Reply
 
Thread Tools Display Modes
  #51  
Old 06-15-2018, 02:32 PM
Bone Bone is online now
Arbitrary and Capricious
Moderator
 
Join Date: Jul 2003
Posts: 9,036
Quote:
Originally Posted by Whack-a-Mole View Post
How about jail for the rest of your life?

IIRC the court once jailed a man for refusing to divulge where he hid money that was owed to his ex-wife. So the court put him in jail and there he got to stay till he decided to get the money he owed. Last I heard he was still in jail after 12+ years.
This was the matter of Beatty Chadwick. He was released after 14 years.

Slightly different fact pattern, being divorce proceedings and not a criminal matter. I know the issue is unsettled, but I would think the testimonial aspect of revealing things like passwords and such from your mind would trigger greater protection than obvious money hiding scams in civil court.

And besides, I don't think you can be held in contempt for exercising constitutionally guaranteed rights.

***

It's not hard to imagine a tech that bricks the device after a certain amount of time without the code being entered.
  #52  
Old 06-15-2018, 03:06 PM
CurtC CurtC is offline
Guest
 
Join Date: Dec 1999
Location: Texas
Posts: 6,633
Quote:
Originally Posted by Steve MB View Post
Actually, what the various police agencies are advocating is some designed-in access system (i.e. analogous to providing them a master key).
An even better analogy is the government forcing a lock maker to design them so that they can all be opened by a master key.

Quote:
Originally Posted by begbert2 View Post
Rather than attempting to fight technology itself, wouldn't a more correct approach be for the police to get the legislators to just raise the legal penalties for refusing to open your phone when they order you to?
"I'm so sorry, officer, I've been trying to remember the password myself, but I haven't been able to."
  #53  
Old 06-15-2018, 03:31 PM
begbert2 begbert2 is offline
Guest
 
Join Date: Jan 2003
Location: Idaho
Posts: 10,205
Quote:
Originally Posted by Bone View Post
It's not hard to imagine a tech that bricks the device after a certain amount of time without the code being entered.
What leapt to my mind was a system where entering a specific wrong password bricks the system - same effect, but without worries if you leave your phone alone for the long weekend. Plus cops wouldn't bother asking for the password at all - unless they wanted to nail you for destruction of evidence or something.
  #54  
Old 06-15-2018, 03:47 PM
k9bfriender k9bfriender is offline
Guest
 
Join Date: Jul 2013
Posts: 8,023
Quote:
Originally Posted by Whack-a-Mole View Post
How about jail for the rest of your life?

IIRC the court once jailed a man for refusing to divulge where he hid money that was owed to his ex-wife. So the court put him in jail and there he got to stay till he decided to get the money he owed. Last I heard he was still in jail after 12+ years.

We have discussed this around here before and I think the legal eagles said the court can do this because you hold the keys to your own release. Do what the court has asked and you are free to go (for the contempt charge at least).

So, sit in jail forever or unlock your phone? What is on your phone would have to be really bad in that case to refuse to unlock it.
Depends on what I have on it. Like I said, if it has stuff that would implicate me in a serious felony, then sitting in jail on contempt of court may be preferable to sitting in jail convicted of mass murder or something.

Quote:
Originally Posted by Buck Godot View Post
I don't have a problem in principal with the government having tools to extract information from a phone with a warrant.

The problem I see is two fold
1) If there is a back door, that is given to law enforcement it is only a short matter of time before some nefarious person also has this back door.
2) If you are the sort of person who keeps child pornography or terrorist plots on your phone, you are probably motivated enough to obtain 3rd party encryption software off the web that will basically do the same thing. Writing an encryption app is something any halfway decent CS undergrad could do, so you can't really keep the genii in the bottle.
And this is a good point too, even if the govt can force the lockmaker to make a key for all their locks, you can buy a third party lock that is not beholden to the govt.

Quote:
Originally Posted by Bone View Post
It's not hard to imagine a tech that bricks the device after a certain amount of time without the code being entered.
I'd go with having a "brick" code. Tell the officer, "Oh yeah, the code is 5634." The officer comes back, says it didn't work. "Oh, my bad, I gave you the code to brick the phone." (Or rather don't admit that last part, act confused and befuddled at what happened. Accuse them of destroying your phone.)

ETA: ninja'd on that last part by begbert2

Last edited by k9bfriender; 06-15-2018 at 03:47 PM.
  #55  
Old 06-15-2018, 03:58 PM
begbert2 begbert2 is offline
Guest
 
Join Date: Jan 2003
Location: Idaho
Posts: 10,205
Quote:
Originally Posted by k9bfriender View Post
Depends on what I have on it. Like I said, if it has stuff that would implicate me in a serious felony, then sitting in jail on contempt of court may be preferable to sitting in jail convicted of mass murder or something.
Speaking for myself, if a person voluntarily chooses life imprisonment to avoid having to confess to a crime that will get them...life imprisonment, then I'm totally okay with that. In either case they're off the streets.
  #56  
Old 06-15-2018, 04:16 PM
Steve MB Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 12,501
Quote:
Originally Posted by CurtC View Post
An even better analogy is the government forcing a lock maker to design them so that they can all be opened by a master key.
We have exactly that arrangement with TSA luggage locks. The master key is now available to all and sundry.

Quote:
Originally Posted by begbert2 View Post
What leapt to my mind was a system where entering a specific wrong password bricks the system - same effect, but without worries if you leave your phone alone for the long weekend. Plus cops wouldn't bother asking for the password at all - unless they wanted to nail you for destruction of evidence or something.
The obvious workaround is to clone a backup before trying to access the contents. Also, smart crackers (police or otherwise) would presumably work within a Faraday-cage environment in case of other variations on a duress code (e.g. the device transmits a "Help Help I'm Being Oppressed!" message) or an attempt to remote-brick the device.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 06-15-2018 at 04:18 PM.
  #57  
Old 06-15-2018, 04:26 PM
Bone Bone is online now
Arbitrary and Capricious
Moderator
 
Join Date: Jul 2003
Posts: 9,036
Quote:
Originally Posted by begbert2 View Post
What leapt to my mind was a system where entering a specific wrong password bricks the system - same effect, but without worries if you leave your phone alone for the long weekend. Plus cops wouldn't bother asking for the password at all - unless they wanted to nail you for destruction of evidence or something.
I think actively doing something to brick the phone is different than the phone bricking itself.
  #58  
Old 06-15-2018, 04:31 PM
k9bfriender k9bfriender is offline
Guest
 
Join Date: Jul 2013
Posts: 8,023
Quote:
Originally Posted by begbert2 View Post
Speaking for myself, if a person voluntarily chooses life imprisonment to avoid having to confess to a crime that will get them...life imprisonment, then I'm totally okay with that. In either case they're off the streets.
Depends on conditions. Not having been convicted of whatever crime may put you in somewhat better conditions than having been convicted. It works out the same to us, on the outside, but it may be preferable to sit in jail on contempt about what you had on your phone than sit in jail convicted of what was on your phone.

Quote:
Originally Posted by Steve MB View Post
We have exactly that arrangement with TSA luggage locks. The master key is now available to all and sundry.



The obvious workaround is to clone a backup before trying to access the contents. Also, smart crackers (police or otherwise) would presumably work within a Faraday-cage environment in case of other variations on a duress code (e.g. the device transmits a "Help Help I'm Being Oppressed!" message) or an attempt to remote-brick the device.
That's part of what is upsetting to LEO that apple is allowing you to lock down the USB, they won't be able to clone it.

Quote:
Originally Posted by Bone View Post
I think actively doing something to brick the phone is different than the phone bricking itself.
Only if they know that is what you did.
  #59  
Old 06-15-2018, 04:36 PM
begbert2 begbert2 is offline
Guest
 
Join Date: Jan 2003
Location: Idaho
Posts: 10,205
Quote:
Originally Posted by k9bfriender View Post
Depends on conditions. Not having been convicted of whatever crime may put you in somewhat better conditions than having been convicted. It works out the same to us, on the outside, but it may be preferable to sit in jail on contempt about what you had on your phone than sit in jail convicted of what was on your phone.
Right, but as I'm not particularly interested in the punitive aspects of imprisonment, I don't care. I mean, yes, he might end up in a cushier prison cell and not be subjected to the extreme abuse that child abusers are usually subjected to, but if I'm deliberately trying to get him charged as an abuser with the intent that he be abused in prison then that smells like a violation of the eighth amendment.
  #60  
Old 06-15-2018, 05:31 PM
Steve MB Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 12,501
Quote:
Originally Posted by k9bfriender View Post
That's part of what is upsetting to LEO that apple is allowing you to lock down the USB, they won't be able to clone it.
They could still clone it by physically disassembling the phone to access the memory chips. Of course, that requires a significant investment of skilled labor, which ties in with the real issue -- improved security doesn't actually stop police access, but it does make it difficult enough that the government has to pick and choose targets carefully. Since they're supposed to be doing that anyway, I see this as a feature rather than a bug.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.
  #61  
Old 06-16-2018, 10:05 PM
DPRK DPRK is offline
Guest
 
Join Date: May 2016
Posts: 1,533
Maybe I just don't understand the modern criminal mindset: do criminals really store evidence of their felonious activities on phones, or bring traceable phones along on crimes? At least ones with an IQ above room temperature?
  #62  
Old 06-16-2018, 10:23 PM
Balthisar Balthisar is offline
Charter Member
 
Join Date: Nov 2000
Location: Southeast Michigan, USA
Posts: 10,537
Quote:
Originally Posted by Ravenman View Post
Apple collects no data from its products?
It's encrypted, so you have nothing to search, just as in the case of not having an iPhone at all.
  #63  
Old 06-17-2018, 09:28 AM
k9bfriender k9bfriender is offline
Guest
 
Join Date: Jul 2013
Posts: 8,023
Quote:
Originally Posted by DPRK View Post
Maybe I just don't understand the modern criminal mindset: do criminals really store evidence of their felonious activities on phones, or bring traceable phones along on crimes? At least ones with an IQ above room temperature?
I would assume that people wouldn't just be leaving their photos of where they buried the bodies on their phone.

But there could still be incriminating or circumstantial evidence. There could be logs of your movements, records of your contacts, and your messages, that while they are maybe a bit encoded, still can provide evidence of conspiracy.
  #64  
Old 06-18-2018, 12:16 PM
iamthewalrus(:3= iamthewalrus(:3= is offline
Guest
 
Join Date: Jul 2000
Location: Santa Barbara, CA
Posts: 10,960
It's notable that the change Apple is making is to work around specific exploits that exist in the wild. It's not like only the police can buy those iPhone crackers, or that the device requires a warrant to use. They're out there! Anyone can use them to break into an iPhone.

People talk about how breakable encryption could be used by anyone, as though it were a hypothetical. But it's actually happening. There are bad actors right now relying on the same methods that police want to preserve.

In that context, it's pretty clear that Apple's move is the correct one. Their customers rely on them to keep data secure, and leaving this exploit unprotected is not doing so.

If you were a safe-maker, and you discovered that some company was selling a device that circumvented your safes, you'd have to be pretty dumb to not fix that as best you could in the next model. For one, you probably wouldn't be a safe-maker for very long if you sold safes that were easily cracked.
  #65  
Old 06-18-2018, 12:35 PM
treis treis is offline
Guest
 
Join Date: Jul 2001
Posts: 9,264
Quote:
Originally Posted by iamthewalrus(:3= View Post
It's notable that the change Apple is making is to work around specific exploits that exist in the wild. It's not like only the police can buy those iPhone crackers, or that the device requires a warrant to use. They're out there! Anyone can use them to break into an iPhone.
Has anyone? AFAICT these devices are not sold to the public at large. Can you provide a link where I can buy one?
  #66  
Old 06-18-2018, 04:22 PM
iamthewalrus(:3= iamthewalrus(:3= is offline
Guest
 
Join Date: Jul 2000
Location: Santa Barbara, CA
Posts: 10,960
Quote:
Originally Posted by treis View Post
Has anyone? AFAICT these devices are not sold to the public at large. Can you provide a link where I can buy one?
I cannot provide a link where you can buy one. I will grant that it is possible that I am overreacting and that no bad actors have used devices to break into iPhones without legal warrants.

I can't provide a link where you can buy a database of 1 million credit card numbers with names and zip codes either, but I'm certain that people buy those.

I would also argue that if I'm wrong, if it really is the case that every company supplying these cracks does so only in accordance with the law, it seems to be only a matter of time before that's not the case.
  #67  
Old 06-19-2018, 02:15 AM
rat avatar rat avatar is offline
Member
 
Join Date: Dec 2009
Location: Seattle, Wa
Posts: 3,672
GrayKey is just a turn-key brute force pin guesser device.

Really just a device that is created because the average police officer doesn't know how to write Python.

A couple of days on code school any anyone can replicate this, and thus the reason we have methods that disable accounts when brute force attempts are detected.
  #68  
Old 06-19-2018, 02:20 AM
rat avatar rat avatar is offline
Member
 
Join Date: Dec 2009
Location: Seattle, Wa
Posts: 3,672
Quote:
Originally Posted by DPRK View Post
Maybe I just don't understand the modern criminal mindset: do criminals really store evidence of their felonious activities on phones, or bring traceable phones along on crimes? At least ones with an IQ above room temperature?
Emails, Text messages are of value. Also remember that unlocking the phone gives them access to social media and typically bank records if people save the passwords.

It also give the access to the random ID for Siri's data files, which is basically a voluntary always on wire that most people carry around.
  #69  
Old 06-19-2018, 11:41 AM
iamthewalrus(:3= iamthewalrus(:3= is offline
Guest
 
Join Date: Jul 2000
Location: Santa Barbara, CA
Posts: 10,960
Quote:
Originally Posted by rat avatar View Post
GrayKey is just a turn-key brute force pin guesser device.

Really just a device that is created because the average police officer doesn't know how to write Python.

A couple of days on code school any anyone can replicate this, and thus the reason we have methods that disable accounts when brute force attempts are detected.
It's more than that. Because iPhones already have several methods of throttling brute force attempts. So it's a brute force password guesser combined with one or more exploits to get around the throttling.

Quote:
Originally Posted by DPRK
Maybe I just don't understand the modern criminal mindset: do criminals really store evidence of their felonious activities on phones, or bring traceable phones along on crimes? At least ones with an IQ above room temperature?
It takes some pretty serious opsec to keep a phone used for illegal purposes totally clean.

Even if you're well-funded and replacing phones regularly, you likely have at least a few days of activity on it. You might have "deleted" stuff from it, but depending on how the phone works, it might not really be deleted. If you're rotating burners regularly, you probably have to have your fellow conspirators' phone numbers stored in the phone, because who can remember a dozen regularly changing phone numbers. And if just one of those conspirators messed up and used their dirty phone to call some phone that can be linked to a real person, or turned it on and it auto-joined a wireless network somewhere that stores security camera videos, or dozens and dozens of other ways to mess up, then relevant info is gleaned.

Criminals aren't experts at erasing their digital footprints. Almost anyone is going to fuck this up.

Last edited by iamthewalrus(:3=; 06-19-2018 at 11:41 AM.
  #70  
Old 06-19-2018, 12:54 PM
Steve MB Steve MB is offline
Charter Member
 
Join Date: Mar 2002
Location: Northern VA
Posts: 12,501
Quote:
Originally Posted by treis View Post
Has anyone? AFAICT these devices are not sold to the public at large. Can you provide a link where I can buy one?
I haven't heard whether the current generation of iPhone cracking devices have escaped into the wild yet. The previous generation did, and there's no reason to assume that this iteration will play out any differently:

Quote:
Previously, there was a box known as IP-Box that worked up until iOS 8.2, which forced the creators to build IP-Box 2. The device unfortunately got out of the hands of law enforcement, and is still available to purchase on Amazon today for those who are interested.
Given this situation, it is clearly prudent for Apple to patch the security hole ASAP before the current exploit becomes generally available.
__________________
The Internet: Nobody knows if you're a dog. Everybody knows if you're a jackass.

Last edited by Steve MB; 06-19-2018 at 12:55 PM.
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 09:37 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@straightdope.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Publishers - interested in subscribing to the Straight Dope?
Write to: sdsubscriptions@chicagoreader.com.

Copyright 2018 STM Reader, LLC.

 
Copyright © 2017