Apple Vs FBI

[Rerun]

What say you?

Should the FBI be able to force Apple to open someone's phone through a back door?

[Michael Murphy]

This case is not that simple, the iPhone in question was not owned by the shooter but by his employer the county.  The legal principle is clear on your employers computers, networks, phones there can be no expectations of privacy.  Apple will probably be forced to do as the government wants in this case. The other thing to remember is if the government has a good reason they can get a court order to tap anyone's phone. The fact that apple provided this service prior to iOS 9 also weakens there case. Remember the government has gone to court and proved a need to see the contents.  If this is not done by Apple in a controlled manner some one will figure a way to do this in a way that may not be as easily controlled.

[Simon Dog]

The feds have ordered Apple to provide a mechanism to electronically feed in the access code, and disabling of "self destruct after 10 attempts" so they can brute force it.

This will work if the user has set a 4 digit PIN (the default).   If the user changed settings and used a long 20 character random alphanumeric password, even Apple's cooperation will not help the FBI.

The feds could have obtained this as a secret court order (under the "dual docket" system), and ordered Apple to STFU.  This is public info only because the feds chose to make it so and, in my opinion, is designed to set the stage for legislation outlawing the provision of "government proof" encryption.

[iolaire]

I support Apple 100% in this.  We need some level of privacy and if the flood gate is opened it will be used.  Already customs seizes laptops at boarders from people who's activities they don't like, but have not committed a crime (http://www.salon.com/2011/01/15/laptops/).  If we go down this route customs will be using the backdoor, as will NYC police and every other wish to be terror fighting organization who doesn't have terror to deal with...  For example NYC justified Stingray purchases (they track ALL cell phone calls in an area) based on terror but then use it to fight non-terror crime: http://arstechnica.com/tech-policy/2016/02/nypd-used-stingrays-over-1000-times-without-warrants-since-2008/  (That's assuming you believe all NYC activity is crime fighting and that their is no misuse of the tools...)


And that is not even getting into the fact that once the world knows Apple has a backdoor they will ask for access to it in all sorts of countries with fewer scruples or oversight than ours...

[Simon Dog]

The govt has a thing about national security being the root password to any data.

Look at all the protections in HIPPA .... then note that the govt can access any medical record, at any time, just by uttering the two words "national security".   In fact, HIPPA grants the govt MORE rights to access under "national security" than existed pre-HIPPA.

[MooseMom]

Right after San Bernadino, polls were showing that a majority of Americans believed the gov't/FBI should be allowed to get into your phone.

Now, however, not so much.

I don't know the answer.  I can certainly see both sides.  If we get more and more San Bernadinos, public opinion may well turn against Apple.

[talker]

As a nation we are succumbing to fear and giving up freedom's  without a fight.
There are means available to crack any code, if the need is really there.
So Apple should not do as being requested.
There is to much double standards in our government, and the average American will not get the same treatment as is Hillary, they would get the Patriots Act.

From Fox News:

Cybersecurity expert John McAfee said on Fox Business Network today that he'll help unlock an iPhone that once belonged to one of the San Bernardino terrorists.

McAfee agreed with tech giants Google and Microsoft that Apple should not comply with the FBI's request that the company create a backdoor to the iPhone.

(Remove the @ and copy and paste to use)

@http://insider.foxnews.com/2016/02/19/john-mcafee-ill-hack-san-bernardino-terrorists-iphone

@http://insider.foxnews.com/

[iolaire]

McAfee In general seems a bit out there. I would not rely on him.

[talker]

McAfee In general seems a bit out there. I would not rely on him.

Don't confuse 'bit out there' with not having what it takes to crack the encrypted code. Actually McAfee, reminds me of Howard Hughes, both were sharp minds, and yes, both were 'bit out there'.

It is not just this one phone at issue.
The government technolgy is behind the times, as witnessed by hackers getting into USA security and other major government files.
Why upgrade security technology when pork barreling is on so many politicians high priority lists. Along with $120 hammers and $150 toilet seats. 
Snooping into our private activities, goes way beyond security purposes.

Snooping is to interfere with events that no agency should have the authority to do with-out due process.
There are enough laws on the books right now, to accomplish most of what needs to be done.
The Patriot Act is to me the most insidious, nasty law that was supposed to expire, but wasnt. It was a means to circumvent existing laws.

We dont need new laws, we need people in our govenment with balls enough to enforce those already on the books.

Same with this Apple / FBI crap.

[Michael Murphy]

Leagaly the shooter has no expectation of privacy it was not his phone it belonged to the county.  The county has the legal right to allow the FBI access,  people think that the equipment they use at work can be used for whatever they like without any one having access, in most companies the admins have various methods to look at activity on there systems. Years ago a programmer sent a email that contained some I criminal information it was missed addressed and it ended up in one of my system log files, call corporate security and my boss.  Fired arrested jailed.  His lawn made the expectation of privacy argument lost he pled guilty.  My guess is Apple will lose this case on the narrow fact that the cell is owned by a entity that can ask for the phone to be opened.  The law is simple if you don't own it, it's not private.

[Simon Dog]

There are means available to crack any code, if the need is really there.

Not necessarily.   Have you read any of the literature in the field of cryptography?   I would suggest "Applied Cryptography" by Bruce Schneier as a starting point.   When you get done with that, some of the papers by Matt Blaze are rather interesting - particularly those that draw a linkage between software and hardware (pin tumbler and rotary combination locks) security.

The Apple case is technically interesting since the default pass code is 4 to 6 digit numeric, which is very susceptible to a brute force attack.  Since the "long passcode" option is relatively obscure, the FBI is probably betting on the user having one of these brute forceable passwords.

The "complex pascode" option allows up to 37 characters out of a set of 77 (not 0-9 as with the numeric passcode).  The means 77^37 possible passwords or  6311852354285816196781274781332398008198890908292920690347325261843997 possible codes.   Doing this by brute force would take a *LONG* time.

That being said, the power of distributed brute force can be underestimated, as demonstrated by the Squeamish Ossifrage affair.

While there is a chance a algorithmic attack has been discovered, anyone who has done so is keeping their mouth shut which means NSA (any academic researcher who cracked it could make a name for him/herself, and shore up his/her tenure application by publishing a crack).

The only code totally secure from any possibility of any crack is a one time pad (with NO re-use of the pad), as a one time pad exists that can decrypt the message into any possible plaintext.  For this to be secure, the one time pad must be generated by a truly random source (radioactive decay, coin flips, etc.) and not by an algorithm.  A common mistake newbies make is generating a one time pad via an algorithm and declaring they have a "secure code".  They almost always do not.

So, anyone why says "any code can be cracked" is uninformed.

[talker]

I hold to my original statement:

There are means available to crack any code, if the need is really there.

[Simon Dog]

I hold to my original statement:

There are means available to crack any code, if the need is really there.

There is room for debate on codes based on mathematical complexity, however, a one time pad code (using a mask such as radioactive decay) is mathematically provable as uncrackable.   The problem is that you need secure transmission of a key equal in length to the message.

[Michael Murphy]

What the fin has requested is not tat apple decrypt the phone but patch IOS to disable the code that limits the number of attempts to enter the pin.  Right now after 10 try's the is bricks the phone.  Most people pick a 4 digit pin meaning 9999 try's will insure unlocking the phone.  Encryption has nothing to do with this.

[Rerun]

I don't even have a passcode on my phone.  Anyone is welcome to look at my past posts and texts which I usually keep cleared out so the FBI can dig in and read my past notes I don't care.  When you have something to hide... you should not put it in writing.   That sounded bad but you know what I mean.  I don't think good people have anything to hide so YES let the FBI do their job.

I am going to buy a Windows phone.  Screw Apple.

[Michael Murphy]

The reason it should be locked is not to keep out the FBI but in case it's lost,  most people have some info like Social security numbers or credit card info that would be damaging in the wrong hands.  The actual reason for the bricking is that if your phone is stolen it can't ever be reused if the pass code is used incorrectly more the 10 times the phone is bricked and unrecoverable.

[iolaire]

The Apple case is technically interesting since the default pass code is 4 to 6 digit numeric, which is very susceptible to a brute force attack.

Except Apple gives you the option to set the phone to be wiped after 10 bad try's.  So the FBI doesn't know if they can brut force it or if it all the data will be securely deleted after 10 bad try's.