Signaling Post-Snowden Era, New iPhone Locks Out N.S.A
nytimes.comFTA:
At a news conference on Thursday devoted largely to
combating terror threats from the Islamic State,
Mr. Comey said, “What concerns me about this is companies
marketing something expressly to allow people to hold
themselves beyond the law.”
In the twentieth century, the modern state gained the power to destroy all life on Earth. In the twenty-first century, the modern state and the modern citizen gained the power of private machine-assisted telepathy, memory, and computation. The state and its avatars must recognize that it cannot and must not have the ability to exercise absolute power over citizen's thoughts, computations, and communications if it wishes to foster a healthy and free society.
You have it backwards.
The state and its avatars recognize that they can and must have the ability to exercise absolute power over citizen's thoughts, computations, and communications if they wish to fester in society.
> The state and its avatars must recognize that it cannot and must not have the ability to exercise absolute power over citizen's thoughts, computations, and communications if it wishes to foster a healthy and free society
This sounds lovely, except it's just absolute nonsense. For many thousands of years states have maintained the power to restrict citizens communications and almost since the invention of the telegraph they have been able to be monitored in some form. Despite this we are freer than ever.
Healthy and free societies are not built upon a base of unlimited freedom, that is all but anarchy.
Not nonsense at all, just an idealized view of things that doesn't always mesh with reality.
Freedom is not a static thing; it's a constant conflict between various parties. It's a balance.
Various entities within the government are always trying to wrest more control of individuals, more information about their lives, all with the justification of achieving incrementally better service to society and the world.
We the citizens of industrial societies need to come to a consensus as to how much freedom we should have, versus how much we should sacrifice for the sake of collective safety and security. We are nowhere near an agreement at this time.
We are not freer than ever. The ability to make fundamental change in our political systems is more contained to a narrow and doomed range near the status quo than ever.
"Anarchy." You keep using that word. You are equating the potential for absolute privacy in communication with "anarchy." Do you have an explanation for how that is the vanguard of anarchy?
Freedom: Supposedly enlightened places like the US are governed under a system where the rights of individuals are assumed to be open-ended and expanding as new technologies enable more freedom travel, communicate, etc., and the powers of government are fenced-in until the people consent to extend those powers.
It is an interesting and revealing quirk, though, to equate privacy with the abolishment of the State.
Who said anything about unlimited freedom? Keeping a few secrets from the state, namely the contents of your mobile phone, is a very limited and modest freedom, and one worth defending. And having that extra bit of privacy is hardly going to unleash the forces of anarchy and chaos.
The most important takeaway of the "post-Snowden Era" is that both companies and the government lie.
Apple now is in the damage control mode, trying to undo the massive credibility hit dealt by Snowden revelations. But since they were in bed with the NSA for several years prior, I really doubt they have an option of divorce. If they were strong-armed into cooperation before, it'd be foolish to assume that they can get out of it on such a flimsy technicality as a in-device encryption. So what's likely to be happening is that Apple started encrypting, the state started saying "Oh, noes! It's unbreakable. Buy American again." and behind the scenes they still cooperate in a less in-your-face fashion. Something as simple as initializing PRNG on the device in a predictable manner - piece of cake to do, very hard to detect, but exploitable on the spot with a bit of foreknowledge. Where there's a will, there's a way. And the will is there.
> both companies and the government lie
And it's impossible for a 'normal' citizen to have an idea if and when they are. We simply have no clue or expertise to possibly pick apart statements made and then verify them—as you said in regards to initializing PRNGs. For example, most in the technical communities have no idea how PRNGs work, let alone how to test if they are true. I know I don't.
If so, it will eventually come out, and then Apple will have lost all credibility on the matter.
>Apple now is in the damage control mode, trying to undo the massive credibility hit dealt by Snowden
Is this supposed to be a joke?
Well dudes, you screwed it up for yourselves with illegal wiretapping, the perhaps legal but still outrageous secret court orders and the attitude you presented when all this came to light. Fuck you.
"I'd hate to have people look at me and say, 'Well how come you can't save this kid?' 'How come you can't do this thing?'" said Mr Comey in a briefing. [1]
A separate article on the same sort of thing. But, I can't help but laugh at how the instant canned response from the FBI was "WON'T SOMEONE THINK OF THE CHILDREN".
It's pathetic, even more so because it keeps working.
> “Apple will become the phone of choice for the pedophile,” said John J. Escalante, chief of detectives for Chicago’s police department. “The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.”
http://www.washingtonpost.com/business/technology/2014/09/25...
This one's even more pathetically blatant.
Perhaps that overly dramatic chief of detectives think there should be no white vans, no ice cream trucks, or other "tools" of the roving gangs of pedophiles.
People like these that are in position of power over citizens are more threatening to us than ISIS in a faraway land.
You mean accurate right, because it's accurate.
No, it's not. It is as if the communication couldn't be monitored. It's not like the phone conjures the images from thin air.
> It is as if the communication couldn't be monitored. It's not like the phone conjures the images from thin air
You just contradicted yourself. If the communication can't be monitored, then the phone may as well be conjuring images from the air as you have no way to know what they are, where they come from, where they are being sent.
Yea, that caught my eye as well. More particularly, the fact that he resorted to playing on the audience's emotions with a hypothetical situation rather than sharing any actual data about the number and types of crimes have been solved by having Apple and other companies decrypt devices.
How would you design a law enforcement system that could work without secret court orders? If court orders were all issued by open courts, then any non-idiotic criminal organization would have someone in attendance at all relevant hearings to alert them when the court issues an order that affects them, such as a warrant authorizing a wiretap.
This makes me extraordinarily happy, perhaps this is the first major step in the struggle against government spying on innocent citizens?
On another note, is anyone disturbed by how even the idea of people being able to store their private data securely being seen as inherently criminal by high level officials? What does that say about these people in power, they literally view your right to privacy as dangerous. Sickening.
> What does that say about these people in power, they literally view your right to privacy as dangerous. Sickening
Your right to privacy is dangerous. Imagine trying to investigate a murder with unlimited privacy. Unless someone saw the killer kill, you've no chance.
Optimizing society to catch murderers at the expense of the 99.999%(+!) of people who do not murder seems stupid, frankly.
Yeah we have always caught killers over the years solely on the basis on electronic spying. Forget about all the other tools of detective work that has been used.
That's a complete strawman you've pulled on me there. I never said anything like that.
Individual privacy rights isn't actually dangerous. It's neither a person secrets or even their beliefs that are dangerous, it's their actions.
Focusing on solving a murder and being willing to scarifies the privacy of everyone, even the people that are in no real danger is foolish. The billions of dollars spend on spying on regular people are mostly wasted. Taking the same money and directing them towards prevention may yield better results. I'm not talking about the kind of prevention where the FBI pick up some terrorist just before he's about to bomb something. I'm talking about the kind where we avoid that people become terrorists.
If companies and individuals make it impossible for the governments to spy on people infeasible we might get more focus on prevention.
Also, strip away the privacy of the murderer and you strip away the privacy for all of us, including those who fight oppressive regimes and dictatorships. That might not be a sensible tradeoff.
Here's the problem: you can't prevent everything. So at the end of the day you still have to actually catch and stop some terrorists, and even in a perfect world it's likely you have to still catch and stop some who just won't be dissuaded.
It's notable that more elaborate terrorist attacks are not carried out by idiots - these are people who have gone to college, gotten degrees etc.
Man, how did the government investigate murders before universal surveillance? Obviously if they can't spy on our cell phones, the murder rate will increase dramatically!
The new security in iOS 8 protects information stored on
the device itself, but not data stored on iCloud, Apple’s
cloud service. So Apple will still be able to obtain some
customer information stored on iCloud in response to
government requests.
It has been reported everywhere I've seen it. It's pretty clear that it means Apple will be able to give information that you have let them give by storing it on iCloud.
The message seems to be that Apple are 'locking out the NSA' which is nonsense of course, but both may be counting on the fact that a typical consumer won't really look too closely at the claim. Their takeaway is that Apple's phones are perceived to be safer.
Apple gets to sell more phones due to this perception, the FBI get to continue hoovering (no pun intended) up iPhone user's data, and everyone goes home happy. It seems to be a manufactured controversy, with Apple & the FBI both playing their parts and knowing full well the rules of the game haven't changed one bit.
> Breaking the code, according to an Apple technical guide, could take “more than 5 1/2 years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.” (Computer security experts question that figure, because Apple does not fully realize how quickly the N.S.A. supercomputers can crack codes.)
Uh, what? Surely the journalist has missed an important technical detail here, right?
I had the same thought. If we allow upper, lower, and digits, that's 26+26+10 = 62 possible characters per space. With six spaces, that gives 62^6 = 56,800,235,584 possible passwords.
Now if we take their figure of 5.5 years to crack a phone's files and divide, we get 327 seconds (more than 5 minutes) per password they check.
Something is off, though perhaps it's my math so please do double check it for me.
Edit: Argggg. Good corrections. My main problem is that I did my final division in the wrong direction. Fix that by taking a reciprocal: 1/327 = 0.003 seconds. And then correct that by a factor of 2 to assume they get each password in half possible time: 0.003 * 2 = 0.006 or roughly 6 milliseconds. Thanks for the quick check folks.
6 randomly selected characters out of the 62 available gives less than 36 bits of entropy, which anyone with even a passing interest in any kind of cryptography will instantly recognise as pretty poor.
This issue is compounded by the fact that humans are notoriously bad at randomness. I really don't think many users will be typing the 22 random characters required for just over 128 bits of entropy every time they want to use their phone.
But maybe the 5.5 year figure includes the incrementally increasing delay that Apple insert between tries after x wrong guesses -- assuming a manual brute force, which is pretty much not how it would play out in reality.
In reality they lift your prints from the phone, fool the lock sensor, then clone it to a new, bugged phone, and monitor all your communications.
But frankly, such scenarios are not privacy concerns unless you're actually trying to carry out crimes because at that point you've got a half-dozen or more government agents assigned to personally follow you.
5.5 years is ~173563000 seconds or my maths and google are both wrong.
For pure brute force you'd want to make some assumption about the mean time taken to find the correct password, but lets argue that you find it after checking exactly 1/2 of the possible combinations.
2.8400e+10 passwords checked in 1.7300e+8 seconds => ~0.6 milliseconds per check. ish. I think.
Edit: as comment below points out, humans are crap. In reality any hack would use dictionary attacks rather than pure brute force. I was just addressing the maths.
There could be truth in that number depending on what encryption algorithms are used. Some take significantly longer than others to apply.
On a tangent, I trust Apple's competence but I have seen no information on the technicalities of this feature. I would like to hear specifics so we can estimate how secure the design is based on facts.
Re: "I have seen no information on the technicalities of this feature."
https://www.apple.com/privacy/docs/iOS_Security_Guide_Sept_2...
> There could be truth in that number depending on what encryption algorithms are used. Some take significantly longer than others to apply.
The computational burden likely cannot be too high, as it is running on mobile hardware and people expect rapid access to their data after entering their passcode.
The decryption is probably being done by specialized circuitry on the chip. It might perform the operation faster than a much more powerful machine.
Good point, thank you.
Going back to @theGimp's comment, it is probably safe to assume that nation-states that might want to decrypt this would have some form of access to that circuitry (either a specialized implementation or by using the apple chip) and could sidestep the speed issue. It seems like, to 0th order, it would either be slow for everyone or quick for everyone.
If I were the NSA, I would publicly ream Apple about the fact that I can't access the encrypted data on iPhones.
I would privately thank them for putting in another backdoor that actually lets me read all the data I want from them.
It's a win-win. Apple gets to look like a privacy crusader. The NSA gets access to all phones. And best of all, iPhone users get to believe that their phone is unhackable, so they won't take the same precautions to hide their illegal activities.
How about the FBI? http://www.huffingtonpost.com/2014/09/25/james-comey-apple-e...
Using technology to protect constitutionally guaranteed liberties is hardly "holding themselves beyond the law".
James Comey, head of the FBI:
"The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense."
The whole point of our system is that this guy can be as ignorant and disrespectful of our liberties as he likes, without actually endangering our society.
Which isn't to say that attitudes like his won't do damage. Really we ought to have officers -- in ALL stations of government -- with a far better understanding than this. Who, exactly, appointed this guy?
The hilarious part about all this is that companies do market and sell closets that cannot be forcibly opened. This product is commonly known as a safe.
If you think a safe can't be opened by...practically any law enforcement agency quickly, then I don't know what to tell you.
I could talk about safe-cracking as an art, but I'd direct you to go look up a YouTube video a plasma cutter going through steel. The reality is most safes you buy commercially can be broken in under 30 minutes by an experience locksmith without such tools.
Safecracking aside, I imagine trying to forcibly compromise a decent safe stands a decent chance of killing a child locked inside, particularly if you reach straight for your plasma cutter.
The problem is Comey spent his entire career on one side of the system - the prosecutorial side.
People at high levels of government (Director of FBI, US Attorney, etc) should at least spend some time on the other side to better understand how the whole system works.
Of course it won't happen - all the career paths to the top are through the prosecutorial side. That leds to people like Comey, the AG for Swartz case, etc have such overbearing attitude about our rights.
You would have to be very gullible to believe this show, I would not be surprised if this is done in cooperation with the government. They want you to use propitiatory software and own personal surveillance devices such as phones and Apple wants to sell your their product. They both would win from such a scenario. I do not buy it, the least I can do for Snowden is to be very skeptical.
Police did the same dance with BlackBerry, they claimed to the media it was impossible for them to spy on calls and texts but we all know now that was a ruse to encourage criminals to use them. UK riots they had no problems handing over decrypted messages to the police. The Datalocking company, who ran their own BB Enterprise servers and peddled "unbreakable encryption" were remotely accessed by the FBI and keys pulled, with the help of Blackberry themselves of course. Any customs agent in the western world can plug a locked BB into a little device they have that unlocks the screen immediately. Finspy/mobile malware let's the police monitor communications in real time too (and iOS).
Samsung Android phones the proprietary modem can r,w /sdcard and /data unless you either install Replicant or use some kind of permission controls like SEAndroid to lock out modem.img access to everything. Apple likely has a similar proprietary baseband with full remote control over the whole application OS they can offer the FBI to quietly activate targeted spying.
Or is it a plot to fool users into thinking their secrets are safe on a phone now?
Plot or not, it is naive to think your personal data is safe at a super commercial company like Apple. I see it as the typical 'Apple' way of selling things; pretending what they make is better, faster, more secure bla bla bla. Apple targets a huge market of people not understanding technicalities, this is a typical example.
> Mr. Comey said, “What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law.”
This is a huge blanket blaming statement. Our intent can be protecting someone's privacy without ever addressing their intent to do harm to another. And, given the propensity of people who don't wish harm on others, I'm totally OK in supporting and pushing for these types of protections in consumer goods.
If anyone has tried to go beyond the law here, it's the NSA.
I think the big issue here isn't that Apple is now encrypting iPhones. In general, being able to secure the data on your phone is a huge benefit for the average consumer. People lose their phones all of the time, and you have no idea who is going to find your lost phone and what they're going to do with the data on it. Given the amount of sensitive data people throw on their phones without thinking, Apple is probably doing more to prevent petty crime and identify theft by encrypting the data on iPhones.
The big issue as I see it, though, is that Apple isn't advertising this as a means of protecting yourself from criminals. Instead, they advertised it as a means of preventing Apple from complying with warrants. Warrants constitute an violation of a person's privacy which is explicitly allowed in the constitution. There's a good reason we have them, and a process that's been in place for a few centuries to limit their abuse. More often than not, the bad guy is not the federal government, and the public is served by allowing the police to investigate specific individuals under reasonable suspicion with specific limitations as authorized by the courts. If people have a problem with the way warrants are issued or how the police carry out investigations, they should seek to change that process, not try to circumvent them.
This isn't going to keep out the NSA. It only affects that data physically residing on your phone, and when was the last time the NSA had your phone physically in its possession? This likely isn't going to stop actual law enforcement officials from getting access to the data on your phone. Unless you're typing in a strong password every time you pull your phone out of your pocket, the FBI will likely be able to brute force your phone to gather evidence with little difficulty, providing the courts allow them to do so. On that front, the only thing this has really accomplished is allowing Apple to give the middle finger to the feds in an attempt to appease a customer base who thinks the government is out to get them.
If you look at all the links on this thread to the moral panic various cops have been goaded into spewing, it's not like they aren't doing their part to make Apple's point.
The cops have a point. I don't think the actual encryption is as big a deal now as people are making it out to be, but Apple is setting a precedent when they say "we're doing this so we don't have to comply with warrants" instead of saying "we're doing this to make our customers safer". Apple just sparked a debate (as much as I hate that term). If the cops don't make a stink out of it now and point out the necessity of warrants, things may likely get out of hand somewhere down the road.
A few things about that:
1. Warrants have never been a guarantee of a search producing evidence.
2. It isn't Apple's data to hand over when a warrant is presented.
3. Making strong and deniable encryption illegal for some classes of users will make it highly desirable contraband.
4. Producing cyphertext complies with a warrant if that is all you can access.
It's the government's fault that this is a feature that companies would a) build and b) market as a key feature. The public finds this attractive because of their nefarious activities. We reap what we sow.
The benefits of being able to crack phones quickly in the few cases where it is in the public interest to do so do not outweigh the harm that would be done to the public if it were possible. Further, the types of people that really want to harm us are using third party or custom tools that encrypt everything anyway.
The feds and local police will lose a few more low-level drug cases, and maybe a few insider trading cases, due to Apple's security enhancements. I'm OK with that.
So what are the actual rate limits on unlock code discovery?
If you're typing in passwords, it might take a while.
If you've disassembled and imaged the storage device, and have physical access to the hardware security module (HSM), does that improve your rate or ability to parallelize?
I've been a little annoyed at how the FBI (for itself and again as proxy for the NSA) is playing helpless, as if the Director of the NSA or FBI is going to be stuck tapping unlock codes into a suspect's phone while the countdown timer on a 100 mega-pedophile nuke ticks down, somewhere in The City.
Apple's position here is that my private iPhone data belongs to me. If the government suspects me of criminal behavior, the search warrant should be directed at me, not Apple. I'm not a lawyer, but I think this makes perfect sense.
The next logical step is for Apple to encrypt my private iCloud data as well, and protect it from anyone except me (not sure if the technology exists to do this yet.)
Locking out intrusion is a huge value proposal for cellular manufacturers. I wonder why encrypted conversations are not already norm.
> Locking out intrusion is a huge value proposal for cellular manufacturers.
Is it though? The implementation can be tricky to get right, building it in takes resources, and (perhaps until recently) most consumers do not seem to value that kind of safeguard for their communications. Enabling encryptoed encrypted increases the cost to the manufacturer, all for something that most people did not think was important (before there was strong evidence that there was a lot of warrantless wiretapping going on).
It's only of value if the customers expect to be spied on, and then only if they care about it.
A 6 letter alphanumeric password, do they think people use old laptops to generate the possible passwords?! It should be at least 128 or 256 if they're being serious about security and preferably much much longer than that.
128 bits of entropy should suffice to make brute forcing impossible.
That corresponds to a 22 character mixed-case alphanumeric password. (62 choices per character, 62^22 > 2^128). But only if the characters are chosen randomly by a password generator; characters chosen by a human will have patterns and therefore lower entropy.
80 bits of entropy should still be enough to occupy a large amount of specialized hardware for a long time. That would correspond to 14 characters.
Depends on whether the decoding can be done offline, or requires the actual iPhone that the data is encrypted on.
Is it possible to brute force this? Using quantum computers?
I don't think you need quantum computers to bruteforce a 6-letter password.
This is just theatre.
Yea right, PRISM has been forgotten already...
"even legal surveillance"
>“We’re using a locker that actually has a combination on it, and if you don’t know the combination, then you can’t get inside. Unless you take a sledgehammer to the locker, there’s no way we get to the files.” ~Jonathan Zdziarski, a security researcher who has taught forensics courses to law enforcement agencies on collecting data from iPhones,
These people literally think on the level of schoolyard bullies.
Are you referring to Apple who is locking investigators out of phones, or Investigators for trying to track down evidence of crimes?
"These people literally think on the level of schoolyard bullies." - That statement could go either way.
It sounds like he/she is referring the the investigators who are saying that the only way to unlock the phones is to beat the hell out of the person who knows the password.
He said beat the hell out of the locker, not the person. In this case I'd interpret his analogy to be a reference to brute force decryption.
yes.