SoylentNews is people
SoylentNews
Wired is running a story of hackers claiming to have broken Face ID on the new iPhone X.
When Apple released the iPhone X on November 3, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication. A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible.
On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking.
On a similar note Apple has repeatedly fought working with governments to unlock phones, if the police have a dead or detained criminal what is to stop them from just pointing the phone at their face and getting all the juicy data bits inside? Does Face ID *help* police/governments?
(Score: 3, Insightful) by meustrus on Tuesday November 14 2017, @06:34PM (9 children)
The battle lines drawn for police vs. privacy are wrong.
We need the state, as part of due process, to have access to all evidence that exists. We need due process to make this access accountable to the public and limited to a narrow legal scope.
In service of this, police have the capability to open locks but may only do so with a court order. Why should electronics be any different?
In practice, however, this argument falls short for technical reasons. If the police had the ability to unlock any device, we do not have legal frameworks in place to prevent them from unlocking every device. If there is one lesson to be learned about computing, it is that there is no longer a meaningful difference in effort between doing something once and doing it billions of times. And in the name of counter-terrorism, the process of obtaining a warrant has become frighteningly less transparent.
Most importantly, however, no means have yet been devised for police to have controlled access to electronic locks in a manner similar to physical locks that don't fundamentally compromise the locks themselves. Let's face it: if I could lock my front door in a way that would-be burglars would definitely not be able to open, it would be irrational to sacrifice definite protection against such criminals to create privileged access for anybody.
Unfortunately, those that understand the implications of technology have thus far advocated for a world that shelters everyone's privacy in absolution, because we know that it is technically possible and we want our own activities to remain invisible. It's what a rational self-motivated person would want, but it's not what's best for society.
What is best for society would be a system in which we maintain all ability to protect ourselves, but an agent of the law can through transparent due process obtain all evidence that exists in the course of a single investigation. I don't see how this is technically possible, but it's what we need. Otherwise, our technology will lead us into a lawless world where power comes unchecked from concealable technological resources, leaving us all caught in the crossfire between increasingly invisible state agents and the already invisible agents of the criminal underworld.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 2) by tangomargarine on Tuesday November 14 2017, @07:06PM (2 children)
It wouldn't be hard with PKI and key escrow. The problem is how trustworthy the government agent is who gets the copy of your key.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by meustrus on Tuesday November 14 2017, @11:14PM (1 child)
If you create a backdoor key, anybody can steal the backdoor key. If you create a backdoor key that applies to every single lock, stealing that one key becomes exponentially more valuable. The same goes for separate backdoor keys for every lock that are all kept in the same place.
Information security is about keeping secrets. The moment you have told anybody else, your attack vector expands to include theirs.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 2) by tangomargarine on Wednesday November 15 2017, @03:52PM
Give the government agent your original key; there's no backdoor involved at all.
It's easy to do technically, it's just not a very good idea. At that point everything hinges on 1) the security of the government key escrow system, and B) how robust and trustworthy the process for obtaining permission to use the keys is.
Yup. But of course the point of this whole "secure backdoor encryption" nonsense isn't to make *us* more secure; it's to help the government get their greasy fingers into all of our data.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Tuesday November 14 2017, @07:17PM (1 child)
People destroy evidence all the time, so your argument kinda falls apart. There is almost never some safe containing all the incriminating evidence which is why we have subpoenas. If someone does not provide access for law enforcement when there is a legal subpoena then it does not go well for them.
Your comparison of physical and digital locks is ridiculous, all we will see is criminals using alternate methods to go about their activities while the average person loses privacy and can be easily targeted by the criminals you want to catch! Not only is it not possible, but it is not desirable. The biggest flaw in your thinking is presuming that law enforcement is always "the good guy". We have seen plenty of modern examples of this not being true.
(Score: 2) by meustrus on Tuesday November 14 2017, @11:24PM
That's why I don't have a solution. Creating backdoors solves nothing for this reason and just creates more problems.
To compare it to a physical lock: if the government mandated that every deadbolt accept the government's master key, average citizens would become less secure while criminals would use black market locks with no such restrictions. The metaphor actually works pretty well when properly applied.
And no, I do not presume that law enforcement is "the good guy". I presume that it is the designated agent of enforcing the laws that we have already agreed to. Appropriate oversight is necessary to keep law enforcement from becoming corrupt. But my entire argument does assume a lot about how the state functions which is not always true. Selective enforcement, minority disenfranchisement, and corruption are all serious problems, but they are outside the scope of discussing how law enforcement can best accomplish the job that they have been given.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 3, Insightful) by frojack on Tuesday November 14 2017, @07:34PM (3 children)
You started out wrong, and it went down hill from there.
There's absolutely no justification for the police to have all evidence that exists.
With that as your standard, there is nobody who is innocent. You've just called for a real world "Go to Jail, go directly to jail" card.
You, sir, are an idiot.
No, you are mistaken. I've always had this sig.
(Score: 2) by meustrus on Tuesday November 14 2017, @11:36PM (2 children)
That nobody is innocent is a fault in our laws, not a fault in the powers of law enforcement. It unfortunately leads to selective enforcement, targeted at people the police are already otherwise interested in.
But don't miss the "as part of due process" part of my argument. Due process does not allow anybody to broadly sweep all evidence of criminal activity. It only allows for a targeted search based on existing suspicion. And when there is an existing suspicion, the best way to prove whether that suspicion is correct or whether the police need to look elsewhere is if they can look at all evidence that exists.
But think for a moment about what you misinterpreted in my argument. Nobody wants to put everybody in jail. Who would pay taxes? Who would guard the prison? If law enforcement were truly omniscient, we would be having some interesting conversations about all those laws that are technically being broken but don't hurt anybody. We might even have the information to say for sure that certain activities currently illegal are good for society. Granted, we'd also have some serious corruption problems that would probably tank any real reform of our legal system pretty quickly.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 2) by Gaaark on Wednesday November 15 2017, @01:54AM (1 child)
"Nobody wants to put everybody in jail. "
But there are people who may want to put YOU in jail: give them the power to, and it may happen.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by meustrus on Wednesday November 15 2017, @08:03PM
You're remarkably naïve to think that they couldn't already lock you or me away if they wanted to. The vast majority of evidence can already be obtained through warrants, and even if all they have is "reasonable suspicion" they can still use that to make your life unlivable.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?