Encryption
Moderators: Tunnelcat, Jeff250
- Krom
- DBB Database Master
- Posts: 16137
- Joined: Sun Nov 29, 1998 3:01 am
- Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
- Contact:
Encryption
So have any of you been following the FBI vs Apple case on unlocking that iphone?
I find this case alarming because what the FBI wants is incredibly dangerous, but also completely unnecessary if they were just willing to put in a trivial amount of effort.
In the past, I've worked for people who had a computer suddenly die on them. The power supply burned out the motherboard, the southbridge was smoldering, the computer would never work again, but they had stuff on it they needed. So no problem, I opened up the case, lifted out the hard drive, dropped it into a drive dock attached to a working computer and copied the stuff they needed directly off the drive. And that is relevant here, because the iphone is at its heart a computer. It is like a laptop, or a desktop; open it up inside and it has various components, including a storage component. What the FBI wants isn't access to that whole working iphone, what they want is access to the data stored within it. Open up the case and inside is a flash memory chip, which is the iphone equivalent of a hard drive. The FBI needs only to get some fairly specialized but commercially available equipment to be able to read all the data off that memory chip without actually going through the phone itself. After that, they can then brute force the encryption pin code on the copy they made with total impunity and no need for any assistance from Apple.
This equipment is the kind of stuff a data recovery company would have, if someone needed something off a phone that was damaged beyond repair and no longer functional, a data recovery company specializing in flash memory could still get it off. And the phone that this lawsuit is about still works, which makes it even easier. Just send the phone to such a company and have them image the data off the internal flash memory, and there is no need to risk breaking encryption on a global scale.
I mean seriously, what would the government be saying right now if China was suing Apple so they could unlock an iphone they had obtained from a US diplomat?
I find this case alarming because what the FBI wants is incredibly dangerous, but also completely unnecessary if they were just willing to put in a trivial amount of effort.
In the past, I've worked for people who had a computer suddenly die on them. The power supply burned out the motherboard, the southbridge was smoldering, the computer would never work again, but they had stuff on it they needed. So no problem, I opened up the case, lifted out the hard drive, dropped it into a drive dock attached to a working computer and copied the stuff they needed directly off the drive. And that is relevant here, because the iphone is at its heart a computer. It is like a laptop, or a desktop; open it up inside and it has various components, including a storage component. What the FBI wants isn't access to that whole working iphone, what they want is access to the data stored within it. Open up the case and inside is a flash memory chip, which is the iphone equivalent of a hard drive. The FBI needs only to get some fairly specialized but commercially available equipment to be able to read all the data off that memory chip without actually going through the phone itself. After that, they can then brute force the encryption pin code on the copy they made with total impunity and no need for any assistance from Apple.
This equipment is the kind of stuff a data recovery company would have, if someone needed something off a phone that was damaged beyond repair and no longer functional, a data recovery company specializing in flash memory could still get it off. And the phone that this lawsuit is about still works, which makes it even easier. Just send the phone to such a company and have them image the data off the internal flash memory, and there is no need to risk breaking encryption on a global scale.
I mean seriously, what would the government be saying right now if China was suing Apple so they could unlock an iphone they had obtained from a US diplomat?
Re: Encryption
My understanding is that the generated encryption key isn't created just as a function of the passcode. It's also a function of a hardcoded key in the phone's hardware that isn't directly retrievable. Without knowing the hardcoded key, you would have to search the entire keyspace of whatever encryption algorithm the phone uses, which is most likely computationally intractable, compared to just having to search the much smaller passcode space. So if they want to search just the passcode space, then they need to go through the phone.
- Sergeant Thorne
- DBB Material Defender
- Posts: 4641
- Joined: Sun Nov 25, 2001 3:01 am
- Location: Indiana, U.S.A.
Re: Encryption
What any intelligence agency wants in our day, IMO, is for their system to have access to all information for use in a relational database format. This way all they have to do is keep their system apprised of their current concerns, as it were, and your data basically raises its hand if it fits the bill, and gets in line in order of importance. One could make a funny ad, if one were so inclined, about information privacy: I picture a person standing at a cross-walk, or in an elevator with a law enforcement officer, and their smart phone in their hand begins to talk directly to the officer, suggesting that it suspects you of being in criminal activity and that the officer really ought to haul you in for questioning. Another good one might be a crowd of people sitting at a lecture, with the speaker asking personal questions of the crowd and their smart phones immediately volunteer answers for them and even competing over for who best characterizes the question being asked with embarrassing anecdotes.
I don't think the FBI is interested in just breaking into a phone they have in their physical possession, because it's extraordinarily inefficient by comparison. Anyone who doesn't give a damn about our constitutional right to privacy would much rather make their job easier by putting everything everyone is and does at their fingertips. I promise you, anyone in intelligence today wouldn't be caught dead without relational databases, and "privacy" is simply a fading obstruction.
I don't think the FBI is interested in just breaking into a phone they have in their physical possession, because it's extraordinarily inefficient by comparison. Anyone who doesn't give a damn about our constitutional right to privacy would much rather make their job easier by putting everything everyone is and does at their fingertips. I promise you, anyone in intelligence today wouldn't be caught dead without relational databases, and "privacy" is simply a fading obstruction.
- Foil
- DBB Material Defender
- Posts: 4900
- Joined: Tue Nov 23, 2004 3:31 pm
- Location: Denver, Colorado, USA
- Contact:
Re: Encryption
Thanks for the clarification.Jeff250 wrote:My understanding is that the generated encryption key isn't created just as a function of the passcode. It's also a function of a hardcoded key in the phone's hardware that isn't directly retrievable. Without knowing the hardcoded key, you would have to search the entire keyspace of whatever encryption algorithm the phone uses, which is most likely computationally intractable, compared to just having to search the much smaller passcode space. So if they want to search just the passcode space, then they need to go through the phone.
From what I understand (correct me if I'm wrong), the FBI is demanding that Apple create a mechanism for obtaining the hardcoded hardware key. Creating such a mechanism, effectively breaking the hardware security, is what Apple is balking at.
Re: Encryption
Although that would be sufficient, I don't know if that would be easy to do. My understanding is that the FBI wants Apple to create a new software image that just removes the limitation on the number of passcode entry attempts (I think they also want Apple to create a facility that allows them to automatically guess passcodes too, but when you are dealing with a 4-digit number, you can give just give it to a student intern to manually try all 10,000 combinations).
Re: Encryption
So why doesn't Apple just say, OK FBI, give us the phone and we'll get the data but we won't write a program that you can use to get into any Iphone. The other thing I heard was the phone was a company phone and as such the business could of accessed the data as they have the ability to change the password. True?
Liberal speak: "Convenience for you means control for him, free and the price is astronomical, you're the product for sale". Neil Oliver
Leftist are Evil, and Liberals keep voting for them. Dennis Prager
A mouse might be in a cookie jar.... but he is not a cookie" ... Casper Ten Boom
If your life revolves around the ability to have an abortion, what does that say about your life? Anonymous
Leftist are Evil, and Liberals keep voting for them. Dennis Prager
A mouse might be in a cookie jar.... but he is not a cookie" ... Casper Ten Boom
If your life revolves around the ability to have an abortion, what does that say about your life? Anonymous
- Tunnelcat
- DBB Grand Master
- Posts: 13740
- Joined: Sat Mar 24, 2007 12:32 pm
- Location: Pacific Northwest, U.S.A.
Re: Encryption
Because the FBI wants the whole shebang, the lock AND the key, and they're willing to make a pubic case for it. They're getting tired of those pesky court orders. I think however, that the tactic may backfire on them because what they want is way beyond the legal norm. Of course, if there's another bad terrorist attack, Americans will side with the FBI and turn over their privacy to the FBI and every cyber criminal in the world, all in the name of "safety".
Cat (n.) A bipolar creature which would as soon gouge your eyes out as it would cuddle.
Re: Encryption
Apple should just tell the government that they don’t have the technical expertise to do what they want, and be done with it.
Re: Encryption
My suggestion to the FBI: talk to the NSA.
- callmeslick
- DBB Grand Master
- Posts: 14546
- Joined: Sat Apr 09, 2011 8:12 am
- Location: Rockland,DE and Parksley, VA
Re: Encryption
I think that number is unlisted.Grendel wrote:My suggestion to the FBI: talk to the NSA.
"The Party told you to reject all evidence of your eyes and ears. It was their final, most essential command."
George Orwell---"1984"
George Orwell---"1984"
Re: Encryption
Doing it once effectively does do it for any phone because it sets precident. Not only does it show that Apple has written the software they are refusing to write, (which is compelled speech) it signals their willingness to circumvent their own security for the FBI. The FBI (and other law enforcement agencies) will simply bring them more phones to repeat the process. Apple has specifically written their software so as to take themselves out of this loop. They are willing to do what they can within their system as designed (for example they'll provide icloud backups) but they won't write software to specifically circumvent the security they've designed.woodchip wrote:So why doesn't Apple just say, OK FBI, give us the phone and we'll get the data but we won't write a program that you can use to get into any Iphone. The other thing I heard was the phone was a company phone and as such the business could of accessed the data as they have the ability to change the password. True?
My understanding of the company phone angle is that the employer had control over the icloud account. They reset the icloud password at the FBI's request, which prevented them from initiating a phone backup. If they had left the icloud password alone, they could've initiated a backup, and then pulled the phone data from the icloud backup. But since they changed the password on the icloud account, and they didn't know the PIN on the phone to change that icloud password on the phone, they effectively locked themselves out.
- Lothar
- DBB Ghost Admin
- Posts: 12133
- Joined: Thu Nov 05, 1998 12:01 pm
- Location: I'm so glad to be home
- Contact:
Re: Encryption
if the FBI wanted in to the phone, they'd talk to the NSA, the Air Force, or any of the other agencies that are good at hacking.
But this case isn't about this phone. This case is about precedent. The FBI wants to establish a legal precedent that compels tech companies to create backdoors for them, so that they can unlock any phone or any other type of device in any investigation with minimal effort. They want to be able to say to Microsoft "unlock the following 10,000 computers for us" and to Samsung "unlock the following 3,000 phones for us" and to Apple "unlock the following 8,000 iDevices for us" and be able to get at everyone's personal data in broad, sweeping strokes with only the barest of justification.
https://www.eff.org/deeplinks/2016/02/t ... phone-case
https://www.eff.org/deeplinks/2016/03/n ... s-whatsapp
But this case isn't about this phone. This case is about precedent. The FBI wants to establish a legal precedent that compels tech companies to create backdoors for them, so that they can unlock any phone or any other type of device in any investigation with minimal effort. They want to be able to say to Microsoft "unlock the following 10,000 computers for us" and to Samsung "unlock the following 3,000 phones for us" and to Apple "unlock the following 8,000 iDevices for us" and be able to get at everyone's personal data in broad, sweeping strokes with only the barest of justification.
https://www.eff.org/deeplinks/2016/02/t ... phone-case
https://www.eff.org/deeplinks/2016/03/n ... s-whatsapp
Izchak says: 'slow down. Think clearly.'
April Fools Day is the one day of the year that people critically evaluate news articles before accepting them as true.
April Fools Day is the one day of the year that people critically evaluate news articles before accepting them as true.
Re: Encryption
Vander, thanks for clearing that up.
Liberal speak: "Convenience for you means control for him, free and the price is astronomical, you're the product for sale". Neil Oliver
Leftist are Evil, and Liberals keep voting for them. Dennis Prager
A mouse might be in a cookie jar.... but he is not a cookie" ... Casper Ten Boom
If your life revolves around the ability to have an abortion, what does that say about your life? Anonymous
Leftist are Evil, and Liberals keep voting for them. Dennis Prager
A mouse might be in a cookie jar.... but he is not a cookie" ... Casper Ten Boom
If your life revolves around the ability to have an abortion, what does that say about your life? Anonymous
Re: Encryption
I'm curious to see how this goes. It really has the feel for a watershed case to me...
EDIT: It looks like we'll have to wait for another day: link
EDIT: It looks like we'll have to wait for another day: link
Arch Linux x86-64, Openbox
"We'll just set a new course for that empty region over there, near that blackish, holeish thing. " Zapp Brannigan
"We'll just set a new course for that empty region over there, near that blackish, holeish thing. " Zapp Brannigan