Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 02-26-2016, 07:54 AM   #261
Thinks s/he gets paid by the post
 
Join Date: Feb 2014
Posts: 1,472
My two cents:

I think Apple is trying to draw their line in the sand, and sadly it probably won't work. On a personal level, if their are too many keys out there to unlock stuff, sooner or later someone is going to get into our investments and steal our money out from under us. What then will you and I do?

In addition to major illness, we are much more likely to die in a storm, a car accident, or in one of these copycat senseless killings than we are in a terrorist attack. We are way more likely to have other bad things happen to us than a terrorist attack.

The perpetrators of the San Bernardino attack are gone. They destroyed their own phones ahead of time. That's where the information lies. It is unlikely there will be stuff of use on the work phone. The FBI are trying to distract from the mistake of changing the password by chasing Apple over this.

I fear the Pandora's box the government is trying to open. If the software to disable the lock on the phone gets out to Isis or Iran of North Korea, you and I could be looking at a lifetime of eating cat food because our accounts get wiped out. The bad guys buy weapons with our money. No thanks!


Sent from my iPhone using Early Retirement Forum
__________________

__________________
EastWest Gal is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 02-26-2016, 08:28 AM   #262
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2004
Posts: 11,615
Sooner or later there's going to be a very clear case where a demonstrably bad person obviously has an iPhone with important information on it that could lead to the apprehension of other bad people and the saving of lives. The FBI will want it, and Apple will suffer a giant PR blowback if they don't provide it. I don't think Apple gains much ground right now by arguing against this particular order (because the attackers are dead, because the data extraction is now more difficult than it might be under other circumstances, because the attackers had other phones, etc). To be a meaningful "win" for Apple, they need to make the case that the risks of doing this will >always< outweigh the potential gain. I doubt they will be successful, because they'll have to convince lifelong jurists that the courts can't be trusted to make these distinctions (distinctions they make every day before issuing search warrants and subpoenas) and they'll have to make the case that Apple can't be trusted to keep this tool in-house (which is all the government has requested).
__________________

__________________
"Freedom begins when you tell Mrs. Grundy to go fly a kite." - R. Heinlein
samclem is online now   Reply With Quote
Old 02-26-2016, 08:54 AM   #263
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,288
Quote:
Originally Posted by Jack_Pine View Post
...

One thing, I am in IT and (in my opinion) it is ludicrous for Apple to say they have no way into a phone and they would have to create one. My application folks were laughing about that the other day. It's one thing to argue weather the gov has a right to that access or not but I think it is naive to think they don't already have the capability. Again, JMHO.
I don't think it's laughable at all. I suspect that your opinion is based on your IT work, and network security is very different from secure hardware/firmware on a device with proprietary chips working with proprietary firmware all soldered down in such a way to even make physical removal very, very difficult (and probably useless anyhow, w/o the 'keys').

I have a bit of experience with some secure boot devices, though this was a while back, and my memory is fading on the details (which were under NDA anyway, so just as well). These devices initially boot with a set of keys that are used to lock down all the secure components. The resulting info they need to validate is stored in memory that can't be externally read. These devices won't talk to each other if they don't validate, and that validation process is all in 'burned in' firmware that cannot be bypassed. If Apple did not retain the keys used to lock that device, which maybe they don't - they can't be hacked if they don't own them anymore, they have no better chance of breaking in than anyone else.

What Apple does have, from what I understand, is the 'signing process' to load new software on the phone. What I don't know is whether some of the restrictions on number of tries, etc (what the FBI is asking for) are part of software that can be re-loaded, or is it part of the firmware in their 'secure enclave' that is not re-programmable.

edit/add: when I use the term 'secure boot', I don't mean what is on some of our computers, I'm talking about a device level system-on-chip boot level security, a totally different thing.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 02-26-2016, 09:11 AM   #264
Full time employment: Posting here.
Jack_Pine's Avatar
 
Join Date: Apr 2013
Posts: 834
Quote:
Originally Posted by ERD50 View Post
I don't think it's laughable at all. I suspect that your opinion is based on your IT work, and network security is very different from secure hardware/firmware on a device with proprietary chips working with proprietary firmware all soldered down in such a way to even make physical removal very, very difficult (and probably useless anyhow, w/o the 'keys').

I have a bit of experience with some secure boot devices, though this was a while back, and my memory is fading on the details (which were under NDA anyway, so just as well). These devices initially boot with a set of keys that are used to lock down all the secure components. The resulting info they need to validate is stored in memory that can't be externally read. These devices won't talk to each other if they don't validate, and that validation process is all in 'burned in' firmware that cannot be bypassed. If Apple did not retain the keys used to lock that device, which maybe they don't - they can't be hacked if they don't own them anymore, they have no better chance of breaking in than anyone else.

What Apple does have, from what I understand, is the 'signing process' to load new software on the phone. What I don't know is whether some of the restrictions on number of tries, etc (what the FBI is asking for) are part of software that can be re-loaded, or is it part of the firmware in their 'secure enclave' that is not re-programmable.

-ERD50
I get all that and understand firmware and IOS development, but stand by my opinion that apple has a way in. It is certainly just my opinion, though.
__________________
The Constitution. It's not just a good idea...it's the law.
Jack_Pine is offline   Reply With Quote
Old 02-26-2016, 09:19 AM   #265
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,288
Quote:
Originally Posted by Jack_Pine View Post
I get all that and understand firmware and IOS development, but stand by my opinion that apple has a way in. It is certainly just my opinion, though.
And you may be right - I just don't consider the possibility that Apple may not have a way in either to be 'laughable'.

From what I understand of all this (and I have not read every word, so please correct mt if I'm wrong), Apple is telling the Feds they don't have a way in and they don't want to create one for fear it could leak out. And it seems like their 'way in' isn't simply unlocking the phone, but bypassing the limits on tries so the FBI can attempt a brute-force unlocking attempt. Maybe Tim Cook is flat out lying to the Feds, I don't know, but would he really put himself in that position?

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 02-26-2016, 10:23 AM   #266
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
NW-Bound's Avatar
 
Join Date: Jul 2008
Posts: 19,435
Quote:
Originally Posted by ERD50 View Post
...What Apple does have, from what I understand, is the 'signing process' to load new software on the phone...
This is my understanding as well from reading the court order that was was on a BBC Web page, a link to which I included in post #100.

It appears that the user's data is still encrypted and there's no back door to get at it, other than a brute force attack by guessing or trying all combinations.

The new software FBI wants Apple to write will facilitate this brute force passcode attempt by 1) disabling the auto erase after 10 wrong tries, 2) eliminating the increasing delay between trials, and 3) allowing the passcode to be entered electronically (possibly via the Bluetooth link).

Apple acknowledges that this is feasible, and takes 10 programmers 2 to 4 days. However, it wants to destroy this software afterwards, and is fretful that it will have to repeat this exercise again and again.
__________________
"Old age is the most unexpected of all things that can happen to a man" -- Leon Trotsky
NW-Bound is online now   Reply With Quote
Old 02-26-2016, 10:56 AM   #267
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,288
Quote:
Originally Posted by NW-Bound View Post
This is my understanding as well from reading the court order that was was on a BBC Web page, a link to which I included in post #100.

It appears that the user's data is still encrypted and there's no back door to get at it, other than a brute force attack by guessing or trying all combinations.

The new software FBI wants Apple to write will facilitate this brute force passcode attempt by 1) disabling the auto erase after 10 wrong tries, 2) eliminating the increasing delay between trials, and 3) allowing the passcode to be entered electronically (possibly via the Bluetooth link).

Apple acknowledges that this is feasible, and takes 10 programmers 2 to 4 days. However, it wants to destroy this software afterwards, and is fretful that it will have to repeat this exercise again and again.
If Apple just built some of these multi-retry delays into the secure firmware of the chip itself (something that was not accessible by any software update), it would make a brute force attack on a 6 char alpha-numeric passcode essentially impossible - say one attempt per minute after X failed retries:

(36^6) ∕ (60 ⋅ 24 ⋅ 365) ≈ 4141.5189

36 char raised to the 6th power, divided by 60 min/hour times 24 hours/day, times 365 days/year, is thousands of years!

And that assumes only upper case alpha. With upper/lower and 10 digits, we are talking > 100,000 years at one try a minute.

Of course, that's to try every combo. On average, you'd reach it in half that time, a mere 2,000 to 50,000 years. Good guessing might cut that down by a large factor, but probably not enough to matter.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 02-26-2016, 11:47 AM   #268
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,709
Quote:
Originally Posted by Jack_Pine View Post
I get all that and understand firmware and IOS development, but stand by my opinion that apple has a way in. It is certainly just my opinion, though.

I also believe there is a way in. Of course there is no good reason to step forward and show how it's done.

The better course for govt and vendors us to work on guidelines and solutions that can be triggered in the right way, given legal judgment is on place.
__________________
target2019 is offline   Reply With Quote
Old 02-26-2016, 12:04 PM   #269
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,288
Quote:
Originally Posted by target2019 View Post
I also believe there is a way in. ...
I'm curious why you would be so sure. You may be right, but what leads you to this?

Apple appears to take security very seriously. Security is a very difficult/complex thing to do right. Adding a back door adds complexity, it could have flaws which could reduce the security, and risks a leak of the knowledge. Some people just have to know about it. All they need is a Snowden-type guy on their team.

And what does Apple gain by adding a back door?

I'll apply Occam's Razor - the path of least resistance is for Apple to have no back door, and that is where I would place my bet. I could be wrong of course, but that is how I got to my view.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 02-26-2016, 12:06 PM   #270
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,512
I don't understand why so many people are convinced that Apple already has a back door or other way in without modifying the existing iOS.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 02-26-2016, 01:01 PM   #271
Full time employment: Posting here.
 
Join Date: Jan 2011
Location: Just North of Boston
Posts: 522
If you want this in the future, all congress needs to do is pass a law that every encrypted piece of software sold in the US must have a backdoor key that is given to the FBI.
__________________
ChiliPepr is offline   Reply With Quote
Old 02-26-2016, 01:32 PM   #272
Thinks s/he gets paid by the post
 
Join Date: May 2008
Posts: 3,423
Then they'll cede the mobile software industry to other countries.
__________________
explanade is offline   Reply With Quote
Old 02-26-2016, 01:45 PM   #273
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2004
Posts: 11,615
Quote:
Originally Posted by explanade View Post
Then they'll cede the mobile software industry to other countries.
U.S authorities have had the cooperation of Apple and other mfgrs up to this point, and these companies still seem to be doing very well against foreign competition. Maybe another company will spring up in a country that offers better "protections" (in a narrow sense), but that threat exists today and doesn't seem to be taking market share right now.
__________________
"Freedom begins when you tell Mrs. Grundy to go fly a kite." - R. Heinlein
samclem is online now   Reply With Quote
Old 02-26-2016, 01:49 PM   #274
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,512
Quote:
Originally Posted by ChiliPepr View Post
If you want this in the future, all congress needs to do is pass a law that every encrypted piece of software sold in the US must have a backdoor key that is given to the FBI.
The FBI tried to get this kind of legislation passed a couple of times in the past decade. It never could get off the ground.

So now they're trying this approach.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 02-26-2016, 01:51 PM   #275
Dryer sheet aficionado
 
Join Date: May 2007
Location: Southwest Ohio
Posts: 33
Quote:
Originally Posted by marko View Post
For me it's an easy one: unlock the phone!

But I will agree philosophically that it's a challenging situation, but I come at it from the practical view of:
- we don't have any online privacy to begin with
- I don't have anything the FBI might be interested in
- we are at war in a sense and the rules become different in this case
Of course, there is the opposite view.

What I decide to do with my information is not the government's business. If I decide to display secrets on an internet forum, for example, the government should not construe that as an invitation to delve deeper into my life or life's work. Whether or not I have something to hide is of little consequence. There is nothing in the law (read Constitution) that says the measure of the government's intrusion into my life is based in any way on the level secrets I may or may not have. Quite the opposite, it is because I do have things I want to hide from all types of people to one degree or another that the government needs judicial permission or some exigency to violate my right to secrecy. More importantly, I have the right to be left alone. Left alone to pursue any and all things that make me happy without being bothered by anyone.

Yes, we are at war. And it is good to point out that what the government is demanding of Apple is no different than conscription. They have simply replaced the gun with a phone. Since there is no emergency, I default to Apple's right to defend their work product. It is not Apple's job or duty to make anyone's job easier, including the government.

Ron
__________________
r2021t is offline   Reply With Quote
Old 02-26-2016, 02:15 PM   #276
Thinks s/he gets paid by the post
 
Join Date: May 2008
Posts: 3,423
I don't mean they'll lose the mobile operating systems business.

They'll make iPhones and Android phones with backdoors for the govt. and some Israeli firms will come up with messaging apps. which are encrypted without backdoors.

Banks will have to make apps. which can't be cracked by the FBI or mobile banking will be vulnerable to all kinds of hacking and theft.
__________________
explanade is offline   Reply With Quote
Old 02-26-2016, 02:50 PM   #277
Moderator Emeritus
 
Join Date: Oct 2007
Posts: 4,929
The LEGAL issues derive from the command by the Court that a business construct something (GovtOS, as the Apple documents call it) against their will and their best interests, and further authenticate that production (by digitally signing it) for use with other products.

The various arguments that "it is only one device, and the software can be destroyed" are already moot, as there are another 182 devices that various agencies have already announced an intent to request the same product and service be performed for.

This would place Apple in an unfortunate position. If they can successfully construct GovtOS at the behest of US courts, there is then no obvious technical reason why the current hardware products cannot be made unlockable when in any jurisdiction, not just the US. The British or French government could demand the same product and services be performed through their court systems, for example, as could the Chinese or Russian government. A Chinese court having an iPhone in it's possession that belonged to a US Embassy employee suspected of being a CIA agent, a serious crime in that jurisdiction, for example...

Be careful what you wish for. You just might get it.


Sent from my iPad using Early Retirement Forum
__________________
M Paquette is offline   Reply With Quote
Old 02-26-2016, 03:24 PM   #278
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2005
Posts: 13,287
Do not remember what I was watching when someone said this about Apple...


But they said that Apple is now working on a new phone that will not allow anybody the ability to gain access the way the FBI is wanting... even Apple...

So, because of this, we will be getting harder to crack systems... so even if the FBI wins, they will lose in the long run...
__________________
Texas Proud is online now   Reply With Quote
Old 02-26-2016, 03:29 PM   #279
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2004
Posts: 11,615
Quote:
Originally Posted by M Paquette View Post
The various arguments that "it is only one device, and the software can be destroyed" are already moot, as there are another 182 devices that various agencies have already announced an intent to request the same product and service be performed for.
It seems to me that a high (and growing) number of valid requests from courts for Apple to assist in providing access to information on these phones is not something Apple should dwell on--it hurts their case rather than strengthens it.

Quote:
Originally Posted by M Paquette View Post
The British or French government could demand the same product and services be performed through their court systems, for example, as could the Chinese or Russian government.
They can demand it right now anyway. If Apple has (reportedly) already agreed that it is technically possible for them to do it and even provided an estimate of the effort required, then they've already forfeited their best hope of turning back these requests. The Chinese won't care at all that Apple won't do this for the USG.
__________________
"Freedom begins when you tell Mrs. Grundy to go fly a kite." - R. Heinlein
samclem is online now   Reply With Quote
Old 02-26-2016, 03:33 PM   #280
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2004
Posts: 11,615
Quote:
Originally Posted by Texas Proud View Post
But they said that Apple is now working on a new phone that will not allow anybody the ability to gain access the way the FBI is wanting... even Apple...

So, because of this, we will be getting harder to crack systems... so even if the FBI wins, they will lose in the long run...
Yes, I heard that on NPR, and I'll bet it is true. That's the best way out for Apple. If so, we'll see if the USG takes steps to block the sale and use of such an OS in the US.

Interesting times . . .
__________________

__________________
"Freedom begins when you tell Mrs. Grundy to go fly a kite." - R. Heinlein
samclem is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Way to go FBI Mwsinron Other topics 30 05-10-2007 07:57 AM

 

 
All times are GMT -6. The time now is 06:49 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.