Reply
 
Thread Tools Display Modes
  #251  
Old 10-04-2014, 06:48 AM
williambaskerville is offline
Guest
 
Join Date: Jan 2001
Location: Wicklow
Posts: 469
Quote:
Originally Posted by Stealth Potato View Post
And especially in a case like this, it's so easy to do it the "right" way, compared to building an entire infrastructure for Apple to store copies of private keys -- which must be updated whenever a user changes their credentials -- which must be secured against outside intrusion -- which must become the focus of an entire set of policies for internal access in a gigantic and porous organization, with who knows how many individuals needing access... The list of challenges mounts up without end, and you're still guaranteed to end up with a system far more vulnerable than if you'd simply never let the keys leave the client device.
Apple wouldn't do it that way, and almost certainly currently aren't. What they likely have implemented in previous versions in iOS is a dual public key system.

This would work as follows :-

1. One or more symmetric key pairs, that are actually used to encrypt data, are generated on the device and never leave it.

2. An asymmetric key pair is also generated on the device, and equally never leaves it. This key pair has one purpose :- to encrypt the symmetric keys generated in step 1.

3. The public component of an Apple owned asymmetric key pair is also stored on the device. Every time the device specific public key encrypts a symmetric key, this public key is also used to encrypt it, and this encrypted copy is stored in some non obvious location.

4. The private component of the Apple asymmetric key never leaves Apple HQ, and is used to decrypt the Apple copies of the symmetric keys when requested.
These decrypted keys, in turn, are used to decrypt the actual data.

In this system, all Apple have to do to maintain control of the backdoor is to maintain control of the private component of their keypair :- this is a reasonably achievable task. (Note that in reality, there would likely be multiple Apple keypairs, and probably multiple Apple encrypted copied of the symmetric keys, for redundancy purposes, but that's not particularly relevant).

I suspect this approach was implemented because the only other obvious way to leave a back door would be to use deliberately weakened versions of encryption algorithms. That approach has 2 significant drawbacks :-

1. It's susceptible to being detected by cryptanalysts. The encrypted data is visible, in plain view, and subject to statistical analysis. It's likely sooner or later someone is going to notice that the encrypted data simply doesn't statistically conform to what AES256 encrypted data should look like. (AES256 is just an example, I have no idea what algorithms Apple use).

2. It's vulnerability is fungible :- once it's weakness is exposed, and it likely will be, everyone with the technical ability to do so can break the encryption, not just Apple or the NSA

Assuming I'm right that Apple have been using a dual key public system, then what they've actually announced is not so much that they''re going to "turn on" strong encryption by default, more that they've decided to stop actually conspiring to defeat it.

I would generally welcome their decision, but find it largely irrelevant.Everyone who has any digital data worth protecting, and has done any research on the matter, would long since have decided to rely on open source encryption products rather than commercially ones. This applies particularly to those whose digital data is inherently illegal or incriminating. A colleague of mine once had occasion to do some research on the technical awareness of child pornography collectors :- they had very high awareness, and encryption technology was a large part of the FAQs on their message boards. (Yes, they had and have message boards, and yes those boards had FAQs).

As an aside on the question of surrendering passwords, and whether refusing to do so is contempt of court, it's entirely possible to provide a technical solution that renders that question moot, using a combination of cryptography and steganography. It would be relatively easy to structure a block of encrypted data so that providing the password "kitties" reveals it to be a collection of lolcats pictures, and providing the password "2&*793ada34122879*D&*798234" reveals it to contain child pornography. More realistically, the "fake" password could reveal it to be contain something perfect legal, but embarrassing, since as an extensive collection of transsexual pornography. Law enforcement officials may suspect there's another password/partition, but they can't prove it, and I don't see how a judge could find you in contempt once you've provided a password that demonstrably works.
  #252  
Old 10-04-2014, 06:50 AM
williambaskerville is offline
Guest
 
Join Date: Jan 2001
Location: Wicklow
Posts: 469
Dual post

Last edited by williambaskerville; 10-04-2014 at 06:51 AM. Reason: got an error the first time
  #253  
Old 10-04-2014, 09:11 AM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Quote:
Originally Posted by williambaskerville View Post
In this system, all Apple have to do to maintain control of the backdoor is to maintain control of the private component of their keypair :- this is a reasonably achievable task.
Actually, my theory is that they decided that it isn't a reasonably achievable task once the deployment of Apple Pay raises the stakes -- they can protect themselves against the typical level of hacker attack, but they aren't going to risk making themselves a one-stop-shopping target for everybody who hopes to find the pot of gold at the end of the rainbow.

If so, the Feds can piss and moan all they want -- the amount of money involved (from which Congresscritters can be purchased as necessary out of the portion that slips under the couch cushions) is simply too much to fight.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 10-04-2014 at 09:13 AM.
  #254  
Old 10-04-2014, 08:33 PM
williambaskerville is offline
Guest
 
Join Date: Jan 2001
Location: Wicklow
Posts: 469
Quote:
Originally Posted by Steve MB View Post
Actually, my theory is that they decided that it isn't a reasonably achievable task once the deployment of Apple Pay raises the stakes -- they can protect themselves against the typical level of hacker attack, but they aren't going to risk making themselves a one-stop-shopping target for everybody who hopes to find the pot of gold at the end of the rainbow.

If so, the Feds can piss and moan all they want -- the amount of money involved (from which Congresscritters can be purchased as necessary out of the portion that slips under the couch cushions) is simply too much to fight.
I don't disagree with you. What's access to that key worth ? Apple Pay raises that worth. From Apple's point of view, better to be rid of it.
  #255  
Old 10-04-2014, 11:51 PM
Snowboarder Bo's Avatar
Snowboarder Bo is offline
Member
 
Join Date: May 2005
Location: Las Vegas
Posts: 27,523
Quote:
Originally Posted by Smapti View Post
You already voluntarily divulge that information to for-profit corporations day in and day out. Why do you care if the government knows, and why do you think the government cares?

This is all circular; the argument boils down to "I don't want the government in my business because the government shouldn't be in my business, and they shouldn't be in my business because I don't want them in my business."
Why should the government be in my business? What compelling reason is there?
  #256  
Old 10-05-2014, 04:23 PM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Teh stoopid... it burnnnnsssss....

Quote:
A police “back door” for all smartphones is undesirable -- a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key....
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.
  #257  
Old 10-07-2014, 04:10 PM
DinoR is offline
Guest
 
Join Date: Oct 2014
Posts: 3,712
So Mr Goody Two-shoes has got data on a device. Some of it is data that the government has laws protecting even for the 100% law abiding, thoroughly upright citizen, Mr Two-Shoes (Privacy Act, HIPAA etc). New tough encryption makes it hard for people to access his data without his explicit cooperation. Who are those people? They include:
- criminals who want to steal my data for their use
- government representatives that are operating without a warrant or abusing a warrant for nefarious purposes
- government reps that are operating within a legally obtained warrant for the sole intention of convicting criminals (innocence does not mean there isn't enough circumstantial evidence to get the warrant)

I don't want the first two groups to have any access to anyone's data whether law abiding citizen or violent career criminal . Those people getting the data are criminals too let's not forget. The third group accessing data via warrant is a balance. I accept that Mr Two-Shoes private data being accessed in error and against will is a cost). It comes with the benefit that Mr Drug Dealer's and Mr I.B. Hitman's data can be accessed, Not all criminals give probable cause though. Not all that do give probable cause have data on the phone that is either essential for conviction or leads to something which is.

So what happens is we make accessing that data harder? Some of the criminals that get served a warrant will get away with their crime. That an even smaller subset of the total criminal population - they have to give probable cause, have the data on their phone that would lead to conviction, and not give sufficient evidence through other means. That's only punishing them after the fact so it relies on deterrence and smaller population of criminals to indirectly lower future crime rates. Compare that to the crime prevented by making it much harder for the first two groups to operate for their nefarious purposes. They can and do operate against 100s of millions of devices daily. Convicting a larger subset of criminals after the fact with weaker security vs preventing probably far more crime with stronger security.... I know which I prefer.

I even get additional privacy as an added bonus.
  #258  
Old 10-07-2014, 04:16 PM
Smapti is online now
Charter Member
 
Join Date: Mar 2002
Location: Olympia, WA
Posts: 16,251
Quote:
Originally Posted by Snowboarder Bo View Post
Why should the government be in my business? What compelling reason is there?
Because you are breaking the law and attempting to evade punishment for it.
  #259  
Old 10-08-2014, 08:42 AM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Quote:
Originally Posted by Smapti View Post
Because you are breaking the law and attempting to evade punishment for it.
If you are already know to be breaking the law, there is no need to investigate -- the evidence is already in. Duh.

In any case, the bottom line is succinctly explained here:

Quote:
This argument also misunderstands the role of the search warrant. A search warrant allows police, with a judge’s approval, to do something they’re not normally allowed to do. It’s an instrument of permission, not compulsion. If the cops get a warrant to search your house, you’re obliged to do nothing except stay out of their way. You’re not compelled to dump your underwear drawers onto your dining room table and slash open your mattress for them. And you’re not placing yourself “above the law” if you have a steel-reinforced door that doesn’t yield to a battering ram....

On balance, smartphones have been a gold mine to police, and the mild correction imposed by serious crypto will still leave the cops leaps and bounds ahead of where they were seven years ago, while making everyone more secure from the overreach of the authorities and the depredations of criminal hackers. The law enforcement officials criticizing Apple should put aside the sense of entitlement they’ve developed in those seven years and spend some time thanking Apple and Google for making things so easy for them for so long.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 10-08-2014 at 08:46 AM.
  #260  
Old 10-09-2014, 09:18 AM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
A man who tells it like it is:

Quote:
If law enforcement agencies want someone to blame for Android and Apple’s new smartphone encryption standards, they should look to themselves according to Google Executive Chairman Eric Schmidt....

Intelligence leaks by former National Security Agency contractor Edward Snowden last year revealed how the Government Communications Headquarters — NSA’s British counterpart — worked with NSA to break into the servers of Google and Yahoo to steal user data via a program codenamed "MUSCULAR."...
So the bottom line is: sorry, dudes, maybe next time you should try a more "BRAINULAR" approach so you don't get into these messes.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.
  #261  
Old 10-13-2014, 05:00 PM
Projammer's Avatar
Projammer is offline
Member
 
Join Date: Apr 2006
Location: SW Arkansas
Posts: 6,673
US Police Can Copy Your iPhone’s Contents In Under Two Minutes
Quote:
The CelleBrite UFED is a handheld device that Michigan officers have been using since August 2008 to copy information from mobile phones belonging to motorists stopped for minor traffic violations. The device can circumvent password restrictions and extract existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags.
Revalations like these are why the FBI's whining won't be getting many sympathetic ears other than the few pandering apologists who have nothing to hide.
  #262  
Old 10-13-2014, 06:14 PM
KarlGauss's Avatar
KarlGauss is offline
Entangled
Charter Member
 
Join Date: Mar 2000
Location: Between pole and tropic
Posts: 8,451
Quote:
Originally Posted by Projammer View Post
US Police Can Copy Your iPhone’s Contents In Under Two MinutesRevalations like these are why the FBI's whining won't be getting many sympathetic ears other than the few pandering apologists who have nothing to hide.
As the OP'er, you can be assured that I'm sympathetic to your position.

Still,let me ask: just because a phone's contents can be copied (in 2 minutes or 2 microseconds), it doesn't mean those contents will necessarily be decipherable, does it?

Generally, just because data is public doesn't mean that it can be understood by an interested party sans password.
  #263  
Old 10-13-2014, 06:42 PM
Projammer's Avatar
Projammer is offline
Member
 
Join Date: Apr 2006
Location: SW Arkansas
Posts: 6,673
The point was that the unencrypted data was(is?) being copied from people's phones with no warrant or even anything resembling reasonable cause. That's justification enough for encryption for me.

ETA: I'm sure that '2 minutes' is an exaggeration for shock value. Any data transfer is going to be restricted by the limitations of USB. Anyone who has copied large amounts of data from a phone or camera will have a more realistic estimate.

Last edited by Projammer; 10-13-2014 at 06:44 PM.
  #264  
Old 10-13-2014, 07:59 PM
KarlGauss's Avatar
KarlGauss is offline
Entangled
Charter Member
 
Join Date: Mar 2000
Location: Between pole and tropic
Posts: 8,451
Ah, gotcha.
  #265  
Old 10-13-2014, 10:02 PM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Quote:
Originally Posted by Projammer View Post
ETA: I'm sure that '2 minutes' is an exaggeration for shock value. Any data transfer is going to be restricted by the limitations of USB. Anyone who has copied large amounts of data from a phone or camera will have a more realistic estimate.
Actually, it's a reasonable estimate. USB 2.0 has a 60 MB/s bandwidth; that translates to 7.2 GB transferred in 2 minutes. Even allowing for the difference between theoretical and actual performance, it's not at all unrealistic that the actual data (as opposed to operating system and apps) on a phone could be sneak-peeked in that timeframe.

In other news on the topic, the FBI director James Coney has apparently started a Whinefest Media Tour (tip for Jimbo: If you're going on all the TV shows that specialize in catering to people who wish to publicly divest themselves of their remaining vestiges of self-respect, get yourself some cheap expendable suits so you won't mind when they get torn or muddy or goo-saturated or whatever).
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.
  #266  
Old 10-15-2014, 09:00 AM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Quote:
Originally Posted by Steve MB View Post
Actually, it's a reasonable estimate. USB 2.0 has a 60 MB/s bandwidth; that translates to 7.2 GB transferred in 2 minutes. Even allowing for the difference between theoretical and actual performance, it's not at all unrealistic that the actual data (as opposed to operating system and apps) on a phone could be sneak-peeked in that timeframe.
Addendum: I had overlooked the fact that USB 3.0 is supported by some of the latest generation of smartphones, cutting data transfer times by an order of magnitude. I'm presuming that this snooping device also supports USB 3.0 -- if so, a fishing-expedition scoop-up from a USB 3.0 phone would easily take less than 2 minutes, even including the phone OS and apps in the transfer.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 10-15-2014 at 09:01 AM.
  #267  
Old 10-16-2014, 09:39 AM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
One amusing sidelight from just a few years ago:

Quote:
Originally Posted by FBI Webpage
Responding to the Cyber Threat

...Managing the consequences of a cyber attack entails minimizing the harm that results when an adversary does break into a system.

An example would be encrypting data so the hacker can’t read it, or having redundant systems that can readily be reconstituted in the event of an attack.....
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.
  #268  
Old 10-17-2014, 03:04 PM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
The answer to the original question is shifting from merely "no, of course they're not right" to "it's long past time for them to quit pissing on our heads and telling us it's raining":


Quote:
FBI Director James Comey gave a speech Thursday about how cell-phone encryption could lead law enforcement to a “very dark place” where it “misses out” on crucial evidence to nail criminals. To make his case, he cited four real-life examples — examples that would be laughable if they weren’t so tragic.

In the three cases The Intercept was able to examine, cell-phone evidence had nothing to do with the identification or capture of the culprits, and encryption would not remotely have been a factor.

In the most dramatic case that Comey invoked — the death of a 2-year-old Los Angeles girl — not only was cellphone data a non-issue, but records show the girl’s death could actually have been avoided had government agencies involved in overseeing her and her parents acted on the extensive record they already had before them.

In another case, of a Lousiana sex offender who enticed and then killed a 12-year-old boy, the big break had nothing to do with a phone: The murderer left behind his keys and a trail of muddy footprints, and was stopped nearby after his car ran out of gas.

And in the case of a Sacramento hit-and-run that killed a man and his girlfriend’s four dogs, the driver was arrested in a traffic stop because his car was smashed up, and immediately confessed to involvement in the incident....
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 10-17-2014 at 03:04 PM.
  #269  
Old 10-17-2014, 03:54 PM
Grumman is offline
Guest
 
Join Date: Jul 2006
Location: Australia
Posts: 8,508
This thread seems relevant. Even the government is committing identity theft these days.
  #270  
Old 10-17-2014, 06:50 PM
KarlGauss's Avatar
KarlGauss is offline
Entangled
Charter Member
 
Join Date: Mar 2000
Location: Between pole and tropic
Posts: 8,451
Quote:
Originally Posted by Grumman View Post
This thread seems relevant. Even the government is committing identity theft these days.
While I don't disagree with you, I suspect that Steve MB is aware of that thread.
  #271  
Old 10-28-2014, 06:58 PM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Quote:
Originally Posted by KarlGauss View Post
While I don't disagree with you, I suspect that Steve MB is aware of that thread.
Well, yes, I did notice that.

In any case, the matter is now pretty well settled, with the new OS security improvements formally announced, Congress telling the FBI director "In your dreams", and the issue moving on to cell message content as T-Mobile hardens its network against snooping.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 10-28-2014 at 07:00 PM.
  #272  
Old 11-06-2014, 10:31 AM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
The apologists are now sinking to the point-and-laugh level:

Quote:
Former NSA Lawyer Says Reason Blackberry Failed Was 'Too Much Encryption' Warns Google/Apple Not To Make Same Mistake

[former NSA General Counsel Stewart] Baker said encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. "Blackberry pioneered the same business model that Google and Apple are doing now - that has not ended well for Blackberry," said Baker....
I have this mental image of getting a letter from Mr. Baker with a request to send copies to a dozen friends: "...the CEO of Blackberry broke the chain, and his business began to flounder...".
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.
  #273  
Old 11-06-2014, 10:43 AM
Bricker is offline
And Full Contact Origami
SDSAB
 
Join Date: Dec 1999
Location: Northern Virginia
Posts: 56,417
Why does the SDMB force me into this position so often?

Up front: I don't agree that the government should limit encryption strength, or that companies should limit encryption strength or provide back doors to investigators.

So I am totally in favor of the overall point made by the OP, and indeed by the articles quoted.

But I am not in favor of shading the facts to prove your point, and that's what the article in the OP has done when it claims that the text messages between Brian Horn and Justin Bloxom were legally irrelevant or merely cumulative.

Quote:
During closing arguments, prosecutor Dhu Thompson told the jury to recall the text message sent by Justin Bloxom in response to explicit photos sent to him by Horn, which said, "you gotta remember, I'm only 12." When that portion of the text conversation was read aloud on Monday as the state presented its case, an audible reaction was heard in the courtroom.

Thompson said Bloxom's response to Horn in reminding him of his age is important to note because it shows Horn's intent.
My argument is: regardless of the fact that broken electronic communication may have served as evidence in criminal cases, it's neither prudent nor really even possible to hold back the tide of encryption. I would NOT make my case by pretending that the evidence recovered was never of any use.
  #274  
Old 11-06-2014, 10:53 AM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Quote:
Originally Posted by Bricker View Post
But I am not in favor of shading the facts to prove your point, and that's what the article in the OP has done
I can't find anything remotely resembling this quote in either of the articles linked from the OP.

Based on the quote itself, wherever it came from, I'm at a loss to figure out how a text message sent from the victim's phone (which is now presumably in the custody of parents or guardians who are presumably perfectly willing to cooperate with the prosecution) is supposed to be in any way relevant to the issue at hand.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 11-06-2014 at 10:57 AM.
  #275  
Old 11-06-2014, 11:14 AM
Chronos's Avatar
Chronos is offline
Charter Member
Moderator
 
Join Date: Jan 2000
Location: The Land of Cleves
Posts: 85,097
Hey, Smapti, just out of curiosity, what's your bank account number, routing number, and the username and password you use for online banking? I'm sure that you won't have any reluctance revealing this information, because after all, you're not doing anything illegal with your banking, right? So you have nothing to fear.
  #276  
Old 11-06-2014, 11:25 AM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Quote:
Originally Posted by Chronos View Post
Hey, Smapti, just out of curiosity, what's your bank account number, routing number, and the username and password you use for online banking? I'm sure that you won't have any reluctance revealing this information, because after all, you're not doing anything illegal with your banking, right? So you have nothing to fear.
Eh, not much point continuing to kick around Smapti's arguments -- that piñata is pretty much empty.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.
  #277  
Old 11-06-2014, 12:23 PM
robert_columbia is offline
Guest
 
Join Date: Oct 2009
Posts: 8,791
Quote:
Originally Posted by Grumman View Post
So, is the FBI stupid enough to believe that they are the only ones capable of exploiting security vulnerabilities, or do they just not care as long as it's not the government's ox being gored? Actively advocating that the American people should be made more vulnerable to crime just in case they want to exploit the same weakness is quite obnoxious.
Very true. Someone might want one of these phones for a reason other than evading US law enforcement. Maybe they want to protect themselves from the Mob. Or maybe their creepy stalker ex-boyfriend is an IT guru and leet haxor. Or perhaps they want to prevent their data from falling into the hands of foreign intelligence and/or law enforcement hands. Is it an offense under US law to block the KGB from hacking your phone?
  #278  
Old 11-07-2014, 08:58 AM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Quote:
Originally Posted by robert_columbia View Post
Very true. Someone might want one of these phones for a reason other than evading US law enforcement. Maybe they want to protect themselves from the Mob. Or maybe their creepy stalker ex-boyfriend is an IT guru and leet haxor. Or perhaps they want to prevent their data from falling into the hands of foreign intelligence and/or law enforcement hands. Is it an offense under US law to block the KGB from hacking your phone?
One of the lessons of the Snowden case is that government secrets do not necessarily remain secret or confined to the government. If the government has a backdoor, any of the above attackers can purloin the government's secret backdoor keys and gain the same level of access for themselves.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.
  #279  
Old 11-07-2014, 09:30 AM
Bricker is offline
And Full Contact Origami
SDSAB
 
Join Date: Dec 1999
Location: Northern Virginia
Posts: 56,417
Quote:
Originally Posted by Steve MB View Post
I can't find anything remotely resembling this quote in either of the articles linked from the OP.

Based on the quote itself, wherever it came from, I'm at a loss to figure out how a text message sent from the victim's phone (which is now presumably in the custody of parents or guardians who are presumably perfectly willing to cooperate with the prosecution) is supposed to be in any way relevant to the issue at hand.
Here's the source of the quote.

If the victim's phone was encrypted, and the text messages were sent as data as opposed to SMS messaging, how would having the phone help, no matter how willing the parents or guardians were to help? If they didn't know the victim's password, they couldn't unlock the phone. Carriers may keep records of SMS texts, but iPhone-to-iPhone texts are simply data packets, and are not captured and stored by the carrier. And third party text applications like WhatsApp also use that method.

So I'm not sure what you mean. Can you explain precisely how their cooperation would surmount that obstacle?

Again I point out that I'm simply responding to the implication that the texts were not a factor in the criminal prosecution, which was the implication of the article linked in post 268:

Quote:
At trial, the sexually graphic texted messages between Bloxom and Horn were presented to the jury. But they were hardly necessary for conviction.
That's not true -- establishing that Horn knew the victim's age might well have been necessary, and was certainly valuable to the prosecution for proof of aggravating factors.

Finally, I again emphasize that I do not favor weakening encryption in any way, shape, manner, or form.
  #280  
Old 11-07-2014, 09:55 AM
Lightnin''s Avatar
Lightnin' is offline
Guest
 
Join Date: Jan 2001
Location: Edmonton, AB
Posts: 7,487
Quote:
Originally Posted by Smapti View Post
If I'm not doing anything illegal, then the government has no reason to care what I'm doing in the first place, and they won't bother with me. If I'm doing something illegal, then I have no right to hide it from the government, and I deserve to be captured and punished for it.
I'm not doing anything illegal. The government has no reason to care what I'm doing or what's on my phone, and I have nothing to hide.

However...

If the cops can get into my phone today, the hackers got into it last week. Any backdoor will be found by hackers, and it will be used. An open, unsecured system (which is exactly what a backdoor gives you) is more of a danger to me than I am to the government.

If, in the process of hardening my data against hackers means that the government can't spy on me, that's the government's problem, not mine.
  #281  
Old 11-07-2014, 11:24 AM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Quote:
Originally Posted by Bricker View Post
That's not true -- establishing that Horn knew the victim's age might well have been necessary, and was certainly valuable to the prosecution for proof of aggravating factors.
Given that the jury was convinced beyond a reasonable doubt that Horn had personally strangled the victim, I'm not seeing much room for doubt as to whether or not Horn knew the victim's age. Might one of the jurors have demurred if he'd concluded that Horn thought the victim was 14 rather than 12?

Quote:
Finally, I again emphasize that I do not favor weakening encryption in any way, shape, manner, or form.
Fair enough.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.
  #282  
Old 11-07-2014, 11:46 AM
Bricker is offline
And Full Contact Origami
SDSAB
 
Join Date: Dec 1999
Location: Northern Virginia
Posts: 56,417
Quote:
Originally Posted by Steve MB View Post
Given that the jury was convinced beyond a reasonable doubt that Horn had personally strangled the victim, I'm not seeing much room for doubt as to whether or not Horn knew the victim's age. Might one of the jurors have demurred if he'd concluded that Horn thought the victim was 14 rather than 12?
In Lousiana, the law provides that it's a more serious crime to kill someone 12 and under (or 65 and over). They certainly would have convicted him of some variety of homicide, yes, but being able to prove he knew the child was 12 was legally significant.

Last edited by Bricker; 11-07-2014 at 11:46 AM.
  #283  
Old 11-07-2014, 12:01 PM
DataX is offline
Guest
 
Join Date: Jan 2012
Posts: 1,925
Quote:
Originally Posted by KarlGauss View Post
Well, I wish it had been my question (thanks).

Upthread, an allusion was made to case law about such situations. Can you help, please, Bricker, esq.

My opinion, as uninformed as it is, is that of course a warrant should compel a person to disclose his password (as well as to surrender the phone that uses it). If not, the warrant is a powerless tool and I will presume that would be unacceptable to legislators and the courts.

Regarding the specific defence of 'self incrimination', such a tactic obviously won't work to deny law enforcement entrance into your home if they had a warrant to search it. "Officers, don't come in because what you find here may incriminate me"? How are smartphones different?
Smart phones are different because they have our daily lives on them. Now a days people are texting more than ever - very personal deep conversations are available to law enforcement or anyone else with access to your phone - as is your pictures, (often) where you have been, emails, bank data, all kinds of stuff that would have been difficult to compile and search even 10 years ago.

Years of case law had allowed law enforcement access to stuff while you were arrested - for example. Without even a warrant (recently this was reversed) - law enforcement abused this - cause they could (at least for a time). Even the Supreme Court has recognized the importance that smart phones play in our lives and the privacy protections they deserve.

Law enforcement still has access to the same info they had say 10 years ago - they want to listen into phone calls - no problem - they can get a warrant. They want to eavesdrop on text - same thing - the stuff that goes through the telcos is still up for grabs.

They want to read all the texts I've been sending for the past 2 years? Fuck them.

I'd wager to say more people have evidence of something they'd be embarrassed about on their smart phones more than they do in the rest of their house.

Without good encryption - and MORE IMPORTANTLY - the infrastructure on the phone that allows for the encryption not to be bypassed - it allows someone with resources and training access to your phone. The NSA is not able to defeat good encryption -- they ARE able to get around the encryption by using bugs in software/hardware, keystroke capturing, setting up fake - or stealing others certificates, and all sorts of things. They actually have the ability to target computers going in and out of the country (say a dell going to Dubai) - that package is routed by UPS to secure facilities where spyware is installed or the computer is otherwise rendered useless from a security perspective. They don't defeat the (strong) encryption - they get around the encryption.

The only way to make cell phones safe from say the Russians - is to also make them safe from Americans - any type of back door access that is enabled for law enforcement - is another layer of potential issues where software/hardware issues could allow another third party to enter. It weakens the phone in and of itself.

An analogy could be a master key on a physical lock. When picking a normal lock - you have one sheer line on each pin that you must find to then apply pressure to one by one until the lock is open. When you have a master key -- there are two sheer lines on each pin. This makes it easier in some cases to find - in the individual parts of that pin column are now smaller and easier to physically manipulate.
  #284  
Old 11-07-2014, 01:19 PM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Quote:
Originally Posted by Bricker View Post
In Lousiana, the law provides that it's a more serious crime to kill someone 12 and under (or 65 and over). They certainly would have convicted him of some variety of homicide, yes, but being able to prove he knew the child was 12 was legally significant.
Given the law as stated, being able to prove that the child is 12 is legally significant. I doubt that this proof was difficult to obtain, text messages or no text messages.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 11-07-2014 at 01:20 PM.
  #285  
Old 11-07-2014, 01:22 PM
Bricker is offline
And Full Contact Origami
SDSAB
 
Join Date: Dec 1999
Location: Northern Virginia
Posts: 56,417
Quote:
Originally Posted by Steve MB View Post
Given the law as stated, being able to prove that the child is 12 is legally significant. I doubt that this proof was difficult to obtain, text messages or no text messages.
Are you suggesting that this is a strict liability issue? The age is relevant, but whether the murderer knew it or not isn't?

You could be right. Generally, though, I'd expect to see some kind of a scienter element read into that law by the courts, but maybe not. I haven't done the research one way or the other.
  #286  
Old 01-13-2015, 02:56 PM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Stupid ideas never die; they just get handed down to stupider politicians:

Quote:
David Cameron is "living in cloud cuckoo land" when he suggests a new Tory government would ban messaging apps that use encryption, security experts have told the Guardian....

Independent computer security expert Graham Cluley said: "It's crazy. Cameron is living in cloud cuckoo land if he thinks that this is a sensible idea, and no it wouldn't be possible to implement properly."

Other security experts echo Cluley, describing the approach as "idiocy" and saying Cameron’s plans are "ill-thought out and scary". The UK’s data watchdog has also spoken out against "knee-jerk reactions", saying moves could undermine consumer security....

Preston Byrne, the chief operating officer of Eris Industries, warns that his company will be forced to leave the UK if Cameron's comments on the technology become policy, and move to "more liberal climes such as Germany, the U.S., the People's Republic of China, Zimbabwe, or Iraq."...
Well, at least he did strike a blow for the conservative notion that Government Destroys Jobs.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 01-13-2015 at 02:57 PM.
  #287  
Old 01-15-2015, 01:55 PM
busmol is offline
Guest
 
Join Date: Jan 2015
Posts: 13
So to anyone who said only criminals have something to hide, what would have happened if there were smartphones and no warrant searches during Pre-Revolutionary War America? But I guess in the eyes of the Monarchy, the revolutionaries were criminals.....
  #288  
Old 02-23-2015, 05:47 PM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Bumping the thread as the government's position degenerates into outright magical thinking:

Quote:
"I'm perplexed. Most of the debate I've seen is, [encryption] is all or nothing," [NSA Director Mike] Rogers said....

There are two ways to read Rogers's comments: The director of the world's most powerful intelligence agency either fundamentally doesn't understand how encryption works, or he merely pretended, for an hour, to not understand why opening up encryption to third parties would fundamentally destroy it....

...[I]f you create a vulnerability that can be exploited by the NSA or FBI, then other third parties or governments will eventually be able to crack that vulnerability, destroying encryption entirely....

Rogers refused to accept this explanation and said he thinks that it would be possible to make it possible only for the NSA and FBI to decrypt data, under certain circumstances decided by some sort of independent court....
("I reject your reality and substitute my own!" emphasis added)
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 02-23-2015 at 05:48 PM.
  #289  
Old 05-01-2015, 12:03 PM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
The latest development in the story -- an FBI apparatchik tries to command the tide to reverse course at a Congressional committee hearing, but the committee members agree that she's all wet:

Quote:
A top FBI official, Amy S. Hess, said at a House Oversight Committee hearing on Wednesday that encryption of phone data is limiting the FBI's ability to spy on communication. She said law enforcement needs a way to access smartphone content in order to stop criminals and terrorists, suggesting that the FBI have access to keys that can unlock customers' data.

But in a rare show of unity, Congressmen almost universally fought back against that idea.

U.S. Representative Rod Blum, a Republican from Iowa, likened that to homebuilders putting a camera in every new house -- and telling people to blindly believe they won't be turned on later....

"Why do you think Apple and Google are doing this? It's because the public is demanding it ... a public that doesn't want an out-of-control surveillance state," [Rep Ted] Lieu [D-CA] said. "This is a private sector response to government overreach."...
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.
  #290  
Old 05-01-2015, 01:10 PM
CurtC is offline
Guest
 
Join Date: Dec 1999
Location: Texas
Posts: 6,828
Quote:
Originally Posted by Steve MB View Post
Bumping the thread as the government's position degenerates into outright magical thinking:
I have a problem with that article - it makes it sounds like the government is asking for weakened encryption, something that can be hacked by them. But my understanding is that's not the case. The government wants to have strong encryption that their master key can open. This is certainly technologically possible, just like it's possible to encrypt a message that either one of two people can open with their private keys.

Whether that's a good idea is another question entirely. I myself don't want my government to be able to read my private communications, but at least let's state it clearly. They're not asking for hackable encryption, they're asking for keys.
  #291  
Old 05-01-2015, 01:27 PM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Quote:
Originally Posted by CurtC View Post
I have a problem with that article - it makes it sounds like the government is asking for weakened encryption, something that can be hacked by them. But my understanding is that's not the case. The government wants to have strong encryption that their master key can open.
That's a distinction without a difference. Building a backdoor key into the system is weakened encryption, because it inherently opens a new vulnerability (cracking or stealing the the backdoor key).

Even the government's own spokespeople admit this to be a basic problem with the concept:

Quote:
During the hearing, [DA] Conley continued to show just how far out of his depth he was. Rep. Blake Farenthold (right after quizzing the FBI on why it removed its recommendation on mobile encryption from its website -- using the screenshot and highlighting I made), asked the entire panel:
Is there anybody on the panel believes we can build a technically secure backdoor with a golden key -- raise your hand?
No one did -- neither DA Conley nor the FBI's Amy Hess...
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.
  #292  
Old 05-20-2015, 06:00 PM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
The story continues as the people who know what they hell they're talking about try to set the Administration straight:

Quote:
A collection of tech industry giants like Facebook, Google, Apple and Microsoft, as well as civil liberties organizations and Internet security experts, sent a letter to President Obama on Tuesday warning of the unintended consequences of any policy meant to weaken the encryption technologies that protect Internet communications.

The White House has been weighing whether to mandate that companies use only forms of encryption that provide law enforcement with the means for unscrambled access -- a so-called back door.

Critics in the technology industry are concerned that a back door for law enforcement in the United States would be a back door for everyone, including other governments and hackers. One Yahoo executive likened the proposal to "drilling a hole in the windshield."...
This unwelcome intrusion of reality gave FBI Director Comey a sad:

Quote:
FBI Director James Comey on Wednesday twice used the word "depressing" in describing his reaction to tech companies' recent plea to President Obama for the White House to support universal strong encryption....

Security experts unanimously agree that any guaranteed access to encryption will create a vulnerability likely to be exploited by nefarious actors.

Comey brushed aside the concern.

"Technical people say it’s too hard," he said. "My reaction to that is: Really? Really too hard? Too hard for the people we have in his country to figure something out? I’m not that pessimistic."
OK, so he finds it "depressing" that Silicon Valley can't find a way to create a magical golden key that only the good guys can use. No word yet on whether he finds it similarly depressing that Wall Street can't find a way to make everybody rich without anybody having to work, or that Detroit can't find a way to make cars get 500 mpg while emitting only clean sweet breezes that smell faintly of lavender, or that Washington can't find a way to balance the budget while giving out money to everybody instead of collecting taxes from them.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 05-20-2015 at 06:02 PM.
  #293  
Old 08-02-2015, 03:08 PM
Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 13,419
Update: Even veteran national security managers come down on the side of genuine security over the FBI's security theater:

Quote:
“My position is probably going to be a little surprising to people here,” Michael Chertoff, the former secretary of homeland security, told an audience last week at the Aspen Security Forum. “I think that it’s a mistake to require companies that are making hardware and software to build a duplicate key or a back door even if you hedge it with the notion that there’s going to be a court order.”...

Michael Hayden has served as director of national intelligence as well as head of the NSA and CIA. He is now a principal at the Chertoff Group. And according to The Daily Beast’s Noah Shachtman, who moderated a panel at the Aspen Security Forum, Hayden declared in an interview, “I think I come down on the side of industry. The downsides of a front or back door outweigh the very real public safety concerns.”

Michael Leiter has doubts about mandatory “backdoors” too. A former director of the United States National Counterterrorism Center, he presently works for Leidos, a defense and homeland security contractor. Appearing on the same panel as Chertoff, he declared that “we are clearly going to a world where end-to-end encryption with temporary keys that disappear immediately after any communication occurs, that is the future. There is no way around that; we are not going to stop that. And because of that, for the technology issues, I don't think there is a long term way to preserve the US government's ability to intercept or get access to those.”...
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 08-02-2015 at 03:09 PM.
  #294  
Old 10-03-2019, 08:28 PM
KarlGauss's Avatar
KarlGauss is offline
Entangled
Charter Member
 
Join Date: Mar 2000
Location: Between pole and tropic
Posts: 8,451
Still decrying after all these years.
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 02:19 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@straightdope.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Copyright © 2019 STM Reader, LLC.

 
Copyright © 2017