FTA:<p><pre><code> At a news conference on Thursday devoted largely to
combating terror threats from the Islamic State,
Mr. Comey said, “What concerns me about this is companies
marketing something expressly to allow people to hold
themselves beyond the law.”
</code></pre>
The state and the law are separate entities, Mr. Comey. It concerns me that, in your mind, you have conflated the power of the state with the normativity of the law.<p>In the twentieth century, the modern state gained the power to destroy all life on Earth. In the twenty-first century, the modern state <i>and</i> the modern citizen gained the power of private machine-assisted telepathy, memory, and computation. The state and its avatars must recognize that it cannot and must not have the ability to exercise absolute power over citizen's thoughts, computations, and communications if it wishes to foster a healthy and free society.
The most important takeaway of the "post-Snowden Era" is that both companies and the government lie.<p>Apple now is in the damage control mode, trying to undo the massive credibility hit dealt by Snowden revelations. But since they were in bed with the NSA for several years prior, I <i>really</i> doubt they have an option of divorce. If they were strong-armed into cooperation before, it'd be foolish to assume that they can get out of it on such a flimsy technicality as a in-device encryption. So what's likely to be happening is that Apple started encrypting, the state started saying "Oh, noes! It's unbreakable. Buy American again." and behind the scenes they still cooperate in a less in-your-face fashion. Something as simple as initializing PRNG on the device in a predictable manner - piece of cake to do, very hard to detect, but exploitable on the spot with a bit of foreknowledge. Where there's a will, there's a way. And the will <i>is</i> there.
Well dudes, you screwed it up for yourselves with illegal wiretapping, the perhaps legal but still outrageous secret court orders and the attitude you presented when all this came to light. Fuck you.
This makes me extraordinarily happy, perhaps this is the first major step in the struggle against government spying on innocent citizens?<p>On another note, is anyone disturbed by how even the idea of people being able to store their private data securely being seen as inherently criminal by high level officials? What does that say about these people in power, they literally view your right to privacy as dangerous. Sickening.
<p><pre><code> The new security in iOS 8 protects information stored on
the device itself, but not data stored on iCloud, Apple’s
cloud service. So Apple will still be able to obtain some
customer information stored on iCloud in response to
government requests.
</code></pre>
Some? I think the importance of this qualification has been overlooked everywhere it's been reported.
> Breaking the code, according to an Apple technical guide, could take “more than 5 1/2 years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.” (Computer security experts question that figure, because Apple does not fully realize how quickly the N.S.A. supercomputers can crack codes.)<p>Uh, what? Surely the journalist has missed an important technical detail here, right?<p><a href="https://www.grc.com/haystack.htm" rel="nofollow">https://www.grc.com/haystack.htm</a>
If I were the NSA, I would publicly ream Apple about the fact that I can't access the encrypted data on iPhones.<p>I would privately thank them for putting in another backdoor that actually lets me read all the data I want from them.<p>It's a win-win. Apple gets to look like a privacy crusader. The NSA gets access to all phones. And best of all, iPhone users get to believe that their phone is unhackable, so they won't take the same precautions to hide their illegal activities.
James Comey, head of the FBI:<p>"The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense."<p>The whole point of our system is that this guy can be as ignorant and disrespectful of our liberties as he likes, without actually endangering our society.<p>Which isn't to say that attitudes like his won't do damage. Really we ought to have officers -- in ALL stations of government -- with a far better understanding than this. Who, exactly, appointed this guy?
You would have to be very gullible to believe this show, I would not be surprised if this is done in cooperation with the government. They want you to use propitiatory software and own personal surveillance devices such as phones and Apple wants to sell your their product. They both would win from such a scenario. I do not buy it, the least I can do for Snowden is to be very skeptical.
> Mr. Comey said, “What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law.”<p>This is a huge blanket blaming statement. Our intent can be protecting someone's privacy without ever addressing their intent to do harm to another. And, given the propensity of people who don't wish harm on others, I'm totally OK in supporting and pushing for these types of protections in consumer goods.<p>If anyone has tried to go beyond the law here, it's the NSA.
I think the big issue here isn't that Apple is now encrypting iPhones. In general, being able to secure the data on your phone is a huge benefit for the average consumer. People lose their phones all of the time, and you have no idea who is going to find your lost phone and what they're going to do with the data on it. Given the amount of sensitive data people throw on their phones without thinking, Apple is probably doing more to prevent petty crime and identify theft by encrypting the data on iPhones.<p>The big issue as I see it, though, is that Apple isn't advertising this as a means of protecting yourself from criminals. Instead, they advertised it as a means of preventing Apple from complying with warrants. Warrants constitute an violation of a person's privacy which is explicitly allowed in the constitution. There's a good reason we have them, and a process that's been in place for a few centuries to limit their abuse. More often than not, the bad guy is not the federal government, and the public is served by allowing the police to investigate specific individuals under reasonable suspicion with specific limitations as authorized by the courts. If people have a problem with the way warrants are issued or how the police carry out investigations, they should seek to change that process, not try to circumvent them.<p>This isn't going to keep out the NSA. It only affects that data physically residing on your phone, and when was the last time the NSA had your phone physically in its possession? This likely isn't going to stop actual law enforcement officials from getting access to the data on your phone. Unless you're typing in a strong password every time you pull your phone out of your pocket, the FBI will likely be able to brute force your phone to gather evidence with little difficulty, providing the courts allow them to do so. On that front, the only thing this has really accomplished is allowing Apple to give the middle finger to the feds in an attempt to appease a customer base who thinks the government is out to get them.
It's the government's fault that this is a feature that companies would a) build and b) market as a key feature. The public finds this attractive because of their nefarious activities. We reap what we sow.<p>The benefits of being able to crack phones quickly in the few cases where it is in the public interest to do so do not outweigh the harm that would be done to the public if it were possible. Further, the types of people that really want to harm us are using third party or custom tools that encrypt everything anyway.<p>The feds and local police will lose a few more low-level drug cases, and maybe a few insider trading cases, due to Apple's security enhancements. I'm OK with that.
So what are the actual rate limits on unlock code discovery?<p>If you're typing in passwords, it might take a while.<p>If you've disassembled and imaged the storage device, and have physical access to the hardware security module (HSM), does that improve your rate or ability to parallelize?<p>I've been a little annoyed at how the FBI (for itself and again as proxy for the NSA) is playing helpless, as if the Director of the NSA or FBI is going to be stuck tapping unlock codes into a suspect's phone while the countdown timer on a 100 mega-pedophile nuke ticks down, somewhere in The City.
Apple's position here is that my private iPhone data belongs to me. If the government suspects me of criminal behavior, the search warrant should be directed at me, not Apple. I'm not a lawyer, but I think this makes perfect sense.<p>The next logical step is for Apple to encrypt my private iCloud data as well, and protect it from anyone except me (not sure if the technology exists to do this yet.)
A 6 letter alphanumeric password, do they think people use old laptops to generate the possible passwords?! It should be at least 128 or 256 if they're being serious about security and preferably much much longer than that.
>“We’re using a locker that actually has a combination on it, and if you don’t know the combination, then you can’t get inside. Unless you take a sledgehammer to the locker, there’s no way we get to the files.”
~Jonathan Zdziarski, a security researcher who has taught forensics courses to law enforcement agencies on collecting data from iPhones,<p>These people literally think on the level of schoolyard bullies.