The “Encryption” Debate

“Encryption” is quoted in the title of this essay because encryption is NOT what any of this is actually about. The debate is not about encryption, it’s about access. It should be called “The Device Access Debate” and encryption should have never been brought into it.

Modern smartphones have batteries, screens, memory, radios, encryption, and a bunch of other stuff. Collectively, they all make the phone go, they are all good, and we want as much of each them as the device’s manufacturer can squeeze in. We do not want smaller batteries, lower resolution screens, less memory, less capable radios, or weaker encryption. And it is entirely proper for Apple to boast about the battery life, screen resolution, memory, radio, and encryption strength of their products. The FBI is entirely correct when it says that Apple is actively marketing the newly increased encryption strength of their latest phones and operating systems. That’s as is should be, in the same way that Apple is marketing their device’s battery life and screen resolution. Those are all features of modern smartphones, and Apple knows what their users want. We all want those things.

The fourth amendment to the US Constitution states: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The 4th amendment is about managing access. It does not provide that under no circumstances, ever, can duly authorized law enforcement officials enter someone’s home. It provides a managed and monitored mechanism―a compromise―between the privacy rights of the individual and the needs of the citizenry who surround that person. And it is under this 4th amendment that US citizens have enjoyed the balanced guarantee that their home is their castle and that only a lawfully issued search warrant, meeting the test of probable cause, would allow law enforcement authorities a legal right to enter.

Mapping the 4th amendment onto encrypted devices:
Without weakening their devices’ encryption, Apple could arrange to be able to respond to court orders in the United States. If Apple wished to be able to respond to lawful search warrants to unlock their devices, they could embed a single, randomly derived, high-entropy (256-bit) unique per-device key in the hardware secure enclave of every device. This key would not be derived from any formula or algorithm, so there would be no master secret that might somehow escape or become known to a malicious agency. It would be truly random and far too lengthy for any possible brute force guessing attack to be feasible. Upon embedding each individual random per-device key, Apple would securely store a copy of that key in their own master key vault. In this way, without sacrificing anyone’s security, only Apple, on a device by device basis, could unlock any one of their own devices.

This might appear to place an undue burden upon Apple. But this, too, seems balanced. Apple is, as the FBI correctly observed, obtaining great marketing value from the strength of their security technology. It is understandable that Apple would rather not be able to respond to court orders to unlock their devices. But this attitude is not in keeping with constitutional precedent.

Users of Apple’s products would know that our devices sport the latest and greatest strongest encryption, making them utterly impervious to any attacker, hacker, border official, local or foreign government. And that as with the interiors of our homes, only in accordance with due legal process, and Apple’s continuing assistance, could our device be unlocked in compliance with a search warrant. And if, at any time in the future, Apple decided this was the wrong decision, they could destroy their vault of per-device unlocking keys and we would be no worse off than we are today.

Although the perfect math of encryption does provide for absolute privacy, we all know that privacy can be horribly abused and used against the greater public welfare. The founders of the United States, whom many revere, understood this well. Apple should too.

People who intend to comment: Please recognize that I understand there are many additional subtleties, such as handling the demands of foreign authorities. It is probably the case that the applicable laws of each country should be honored. This essay intended only to clarify the confusion between encryption and access, and the scheme I have proposed is sufficiently flexible to accommodate any specific access policy Apple might choose and/or change as needed.

 

Follow-up, 20 hours later:
I wrote this post to separate the issue of encryption strength from access policy. Much ink and angst has been expended over phrases involving “backdoors” and “weakened encryption.” All such concerns are red herrings because unbreakable encryption simply gives Apple unbreakable access control. Apple could design a completely secure facility to manage unlocking individual devices. Whether Apple should do so is deservedly one of the most critical questions of our time, and is worthy of truly engaging debate. If we decide that we want to leave things as they are, that’s fine. But we should not conflate whatever policy Apple implements with their user’s security. We can have both.

This entry was posted in Uncategorized. Bookmark the permalink.

100 Responses to The “Encryption” Debate

  1. Jack smith says:

    We will just have to ad our own. Truecrypt anyone?

  2. wa5pb says:

    Very correct. No mere corporation has the right to change the fundamental constitutional foundations of the U.S. on its own and without recourse. I think it is clear now that Congress will need to create law concerning this, which is what I think Apple is really pushing for so as to get away from the very inconsistent world of law enforcement requests and judicial rulings. I just hope the legislators will consul with knowledgable people, like you.

  3. Michael says:

    As long as there’s a backdoor, encryption is a farce. There’s no way the NSA/FBI/etc. would allow Apple alone to possess the keys to the kingdom.

  4. Carl Smith says:

    With this system my worry would be if Apple could really keep the database of master keys secure. But since Apple has been on the leading edge of security if anyone can do it they could.

  5. Tim Turner says:

    Steve thanks. This was a helpful article. As you said, “… only a lawfully issued search warrant, meeting the test of probable cause, would allow law enforcement authorities a legal right to enter.”

    The 4th amendment does not discuss the ability of searching and seizing, only the right. That said it seem to me that if it were the year 1800 and I had my personal papers seized and those document were not discernible to the party who seized them that problem of ability to discern belongs only to the party who seized my documents. The right to seize has been exercised, the FBI is in full possession of the device and it’s contents whatever state that device contents may present itself.

    • Igor says:

      I believe that this is right. People “encrypted” paper documents by hand long time before enigma machine. I would feel more secure if I knew authorities could decrypt phones but nobody else could but that sounds improbable.

  6. Thomas Griffin says:

    Every manufacturer of a device with encryption will also have to do this (not just Apple). What are the chances at least one of these companies will have a security breach, loose the keys, and all their devices will all be vulnerable to attack?

    • Gary Theron says:

      Not only that, but they’re potentially having to respond to 194 different governments around the world where these devices are sold. The maths around that almost guarantees a breach at some point.

  7. Carl Smith says:

    Another thought: Search warrants do grant the government access rights. But if I encrypt my hard drive with TrueCrypt, Microsoft has no obligation to assist with that warrant just because they wrote the OS running on my computer. Intel has no obligation to assist because they made the processor that did the encryption. Toshiba has no obligation to assist because they manufactured my laptop. In the past, it’s always been up to the government to figure out what to do with the evidence they collect with a warrant. Why should that change now?

  8. mrjoeyman says:

    I whole heartedly agree with SG. One glaring problem with the government is that they have no qualified spokesman to offer this type of information. Just as they don’t UNDERSTAND what encryption actually IS and how it translates into this debate, they are not able to understand what a separates a “back door” from access management. What happened to using the best and brightest minds who actually understand these types of problems like Steve? I know that there is a deep well of people who understand these things as Steve does, so why are they not being tapped to bring Washington up to speed with this technology?

  9. mrjoeyman says:

    And damn…………..its been two years since the last blog entry!!?? Steve did you lose your password?? 🙂 🙂

  10. Léo says:

    Perhaps companies like Apple can keep all parties happy by simply promising upcoming enhanced capabilities loudly and repeatedly at every opportunity, but which never actually eventuate. In this way they could conceivably string along their devotees for *years* without ever upsetting the FBI types.

    This approach is not entirely without precedent either, it seems to be working quite successfully for the author(s) of Spinrite 6.1

  11. mrjoeyman says:

    That was a low blow bro.

  12. M Jackson says:

    The local police seek a search warrant to search your iPhone based on information from a reliable informant that your phone contains photos of you drinking a beer, in violation if your court probation terms. The informant, however, is lying, motivated by a personal grudge. Notwitstanding the falsity of the informant’s information, the police have established probable cause for a magistrate to issue the warrant. In compliance with the warrant, Apple provides the unique key to unlock your phone. The cops and DA’s office personnel now have access to every photo and all data on your phone.

    • mrjoeyman says:

      The informant in your scenario, by your own description is actually UNreliable. Why would a judge believe him if he is falsifying information via a personal grudge? But I understand your concern.

      • Larry says:

        But the prosecutor would claim that the witness is very reliable — they always do. And how would the judge know? It’s not like you get to testify “no that guy’s a liar.” They don’t tell you that someone is in court lying about you to allow the government to access your phone.

        Do you think this isn’t already done to get access to other information? The Constitution limits the power of governments over citizens for very good historical reasons. And BTW, transferring that power to private companies is worse. We know that Verizon gave out phone records simply on request, without any court orders, prior to the so-called “Patriot” act gave them legal cover.

  13. Extension of 4th amendment to new technology is what is needed. Technology fundamentally changes universally private events in our lives, say-conversation you may have in your own livingroom or written mail sent to a friend. First one defines a protected event in our life that no warrant can recover, your interpretation would be equal to a demand that every house builder make permanent AV recording devices for every room, provide storage of all what have taken place, just leave it encrypted until some warrant… Something inconceivable to the founders. Something in that famous Orwell masterpiece (Or E.Zamyatin’s masterpiece, search for his novel “We”…) Second one is even more striking – not only that information is exchanged with minimal protection, but through the very hands of the Government agency… Yet, “old rules” protect that barely protected info from being copied while in Government’s hands. No warrant can ever recover content of a letter sent through USPS. No “access management” is legally or practically available for these “real world examples” nor should it be created for “new technology cases”, particularly after the fact (after conversation happened or after letter went through).
    Equivalents of those rights, violation of which certainly mirrors Orwell or East Germany Communist Regime, must be established for the new technology. Because technology have reached the level of being extension of our life and mind. It is always best for the liberty to burden Government with hard job via negative rights. Nowhere in the Constitution is there a line stating that Government’s job needs to be easy and that we need to sacrifice for that ease.
    Or, simply – same as we know that private conversation can’t be recovered, we must in this new technological era know that the content of our devices is not recoverable. Government must find other means to gather that info.
    Mr Gibson’s idea is simply totalitarian, Orwell’s “Big Brother” screen that is ALWAYS with you. Even thinking that doing so is OK is detrimental to the liberty.

  14. Jim Craig says:

    For me, the fundamental question is “do we (and I mean everyone) have a basic human right to privacy or not?” Answer that question first and then we can develop the right solution.

    • mrjoeyman says:

      I think the answer is yes, but as posted above “It provides a managed and monitored mechanism―a compromise―between the privacy rights of the individual and the needs of the citizenry who surround that person.” So we must take others into consideration and not focus just on ME. In the case of ME I surely would agree with Dusan, but I know if it was one of my family members who was killed in San Bernardino, I would be thankful for such a compromise.

      • x41 says:

        Of cause you would appreciate this if one of your familiy would have been killed. But the difference is that you are emotionaly envolved in this. The Government must not rule via an emotion but based on facts / evidence. That is what protects everybody when in court.
        If theres not enough evidence, and be it through an encrypted device, then, viewed from the govs point of view, the accused is not guilty.
        The damage would be far greater if the accused would be jailed and in x years we learn he wasn’t guilty.

    • bla bla says:

      Yes we do have a right to privacy.

      The United States of America and other nations signed the Universal Declaration of Human Rights in Paris on the 10th of December in 1948.

      http://www.un.org/en/universal-declaration-human-rights/

      The United States agreed to Article 12, and even helped draft it.

      Article 12.

      No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

    • Karl says:

      Any encryption system must be capable of restricting access of the keys down to a party of one[self], and be impractical to crack by guessing. So in my mind the fundamental question is “do we have a basic human right to privacy of our thoughts?” Compelling Apple to hold and provide access to keys is only one step away from compelling people to testify against themselves.

  15. bla bla says:

    Encryption is already open source and widely used in many hundreds of various products. Any law requiring backdoors will only affect Apple and Microsoft. If you’re really concerned may I suggest dis-using your smart phone, and dis-using your Apple computer and getting a real computer (a PC) setting it up with Linux and installing some of those free open source encryption products.

    Any law they do pass will be impossible to police.

    Do you think the Russian government or Chinese government or Iranian government (etc) are going to follow this law and put in a backdoor?

    It’s only enforceable against Apple and Microsoft which I believe are already backdoored anyway. I don’t actually buy this argument that they can’t get into the phone at all.

    The reason people are concerned about this matter is because we DON’T TRUST the governmental officials to actually get a warrant we can dispute in a court of law, what they will do is probably add this scheme into their massive spying program (PRISM), they’ll probably write real-time remote access without warrants into the law via some secret FISA court or something and turn on your camera and microphone in your mobile without a warrant like they did in Batman.

    So I reiterate if this does happen and you don’t agree, just sell your smart phone, get a dumb phone and go back to a normal computer.

  16. TechMudge says:

    Excellent analysis, and simply stated.

    As always, thank you for being a voice of sensibility in an otherwise cacaphonous cesspool.

  17. zMan says:

    All of SG’s points are of course valid. There are two other issues that don’t seem to get discussed:
    1) Any such victory is transient at best: the real bad guys will just use other encryption (and may be already)
    2) I’d like to see this go to SCOTUS, as phones are essentially extensions of our brains nowadays. A reasoned decision might agree with this.

    A couple of other points:
    The folks (not here, elsewhere) who bleat about “What if one of your loved ones was one of the victims?” are missing the point: if one of my loved ones was one of the victims, and there was a human witness who was refusing to talk, of course I’d *like* it if he were hung by the fingertips until he talked. That doesn’t make it right.

    The same applies to the police, saying “This makes our jobs harder”: well, yeah, sorry. So does not being able to beat a confession out of people, or any number of other rules. Get over it. Hint: 10 years ago, people didn’t have smartphones. Were you complaining then?

    • mrjoeyman says:

      QUOTE:
      ***The folks (not here, elsewhere) who bleat about “What if one of your loved ones was one of the victims?” are missing the point: if one of my loved ones was one of the victims, and there was a human witness who was refusing to talk, of course I’d *like* it if he were hung by the fingertips until he talked. That doesn’t make it right.***

      Nope I agree, not right and (No offense taken), but I was not bleating of torturing anyone. Only that I would appreciate it if the phone could be opened and examined for evidence to further avert any loss of life.

      Also point 2, yeah, love to see it go to SCOTUS 🙂

    • Former prosecutor says:

      The members of the SCOTUS do not use email. Messages sent between chambers are hand-written on fine linen paper, placed in the Justice’s personal envelope, dealer with sealing wax, and delivered by a human carrying a silver tray.

      Look at mobile communications cases. They don’t get tech.

      Steve’s idea is workable, though I would like to see the key escrow split so that no one entity has access. Put the second half with the EFF.

  18. bla bla says:

    The house analogy is incorrect.

    For the most part if the police get a warrant to your house, you mostly know they entered and did a lawful search and seizure.

    With your phone we’re talking about the potential for an unwarranted search and seizure and no obvious sign that it took place which does carry a degree of insidiousness with it.

    • mrjoeyman says:

      bla bla, excellent point and one that deserves consideration when the wigs sit down and pound out the guidelines to resolution.

  19. Karl says:

    Imagine if the most important paper in your home was enciphered with a memorized one-time pad [it’s possible, people have memorized pi to thousands of places, to the telephone book]. Sure, a warrant can give the government access to that paper, but can they compel you to reveal your memorized one-time pad? Of course not. This is no different.

    A modern computing device can be used as a human memory enhancer. The idea that Apple puts unique hardware keys into the device and escrow is akin to them putting thoughts in your head. Once you purchase a device, it’s yours. Individuals get to choose keys, and if they choose encryption, can use their devices as they wish including as memory enhancers. And there’s nothing any person, company, or government should be able to do about that.

    • mrjoeyman says:

      Ok then imagine you have a safe in your house and the authorities come in with a legal search warrant. They find your safe and tell you they need to search it. They ask for your combination. Legally are you bound to give it to them? Yes, If the search warrant was validly obtained, reasonably served, and indeed includes the obtaining of illegal items though to be there to be seized, then the police serving the warrant can search anywhere that those items may be reasonably stored – including a locked safe. If you do not “share your thoughts”, ie… the combination, they are legally allowed to “break the encryption” or in this case, open your safe on their own. Do I like it? No. But there again, is the compromise.

      • Karl says:

        The analogy doesn’t work because physical access to effects is different from access to the contents of your brain. Compelling someone to unlock a door or safe is completely different than compelling them to think something.

        In my example they have unfettered access to the paper. It can be turned into any plain-text by inventing the corresponding one-time pad. It is therefore equivalent to private thought.

      • You don’t have to give the police access to your safe. They can break in if they want to. The only reason you may participate is to make it easier for the both of you.

  20. Gary Theron says:

    Steve, well written and I agree, but for one thing. You’ve written this as an American. For the vast majority of iPhone users, the US government is a foreign government. So to see it from our perspective, re-read what you’ve written, but substitute ‘US government’ with ‘foreign government’, and think about how that makes you feel. It’s not a good feeling. And as far as I’m concerned, while I’d rather have the Australian government hold the keys to my device than the US government, the sad fact is that if we have to choose an authority source, or have that authority source thrust upon us arbitrarily, I’d rather have no authority source at all.

  21. Larry says:

    Re Apple keeping a secret key for every phone: You are seriously arguing that we should be content to give a corporation to access all of our private information? And trust that they won’t use that power for themselves, or allow the government to use it except when a valid search warrant has been issued?

    You did hear about the phone companies secretly handing over information to the government before the “USA PATRIOT” act gave them legal cover? You are aware of the FISA court, where 99.999% of requests are granted in secret hearings, and the fact that your privacy was violated is also secret?

    To paraphrase something Franklin supposedly said: if you trade essential freedom for a little temporary security, you deserve neither freedom nor security.

  22. Ric says:

    Assuming the perp hasn’t been killed, why can’t the court order force the owner of the phone to reveal the passphrase to unlock it? They do that all the time with other devices.
    Why should the manufacturer be the one compelled to do that?
    There are many many case where the bad guys take information to their graves the law and the victim’s families would desperately like to have.
    In that case it is just tough luck. No one is digging up the executed and dissecting their brains trying to extract information. Or torturing them prior to execution to get that information.
    The person who USED and ACTIVATED the encryption should be the one responsible to the law, not the manufacturer.
    But just like weapons, a use trail could provide valuable evidence.
    Oh wait, they already have that in the TELCO records.
    What is the value of storing some contact you never use in a phone? If it’s there, they used it and if so, it’s already in records elsewhere rendering the need to break into the phone, null.

    All this weakening stuff is just, a reason to make doing the foot work necessary for a proper investigation something they can troll up easily and digitally. And doing that is routinely shown to be flawed. Take drone kills for example.

    The fourth amendment should stand because the rest of it is just a scam. I’m surprised we haven’t heard the “for the children” chant yet.

  23. greg says:

    There’s nothing in the Constitution (by design) that mandates the government have the ability to search and seize something. The whole point of the Constitution’s 4th amendment is to constrain government’s ability to search and seize its citizens. If it can meet certain requirements, it can do it. If it can’t, then it can’t do it.

    Although what Steve proposes may technically be possible (for Apple), it is not possible (for it to be done securely) with all the technology on the planet. And if just Apple is made to do it, who’s going to buy Apple? People’s misconceptions about the technical aspects will affect Apple’s image (and likely sales).

    This issue is largely one of control over the people. The very thing the Constitution is designed to protect. The sovereignty of its people is under attack by the very group the founding fathers felt comprised the greatest threat to the people: the U.S. government.

    So although Steve’s thought-experiment makes for interesting discussion, it’s only entertaining an idea that goes against the very values and principles this country was founded on. We are the land of the free and the home of the brave. But our government is trying to make us something else.

    This country used to be a Republic. Then everyone started calling it what it is not: a democracy. Today, right now, the country isn’t either of these things: it’s an oligarchy. If the government controls encryption (even as Steve proposes), our country while become something else. Something history has taught us has no good end.

    • TestPilotDummy says:

      Just write your own encryption and stay off mobile devices (which are basically TWO WAY RADIOS — in light of this, why pay AT&T? why not a ham radio instead I ask you? at least then you know everyone is listening all the time–at least then you can control the encryption at both ends). this is the whole point, fbi itself is the center of the “treason” they want the constitution which they SWORE an oath to — to be GONE essentially. Don’t lose sight of that FACT it’s why I Pray more learn about JURY NULLIFICATION.

      The problem with this is at least two part, one of not only a CONSTITUTIONAL REPUBLIC PROBLEM but TWO a problem ALSO because “HUMANS LIVE IN THREE WORLDS” PROBLEM

      humans live in three worlds
      public – Stage/Band/Microphone/TV/Radio/WORKING
      private – Familly/Wife/Friends
      Spiritual – GOD/Beliefs/Worship/Lifestyle/Ritual

      if you MIX these worlds BAD STUFF happens every time!
      ex: LEAKING OUT YOU ARE a Gay Satanist to your Straight Christian Friend at the higher levels of the local community church.
      But also it could technically be that you plan to import 50,000 widgets from Asia and compete against XYZ corp which is protected by NSA goons. ( i said example but man come on I don’t do international corporate espionage and theft often here–your own mind needs to fill the blanks cause the FISA court and the treasonous oath breakers ain’t talkin )

      But nothing is stopping YOU from writing your own encryption to stop these psychopaths from spying on and then exploiting your data for financial, political, and war. There’s a lot of examples out there to get started–so I won’t even bother with that–I too done it too-created an encryption routine. just sayin and I got missing TEETH!. it isn’t that hard. any C programmer with basic logic can crank this stuff out. But personally I think you need to look at the bigger picture here that of paying to be spied on.

      Believe this, while I worked on phones, I NEVER EVER OWNED ONE OR CARRIED ONE. EVER.

  24. greg says:

    Second to last sentence should read: If the government controls encryption (even as Steve proposes), our country WILL become something else.

  25. John Murgen says:

    It may also be true that both Apple and the FBI have a similar goal here in that they both want up to date legislation to address this very topic. I am in law enforcement and one of our struggles is often that our law makers take too long to make or amend laws to reflect the world we are currently living in we are often placed into a position where we have to ‘make do’ with outdated laws trying to bend them to fit today’s reality. Not a square peg into round hole, more like an oval peg into a round hole scenario.

  26. MikeG says:

    Excellent analysis, as usual.

    You allude to the complications implied by requests for access by foreign entities, but there’s an inverse situation that’s perhaps even more fraught: the need by US authorities to access content that’s protected by software or hardware that’s *made* by a foreign-based provider. For example, there could be end-to-end encryption apps made by Russian software engineers whose government would not be likely to pressure them into providing access in response to a request by the FBI, CIA, or NSA. As others have said, when Apple products are known to be accessible by US authorities, users will flock to these foreign uncrackable alternatives, putting access to their activities even further out of reach.

    So in the long run, in the interest of national security and law enforcement objectives in general, it may make more sense to leave the encrypted content inaccessible, while continuing to provide access to the metadata (who installed what apps, who called/texted whom and when, etc.).

  27. Neil Laubenthal says:

    Steve…I gotta disagree with you here that Apple should give on this one.

    First take a look at the FBI’s arguments. They consistently claim that (a) it’s just one phone and (b) it’s impossible for any other solution to break into the phone.

    While they are technically correct in that this particular case is just about one phone…it’s really about a legal precedent to force a permanent weakness in our personal privacy on the phone. Apple’s talk about it being a back door accessible to bad actors is a little disingenuous as well…as the resulting software would really only work with Apple’s signature and hence be unavailable to a normal hacker. Legal precedent that the US government has access would mean that China, Iran, and other countries that don’t like us would do the same thing and Apple would have provide them access as well.

    Since the bad guys in this case destroyed their personal computers and phones…the likelihood that there is any useful data on the work phone is pretty remote…if there was then they would have been destroyed as well.

    While I’m by no means an iOS security expert…I’ve seen plenty of information on the web from those that are with numerous suggestions on how the phone’s passcode could be broken without Apple’s help. While some of them are hard and some are more risky than others…the fact that the FBI insists they don’t exist lends even more credence to the idea that this is more about establishing a legal precedent than about getting important evidence off of this phone.

    While the actual effort of writing and signing the software is probably pretty low…Apple estimated 6 engineers for up to 4 weeks I think…the risk monetarily to Apple is much more than that. From a marketing standpoint…Apple has said that they don’t want your data and have been pretty strong proponents of privacy. Similarly…the cost of the software probably pales in comparison to the effort and cost of maintaining a separate lab, keeping the special software up to date, auditing it and all the other stuff required in order to generate legally admissible evidence from it…http://www.zdziarski.com/blog/ had a nice writeup on this a week or two back…and it’s not a trivial administrative requirement.

    Corporations have been defined as persons by SCOTUS…and hence have 1st and 4th amendment rights…which include the right to free speech…which includes the right not to speak.

    FBI has claimed that CALEA doesn’t apply by stating that FBI’s request doesn’t amount to “software design” which it seems to me is pretty clear from reading the statute. That’s a load of bull…what else besides design does specifying what software has to do amount to?

    I’m pretty partial to that whole constitutional rights thing being a retired navy guy…it’s what we signed up for and swore to uphold.

    OTOH, I’m also sympathetic a little bit to law enforcement’s claims that they are “going dark”…while there’s some hyperbole in this statement it also has a kernel of truth. Nonetheless…it seems to be just the way it has to be given the constitution. In any event…bad guys have already moved beyond just using iOS encryption to protect their plans…apps like WhatsApp with it’s built in encryption, offline encryption via PGP/AES/RSA/etc, even the simple act of just using a known book to select words from and then the email is just a string of numbers…as long as only the bad guys know what book to use (which is pretty easy as all conspiracies pretty much start out with face to face meetings) then we end up having given up some of our constitutional rights for nothing.

    Maybe there’s some middle ground…but trying to force Apple to permanently weaken it’s software and maintain a dual track of code/testing/auditing/etc is troublesome…particularly in view of some of the excesses that have been done in the name of national security. I don’t blame the NSA and CIA for the excesses…after 9/11 they were given buckets of money and told to “never let this happen again” along with what they thought was legal authority to do so…so it’s not hard to understand why NSA did what they did…but it doesn’t make it right.

    One has the absolute right against self incrimination…i.e., the stuff in your brain can’t be forcibly taken from you. Maybe in today’s world…given how our phones/computers have become extensions of our brain…it’s time for the law to accept that your phone should be inviolate as well…particularly as any reasonably competent terrorist will make sure their communications are fully encrypted anyway.

    It won’t be long before Apple introduces software and/or hardware that even FBI’s request would make it impossible to break…again I’m not an iOS expert but using DFU which is what they asked for can easily be required to get information from the secure enclave so that updating software requires either the passcode or it overwrites the existing data. Apple’s engineers are way smarter than I am…and one can be pretty much assured that they are feverishly working on a no joke unbreakable iPhone as we discuss this. I’m not smart enough to know how they will achieve this…but I am smart enough to make sure they’re working on it.

    >

  28. John Moehrke says:

    I disagree. The process might seem clear in the USA. But it sets up Apple for trying to determine the equivalent authority everywhere, and over cross jurisdictions. And loss of dB puts everyone at risk instantly and without having done anything warrant worthy.

    This all puts USA companies at a disadvantage globally. Other countries will love to host companies of this scale. This action by the FBI is bad for capitalism.

    Johnyt

  29. Glen Kilgore says:

    Apple is not law enforcement. Apple has no obligation to do the government’s work for them. Pursing Apple as a tool to Law Enforcement is not the only tool that Law Enforcement has. LE will have to do the best they can with the tools they have. If Apple did choose to help LE, that is Apple’s choice. No one has the right to make Apple choose one way or the other. Forcing one’s will on the unwilling has consequences.

  30. Glen Kilgore says:

    Also, the price of forcing Apple to do what it resists should have huge consequences. If Apple unlocks one phone, because the government forces them, the price should be to unlock all phones. The question then is, is the cost worth the price?

  31. Thanks for your thoughts on this, Steve. My concern with mandating that manufacturers provide law enforcement access under a court order is that it will encourage–if not require–them to lock down mobile devices with proprietary software so end-users can’t easily circumvent those restrictions. We’re already starting to see his happen with the new FCC rules requiring router manufacturers to prevent their customers from manipulating wireless radios outside of regulations. At least one has said they will comply by blocking installation of third-party firmware (TP-LINK).

    If PCs had evolved this way, we might not have alternative open source operating systems like Linux and FreeBSD. Or at the very least, OEMs would be prevented from installing them.

    And imagine if the current debate involved PC manufacturers maintaining the ability to access desktop computers sold to corporations. Perhaps Lenovo could contract with Comodo to maintain their master key database. It would be laughed out of Congress, of course.

    Just as you have espoused the benefits of Trust No One (TNO) encryption, we deserve the same freedom when it comes to protecting access to ALL of our computers including mobile devices.

  32. Dpg says:

    Greatest respect to Steve, I’ve learned so much from him over the years. But this essay hmmmmm….

    …in 1800 had I been concerned that authorities would obtain lawful access to my home, and have access to master keys for my safe where my paperwork was stored, and wished to protect against that, then I might have elected to use a code (or algorithm if you like), to obfuscate the information contained.

    This essay is far too simplistic and naive. It would create a whole new mess with hundreds of companies, countries and jurisdictions in endless procedural wrangles to obtain information on the most spurious of reasons. A company of apples size would need an army to respond to the requests. That means lots of people with access to things, and such data bases would have a big red target painted on them from day 1 by state actors and criminals. What price the corruption of a dba, or even collusion between folks, least access and privilege would be a knotty problem to solve.

    IMHO unbreakable crypto is the least worst option here, just like democracy is the least worst form of government we know. Pandora’s box folks.

  33. Edward Skar says:

    Excellent analysis Steve.

  34. @Hearth says:

    Hi Steve, thanks for your insights.

    While I agree with you in principle, in practice I don’t believe this is feasible. As some other commenters have already noted, this does not take into account the vast number of Apple’s products which are not sold or used within the US, and therefore do not fall under that jurisdiction. Apple would have no right (neither would the US government) to be able to access those devices, and this would be another NSA fiasco.

    Additionally, having a single store of master keys for all Apple devices in the world, wherever it is stored, screams out as a target for hackers. I’m not saying it would be impossible for them to be stored correctly and securely, but the volume and frequency of major corporate breaches, social engineered infiltration and downright stupidity (by ignorance or callousness) that leads to private data being leaked does not lean towards trust for something of this scale.

    I understand the angle that you are coming from, that the US government feels the must necessarily mandate access to potentially suspect devices. But Apple must be required to think on a global scale, and how its decisions will affect their entire global operation. Being outside the US myself, I fully support Apple in resisting being forced to compromise. And to be honest, it would not surprise me if we start to see a trend in coming years of tech companies moving their core operations away from the US in order to avoid being subject to such legislation.

    It is at least a good thing to be having this discussion, and one can only hope there are similar discussions occurring behind the doors of both Apple executives and congressmen. It is also good to see the tech companies uniting to stand together for a principle. Kudos Microsoft.

  35. Pingback: The “Encryption” Debate | Steve (GRC) Gibson’s Blog → | Damashe.org

  36. Tru Friendl says:

    Steve, I see three issues with your your proposed solution to this accessibility problem.

    1- It is NOT TNO.
    2- What happens when the FISA court issues a warrant demanding the entire key database and covers it with a NSL?
    3- If/when the database is compromised would these “spare keys” be able to be decertified and reissued as with other security certificates?

  37. Internet Ink says:

    Steve wrote:
    “All such concerns are red herrings because unbreakable encryption simply gives Apple unbreakable access control. Apple could design a completely secure facility to manage unlocking individual devices.”

    That simply is not true. For any such system to be effective it must be accessible to every law enforcement office in the U.S. who could get a search warrant. Each one of those would be a new potential for hacking or abuse which currently does not exist. In addition, once the capability existed to access phones, such access would quickly be sought after by foreign governments greatly increasing the attack surface area even more.

    Another troubling part of Steve’s analysis is that it assumes this precedent would only apply to Apple, and it would be mitigated because Apple has the money and expertise to do it right. However for this to be effective, every application that could encrypt its data would also need to have a way to circumvent that encryption. The expense and liability of handling these search requests would fall on any developer who wanted to secure its data, and would be implemented with varying degrees of competency.

    Steve already stopped his development on CryptoLink because he didn’t want to weaken the product or deal with official requests for access. How would this guaranteed access to the data by law enforcement be any different? The chilling effect of this type of government intrusion has already cost the public of the Gibson Grade Security™ of CryptoLink. Isn’t that enough?

  38. John Leary says:

    Well said, but … the solution that you recommend would leave Apple in possession of what literally amounts to Pandora’s Box. How could they guard it; what would their liability be if its guards were compromised; could you know who breached it? The old Romans even had a proverb about this: “Quis custodes ipsos custodies?” (Who guards the guards themselves?) Furthermore, since the former is fairly obvious from a legal perspective, it seems to be that the US Government would endeavor to take possession of this box of keys, pro bono publico. While some in the USA might trust the government, fewer in foreign nations would do so. Who mediates the use of this box of keys ? Then, on the flip side of this discussion, which only has focused on what Apple can do technically, there are two other questions. One is what evience will the US Government use to obtain an “Oath” and “Judicial Decision” to gain access to this box of keys (since access is so ripe for “fishing”), and what information may the US Government use when it gets access to a specific smart phone. The latter problem is tricky. In two words, it is that there can be unforeseen “collateral damage” from opening a phone’s “encryption lock”. Who pays when this happens? How to decide that opening the phone was the cause of the damage ? Certainly not the government, nor the “owner of Pandora’s Box.” Who else then? It’s a messy bag of worms.

    • Glen Kilgore says:

      You secure by at least three independent keys to the vault that must be must concur and be in agreement before it can be opened,

  39. MikeG says:

    In a timely piece, 60 Minutes last night featured Pavel Durov, the “former” Russian author of the Telegram end-to-end encrypted messaging app which has been and is being used by terrorists and, in his words, hundreds of millions of innocent people who live under repressive regimes. “Former” in quotes, because he was forced to flee Russia when he was nearly jailed for “refusing” to provide access to encrypted messages. “Refusing” in quotes, because Telegram was implemented to be impossible to crack, including by Durov (i.e., he couldn’t provide access if he wanted to).

    He implied, but didn’t say explicitly, that the tradeoff was perhaps several hundred terrorists who would take several hundred live-in the west vs potentially tens or hundreds of thousands of people living in China, Iran, Syria, N. Korea, Russia, and other countries where people would be jailed or executed for views critical of the government.

    We will see if Durov is still alive in a month, as we have seen the long arm of Putin exact revenge on dissidents in the UK, the US, and other countries.

  40. JeffA says:

    1) Constitution establishes a warrant is necessary for the government to have access. That does not mean that a warrant is sufficient. Reality will always be a limiting factor.
    2) It is unrealistic to think a government will always have access to any data it would find useful. Bad guys have taken secrets to their graves for centuries; this is nothing new.

    If a living person from https://en.wikipedia.org/wiki/List_of_last_known_speakers_of_languages keeps notes in their language, the US can not compel them to do translations. If I make up my own language or representation, the US can not compel translation. Either of those is just as much a form of encryption.

    This debate could also be framed as data at rest going dark just as TLS with perfect-forward-secrecy has made data in transit progressively go dark to 3rd party monitoring.

    • Karl says:

      That strategy is good, as the US demonstrated with the Navaho code talkers in WWII. They had a perfect record of both fidelity and secrecy.

  41. jwadamson says:

    p.s.
    I actually do not agree with the statement “Apple could design a completely secure facility to manage unlocking individual devices.” While there likely are significant differences, we don’t have to look past RSA for an example of a large/wealthy company losing control of keys from a secure facility. The entire purpose of that RSA service was to keep those keys safe; not just as a side concern like it would be with Apple.

  42. Philip Le Riche says:

    What you say is absolutely reasonable but still I have two problems with it. RSA lost their master database of keys a few years ago and it’d potentially only take one mistake for the same to happen to Apple, even if you credit them as the most secure company around. And since the database would have to be open for writing all the time, with the secret keys transmitted to it from China, I wouldn’t like to be the person charged with keeping it secure. Secondly, if China knows the database exists, can you imagine them not demanding all the keys for Chinese iPhones? And if China then Iran, Pakistan, India, Israel, South Africa … and once they’d all been satisfied, can you imaging the FBI wanting to be left out?

  43. Seth Leedy says:

    A new post since 2014, my goodness.

  44. John Burchett says:

    Well said, Steve.

  45. Your ideas are interesting for sure, but they are not a good solution. Your ideas echo back to the Crypto Wars of the ’90s, and the Clipper Chip.

    Many other security experts have considered ideas like yours and rejected them, including Whitfield Diffie, Bruce Schneier, and others.
    Read this Technical Report from MIT about it.
    http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf

  46. rcomian says:

    You cannot say that security has not been weakened. There are now 2 keys that can access your device, not 1. And 1 key is held in trust by a third party who is, by definition, supposed to have access to it for *legal* means. This isn’t math, so they must have access to it at all times.

    So basically, they promise not to look at it unless they really want to.

  47. Stephen Cupp says:

    Don’t worry. If the FBI doesn’t win their next option is to force Apple to hand over the iOS source code and their iOS private signing key. They even said so in a court filing.

    http://finance.yahoo.com/news/fbi-threatens-to-demand-apple-s-secret-source-code-214832611.html

    • Glen Kilgore says:

      Mr. Cupp, you have keen insight to the matter. You have correctly identified the issue. Does anyone have the right to impose their will on an unwilling participant? That is the heart of the matter.

  48. Backsnarf says:

    Strong encryption simply provides me the ability to dictate what digital records of my thoughts and actions dies with me. Just like the mental records of my thoughts and actions. Encryption makes the FBI holding my phone in their hands no different than them holding my brain. Maybe they should be going after the medical professionals to let them decipher Farook’s dead brain for information.

    • MikeG says:

      Good thought, but it’s not a good analogy. We *know* how to decrypt encrypted information. We *don’t* know how to extract information from a brain.

      But the principle that you describe is valid: there’s information that is personal property and should be off limits for subpoena. It’s a principle similar in some ways to the Fifth Amendment that says you can’t be forced to incriminate yourself.

  49. James Morgan says:

    Other commenters have alluded to the fact that it is important that the iPhone is manufactured in China, but I didn’t see anyone address it directly. If these per-device override keys are flashed into the device in a Chinese factory, how does Apple verify that they are not also copied to the relevant Chinese authorities?
    I may feel safe that Apple could protect their database of keys, but do I feel safe that they could perfectly protect the entire supply chain involved in moving from raw silicon to a functional phone with an escrowed key. I don’t think I would feel safe if this was proposed as a real solution.

  50. Tim D. says:

    I must take issue again with your belief that Apple could securely manage master encryption keys. Have you not stated (something to the effect of:) “Verisign/Symantec (I think that was the company) did not properly vet an (incoming) certificate signing request and signed, and sent out a certificate with re-signing rights”? I remember a discussion about how such a certificate with resigning rights would allow the issue (Grantee?) of the certificate to mint a self-signed certificate, for any not-so-random site, sign it with their newly issued certificate, and the trust chain would be unbroken all the way back to the root certificate?

    If a company whose sole focus is security is fallible with regard to such keys-to-the-kingdom level items, what reason do we have to believe that Apple is infallible?

    I believe that the best argument I have heard in regard to this debate equated encryption to the second amendment. To paraphrase:

    …something else we all know is very dangerous and very often used and misused by criminals, terrorists, (Authoritarian regimes? –My addition) that is to say firearms. The founding fathers believed that the right to protect oneself from violence fell second to only the right to freely express oneself (Primarily criticizing the government –My addition.)

    (This next paragraph continues with above but is far more about adding my thoughts)

    The founders believed that the citizenry needed to be able to protect themselves from petty criminals, but also foreign invasion or authoritarian internal government. Likewise, as the Snowden NSA Papers have shown us, we simply cannot trust the government not to overstep it’s bounds. I feel therefore, that either a new constitutional amendment, and amendment to the second amendment, or as someone stated in previous comments, the fourth amendment, should be created/modified in the following way:

    Strong encryption, unencumbered in any way, by any authority; being necessary to secure unto The People, the rights given them elsewhere in The Constitution, The Bill of Rights, laws and judicial rulings both previously established, and into the future, against all threats, foreign or domestic; or to put it in the more modern, pure Orwellian terms, both “Big Brother” and “Little Brother;” the rights of The People to have and to use strong encryption, which is unbreakable even upon rendering of a proper search warrant, shall not be infringed.

    Encryption is either strong, or weakened, and the weakest link in any chain is always the human element, and the more human links there are in the chain, the more avenues there are to attack. Let us say, in some hypothetical future, that Apple does implement a system as Steve describes, and to avoid the China assembly problem lets just say that Foxconn ships the phones in reusable bulk packaging to a factory in the US where workers remove them, connect them to the “Master computer” which generates the master bulk cipher key, and records it in Apple’s “Master Vault.” Presumably law enforcement agencies all over the country, (City, county, state, FBI) will need some form of device, that would probably contain a Faraday cage with gloves so the law enforcement official could remove the phone from a Faraday bag, without any commands being received over 3g/4g/Wi-Fi/bluetooth, and connect it to a lightning connector, in the cage. The machine would then read the IMEI number, transmit that to Apple, receive the master key back, and then suck the data out, decrypt it, sign it, to verify it isn’t changed after being copied. (I’m sure there’s a “Digital evidence” process that covers all that, that should already be in place.)

    You (Steve) yourself have told us of the downgrade attacks that are only possible in part, because of US classification of strong encryption as munitions that caused Netscape to not package strong encryption into their browser, so they wouldn’t be held responsible if the “US” version somehow escaped the US’s borders.

    Furthermore, Apple having a “Master Key” would preclude any and all secure erase function from being truly secure. With the Secure Enclave, It’s simple. Generate a new bulk cypher key, and write it into the Secure Enclave memory designated for the same. the key would have to either remain the same… or even worse, be re transmitted to Apple over the Internet.

    Lastly, I want Steve to tell us why he has backed off from his “Trust No One” stance on encryption. I do not need to trust Schalge’s ability to keep a secret for the security of my home. furthermore, there is no serial number on the exterior of my door lock that would give the police the information they need to CNC a blank key into one that will open my front door. Why should a locked box in my pocket be any different.

    One thing I’m starting to wonder about after comments about physical papers… Is there any case law at all here? Has any government anywhere ever seized papers containing encoded/enciphered information? What about steganographic (hidden) information?

    If Apple is forced to capitulate to the FBI, you know Russia, China, and other oppressive regimes will come calling. This can only be good for manufacturers of generic Android phones, as the people who are truly up to no good will compile their own Android, and/or use third party apps from any of a large number of countries worldwide, leaving only the ordinary citizens vulnerable to such law enforcement measures.

    • MikeG says:

      Your discussion suggests an appropriate comparison with the Second Amendment, which is held by many people (and the courts) to protect a means of defense against a tyrannical central government run amok (or any entity run amok). While strong encryption is not a weapon, it is just as powerful a tool of self defense and, in this sense, should be considered to enjoy the same status as a weapon that is protected by the Second Amendment

  51. Fresher says:

    A technical question: Suppose the Govt requests, and gets, access to your iPhone. Suppose they search it, and find nothing. As I undersand your suggestion, they now have warrantless access to your phone for all time. If that key leaks, so do the bad guys. If you sell your phone, would you tell the buyer that this phone is no longer private? Conversely, if I buy a second hand phone, I can never be assured that it has not previous had its second key leaked. How do you solve these issues?

    • MikeG says:

      I believe that at least one of the keys is changed when you change the passcode or reset the phone. But the FBI isn’t asking for the keys; they’re asking for a modified phone so that they can try an unlimited number of keys without the phone erasing itself. If they had such software that could work on all phones, then no phone would be safe from hackers.

      • Fresher says:

        My question was in response to Steve’s post, not to the FBI’s request.

        • Fresher says:

          That is to say, MikeG, I agree with you completely, so we need not argue. My question, addressed to Steve, points out what I believe to be a flaw in his (Steve’s) argument. If each phone is given a unique decryption key (let’s call it the “Gibson key” for disambiguation), and if the Gibson key for a suspect’s phone is then handed to police upon presentation of a warrant, and the suspect is found innocent, then that innocent person’s phone is now *permenently* insecure – no further warrant needed. This is an argument against the whole Gibson key system, unless Steve can solve this.

          • MikeG says:

            I see your point. I guess that we don’t know enough about how Apple would implement any access that they provide to the FBI (including Steve’s proposal) to know whether what you say would be true. Certainly it could be, which would obviously be a serious problem.

            Anyway, we’ll have to wait a while to see how this works its way through the courts.

  52. Gary says:

    Thanks Steve but two brief points. As previously explained, the analogy with a house is not a good one. Apple’s attitude IS in keeping with precedent – besides postal mail, there are numerous other examples of secure, “warrant-proof” situations – e.g. Attorney – client conversations, contents of diplomatic pouches, etc. Secondly, I do not believe that Apple is “actively” marketing iPhone security. I don’t remember seeing security mentioned in any iPhone ad.

  53. Glen Kilgore says:

    What are we doing here? Let us define.
    Steve framed the conversation in the medium for debate.
    In a debate or discussion. All sides are to work toward a common goal. In an argument, each side is has their own agenda and is not interested in finding common ground or listening to what the other side has to say.
    In this debate Steve proposed a technical solution for how Apple could do it. The appropriate response would be to come up with an alternate solution for how this could better be done technically.
    Ask an engineer how to, they would engineer a solution. Ask a programmer how to, and they would write a program. Each to their own gifts and talents.
    Some may use this forum incorrectly to state whether Apple should help or not help. That is a different argument for a different forum. It clearly Apple’s decision if they want to aid or not. And certainly a more emotional argument whether the U.S. Government has the right to force its will on an unwilling participant.

    With that said, is Steve solution sound as technical solution for doing the thing? It is probably very close, with a few external modifications to ensure its integrity.

    That is what should be debated, how to do it properly should Apple choose to. If Apple’s only reason for not doing is because of a technical issue, then I think we are very close to a solution. If Apple has other reasons for not wanting to comply with the request, that is between them, the government, and all the stake holders, presumably people all of good conscious, to work out.

  54. David says:

    RSA tried this solution. It didn’t work out well for them. You argue that Apple could keep this high value database with everyone’s backdoor secret. But RSA, a company with a lot of experience in the area could not – and one rogue employee or thief could compromise everyone’s security. I think you need to re-think your answer.

    • Glen Kilgore says:

      David,

      Excellent point, “the insider” is always involved in huge thefts like this. Remember, in this case we are NOT after speed. Time it takes for access is not a concern. It should be deliberately slow. So you would want to make it so that the eggs are not all in one basket. You would have at the very least three keys at multiple physical locations to be able to access it at all. LE, Judicial, Apple, and a neutral would probably suffice. Not unlike a two (physical key) system for weapons systems.

  55. Deng says:

    Very nice explanation Steve. Thank you for this.

  56. Paul Edwards says:

    I’m not into encryption so anything I say wouldn’t mean much!
    Paul

  57. Neil says:

    Hi Steve
    I was just at the fingerprints/encryption section of your site and as I was reading and trying to take it all in – you said this:

    “simply arranges to add one additional “Pseudo Certificate Authority” to their users’ browsers or computers. It’s that simple.”

    It was then that the thought occurred to me that, ‘what if it would be possible to detect that Pseudo Certificate and weed it out in the same way that one detects spyware’, then it should be possible to thwart someones attempt to spy on your https traffic. Yes? No?

    I have a feeling that the latter is the case as I am not fully 100% up to speed with the whole issue and I’m sure that someone would have come up with that solution already, if it were feasible. But the question keeps bugging me as to why that would not work, if it really was that simple.

  58. TestPilotDummy says:

    So basically I live down the hill from you in Sacramento, and I been following you since about the late 90’s back when I was learning ASM. The past few years have made it quite clear to me, that we oath breaking traitors running the show and who have TREASON already under their belts while everyone who has sworn an oath who IGNORES this is also guilty of the SAME TREASON.

    until this is rectified NOTHING MOVES FORWARD. and I have a lot of respect for Steve, but I have to say he’s going to end up with foot in mouth over these staged false flag attacks. The ROOT of the issue is TREASON by our officials who have got corporations maskarading as government agencies.

    There’s no redress, and I DREAD having to deal with this serving Jury duty downtown Sacramento, all I know is there’s a great big NEW jail and most of the crimes are just unconstitutional crappy laws and ordinances. I dread the duty cause I have an OLDER OATH I took in the USAF to the constitution, and when that judge asks us to swear, I have to LIE because I can only hope and PRAY, I Might be on the Jury to NULLIFY a crap law. or a good law being used bad.

    The banksters and tel-aviv need to be cut off, the borders secured, and the monetary system based on Gold and Silver like it was written, ENOUGH OF THE THEFT, MURDER AND TREASON.

    Yeah they want to breech the 4th Amendment, these marxsist communists hate the constitution.

    Also the Global warming crap is a fraud. They chem trail spray, LOOK UP YOU CAN SEE THE CRAP RIGHT OVER YOUR HEAD IN ELDORADO HILLS, JUST LIKE I CAN IN SOUTH SACRAMENTO!!!

    I am done with this left right paradigm of TREASON, WAR and mayhem.

    Throw them all in PRISON or HANG THEM FOR TREASON, SHOOT THE NATO CHEM TRAIL JETS DOWN.
    KICK APIAC OUT OF THE USA, and boot all DUAL CITIZEN officials holding HIGH OFFICE like Feinstein, Dual citizen of USA/ISRAEL (who is stealing land, racist, and spying on the US secrets) I woul dhav e their security clearances yanked and the ****ing pentagon cleared out in 24 hours, no more access to vaults, networks, papers, lines, workstation, no more contracting for, elected as, or appointed by ISRAEL in the USA!! and no more saying Anti-Semitic when we are talking about ISRAEL and RACISTS.

    I love Jews, I have them in my family. These psychopaths only CALL THEM SELF JEW. They are psychopath treasonous murdering racist spying scum

    That’s the truth of the matter. Israel has our state department and country by the balls.

    We can play around with all this apple is secure/ not secure crap. Hell even John McAffee said he could crack that stupid ass phone. That wasn’t what this was about, this was about the camel’s nose under the constitution and bill of rights by these traitors who belong in PRISON for the rest of their life–cause that is what is going to STOP this PATH we are on.

    The lies stop AFTER

    THE ARREST THESE ****ING TREASONOUS TRAITORS RIGHT NOW!

    Look at the hillary thing. the FBI… that was where I would have shown respect, but since they DONT ARREST HER… then they themself are now complicant and guilty of the SAME TREASON..

    Don’t call me to jury duty if you don’t want your fascist laws nullified.

    Otherwise in the DHS minds, “it’s the US citizen who is the domestic terrorist now.”

    mother ****ers!

  59. Oh dear says:

    In an ever-changing world it’s good to see that the close relationship between ranting loonies and the capslock key remains one of the few constants.

  60. Papa Oz says:

    Steve has taken the position that a manufacturer could create the ability to decrypt the phones they sell. I am skeptical of the security of any such system, but that is not the subject of my post.

    My great-great grandfather was an owner of a company that made safes. I have one of his safes in my home. It is easy to set the combination of that safe to anything I want it to be. Grandpa’s company has (had) no control over my doing that, no knowledge of what I changed it to, and no ability to get into the safe after it left the factory.

    The only way into that safe without the combination is brute force. A drill, some explosive, whatever. This is the proper precedent to invoke with respect to the electronic safe that protects our personal data — the smart phone. Asking manufacturers to retain the ability to access the contents of a phone makes no more sense to me than asking my grandpa to be able to get into a safe that he had made.

    • MikeG says:

      Thank you for a very clear, well-thought-out comment that is generally relevant to the current discussion. However I would point out that while brute force *is* possible with your safe, if phones were really as secure as the companies are planning to make them, *nothing* will be possible to break in (to bend your analogy a bit, the FBI was asking Apple to provide dynamite so that they could break into that phone by brute force). I’m not sure whether this is a meaningful point, but it does show the very slight imperfection in the analogy.

  61. gavin says:

    If I understand secure enclave correctly.. Isn’t there already a randomly generated 256 bit ID stored in there? (see one of zdziarski’s latest blog entries)
    The only thing we don’t know, is whether apple keeps the list.

  62. Jim says:

    check out this news storey regarding the Blackberry and master decryption key for the blackberry
    http://www.ctvnews.ca/video?clipId=850130

  63. No Name that matters here. says:

    Three points:
    1.- This is false: “Without weakening their devices’ encryption, …, they could embed a single, randomly derived, high-entropy (256-bit) unique per-device key in the hardware secure enclave of every device”

    And where there was ONE decryption key, there are TWO now. That is doubling the ways to decrypt. That’s a hard fact. So: they would be “weakening their devices’ encryption”.

    2.- You should have the same right that many of the “Founding Fathers” of your country had to use codes and ciphers: http://www.washingtonsblog.com/2015/07/encryption-is-as-american-as-apple-pie-the-founding-fathers-used-it-and-it-helped-win-the-revolutionary-war.html

    If any court were to seize any paper with a proper cipher written by any of those “Rebels and Conspirators” in 1776, they would be unable to read the real content. And courts would be unable to force any of them to reveal their keys.

    Courts may have the right to search and seize. That does NOT in any sense means that the actual content of a paper, phone or disk should be available to them.

    3.- How would you react to any country “right” to seize and UN-encrypt your device. Imagine yourself traveling to Mexico,Canada, China or similar. Or better, imagine all people fighting a tyrannic regime inside any country name.

    We all must have the option to encrypt our data.

  64. No Name that matters here. says:

    Also:
    What “constitutional precedent.” in your: “But this attitude is not in keeping with constitutional precedent.” has decrypted “Benjamin Franklyn” ciphers? Or “John and Abigail Adams” letters with his family?

    You are clearly wrong here: There is no reason to break all encryption possible. Not legal, not “constitutional”, not human. Everyone has the right to record his thoughts and encrypt them as they may deem necessary, as any “Founding Father” also did long time ago.

  65. Dan LoFat says:

    Your 20 hours later addendum helped the “CONFUSED”. I out confused in quotes, because the confused have no business in the discussion.

  66. Tim O'C says:

    As usual the SCI-FI literature has already covered some of this ground.

    I have two references, one to hand, and the other not so much. The first ifs The Prefect (https://en.wikipedia.org/wiki/The_Prefect) By Alistair Reynolds, a Hard SciFi story where key based authentication is used as part of the infrastructure of life. He proposed an elegant system whereby a key could be minted by a legal authority that grants limited access window in time and capabilities to limited systems (for more info on the reality of this see federated security SDSY and SPOOKY?). This key would expire after say 24 hours, and the presense of the key would be logged to show that it had already been used.

    The other reference i have are the C. J. Cherryh Alliance-Union books, where mobile computers (e.g. space ships and hand terminals) are a critical part of a space-farers life (don’t want to be po’wned by the next space station you dock at?!). Planet-side culture is also addressed, such as the security of ‘home base’ and ‘satellite’ personal computer systems. while only glossing over the technology do address general computer security protocols etc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s