I May Just Have to Buy an iPhone Now

[RJM62]

http://www.timesunion.com/business/...-must-help-US-hack-San-Bernardino-6835058.php

I fully expect this thread to be locked before the end of the day, so while I have the chance, I'm just going to say that my opinion of Apple has gone up exponentially this morning.

Rich

 

[PPC1052]

http://www.timesunion.com/business/...-must-help-US-hack-San-Bernardino-6835058.php

I fully expect this thread to be locked before the end of the day, so while I have the chance, I'm just going to say that my opinion of Apple has gone up exponentially this morning.

Rich

I have to disagree a little bit. It wasn't the jihadist's phone. It was his employer's, and his employer consented. So, I see no victory here for civil rights. Just a victory for jihadists.

 

[James331]

Apple has been good lately with protecting their devices and making sure they deliver a secure device.

I 1000% stand behind Apple and am not gullible enough to fall for the governments fear mongering on this "terrorist" issue, in their feeble attempt at even more pervasive attempts into US citizens private business.

Another good move is to change the root password on IOS devices after jail beak.


Also, every nut job who owns a Isis flag or said something about their fictional God isn't a "jihadist" anymore so than anyone wearing a camo outfit is a seal team 6 member, some folks are just mentally touched, like a rabid dog, I feel sorry for them but they still need to be put down, THAT SAID its not a time for the government to get on its soap box a try to use the blood of innocents to wipe their butt a little more on the constitution and the privacy of US citizens.

I will gladly accept more risk to keep my freedoms, I'm not scared of the big bad "terrorist" as much as I am of my rights being stolen.

FYI if the govt was able to force Apple to make a tool for them to break into phones, you're a fool if you think it would be used mainly for "terrorists", you know damn well over 90% of the folks they would abuse with this hack would be white, bible thumping blue blooded Americans, I could see it being used even if you left your phone in the car while crossing the boarder, random search of your car, might as well download his call logs too, or maybe even TSA will start to use it, but hey, you got nothing to hide right

 

[Unit74]

I have to disagree a little bit. It wasn't the jihadist's phone. It was his employer's, and his employer consented. So, I see no victory here for civil rights. Just a victory for jihadists.

While I do 100% agree that if there is consent and/or a warrant, allowing them in to get all the dirt on a terrorist is 100% legit. But what I see is this becoming a sweater with a loose thread.

If it's done one time, it will be done over, and over, and over........ And get much easier to be done. It's a fine line, but I would have to fall on the side of not doing it as much as it grits my teeth to let a terrorist remain cloaked in this case.

Pulling on that thread will unravel the whole thing and it's over.

 

[James331]

While I do 100% agree that if there is consent and/or a warrant, allowing them in to get all the dirt on a terrorist is 100% legit. But what I see is this becoming a sweater with a loose thread.

If it's done one time, it will be done over, and over, and over........ And get much easier to be done. It's a fine line, but I would have to fall on the side of not doing it as much as it grits my teeth to let a terrorist remain cloaked in this case.

Pulling on that thread will unravel the whole thing and it's over.

First off, 50 bucks says he isn't a "terrorist" anymore than that little nutty kid with a bowl cut was. Just a nut job with a different fictional God and a different skin tone.

Second they don't need his phone to fry him, not like they need more proof in this case.

 

[Unit74]

First off, 50 bucks says he isn't a "terrorist" anymore than that little nutty kid with a bowl cut was. Just a nut job with a different fictional God and a different skin tone.

Second they don't need his phone to fry him, not like they need more proof in this case.

It's not him they want silly....

 

[PPC1052]

Second they don't need his phone to fry him, not like they need more proof in this case.

True. He's dead already. They are looking for conspirators.

 

[PPC1052]

If it's done one time, it will be done over, and over, and over........ .

Understood. I don't agree that Apple should be made to give the capability to the government. But if Apple can unlock the data and then provide the data, then I see this as no different than any other situation where the government may be forced to get a warrant to access information/evidence.

 

[SkyHog]

Tough one. I'm all for limiting the government and the law enforcement community's access to personal data unless consent is given by the user.

In this case, consent is easy to determine: are they given the correct password by the user? If so - they have consent. If not, consent was withheld.

 

[James331]

It's not him they want silly....

Indeed.

It's also not the "conspirators"

It's the keys to the chicken house.




So salut your government, through a finger to the big bad "terrorist", bend over, grab your ankles and start singing God bless America as some "security" is administered.

 

[arkvet]

What I read was that apple doesn't even currently have the software that would be able to unlock the encrypted data on the phone. The FBI wants Apple to write a version of software that will enable them to find the password without the phone deleting all of it's data after that handful of unsuccessful attempts.

Apple's concern is that if they write this software and it somehow gets leaked (almost certainty) then it can and will be abused.

When I first read the story I felt like Apple was the one in the wrong by preventing the FBI from potentially obtaining important information. The more I thought about it the more I realized Apple is taking a strong stand to maintain ALL their customers privacy not just this one dead guy's.

 

[Unit74]

Indeed.

It's also not the "conspirators"

It's the keys to the chicken house.




So salut your government, through a finger to the big bad "terrorist", bend over, grab your ankles and start singing God bless America as some "security" is administered.

I'm middle of the road. It's clear you are far right and that's cool. But polar ends of the spectrum don't get **** done in this day and age. It's like marriage really, to get this you have to take that.

If you don't give it, you loose the goal. If that's worth it to YOU, then it's acceptable. If it's not worth it to the majority, you will be forced to concede.

You can be all ****ed and waive your hands around, but it's not gonna get anything done. That's just the way it is.


If you want to change it, quit stomping your feet in the dirt and run for office. Depending on if Trump wins the primary, you may get what your asking for. If the socialist party...er.... Democrats retain the fancy white cottage, it's another 4 years of angst so might as well make plans to move to Canada right now.

 

[Everskyward]

Can we discuss this like adults and without slinging partisan barbs?

 

[James331]

I'm middle of the road. It's clear you are far right and that's cool. But polar ends of the spectrum don't get **** done in this day and age. It's like marriage really, to get this you have to take that.

If you don't give it, you loose the goal. If that's worth it to YOU, then it's acceptable. If it's not worth it to the majority, you will be forced to concede.

You can be all ****ed and waive your hands around, but it's not gonna get anything done. That's just the way it is.


If you want to change it, quit stomping your feet in the dirt and run for office. Depending on if Trump wins the primary, you may get what your asking for. If the socialist party...er.... Democrats retain the fancy white cottage, it's another 4 years of angst so might as well make plans to move to Canada right now.

Not that it has any bearing on this matter but I'm not a R or a D and am very left on other matters, simply put I don't ask a party how to think, I do that for myself.

Frankly government is screwed up from the ground up, and I don't have the personal bank roll to get into office.

I'll just spend a little more time jailbreaking and hardening my device to defend against unconstitutional intrusion.

Just to be clear, it's the terrorists who are trying to ruin America and we should fear right?

 

[wsuffa]

I have to disagree a little bit. It wasn't the jihadist's phone. It was his employer's, and his employer consented. So, I see no victory here for civil rights. Just a victory for jihadists.

Then the employer should have had some form of MDM software installed that would allow remote access to the phone.

If this is his personal device, however, it becomes a different discussion.

Clearly the FBI has been turned down in Congress and is now turning to the courts to establish precedent for decrypting phones (and to force manufacturers to comply). I wonder what would happen if this were an implementation of Cyangenmod on Android where there was no manufacturer to turn to......

 

[RJM62]

I don't know much about Apple devices, but in general, it is in fact possible (and not at all difficult) to devise user-level encryption that is so strong that not even the author can decrypt it. It's also possible to put the self-destruct capability behind that wall so that even the device manufacturer couldn't disable it. I don't know if Apple has done that.

Suspected terrorists and jihadists aside, I admire Apple for not lying down and allowing civil rights to be trampled without a fight. They're being asked to build a backdoor into their devices which almost certainly would be misused eventually, possibly by government, but also possibly by criminals / terrorists / hackers / crackers / identity thieves / ISIS / the Bratva / or whatever other miscreants may arise. They absolutely should be fighting that.

Rich

 

[jbarrass]

I don't know much about Apple devices, but in general, it is in fact possible (and not at all difficult) to devise user-level encryption that is so strong that not even the author can decrypt it. It's also possible to put the self-destruct capability behind that wall so that even the device manufacturer couldn't disable it. I don't know if Apple has done that.

Suspected terrorists and jihadists aside, I admire Apple for not lying down and allowing civil rights to be trampled without a fight. They're being asked to build a backdoor into their devices which almost certainly would be misused eventually, possibly by government, but also possibly by criminals / terrorists / hackers / crackers / identity thieves / ISIS / the Bratva / or whatever other miscreants may arise. They absolutely should be fighting that.

Rich

Yes, That is exactly what Apple has done. They can not decrypt it.

Interestingly, Apple was not allowed to even be present at the hearings to explain it to the lawyers.

 

[jesse]

If Apple does get forced into doing this -- you can fully expect that the next iteration of iPhone design will make this path absolutely impossible. If that hasn't happened yet.

This is an older device, an iPhone 5C, I can't say if a newer 6S is vulnerable to the same thing.

I'm not an expert in this field but I think it'd be possible to build the phone in a way that would result in you destroying the data if you tried to reflash it in an encrypted state, even if that software was signed by Apple. Maybe that protection could come from hardware/software or maybe it's just a matter of physically building the device in a way that would cause you to destroy chips in your effort to get at them to do the re-flash.

I definitely give Apple a lot of credit for their efforts towards privacy. Really it's one of their best ways to compete against Google.

 

[dmspilot]

I fully expect this thread to be locked before the end of the day

Why would the thread be locked?

Just a victory for jihadists.

Oh. I get it.

 

[RJM62]

If Apple does get forced into doing this -- you can fully expect that the next iteration of iPhone design will make this path absolutely impossible. If that hasn't happened yet.

This is an older device, an iPhone 5C, I can't say if a newer 6S is vulnerable to the same thing.

I'm not an expert in this field but I think it'd be possible to build the phone in a way that would result in you destroying the data if you tried to reflash it in an encrypted state, even if that software was signed by Apple. Maybe that protection could come from hardware/software or maybe it's just a matter of physically building the device in a way that would cause you to destroy chips in your effort to get at them to do the re-flash.

I definitely give Apple a lot of credit for their efforts towards privacy. Really it's one of their best ways to compete against Google.

They've definitely jumped up a notch in my book, that's for sure.

I've been looking at Tizen as a replacement smartphone option for when John Chen finally and inevitably bangs the last nail into BlackBerry's coffin. But as of today, Apple is strongly back in the running. I'm a consummate tightwad and I don't need 95 percent of an iPhone's functionality, hence my looking at Tizen and other options. But a serious commitment to user privacy is something I'd be willing to spend some coin on.

Rich

 

[PPC1052]

Why would the thread be locked?



Oh. I get it.

What? Is there any doubt that the San Bernardino shooter and his wife were perpetrating jihad? Give me a break.

 

[James331]

What? Is there any doubt that the San Bernardino shooter and his wife were perpetrating jihad? Give me a break.

They were trying, just like the rabid dog was trying to kill every living thing on the earth.

But who cares, just a nut job, and a nuts crazy thinking is sposed to dictate law enforcement policy?

 

[James331]

They've definitely jumped up a notch in my book, that's for sure.

I've been looking at Tizen as a replacement smartphone option for when John Chen finally and inevitably bangs the last nail into BlackBerry's coffin. But as of today, Apple is strongly back in the running. I'm a consummate tightwad and I don't need 95 percent of an iPhone's functionality, hence my looking at Tizen and other options. But a serious commitment to user privacy is something I'd be willing to spend some coin on.

Rich

The fit and finish on the iPhone's is quite nice, plus the baro sensor is nice on the 6 and above iPhones.

Another good feature is the 3D Touch, the more you play with it the more you see how quick it is, I can press a little harder on the phone icon and get a quick pop up of my top calls, hit one of them and I'm dialing, same with texts, camera has some options like that too.

Makes ones handed use super easy and fast.

Think you'd like one, just get one you can jailbreak.

 

[Mike Smith]

The government wants Apple to build a back door that doesn't yet exist. The government says, "we will only use it this one time, we promise". Apple is saying that they don't really believe the government. I am fully on Apple's side on this one. I wish there was another way to get the info they want.

 

[MooneyDriver78]

If the memory is separate IC, then they just de-solder it and put it on a unlocked motherboard, Apple not needed?

 

[Mtns2Skies]

I hope I'm not poking the bear here... But I'm genuinely curious.

Why the obsession with privacy from government? I don't care if they know what I do on the internet or who I talk to.

I begin caring when the government restricts freedoms we have, but not digital privacy.

 

[Mike Smith]

I hope I'm not poking the bear here... But I'm genuinely curious.

Why the obsession with privacy from government? I don't care if they know what I do on the internet or who I talk to.

I begin caring when the government restricts freedoms we have, but not digital privacy.

My guess is you believe the government really has your best interest in mind and would never use your information against you in a negative way. But for me, its just none of their business who I talk to or what I do.

 

[Gerhardt]

I hope I'm not poking the bear here... But I'm genuinely curious.

Why the obsession with privacy from government? I don't care if they know what I do on the internet or who I talk to.

I begin caring when the government restricts freedoms we have, but not digital privacy.

Because they don't have a need to know. Trust no one, because your well being is not their most important concern.

 

[RJM62]

I hope I'm not poking the bear here... But I'm genuinely curious.

Why the obsession with privacy from government? I don't care if they know what I do on the internet or who I talk to.

I begin caring when the government restricts freedoms we have, but not digital privacy.

There are plenty of answers, some more philosophical than practical.

For me the simplest practical reason is because "government" is not static. It's ever-changing and at any given time is composed of good people and not-so-good: some elected, some appointed, some connected, some who just happened to get good grades on a civil service test, and undoubtedly a few who are there because their goal was to infiltrate their enemy.

Consequently, even if I completely trust my government today, it might not be the same government tomorrow or ten years from now; but once it has the means to act in what could be oppressive and tyrannical ways, those abilities will be inherited by whatever it may become.

The other problem is that any technology that can be abused eventually will fall into the wrong hands; so even if "the government" remains as pure as the driven snow, that doesn't mean that others won't come into possession of the technology.

Rich

 

[James331]

I hope I'm not poking the bear here... But I'm genuinely curious.

Why the obsession with privacy from government? I don't care if they know what I do on the internet or who I talk to.

I begin caring when the government restricts freedoms we have, but not digital privacy.

For one, because it's against the constitution and far too many good men and woman have died to draft and protect that thing for some soft shelled pansey to give they rights away at the drop of a hat.

Would you spit on a veteran?

Would you burn a American flag?

Well giving up your rights to anyone with a 2 cent badge, and allowing your constitution to be destroyed, well that is far more disrespectful then the above two.


Secondly, when you have droves of government workers paid rather well to find people doing wrong, they will find people doing wrong, even if there are none to find.

What you, and probably most people, view and nothing can be skewed, filtered, and combined to look like something.



And finally, the most simplistic, non offensive view, because it's non of their damn business.

 

[Kritchlow]

Because they don't have a need to know. Trust no one, because your well being is not their most important concern.

They don't have a need to know on this one??
I respectfully disagree.

I don't like government intrusion, but in this case there is a court order. That's good enough for me. It's basically a search warrant.

 

[PPC1052]

They don't have a need to know on this one??
I respectfully disagree.

I don't like government intrusion, but in this case there is a court order. That's good enough for me. It's basically a search warrant.

I agree with Gerhardt that they don't have a "need to know" in the sense that they don't have a need, or a right, to carte blanche have access to everyone's personal data on their cell phones. We have a requirement for police investigators to get warrants for a reason. But I agree that the government has a need, and a legitimate basis to seek the data on this particular phone.

And I agree with Rich above about the government changing over time, etc., and thus the need to protect personal data as a matter of course.

To me, the real question is whether the government is entitled to force a corporation to create this software if it can't create it itself. That's a little disturbing to me. (Of course, if you are in the camp that thinks Citizens United was wrong, and that corporations have no rights, then this shouldn't trouble you.) But I would frankly rather have Apple do it, get the data, and keep the ability to themselves rather than tempt the government to develop its own unilateral ability to do it.

 

[Kritchlow]

I agree with Gerhardt that they don't have a "need to know" in the sense that they don't have a need, or a right, to carte blanche have access to everyone's personal data on their cell phones. We have a requirement for police investigators to get warrants for a reason. But I agree that the government has a need, and a legitimate basis to seek the data on this particular phone.

And I agree with Rich above about the government changing over time, etc.

To me, the real question is whether the government is entitled to force a corporation to create this software if it can't create it itself. That's a little disturbing to me. But I would frankly rather have Apple do it, get the data, and keep the ability to themselves rather than tempt the government to develop its own unilateral ability to do it.

Not sure about your second question, but if the Feds believe there is info on that phone to break up a terror plot, count me in. The key is the court order is only for this one phone. You can say they now can use it for others, but honestly ANYTHING can be misused.

 

[Mike Smith]

Not sure about your second question, but if the Feds believe there is info on that phone to break up a terror plot, count me in. The key is the court order is only for this one phone. You can say they now can use it for others, but honestly ANYTHING can be misused.

That's the whole point, its not just this phone. The government wants Apple to build a back door to their IOS. Once its built, you cant put the smoke back into the bottle. I guarantee you that once the gov. knows its there, they will be back again on a drug case or a murder case or a ........case. Sorry, I cant support that.

 

[Kritchlow]

That's the whole point, its not just this phone. The government wants Apple to build a back door to their IOS. Once its built, you cant put the smoke back into the bottle. I guarantee you that once the gov. knows its there, they will be back again on a drug case or a murder case or a ........case. Sorry, I cant support that.

As I said, anything can be misused. Including a run of the mill search warrant. That's why it should not be free reign, but rather require a court order.

 

[cowman]

Something nobody has yet mentioned and I think is extremely important is that you can't have a truly secure encryption system with a backdoor. Not a matter of "won't" or "refuse to", it's a matter of "can't".

Quick test for your own encryption/cloud storage services: if you loose your encryption key/password can someone recover your data? If the answer is yes then it isn't as secure as it should be. Could it be "good enough" security for your use and the tradeoff of being to get your data back worth it? Possibly so, but it has a weakness and one should be aware of that.

Truly secure encryption can only be decrypted either with the key, or a brute force attack(basically a computer guessing every possible key until it finds the right one, can take literal years to crack depending on how long the key is and how fast of a computer you can throw at cracking it)

No company should be required to provide less than top notch security for their customers just because the feds want an easier job.

Oh and btw... this isn't secret stuff it's basically just mathematical formulas that are public knowledge in the programming world. The software is out there, so even if the feds were to compel Apple to make a backdoor I can just either jailbreak my phone or use an android phone/laptop/whatever and a third party encryption program to hide whatever I want. Apple just makes it more convenient, but if I was say... a terrorist and it was worth my time and effort to hide stuff I could easily do so and no legislation you could write is going to stop that.

 

[SkyHog]

This will be as abused as dog searches are if the government succeeds. Just imagine the day where a traffic stop is followed by "We have reason to believe that you were using your cell phone to purchase drugs. You must unlock it, or we will call Apple and get the master keys to unlock it ourselves..."

Its about as sane as "here, doggie, bark here..." followed by "OMG! he barked! tear the car apart, that's probable cause!"

 

[PPC1052]

This will be as abused as dog searches are if the government succeeds. Just imagine the day where a traffic stop is followed by "We have reason to believe that you were using your cell phone to purchase drugs. You must unlock it, or we will call Apple and get the master keys to unlock it ourselves..."

Its about as sane as "here, doggie, bark here..." followed by "OMG! he barked! tear the car apart, that's probable cause!"

Then why have warrants at all? If you think you cannot trust the police to tell the truth, even under oath, then no warrants should ever issue, period.

It is sad that it has come to this, but in this day and age, the police have abused their power enough, and other officers have looked the other way enough, that your opinion is shared by a lot of people. And I find it hard to fault people for having it.

 

[wsuffa]

If Apple does get forced into doing this -- you can fully expect that the next iteration of iPhone design will make this path absolutely impossible. If that hasn't happened yet.

This is an older device, an iPhone 5C, I can't say if a newer 6S is vulnerable to the same thing.

I'm not an expert in this field but I think it'd be possible to build the phone in a way that would result in you destroying the data if you tried to reflash it in an encrypted state, even if that software was signed by Apple. Maybe that protection could come from hardware/software or maybe it's just a matter of physically building the device in a way that would cause you to destroy chips in your effort to get at them to do the re-flash.

I definitely give Apple a lot of credit for their efforts towards privacy. Really it's one of their best ways to compete against Google.

If I'm not mistaken, Apple used "whole disk encryption" and the SSD (or similar) memory in the device is merely segmented between OS, program storage, and data storage. To update iOS you have to punch in your passcode (which seeds the algorithm).

Assuming that to be the case, you can't decrypt part of it without getting ALL of it, and trying to update iOS will do no good. I don't think they're on separate chips.

This is the method used by PGP's whole disk encryption for PCs, and it was one method available in the old TrueCrypt software.

SSDs used in PCs have the capability - built in - to use hardware disk encryption that requires you to input the passcode/key during the boot cycle. On a PC, that would be found in the BIOS under "drive password". I *know* the Intel SSDs have the capability. And if it's using AES-256 it'll be darn hard to break. It's good enough for most corporate customers.

I hope I'm not poking the bear here... But I'm genuinely curious.

Why the obsession with privacy from government? I don't care if they know what I do on the internet or who I talk to.

I begin caring when the government restricts freedoms we have, but not digital privacy.

Some of us grew up in the era of J. Edgar Hoover and R. M. Nixon. Most younger folks will never know the risks that are involved when the government can get too much of your information - and you can be darned sure that if the US government can get to it, that the Russians and Chinese can too.

Aside from (what should be) obvious risks, there's also the risk of mistaken identity or drawing incorrect conclusions. The fact that a fair number of people have wound up on the "watch" or "do not fly" list even if they've done nothing wrong (and have no ability to see the evidence against them) should scare the bejesus out of you. Even if you've done nothing wrong. (and if they ever get access to Google's data vacuum cleaner.....)

 

[JGoodish]

Apple is not saying that they can't access data on the phone, or can't modify the software to make accessing that data easier. They're saying that they're opposed to creating any type of backdoor, because the existence of one would compromise device security, which is an argument with merit. Apple has publicly expressed this position for a long time.

In this particular case, there is no imminent threat. There was a threat, and nothing was done to stop it from being executed, and access to the phone was not a factor in the outcome. The perpetrators are dead and both of their personal phones have been destroyed. It is highly unlikely that the employer's phone contains significant information, or it would not have survived. Furthermore, it has been reported that law enforcement was granted access to backups from that phone, which have yielded little information. The reality is that the bar for the court order appears to be very low in this case, as it surely would be in any case where the government may be interested in data from your phone, regardless of the actual "threat" that you may present to anyone.

I don't think that law enforcement and the intelligence community has a serious argument that smartphone encryption prevents them from doing their jobs. Instead, I think they're really arguing that such encryption makes it more difficult for them to do their jobs, which in my opinion is not a sufficiently powerful argument for me to voluntarily surrender civil liberties. I will submit that the lack of political willpower presents a greater threat to acting on gathered intelligence, than the lack of intelligence data from encrypted mobile devices.

The bottom line is that either you trust the government 100%, or you don't; you can't walk both sides of the fence. If you believe that the government (or any other entity) MIGHT potentially abuse a backdoor privilege, even under court order, then it is quite reasonable to desire a way to protect yourself against such a potential abuse. You can't unring the bell just because you win on appeal.


JKG