President Obama: 'You Cannot Take an Absolutist View' on Encryption Issue

[Benjamin Frost]

Serious question. Would you rather they get rid of all security at the airport? Yes or No?

Comparing trains and buses to airplanes is straight up silly. You can do a lot more damage to human population centers hijacking an airplane than trains or buses. Did 911 not teach you anything?
[doublepost=1457907084][/doublepost]

I don't know about you, but nobody stores bank information on the phone. Al that data --- it's all on some company's servers. The only things that are normally stored on the phones are photos, texts, some notes maybe and some apps. Then again, all those are often backed to some server as well be it iCloud, gmail, dropbox, etc. Anything that can be retrieved the through phone can be retrieved via other methods --- texts, phone calls, etc. So yes -- privacy is an illusion. It's out there already. If those servers are hacked (and they often do), we're screwed

I wonder if we'll ever get to the day when it is impossible to get people thoroughly vetted enough to achieve proper security for flying, and so flying becomes outlawed, and everyone has to use alternative modes of transport. I would savour that day. The bliss of quiet skies and much less pollution.

It's one of my dreams to see an end to all planes. I hate the noise and intrusiveness of them.

 

[spinedoc77]

Absolutely, the FBI has a legal search warrant and the right to unlock the phone and see what's on it. If they killer hadn't used the feature where the iPhone erases itself after ten incorrect passcodes, they would have asked an intern to type all 10,000 passcodes and in a day or two the iPhone would be unlocked. The FBI also was handed all the information that Apple could access, including a slightly older backup of that iPhone.

The FBI's problem is first that Apple can rightfully say: This has nothing to do with us. We built the phone, but then we sold it, and it's not in any way our responsibility to help the FBI. A simple analogy would be the FBI having a legal search warrant for my neighbours home, but they can't get in, so they ask me to let them into my garden and climb over the garden fence into my neighbours garden. Do I have to let them? Now my fence is three meters high so they can't climb it, and the FBI asks me to cut a hole into my garden fence. Do I have to do that? I don't know, but it seems reasonable that a search warrant against my criminal neighbour shouldn't affect me and my property.

The second problem is that Apple says: This particular help that you want affects the security of all our customers. Now that is a pretty strong argument. Should Apple expose millions and millions of customers to evil hackers (including police officers, army personnel, politicians etc. ) to help getting additional information about this crime? That's highly debatable.



Actually, it's not self incriminating, just as opening the house door to police officers with a search warrant isn't self incriminating. The exception is when the police doesn't actually know for sure that the device is yours, and be decrypting it you give them the evidence that it _is_ indeed yours.

Now I'm not exactly sure what can be done to "force" you to decrypt the device. They can't exactly beat you up until you decrypt the device.

What I really want to know if there is a precedent for this in the physical world? Does a lockmaker have to have some kind of backdoor, master key, unlock technology and can be forced to use that backdoor to open a lock at the request of a judge? Or a vault maker, or whatever other security company or method out there? It seems to me that this is the precedent which would determine how reasonable Apple's argument was.

 

[duffman9000]

So now we know where you stand. Thanks for exposing yourselves as enablers for terrorists, kidnappers, drug dealers and pedophiles.

I should start with what is obviously the rantings of a teenager. Yes, I support the 2nd amendment despite the San Bernardino terrorists. I support encryption despite knowing bad actors also find encryption important.

Now lets get to you. I'm going to give you the benefit of the doubt that you're not a tax cheat, but hey, I don't know you. If you pay taxes then you are also a enabler of terrorists, kidnappers, rapists, dead beat parents, pedophiles and even jay walkers. By paying taxes (unless you're a filthy tax cheat) you contribute to civilized society's critical infrastructure. You know, the same infrastructure the terrorists use. Therefore, by your reasoning, you are also a enabler of these peoples.

 

[firewood]

Was the same prior to the TSA.

I don't have the stats, but I seem to recall more "airliner hijacked to Cuba/et.al." news stories a few decades ago. Also the guy who asked for ransom money and a parachute.

 

[Quu]

Lol Oh Wait you're being serious. Since when was android secure? No one running Android really thinks it's safe, the number of exploits are insane. You don't hear the fbi asking google for a backdoor or Microsoft for a windows back door do you! Cos they already got one.

The only reason it is easier for the authorities to break the encryption on an Android device is because they can image the encrypted volume to a PC and then perform a brute force attack on the encrypted volume. Try an unlimited amount of pass code combinations until they get one which can be derived into the key needed to decrypt the volume.

With the iPhone they cannot do this because the phone doesn't allow you to make a copy of the encrypted user volume. Apple has not included any method to perform it. So the FBI has two options.

1. Attempt to brute force the lock code on the device itself which risks the contents being erased.
2. Take the NAND flash off the logic board in the phone, put it into a reader and then extract all the bits from the NAND to do a brute force attack.

If they do the second one, there is a risk the NAND could be damaged. There is also a risk that they don't have the technical expertise required to perform the code side where they need to work out what encryption is being used, how it is implemented, how long the key is, what the salt is that Apple employed (as the passcode is only part of the key). This is all very complicated stuff and why risk it when they can get a court order?

Now the reason I brought up the Android thing is because at the moment the Google supplied encryption system has issues. One it's easy to extract the encrypted volume from the phones. And two many Android devices do not have the capability to encrypt using hardware, they have to use a software based encrypter and decrypter. This is slow and so many OEM's have the encryption system turned off by default. This mostly affects older devices but some new ones as-well, especially budget handsets.

We have a situation where 100% of iOS 8 and iOS 9 devices. That's all iPhones and iPads sold in the past 4-5 years have by default encrypted archives. And then you have Android with at most 50% of flagships and 1% of 3 year old devices being encrypted. That's the difference we're talking about here.

But that wont stop consumers in the future from using apps and custom firmware on their Android devices that offer better encryption. Just as we have seen on Windows, OS X and Desktop Linux with third party Apps like TrueCrypt being the go to volume and file encrypter. Windows and OS X both ship with built in volume encrypters but people still recommend TrueCrypt because it has been shown both of those are not secure enough, law enforcement can break them.

People who care about their security will always go where that security is available. Right now that is not on Android. But it is the only platform out of the two (iOS being the other) that allows deep system integrated applications that could enable 3rd party encryption. iOS is controlled entirely by Apple and so if they lose this case and have to weaken their encryption it will be a dead end for the privacy concious and it will be yet another feature only Android phones can offer.

I hope you understand where I'm coming from here.

 

[alexgowers]

I'm no lawyer, but just as devil's advocate what is the difference between this and lets say a physical search of a house with a warrant. I suppose we would compare encryption with the physical door locks of the house, once these are defeated then the search warrant allows inspection of what is behind them. I'm curious, if LE encountered a lock they couldn't break would the lockmaker be able to be forced to open the lock? If they encountered say a physical vault would the vault maker be required to open the vault? These are harder to answer because physical methods can work, but what does the law say about forcing the manufacturer to open a lock?

I don't see this as an issue with the information in the phone itself, as that is similar to having a piece of paper in your house. I understand the issues with security and how this might affect the use of the phone and services, but that has no bearing in determining if it follows law and precedent. Don't get me wrong, I'd much rather have encryption and find the argument of trading privacy for safety poor and alarming. But at the same time I'm not so sure Apple is right.

The analogy is incorrect, a proper one would be.

A search warrant gives you access to nothing but a wall with numbers on and no evidence what so ever.

Encryption is just not the same thing as getting access. You can't force someone to unlock the code on the wall especially if they don't have it and neither does apple.

This is specifically when apple can't recover the phone after the fbi changes the password changing the encryption method on the wall.

Encryption is also more complex than just sending a key

 

[firewood]

So now we know where you stand. Thanks for exposing yourselves as enablers for terrorists, kidnappers, drug dealers and pedophiles.

The highest appeal courts may well rule that the "enabler" allowing people to get away with it in some cases is the U.S. Constitution. Where do you stand if that happens? Amend the Bill of Rights? Or become a vigilante mercenary instead of an enabler?

 

[macfacts]

That's not what the FBI is asking for. But I think you know that, don't you? They ask for a tool to break the safemaker's unbreakable safe.


...

http://finance.yahoo.com/news/fbi-threatens-to-demand-apple-s-secret-source-code-214832611.html

Right there. If Apple is saying making this tool is too much work for them, the FBI is saying they will make Apple give the source code and signing keys so that the FBI can do it themselves.

 

[duffman9000]

This is the option that the government has been advocating from the get-go. Yes, it does shift the risk. But if you are concerned about privacy, it is better for Apple to be involved in this way, and not the government. Why? Because there is no reason to think that the code Apple writes in compliance with the order will ever leave Apple’s possession. Nothing in the current court order requires Apple to provide that code to the government or to explain to the government how it works. And Apple has shown it is amply capable of protecting code that could compromise its security. It’s one of the most secretive and secure corporations on the planet. Consider that Apple currently protects (1) the source code to iOS and other core Apple software and (2) Apple’s electronic signature, which allows software to be run on Apple hardware. Those things, which the government has NOT requested, are the keys to the kingdom. If Apple can guard them, it can guard software to comply with legal court orders as well.

No reason as in zero reason? Let's talk about what Sewell said during testimony on March 1:

The request that we got from government [was] that we should take this tool, put it on hard drive, sent it to FBI and they would put it on computer.

The FBI and Apple gave sworn testimony. The FBI already showed its hand in wanting private access to the tool. Are you going to say that Sewell lied during sworn testimony next?

I don't recall the court order saying that Apple has to develop a forensic tool, but that is what has to be developed. How else could the data from that phone be used in court? The court order doesn't say that said tool would have to be made available by the defendant's (if any) attorneys. The court order doesn't say that the tool has to be evaluated by independent third parties to be considered trust worthy. What else does the court order not say?

 

[firewood]

http://finance.yahoo.com/news/fbi-threatens-to-demand-apple-s-secret-source-code-214832611.html

Right there. If Apple is saying making this tool is too much work for them, the FBI is saying they will make Apple give the source code and signing keys so that the FBI can do it themselves.

If the FBI somehow gets the key, Apple really needs Congress to quickly pass a law making it illegal for the FBI or Apple (et.al.) to reveal or export those keys to any other country or government. Or use is service of. Or else the FBIs (and congress-critters) own cell phones become a bit useless.

 

[apolloa]

Very good comments by Obama, couldn't agree anymore with him. Very sensible.
[doublepost=1457911999][/doublepost]

If the FBI somehow gets the key, Apple really needs Congress to quickly pass a law making it illegal for the FBI or Apple (et.al.) to reveal or export those keys to any other country or government. Or use is service of. Or else the FBIs (and congress-critters) own cell phones become a bit useless.

You do know that cannot be done right? When it comes to criminal investigations it is under the law of that land where it's committed usually. And that includes any court orders requesting Apple release evidence for that investigation, it won't matter what happens in America over this really.

 

[firewood]

You do know that cannot be done right?

Tons of products already have U.S. government mandated export restrictions. Some from major industries (aviation, etc.)

 

[steve333]

News Flash, not as much as you think they are.

You are about 500 times more likely to be shot by someone you know, a neighbour, a friend, family member, work mate than being shot by a muslim, and you are about 1000 times more likely to be shot by another american. Hell you are are about 100 times more likely to be shot by a US police office than by a muslim extremist.

What is being said is that while muslim extremists are a threat, it does not undermine threat from the next door neighbour who is as much a threat as the muslim extremist. So, why just put the spotlight on the muslim and keep ignoring the local threats around us everyday in form of what he mentioned? That's all.

Quantifying the threat doesn't mean it doesn't exist.
Muslim extremists aim to kill as many people as possible and must be stopped.
Are you guys saying since it happens less than the other threats that it isn't important?

 

[AFDoc]

If they can't stop attacks without compromising the security on every iPhone then they suck at their job and should find another one.

 

[hiddenmarkov]

Very good comments by Obama, couldn't agree anymore with him. Very sensible.
[doublepost=1457911999][/doublepost]

You do know that cannot be done right? When it comes to criminal investigations it is under the law of that land where it's committed usually. And that includes any court orders requesting Apple release evidence for that investigation, it won't matter what happens in America over this really.

This. And At the bare minimum if no key given out...how its made will be disclosed.

Defence attorneys won't ask how was my clients info found?

Voodoo techno magic. We can't tell you.

Oh okay, done with this witness.....

This is not happening.

LE had this privilege long ago. DNA matched the defendant, case closed. Defence went back, learned some biology, some statistics....and down the road some DNA evidence was found to be incorrect or inconclusive.

Broken record but in many areas defence has learned to get spun up on technology...or bring in the technically trained co-council and consultants to fill in their knowledge gaps. they won't stop here.

They will also push for disclosure in public. In front of a jury, and an audience. this won't be prosecution/defence in judges chambers no prying ears.

Kind of why we have the jury system in the US in the first place. Avoids so called kangaroo court scenarios where the case is over before its started when the judge already has it in for he defendant. Prosecution has it in for the defendant. Defense is screwed royally. Enter the jury system...judge can be biased. Its not their call, its the jurors. Judge's bias has them make questionable calls in the trial for all to see, they can expect fallout from that.


Apple will have to reveal in open session how this key is made. People won't have the code. they will have the bits and pieces to make some up though. this is how many program. one piece of info, even vague potentially, can open flood gates of ideas.

Been stuck on quite a few projects in school or personal stuff. All it takes is that one or 2 pieces of general guidance to break that code writer's block. Not one line of code given in the help, just a hey have you tried this method or looking at the problem from this angle? Lightbulbs over the head can and do go off, code flows.

 

[spinedoc77]

The analogy is incorrect, a proper one would be.

A search warrant gives you access to nothing but a wall with numbers on and no evidence what so ever.

Encryption is just not the same thing as getting access. You can't force someone to unlock the code on the wall especially if they don't have it and neither does apple.

This is specifically when apple can't recover the phone after the fbi changes the password changing the encryption method on the wall.

Encryption is also more complex than just sending a key

No the analogy is correct. A search warrant gives you permission to search what would otherwise be protected by privacy, whether it's your house, car, hard drive or iPhone is *theoretically* irrelevant. I say theoretically because the electronic age means sometimes an older law just doesn't work. It doesn't mean that Apple will get off the hook, it simply means that the correction is supposed to happen with Congress changing the law(s).

So my question was, can a lockmaker be forced to 1) build a "backdoor" into his lock and 2) provide that access to the government. Encryption can be as complex as you want to make it, but essentially it boils down to being a barrier that protects your information. Whether that information is an actual file cabinet in a physical house, or a file inside a phone hard drive are arguably similar. I understand Apple's technology and that they actually don't possess the encryption key, but the government is trying to force them to open their lock, whether by an existing key or creating new technology to hack its own systems, it's still a request to remove that barrier to information from a device they manufactured.

But I think you misunderstand me, I'm not saying Apple is wrong or the gov is right at all. I'm simply theorizing that this debate rests on what precedent may be out there in the physical world. I know there probably aren't a lot of precedents out there, but some where there has to be something which was impenetrable without the manufactures help, maybe a vault or something.

 

[sir1963nz]

Quantifying the threat doesn't mean it doesn't exist.
Muslim extremists aim to kill as many people as possible and must be stopped.
Are you guys saying since it happens less than the other threats that it isn't important?

No, we are saying stop wetting your panties over it.
ALL the hype about terrorist attacks is to make you scared, the REAL risks are extremely small.
Scared people are more likely to allow others to make decisions for them, in this case the government
Scared people are more likely to make stupid decisions.
You through your fear and paranoia are being manipulated.

You are grossly over estimating the risks because you feel you have no control. The other much much higher risks like driving a car, being shot by someone you know, being shot by police, you believe you have control and therefore you minimise those risks, where as in reality they are hundreds or thousands of times more likely to happen than being killed by a terrorist.

You are more likely to be killed by a vending machine falling on you than by terrorists. Do you want a ban on vending machines ?

 

[firewood]

I'm simply theorizing that this debate rests on what precedent may be out there in the physical world. I know there probably aren't a lot of precedents out there, but some where there has to be something which was impenetrable without the manufactures help, maybe a vault or something.

The human mind. You memorize a long enough encryption key and take the 5th, or are an old guy who just forgets stuff...
[doublepost=1457917280][/doublepost]

You are more likely to be killed by a vending machine falling on you than by terrorists. Do you want a ban on vending machines ?

Tell that to the Christian vending machine owners who formerly lived in fairly peaceful little towns in Northern Iraq.

Past performance is no guarantee of future results. Same is true of all local mortality stats.

 

[JayLenochiniMac]

So my question was, can a lockmaker be forced to 1) build a "backdoor" into his lock and 2) provide that access to the government. Encryption can be as complex as you want to make it, but essentially it boils down to being a barrier that protects your information. Whether that information is an actual file cabinet in a physical house, or a file inside a phone hard drive are arguably similar. I understand Apple's technology and that they actually don't possess the encryption key, but the government is trying to force them to open their lock, whether by an existing key or creating new technology to hack its own systems, it's still a request to remove that barrier to information from a device they manufactured.

But I think you misunderstand me, I'm not saying Apple is wrong or the gov is right at all. I'm simply theorizing that this debate rests on what precedent may be out there in the physical world. I know there probably aren't a lot of precedents out there, but some where there has to be something which was impenetrable without the manufactures help, maybe a vault or something.

I don't think there's a precedent. Even the biggest vault in the world can be drilled into.

 

[firewood]

I'm simply theorizing that this debate rests on what precedent may be out there in the physical world. I know there probably aren't a lot of precedents out there, but some where there has to be something which was impenetrable without the manufactures help, maybe a vault or something.

Another something is a vault in a foreign country that does not honor U.S. warrants. Suppose someone ships all the evidence to a vault in a N. Korean reactor facility? How do you propose penetrating that without Korean help?

 

[Ethosik]

You guys are forgetting one of the other biggest issues with this: Does our government have the power to force a software development company to create an entire separate product? if they do force Apple, employees can decline the work (they would get fired, but you cannot force an employee to do anything). So they force Apple, what if their workers ignore it? This will just become a mess.

I do not agree with this at all. Any software development company should not be forced to make an entire new (fork) of a product. This isn't just one line of code here. It will take some time to get this done and get it done right (testing). How can people agree with this? It is not possible to do what the FBI wants UNLESS Apple creates a new OS.

 

[jnpy!$4g3cwk]

If the FBI somehow gets the key, Apple really needs Congress to quickly pass a law making it illegal for the FBI or Apple (et.al.) to reveal or export those keys to any other country or government. Or use is service of. Or else the FBIs (and congress-critters) own cell phones become a bit useless.

In general, smart phones won't become useless. They will become useless for daily commerce, and, for storing private information. They will continue to be useful as combination phone, GPS, map, and ipod, but, I doubt if anyone would pay $600-$800 for one -- you can get a pretty good generic smart phone for around $200. I can see why Apple is worried-- it has invested a huge amount of money in making iPhone security credible for daily commerce. I find it odd the way law enforcement seems to be so obsessed with smart phones. Compared to guns and cars, smart phones are toys when it comes to crime. In fact, I would have thought that law enforcement would be pushing secure smart phones, because, if no one carries significant cash any more, and people generally stop using checks, L.E. can track almost every significant transaction in real time, and, nobody will carry cash for robbers.

 

[Freyqq]

No matter how you design a back door, the fact that it exists makes the software fundamentally less secure - regardless of what precautions you take. The best security is to not have a back door at all. It's hard enough to design a secure system as it is.

Also, it is fundamentally impossible to create a system that only a small number of people have access to the code, if you ultimately want all encryption software to have a back door.

 

[techwhiz]

We have a lock for encrypted devices. It's a code held in the minds of the owners. If a person refuses to give up their code they are held in contempt of court until they provide the code. They can rot in jail.

Actually the supreme court has found that a cell phone password cannot be compelled.
You can force the access of the finger.

 

[steve333]

No, we are saying stop wetting your panties over it.
ALL the hype about terrorist attacks is to make you scared, the REAL risks are extremely small.
Scared people are more likely to allow others to make decisions for them, in this case the government
Scared people are more likely to make stupid decisions.
You through your fear and paranoia are being manipulated.

You are grossly over estimating the risks because you feel you have no control. The other much much higher risks like driving a car, being shot by someone you know, being shot by police, you believe you have control and therefore you minimise those risks, where as in reality they are hundreds or thousands of times more likely to happen than being killed by a terrorist.

You are more likely to be killed by a vending machine falling on you than by terrorists. Do you want a ban on vending machines ?

I'm not paranoid or scared at all, I expect the government to do their best at preventing an attack and if they need to get into that iPhone to get info on their accomplices than Apple should do it.
I'm not blind about the possibility of another large attack and ignoring it doesn't make the threat go away.