|
|
| Author |
Message |
| ScaredyCat |
This post is not being displayed .
|
ScaredyCat
World Chat Champion
Joined: 19 May 2012
Karma :  
|
 Posted: 10:16 - 17 Feb 2016  Post subject: Apple tells FBI to do one.. |
 |
|
https://www.apple.com/customer-letter/
| Quote: | February 16, 2016 A Message to Our Customers
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.
This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.
The Need for Encryption
Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.
All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.
Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.
For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.
The San Bernardino Case
We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.
When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
The Threat to Data Security
Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.
In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.
We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.
A Dangerous Precedent
Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.
The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.
We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
Tim Cook |
inb4 Haters...
____________________
Honda CBF125 ➝ NC700X
Honda CBF125 ↳ Speed Triple |
|
| Back to top |
  |
You must be logged in to rate posts |
|
 |
| MarJay |
This post is not being displayed .
|
MarJay
But it's British!
Joined: 15 Sep 2003
Karma : 
|
| Posted: 11:00 - 17 Feb 2016 Post subject: Re: Apple tells FBI to do one.. |
|
|
| ScaredyCat wrote: | https://www.apple.com/customer-letter/
| Quote: | February 16, 2016 A Message to Our Customers
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.
This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.
The Need for Encryption
Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.
All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.
Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.
For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.
The San Bernardino Case
We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.
When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
The Threat to Data Security
Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.
In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.
We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.
A Dangerous Precedent
Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.
The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.
We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
Tim Cook |
inb4 Haters... |
Very pleasantly surprised by this.
____________________
British beauty: Triumph Street Triple R; Loony stroker: KR1S; Track fun: GSXR750 L1; Commuter Missile: GSX-S1000F
Remember kids, bikes aren't like lego. You can't easily take a part from one bike and then fit it to another. |
|
| Back to top |
 |
You must be logged in to rate posts |
|
|
| skatefreak |
This post is not being displayed .
|
skatefreak
World Chat Champion
Joined: 06 Feb 2010
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| lihp |
This post is not being displayed .
|
lihp
World Chat Champion
Joined: 22 Sep 2010
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| ScaredyCat |
This post is not being displayed .
|
ScaredyCat
World Chat Champion
Joined: 19 May 2012
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| orac |
This post is not being displayed .
|
orac
World Chat Champion
Joined: 25 Sep 2011
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| J.M. |
This post is not being displayed .
|
J.M.
World Chat Champion
Joined: 27 Mar 2011
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma : 
|
| Posted: 16:03 - 17 Feb 2016 Post subject: |
|
|
I am amused by how the conversation went.
Apple: Can't do it no more, impossibru.
FBI: Change retryLimit from 10 to 10,000, change retryDelay to 0, recompile.
Apple:  Well... won't do it no more.
I don't think they expected their techno-bluff to get called. 
____________________
Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| skatefreak |
This post is not being displayed .
|
skatefreak
World Chat Champion
Joined: 06 Feb 2010
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| CaNsA |
This post is not being displayed .
|
CaNsA
Super Spammer
Joined: 02 Jan 2008
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| The Shaggy D.A. |
This post is not being displayed .
|
The Shaggy D.A.
Super Spammer
Joined: 12 Sep 2008
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| J.M. |
This post is not being displayed .
|
J.M.
World Chat Champion
Joined: 27 Mar 2011
Karma :
|
| Posted: 11:41 - 18 Feb 2016 Post subject: |
|
|
| skatefreak wrote: | I'm in no way suggesting they should open up all IPhones with a universal back door update... That is a big ask and a fridge to far...
however when it comes to one phone in their possession, don't tell me they cannot get around that... |
They can't get around that, without some form of backdoor, and that is the entire point. They can't get around it because the device is encrypted. If Apple can, then somebody else can too.
A solution would be to put Apple in charge of generating the key used for a device when it is manufactured, so that they could keep track of the key used for a specific device. However this means that if the store of these keys was hacked, all iPhone encryption would be rendered useless.
If the device generates its own encryption key, it would have to send that key to Apple. The same flaw exists that if the keystore could be hacked, all iPhone encryption is rendered useless. Additionally there is the risk of a vulnerability allowing for hackers to intercept keys during transmission.
Finally if the device was to generate its own key, and not share the key with Apple, code would have to be added to allow for extraction of the key from the device so that it could be decrypted. This is the backdoor scenario, where the backdoor could be exploited by attackers, rending encryption on the device pointless.
There really is no way to just access a single phone without impacting the security of all of the rest.
____________________
2004 R1 & 2018 XSR900 |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| smegballs |
This post is not being displayed .
|
smegballs
World Chat Champion
Joined: 28 Oct 2007
Karma :  
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| smegballs |
This post is not being displayed .
|
smegballs
World Chat Champion
Joined: 28 Oct 2007
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma :
|
Posted: 12:01 - 18 Feb 2016  Post subject: |
|
|
Oh, understanding what's being asked for is much less fun than squawking privacycryption-back-door-NSA-gubmit-cum-fur-mah-guns.
____________________
Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| smegballs |
This post is not being displayed .
|
smegballs
World Chat Champion
Joined: 28 Oct 2007
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| J.M. |
This post is not being displayed .
|
J.M.
World Chat Champion
Joined: 27 Mar 2011
Karma :
|
| Posted: 13:07 - 18 Feb 2016 Post subject: |
|
|
| smegballs wrote: | If they act on decrypted PGP info to simply bust a few drug dealers, then everyone knows the PGP is insecure (ib4 it is already insecure) and everyone stops using it, negating the govts ability to crack and prevent another 9-11 etc in future.
So you have to let all the dealers and mafia types get on with life, even though you can read their messages, in the hope of actually being able to stop a national-level threat. |
Exactly what happened with WW2 and Enigma.
The movie "Imitation Game (2014)" depicts this, though not entirely accurately. The principle, however, is the same; they had to choose what information to act on, and reliably have another believable source (even if false) for any information that they did act upon.
Acting on everything without a cover would have led to the Germans changing the design of Enigma, making the work to break it useless.
However it is undeniable that security agencies such as the NSA know a lot more than they let on. In 1970 the NSA modified DES to include "S-boxes" (link). Their purpose was not fully understood at the time of implementation. In 1980 Differential Cryptanalysis was discovered, and the introduction of S-boxes 10 years prior protected DES against this form of attack.
I do genuinely believe that Apple is against a backdoor. However the previous "goto fail" bug that Apple is infamous for does raise a few questions of an intentional flawed design. However, despite any talks about encryption on the iPhone, I think that iCloud is still unencrypted; so if you're backing up an encrypted phone to iCloud, law enforcement agencies can still access your data.
____________________
2004 R1 & 2018 XSR900 |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Im-a-Ridah |
This post is not being displayed .
|
Im-a-Ridah
World Chat Champion
Joined: 20 Oct 2006
Karma :
|
| Posted: 19:38 - 18 Feb 2016 Post subject: |
|
|
If Apple has access to the data then there must be a central repository of decryption keys, or single master key. If that key or repository is exposed just once, ALL customer "cloud" data held by Apple will be accessible to anyone with said key (every hacker on the net within a week).
A mobile phone isn't a good choice if you have something that is really genuinely sensitive and of interest to intelligence agencies. You can get much better security for less. A small portable laptop would work. Carry it everywhere so you know its not been tempered with. Never use it on the net. Fit a hardware encrypted hard drive and set the password. Then encrypt the OS with something like Truecrypt. That gives you two sources independent sources of encryption. GCHQ are mostly interested in communications, not data at rest, so this wouldn't really offer much of a defence.
| skatefreak wrote: | I'm in no way suggesting they should open up all IPhones with a universal back door update... That is a big ask and a fridge to far...however when it comes to one phone in their possession, don't tell me they cannot get around that...
In cases such as this then I agree it is imperative the authorities should be able to gain access to individual phones involved but this should not be used as an excuse to open up everyone and anyone's phones to the authorities because then in that scenario i do believe it will be abused. Crikey, just think of all the *interfering with a mobile whilst driving* prosecutions the government will be denied when Jimmy I phone just locks his phone in front of the offices and says 'Do your worst!'.
-Ha! |
So basically they should be able to access other people's phones, just not yours.
As for whether Apple can get in, that depends on how it's set up. If the key is generated on the client side (the phone), then no, Apple will not be able to get in. It's probably worth mentioning that passwords aren't stored, their hash is stored, and guessing the hash isn't going to happen. If you wanted to encrypt your phone you'd probably go android anyway, that's got scrypt or bcrypt for hashing (i.e GPU acceleration is out), AES encryption and a 16 character limit IIRC.
Hashing functions like scrypt are extremely slow, so brute forcing for even fairly short passwords like 7 or 8 characters becomes very resource intensive.
As for locking the phone in front of the cops, check out RIPA part 3. No crypto key = 3 years in jail. I hope you can decrypt the data on that Sky box. Oh you can't? Soap on the rope for you
| smegballs wrote: | It's a problem with encryption that even if the govt does have a backdoor. They can only use it in the most extreme circumstances.
Let's say that they can break PGP encryption, used by loads of criminals without a doubt. If they act on decrypted PGP info to simply bust a few drug dealers, then everyone knows the PGP is insecure (ib4 it is already insecure) and everyone stops using it, negating the govts ability to crack and prevent another 9-11 etc in future. So you have to let all the dealers and mafia types get on with life, even though you can read their messages, in the hope of actually being able to stop a national-level threat. |
PGP is secure if the key is long enough. What needs to be taken great care with is random number generators and NSA approved elliptic curve algorithms, as these are most likely to be backdoored. In reality though the NSA/GCHQ can get access by just hacking the phone via internets using existing unintentional vulnerabilities. |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| iooi |
This post is not being displayed .
|
iooi
Super Spammer
Joined: 14 Jan 2007
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| smegballs |
This post is not being displayed .
|
smegballs
World Chat Champion
Joined: 28 Oct 2007
Karma :
|
| Posted: 21:12 - 18 Feb 2016 Post subject: |
|
|
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Going |
This post is not being displayed .
|
Going
Nearly there...
Joined: 26 Feb 2012
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Im-a-Ridah |
This post is not being displayed .
|
Im-a-Ridah
World Chat Champion
Joined: 20 Oct 2006
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| iooi |
This post is not being displayed .
|
iooi
Super Spammer
Joined: 14 Jan 2007
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Im-a-Ridah |
This post is not being displayed .
|
Im-a-Ridah
World Chat Champion
Joined: 20 Oct 2006
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
 |
Old Thread Alert!
The last post was made 9 years, 311 days ago. Instead of replying here, would creating a new thread be more useful? |
 |
|
|
Help & FAQs
Search BCF
Members
Groups
Events Calendar
rating
rating