user data when too many password attempts have been made.

The smartphone belonged to Syed Farook, who with his wife Tashfeen Malik shot and killed 14 coworkers on December 2. The couple died in a gun battle with police soon after. Cops have been unable to access Syed's iPhone 5C because they do not know the correct PIN, and will now gain the assistance of Apple, as ordered by Judge Pym [PDF] on Tuesday.

iOS 8 and above encrypts data on devices, requiring a four to six-digit PIN to unlock. After the first few wrong guesses, iOS waits a few minutes between accepting further PIN entry attempts, escalating to an hour's delay after the ninth failed login.

[...] Judge Pym wants Apple to come up with some magic software – perhaps a signed firmware update or something else loaded during boot-up – that will allow the FBI to safely brute-force the PIN entry without the device self-destructing. This code must only work on Farook's phone, identified by its serial numbers, and no other handset. The code must only be run on government or Apple property, and must not slow down the brute-forcing process.

Apple has five days to appeal or demonstrate that it cannot comply with the order. It is crucial to note that the central district court of California has not instructed Apple to crack its encryption – instead it wants Apple to provide a tool to effectively bypass the unlocking mechanism. "It's technically possible for Apple to hack a device's PIN, wipe, and other functions. Question is can they be legally forced to hack," said iOS security expert Jonathan Ździarski.

Seems Like Everyone has an Opinion About Apple vs. the FBI 50 comments

John McAfee offers to unlock killer's iPhone

McAfee says that he and his team can break into the phone within three weeks. McAfee states his motive for the offer is because "he didn't want Apple to be forced to implement a 'back door'".

Bill Gates Takes Middle Road in FBI iPhone Unlock Dispute

Bill Gates has apparently sided with the FBI in the dispute over the unlocking of a "specific" iPhone, breaking with other technology industry leaders:

Apple should comply with the FBI's request to unlock an iPhone as part of a terrorism case, Microsoft founder Bill Gates says, staking out a position that's markedly different from many of his peers in the tech industry, including Facebook founder Mark Zuckerberg. The two titans aired their views on what's become a public debate over whether Apple should be compelled to unlock an iPhone used by San Bernardino shooter Syed Rizwan Farook. "This is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case," Gates told the Financial Times.

However, in a follow-up interview with Bloomberg, Gates said he was disappointed by reports (such as my original submission #2 below) that he had sided with the FBI in its legal dispute with Apple:

In an interview with Bloomberg, Bill Gates says he was "disappointed" by reports that he supported the FBI in its legal battle with Apple, saying "that doesn't state my view on this." Still, Gates took a more moderate stance than some of his counterparts in the tech industry, not fully backing either the FBI or Apple but calling for a broader "discussion" on the issues. "I do believe that with the right safeguards, there are cases where the government, on our behalf — like stopping terrorism, which could get worse in the future — that that is valuable." But he called for "striking [a] balance" between safeguards against government power and security.

[Continues.]

Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone 11 comments

Here's an extra story related to FBI Director Comey's questioning on Wednesday. It's a piece of "classified information":

Sen. Dianne Feinstein, the top Democrat on the Senate committee that oversees the FBI, said publicly this week that the government paid $900,000 to break into the locked iPhone of a gunman in the San Bernardino, California, shootings, even though the FBI considers the figure to be classified information.

The FBI also has protected the identity of the vendor it paid to do the work. Both pieces of information are the subject of a federal lawsuit by The Associated Press and other news organizations that have sued to force the FBI to reveal them.

California's Feinstein cited the amount while questioning FBI Director James Comey at a Senate Judiciary Committee oversight hearing Wednesday.

Related: FBI vs. Apple Encryption Fight Continues
Seems Like Everyone has an Opinion About Apple vs. the FBI
Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Researcher Bypasses iPhone 5c Security With NAND Mirroring


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by tizan on Saturday February 20 2016, @12:32AM

    by tizan (3245) on Saturday February 20 2016, @12:32AM (#307182)

    If i understand well they want apple's help to prevent the OS to erase the disk after 10 failure of login....

    Can't they just open the phone remove the flash disk (some soldering needed as ikea would have said it) and try ad-infinitum with all kinds of keys to decrypt the damn disk...Why go to court ?

    • (Score: 4, Informative) by Capt. Obvious on Saturday February 20 2016, @12:57AM

      by Capt. Obvious (6089) on Saturday February 20 2016, @12:57AM (#307190)

      Apparently there is a piece of silicon with half the key on it. That piece is responsible for running the decryptiion (the other half comes in as the passphrase) and outputting the key. That piece also enforces the 10 tries and wipe.

      If they copy the iPhone's memory (no doubt already done), they have to brute force the 256(??)-bit key. If they get the chip not to reset itself, they have to bruteforce a 4-10 character password.

      • (Score: 3, Interesting) by Username on Saturday February 20 2016, @02:24AM

        by Username (4557) on Saturday February 20 2016, @02:24AM (#307226)

        It’s not about the technology, skill or knowledge. They can just say National Security and get the chips specs, etc, and engineer a work around to decrypt it. But they stand to gain an advantage if they said they couldn’t do it and got the courts to set a precedence on encryption in their favor.

        They’ll get the drive decrypted either way, they can’t lose.

        • (Score: 1) by Capt. Obvious on Saturday February 20 2016, @03:55AM

          by Capt. Obvious (6089) on Saturday February 20 2016, @03:55AM (#307258)

          I'm sure that they already have the chip specs, etc. And probably from Apple as well (Every NDA I ever saw included language allowing compliance when the government came knocking.) In theory, it's impossible to read the data off the chip. I suppose some kind of memory probe if they disassemble the security cover (which I assume the gv't can do) could read the data.

          What they cannot do is push new code to the chip, due to the chain of signing code.

          Not that I necessarily agree with forcing Apple to comply. Certainly, I don't favor government having large backdoors. I don't know about how I feel about one-off forced unlocking.

          either way, they can’t lose

          Given what is likely on the phone, and that there are probably no living co-consipators, they win far more by being unable to decrypt the drive. The glorious "what could have been" far outweighs anything they were going to get.

      • (Score: 3, Insightful) by Gravis on Saturday February 20 2016, @06:36AM

        by Gravis (4596) on Saturday February 20 2016, @06:36AM (#307294)

        Apparently there is a piece of silicon with half the key on it. That piece is responsible for running the decryptiion (the other half comes in as the passphrase) and outputting the key. That piece also enforces the 10 tries and wipe.

        but here's the thing, this is the FBI and they have the resources to have someone actually edit the silicon using a Focused Ion Beam. [wikipedia.org] The problem is that this is slow and expensive to do and the FBI doesn't want to "just unlock this one iPhone," they want to be able to unlock any iPhone, despite what they are saying. However, I find this still to be highly suspect because previously released firmware would try to unlock the phone before decrementing the "unlock attempts remaining" counter and they got around it by cutting power to the phone after it failed but before it decremented the counter. What this means is that either this version of the iPhone never had that issue or they are putting on a show.

        • (Score: 1) by Capt. Obvious on Saturday February 20 2016, @08:36AM

          by Capt. Obvious (6089) on Saturday February 20 2016, @08:36AM (#307318)

          Probably true. I know that the FBI has a ton of resources. And I have no objection to them modifying the hardware to break the encryption (on this phone that they have a warrant to look at.)

          It's most likely a twofer - turn public opinion against strong encryption, and deflect blame for not being able to learn anything more about the incident (because if they admit that they cannot learn anything more, then they have to admit that sometimes you cannot prevent things.)

      • (Score: 3, Interesting) by AnonTechie on Saturday February 20 2016, @12:51PM

        by AnonTechie (2275) on Saturday February 20 2016, @12:51PM (#307361) Journal

        Another Update:

        The San Bernardino Health Dept. Reset Syed Farook's Password, Which Is Why We're Now In This Mess

        Footnote 7, on page 18 details four possible ways that Apple and the FBI had previously discussed accessing the content on the device without having to undermine the basic security system of the iPhone, and one of them only failed because Farook's employers reset the password after the attacks, in an attempt to get into the device.

        http://www.buzzfeed.com/johnpaczkowski/apple-terrorists-appleid-passcode-changed-in-government-cust [buzzfeed.com]

        --
        Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
  • (Score: 5, Insightful) by gman003 on Saturday February 20 2016, @01:05AM

    by gman003 (4155) on Saturday February 20 2016, @01:05AM (#307191)

    "The issue here is end-to-end, unbreakable encryption—should American firms be allowed to create such a thing?"

    General Hayden implies several very crucial facts:
    1) This is an artificial limitation. It is not a question of "can it be done?", but a question of "should we allow ourselves to do it?"
    2) This limit only applies to Americans. It doesn't matter what laws Congress passes - any other country can have unbreakable encryption, should their government not forbid it.

    This leads to several questions:
    A) Will the law forbid Americans from buying foreign-made encryption?
    B) Why would foreigners use American encryption, when it is known to be broken?
    C) What stops someone from breaking that law?

    (A) is interesting, because encryption is used in so many products that you would essentially have to ban foreign software, which I'm pretty sure would break some trade agreements. And if allowed, it would put Americans in a very weird position where buying foreign software is actually a more safe bet than buying American. Even if it may be broken, by another government, it is still only a chance vs. an absolute certainty. It may be 99% likely that a given Chinese-made browser is backdoored by the PRC, but that's still 1% better than the American-made one. And in turn, that means that foreign intelligence agencies may end up with easier access to American data, while our own intelligence agencies don't have a usable legal means of doing so.

    (B) is the flip side to A. Who will buy Windows, once it's known to have a back door? (It's worth bearing in mind the origin of the phrase - the back door is left unlocked, the only thing protecting it is it's non-obviousness. Even if you don't care about the CIA reading your files, the back door could be used by anyone once it's found, and if it's publicly announced to exist, it will quickly be found). Or Oracle? Or from Apple? The tech industry is one of America's strongest industries, and hobbling our crypto would in turn trash our economy.

    (C) is the real dealbreaker. We are discussing an artificial limitation. Encryption is merely math. The knowledge is there, and even if you hide it, it can still be derived from whatever math you allow. Someone who really wants to keep a secret can simply write their own software, even if you completely ban domestic production or importing of it. It isn't even that hard, in the grand scheme of things. Writing a crypto system from the ground-up is far easier (to me, at least) than executing a terrorist attack.

    So mandating backdoors a) can't be done without breaking major trade agreements, b) will trash one of the best sectors in our economy, and c) is mathematically impossible.

    Sounds like a bad idea to me, but what do I know?

    • (Score: 3, Interesting) by gman003 on Saturday February 20 2016, @01:49AM

      by gman003 (4155) on Saturday February 20 2016, @01:49AM (#307210)

      Addendum:

      I think the government has taken the exact wrong stance on encryption. We should be promoting it wherever possible.

      We should have, completely separate from any intel-gathering agencies, a Cyber-Security department. Have them produce encryption software - with no backdoors. Make it open-source to prove it. Make it free for anyone to use. Americans using it will be protected from opposing nation's spy agencies, and (since crypto is part of general security) it will defend our vulnerable infrastructure from cyber-attack. Foreigners in allied nations will benefit from easier secure communications with Americans. Foreigners in enemy nations can use it to resist their freedom-hating secret police (think about what would happen to China if the Great Firewall were even more easily breached). After all, America is supposed to be the Good Guys, right? And if we're truly the good guys, spreading access to the truth can only garner more support.

      Will our enemies use it? Perhaps. If I were a terrorist, I'm not sure I would trust American-made crypto, no matter how many audits were done. Will they benefit from it? Probably some of them. Counting network effects, definitely - non-American crypto vendors will have to step up their game to keep up.

      I might even go so far as to have the Department of Cyber Security act as a sort of socialized auditing group. If your company is based in America (and pays American taxes as such), you get free checking of your security-sensitive code. Microsoft and Apple and Google probably don't need it, but all the tiny code shops would benefit. (I'm not 100% sure this is a good idea, I'd have to consider side-effects further, but it at least passes initial sanity checks for a good idea)

      And if the NSA or CIA or FBI or DOD come begging for a backdoor... the DCS needs to tell them to fuck right off. Codify it in law that deliberately weakening American encryption is illegal. Even for one-off cases. Maybe put them under an agency with no desire to do otherwise - the Department of the Treasury, maybe? The Secret Service was moved to DHS a while back, so I think they're both unlikely to want broken crypto, and have the clout to defy the spy orgs.

      • (Score: 4, Interesting) by physicsmajor on Saturday February 20 2016, @05:29PM

        by physicsmajor (1471) on Saturday February 20 2016, @05:29PM (#307421)

        Completely agree. What's more, we even have the perfect agency for this job already in place... and they need a new purpose.

        The US Postal Service.

        They are trusted with our physical correspondence. They have the highest trust ratings by far of any government agency. Who better to have manage a centralized, open, secure system of communication? Would you pay 1-3 cents to have an electronic message verifiably delivered securely?

    • (Score: 3, Informative) by jelizondo on Saturday February 20 2016, @03:35AM

      by jelizondo (653) Subscriber Badge on Saturday February 20 2016, @03:35AM (#307252) Journal

      Way back when, it was actually a crime to export cryptographic software or devices made in the U.S., they were classified as munitions [wikipedia.org], i.e. weapons of war...

      Phil Zimmermann [wikipedia.org], the creator of PGP, was the subject of a criminal investigation because of his contributions to safe email.

      So, there is nothing new. It has been tried and it failed, what makes them think this time it will work?

      Terrorists, criminals and others will find plenty to choose from [theintercept.com] and breaking the U.S. law is not going to stop them, they already are criminals!

      Damn idiots with short memories!

    • (Score: 0) by Anonymous Coward on Saturday February 20 2016, @09:02AM

      by Anonymous Coward on Saturday February 20 2016, @09:02AM (#307327)

      Not a problem. Windows is now free. You get what you pay for.

  • (Score: 3, Insightful) by Nerdfest on Saturday February 20 2016, @01:08AM

    by Nerdfest (80) on Saturday February 20 2016, @01:08AM (#307193)

    The big thing I get out of this is that Apple seems too have the ability to push OS updates to people's phones without their consent. They really should fix that, at which point they can just say "Sorry, can't do it".

    • (Score: 4, Interesting) by Dunbal on Saturday February 20 2016, @01:21AM

      by Dunbal (3515) on Saturday February 20 2016, @01:21AM (#307198)

      The big thing I get out of this is that Apple is spying on you. From another article [buzzfeed.com]: "It was then that they [Apple] discovered that the Apple ID password associated with the iPhone had been changed. (The FBI claims this was done by someone at the San Bernardino Health Department.) Had that password not been changed, the executives said, the government would not need to demand the company create a “backdoor” to access the iPhone"

      So if the Apple ID isn't changed, Apple doesn't even need a backdoor to access your iPhone. Good to know.

      • (Score: 3, Interesting) by captain normal on Saturday February 20 2016, @04:38AM

        by captain normal (2205) on Saturday February 20 2016, @04:38AM (#307262)

        This brings up an aspect that I had been wondering about the last couple of days. The iPhone was property of San Bernardino County. It is/was a work phone. I think it unlikely that Farook used the phone for any personal or terrorist dealings. That phone was for Health Department business only, so would he risk his plans or contacts by using a company phone? Plus the fact that they destroyed both their personal phones and the hard drive of their computer but left the SBCHD phone intact seems to indicate they felt there was no information on it.
        Then there is the apparent change of password by the SBCHD which begs the question: Does the SBCHD have the current password? If so then the FBI should be after the SBCHD and not Apple.

        --
        When life isn't going right, go left.
      • (Score: 2) by basicbasicbasic on Saturday February 20 2016, @08:40AM

        by basicbasicbasic (411) on Saturday February 20 2016, @08:40AM (#307321)

        I don't see how you interpreted that to mean Apple is spying on you; the sentence directly before it says "Apple sent trusted engineers to try that method, the executives said, but they were unable to do it. It was then that they discovered ... "

        Anti-Apple or lack of coffee?

      • (Score: 2) by dyingtolive on Saturday February 20 2016, @09:16PM

        by dyingtolive (952) on Saturday February 20 2016, @09:16PM (#307515)

        I mean, there's other reasonable possibilities. Maybe they found the old password though other channels, an email or a note or something? I mean, otherwise, what you're suggesting is that Apple is spying on you, and was giving information to the government, only to not be giving information now.

        I still want to know why, when the TLAs have all this ability to monitor everything that goes into or out of the phone, they're making such a big deal about needing to crack the phone itself.

        --
        Don't blame me, I voted for moose wang!
        • (Score: 2) by dyingtolive on Saturday February 20 2016, @09:18PM

          by dyingtolive (952) on Saturday February 20 2016, @09:18PM (#307516)

          This is of course assuming there's not some nuance in the words there that I don't quite pick up, not being an Apple phone user.

          --
          Don't blame me, I voted for moose wang!
    • (Score: 1, Informative) by Anonymous Coward on Saturday February 20 2016, @04:44AM

      by Anonymous Coward on Saturday February 20 2016, @04:44AM (#307265)

      That is built in as a last ditch effort to recover a phone. It is not a secret and "Geniuses" do it multiple times a day. In fact, I did it for a friend whose children locked them out of their phone. You just press the home and power buttons when starting it and connect it to iTunes via USB. For more details, Google the term "DFU" or "iphone recovery mode."

  • (Score: 3, Touché) by Dunbal on Saturday February 20 2016, @01:10AM

    by Dunbal (3515) on Saturday February 20 2016, @01:10AM (#307195)

    It's going to be hilarious when after this massive legal battle Apple is finally compelled to hack their own OS to get into the phone (a copy of which will quickly find its way into the "wrong" hands), only to inform the FBI that the deceased was a big fan of Candy Crush Saga.

  • (Score: 0) by Anonymous Coward on Saturday February 20 2016, @01:33AM

    by Anonymous Coward on Saturday February 20 2016, @01:33AM (#307202)
    • (Score: 0) by Anonymous Coward on Saturday February 20 2016, @03:11AM

      by Anonymous Coward on Saturday February 20 2016, @03:11AM (#307245)

      McAfee is an idiot. How is social engineering going to help if the only person that knows the passcode is dead?

      • (Score: 0) by Anonymous Coward on Saturday February 20 2016, @02:05PM

        by Anonymous Coward on Saturday February 20 2016, @02:05PM (#307371)

        Social engineering is more than tricking some chump in customer service.

        Social engineering is actually "hacking the mind". You learn everything you can about your target and use that.
        People use passwords and pincodes that they will remember. This means that the number or password tends to have some relevance to their personal life.
        Furthermore, people tend to reuse their passwords and pincodes. Hell I do data forensics and I have a dozen devices that all need pincodes and every one of them uses some variant on a basic theme. I doubt I'm the exception here.

        Makes sense that the right person could analyze everything they DO have on the person and come up with a list of things. Generally a theme will be found and the close in time the acquisition is to the other events the more likely they are to share commonalities in the passphrase or pincode as well.

        If it were me, I'd ask his bank what his PIN number is on his debit card and try that first :)

  • (Score: 2) by Non Sequor on Saturday February 20 2016, @01:46AM

    by Non Sequor (1005) on Saturday February 20 2016, @01:46AM (#307206) Journal

    When was the last time the Supreme Court said that a court couldn't enforce a particular court order? If this goes all the way to the Supreme Court we're in trouble.

    --
    Write your congressman. Tell him he sucks.
    • (Score: 1) by Capt. Obvious on Saturday February 20 2016, @08:39AM

      by Capt. Obvious (6089) on Saturday February 20 2016, @08:39AM (#307320)

      Justice Scalia was firmly on the side of corporations over the government, and firmly on the side of criminal defendants over the government. (Although one should note that he was not on the side of convicted criminals, once convicted.) He would probably have been a reliable pro-Apple vote in this battle.

      • (Score: 0) by Anonymous Coward on Sunday February 21 2016, @03:04AM

        by Anonymous Coward on Sunday February 21 2016, @03:04AM (#307647)

        That's motive. Now all we need is means and opportunity.

  • (Score: 1) by YeaWhatevs on Saturday February 20 2016, @01:48AM

    by YeaWhatevs (5623) on Saturday February 20 2016, @01:48AM (#307207)

    Everyone must realize by now the FBI is going to get into that damn phone, and any phone they want that carries it's encryption key on the phone, with or without Apple's help. And this will remain the case until someone comes up with a phone with a physically separate encryption key. It is just that it's easier with Apple's cooperation, but sooner or later they'll do it nonetheless. Now, 'ol Tim could have discreetly coughed up the hack, and the FBI would be on their merry business of brute forcing the phone by feeding it those pins. However, he's decided to cooperate with the government in a different way, and allowed them to make an example of Apple in the press and probably get the law changed too, so that the government can preemptively add back-doors just like they want to, therefore making sure the next generation device with the physically separate key never happens (because the key is secretly stashed).

    • (Score: 4, Interesting) by Francis on Saturday February 20 2016, @03:47AM

      by Francis (5544) on Saturday February 20 2016, @03:47AM (#307254)

      What everybody but the FBI seems to realize is that a lot of this push towards encryption comes from the fact that the FBI, NSA, CIA and DSHS don't understand that they're not entitled to all the data they can access. Most people wouldn't care at all about encryption of the agencies hadn't overstepped their limits to a massive degree. I mean, literally it was too much of a hassle to go to the FISA court after the fact with nobody to oppose their demands.

      Think about that for a second, it was too much of a hassle to get a rubber stamp after already having accessed the information. That really ought to tell you how much we can trust those agencies.

    • (Score: 0) by Anonymous Coward on Saturday February 20 2016, @08:40AM

      by Anonymous Coward on Saturday February 20 2016, @08:40AM (#307322)

      And this will remain the case until someone comes up with a phone with a physically separate encryption key.

      Require strong passphrase entry every time you unlock the phone. Erase the key-expanded passphrase when not in use. Done.

      This is the default way every secure login system works. You have to add extra breakable shit to make things "simpler" and make the encryption breakable by making the pass-phrase weaker.

      "He who trades security for convenience will have neither"
        - Benjamin Schneier

      • (Score: 1) by YeaWhatevs on Saturday February 20 2016, @06:58PM

        by YeaWhatevs (5623) on Saturday February 20 2016, @06:58PM (#307458)

        Fail. This is what apple does already, if it wasn't for the wipe after 10 tries, the FBI would be in already. I have a passphrase on my private keys, standard encryption stuff. The only difference is, I don't keep the passphrase encryted key beside the encrypted data, however if the FBI gets the key, it is easy enough, with government resources to brute force it. Even easier if they get a hold of me, I'm not going to pretend I can withstand torture, the moment they lay that mallot on the table I'll be like "I'll talk". Only as strong as the weakest link.

  • (Score: 3, Insightful) by Azuma Hazuki on Saturday February 20 2016, @02:57AM

    by Azuma Hazuki (5086) on Saturday February 20 2016, @02:57AM (#307241) Journal

    The government is taking precisely the wrong tack here. They should study the history of Japan and what happened to it when guns were banned because "hurr durr foreign barbarian weapons NIPPON ICHI BANZAI~!" They're doing the exact same thing.

    Not for nothing was cryptography declared a munition; in a war of information technology and computers, it is very much a strategic asset. Add to it that a ban on encryption will simply 1) cause businesses not to sell in the US, or at all, 2) as a result of 1 cause a huge black market to spring up, and 3) give our opponents a tremendous geopolitical advantage over us. Russia, China, and Iran must be laughing themselves sick over this...

    --
    I am "that girl" your mother warned you about...
    • (Score: 2) by gnuman on Saturday February 20 2016, @05:08AM

      by gnuman (5013) on Saturday February 20 2016, @05:08AM (#307276)

      Not for nothing was cryptography declared a munition

      It was declared a munition for other reasons - to get information under Arms Export Controls. This essentially automatically classified software as munitions and it forbade US created crypto from being available to the general public. You may still remember the days of non-us Debian repo where only crypto implemented outside the USA could reside.

      Russia, China, and Iran must be laughing themselves sick over this...

      I'm sorry, but why would they be? I'm certain they are watching and going to demand exact same treatment from Apple and other companies as US demands for itself.

      • (Score: 3, Funny) by Azuma Hazuki on Saturday February 20 2016, @06:19AM

        by Azuma Hazuki (5086) on Saturday February 20 2016, @06:19AM (#307291) Journal

        Regarding Russia, Iran, and China...perhaps I give them too much credit. Were I high up in any of those nations I would encourage the US to continue down this destructive road at breakneck speed. Maybe they're as dumb as us.

        --
        I am "that girl" your mother warned you about...
  • (Score: 3, Interesting) by Anonymous Coward on Saturday February 20 2016, @03:33AM

    by Anonymous Coward on Saturday February 20 2016, @03:33AM (#307251)

    And how do we know this is not a staged bruhaha? A false flag incident?

    It is clear that FBI had nothing to do with these criminals actions, but it is also clear that the password to the linked account of the phone was changed after the phone was in custody of the FBI.

            https://twitter.com/Snowden/status/700823383961792512 [twitter.com]

    In light of this and since many politicians and FBI in particular were publicly lambasting the crypto-horse that "crypto will make it impossible to fight terrorism". And now conveniently they have a phone that is protected by a password they don't know and can't get. How much of a stretch is it that the FBI locked the phone on purpose in order to get a backdoor mandated in the software?? Or to push through anti-crypto/anti-privacy laws? That they don't care about the phone but they certainly do care about all the other phones that they may not be able to routinely search anymore?

    • (Score: 0) by Anonymous Coward on Saturday February 20 2016, @08:46AM

      by Anonymous Coward on Saturday February 20 2016, @08:46AM (#307324)

      Bingo.

      The terrorists were using unencrypted AOL email and SMS messages to communicate. ISIS announced in a fucking Muslim Extremist propaganda magazine in English that they would do these attacks about a month before hand.

      ZE BACKDOORZ! ZEY DO NOTZING!