Apple vs the FBI

[Ser Scot A Ellison]

Fez,

During the Bush Administration didn't the FBI and NSA want backdoors installed into any and all commercial encryption software?  Isn't this the same thing in a different cloak?

[Spockydog]

From March last year:

Obama sharply criticizes China's plans for new technology rules

Quote

In an interview with Reuters, Obama said he was concerned about Beijing's plans for a far-reaching counterterrorism law that would require technology firms to hand over encryption keys, the passcodes that help protect data, and install security "backdoors" in their systems to give Chinese authorities surveillance access.

"This is something that I’ve raised directly with President Xi," Obama said. "We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States."

But now it's okay?

ETA: And I guess it must be okay for the Brits, as he hasn't said anything about the UK's plans to do the same.

 

[Ser Scot A Ellison]

Spocky,

But that's them and this is us.  What do you expect inellectual consistency?

[Fez]

10 minutes ago, Inigima said:

Yeah. That'll stop 'em.

You cannot possibly be this naïve.

From a technical standpoint, Apple is 100% correct. This would be absolutely disastrous. I understand why the government is concerned about encryption, but they lack the basic competence to understand why this would be bad.

From a legal perspective, I don't know. This isn't just the government requesting information. It's the government demanding that the company's software engineers affirmatively design and create a piece of software. Can they actually do that? That would be horrifying.

I'm not naive about what could happen. But if it ends up being used everywhere, and I still don't think it will simply because of what I understand of what the technical issues are here, than the government broke the law. That would be bad, but the potential that someone may break the law in the future is no excuse for Apple to break the law now. It is absolutely standard for law enforcement to require compliance in executing a search warrant.

 

8 minutes ago, Spockydog said:

The software required does not yet exist. I'm gonna stick my neck out here and suggest that if they are forced to create it, it will only be a matter of time before it falls into the wrong hands.

And just because you don't store any precious / sensitive data on your phone, doesn't change the fact that millions of people around the world do.

 

What wrong hands? 

 

6 minutes ago, baxus said:

iPhone passcodes are made of 4 or 6 digits. You could enter all the combinations manually in 11 days.

Just to clarify, you assume government has access to all your sensitive data (whether it's on computer or phone is irrelevant) and you have no problem with it?

To the first, I may have slightly misread something. What Vox said was that a 6 digit password would take 11 days to brute force if you inputed 1 potential password every second. I assume computers can actually do it much faster than that, but I don't know how much faster.

To the second, yep.

 

1 minute ago, Ser Scot A Ellison said:

Fez,

During the Bush Administration didn't the FBI and NSA want backdoors installed into any and all commercial encryption software?  Isn't this the same thing in a different cloak?

I see the difference as, the Bush Administration wanted a backdoor preemptively installed on all software. What the FBI wants right now, isn't even really a backdoor, but however you describe it, its something that they want to be able to install on a phone they have a warrant for. There is already probable cause and they've gone through the correct legal channels. I see that as a very different thing.

[Altherion]

1 hour ago, baxus said:

I'm not arguing about the technical knowledge of an average politician, but they must have some advisors that can tell them having exabyte range storage is useless unless you can actually draw some conclusions from all that data. Otherwise big storage will only make the necessary data harder to find.

I don't know anything about the Utah center, but in general, when people build a "big storage" facility, they generally include a system of efficient data retrieval and a means of data analysis. I can tell you for a fact that with a tiny fraction of what the NSA gets, I and many of my co-workers continuously store, access and analyze on the order of 10 PB of data (from a scientific experiment, not about people). I am sure that with the resources of the NSA, meaningful handling of an exabyte should be feasible.

[Spockydog]

4 minutes ago, Fez said:

What wrong hands?

Thieves, blackmailers, terrorists.

 

[Ser Scot A Ellison]

6 minutes ago, Fez said:

I'm not naive about what could happen. But if it ends up being used everywhere, and I still don't think it will simply because of what I understand of what the technical issues are here, than the government broke the law. That would be bad, but the potential that someone may break the law in the future is no excuse for Apple to break the law now. It is absolutely standard for law enforcement to require compliance in executing a search warrant.

 

What wrong hands? 

 

To the first, I may have slightly misread something. What Vox said was that a 6 digit password would take 11 days to brute force if you inputed 1 potential password every second. I assume computers can actually do it much faster than that, but I don't know how much faster.

To the second, yep.

 

I see the difference as, the Bush Administration wanted a backdoor preemptively installed on all software. What the FBI wants right now, isn't even really a backdoor, but however you describe it, its something that they want to be able to install on a phone they have a warrant for. There is already probable cause and they've gone through the correct legal channels. I see that as a very different thing.

Fez,

They could ask for this iPhone to be decrypted instead they've demanded software that will decrypt any and all iPhones.  Way too broad.  Why not have Apple decrypt this iPhone without giving up the mechanism to do it to the Feds.

This is exactly what the Bush Administration wanted.

[baxus]

18 minutes ago, Fez said:

To the first, I may have slightly misread something. What Vox said was that a 6 digit password would take 11 days to brute force if you inputed 1 potential password every second. I assume computers can actually do it much faster than that, but I don't know how much faster.

To the second, yep.

If we would take a time-out after several failed attempts, it could take even longer than that.

And just to clarify something about iOS - it can't update itself on its own, you need to approve the update before it can take place. If this was about THAT ONE PHONE, it would have to be something that could be installed without prior approval (or even knowledge) of the user, while the phone is locked.

The potential for abuse is insane and I sure would not feel comfortable knowing that "you mustn't do it without a warrant" is all that sits between me and someone rummaging through my phone. I would definitely not buy another Apple device knowing such software was in it.

As was previously pointed out, this is not something that's there, it's something that would need to be built, at a cost that I'm quite certain US government wouldn't want to cover, and possibly costing Apple a fair chunk of its business which I'm absolutely certain US government wouldn't want to cover.

Let me put it this way, if US Army representatives just strolled into any store in the US and said: "We need half your supplies and we're not going to pay for any of it", would we even have a debate whether the owner was right in refusing to comply like we do now?

15 minutes ago, Altherion said:

I don't know anything about the Utah center, but in general, when people build a "big storage" facility, they generally include a system of efficient data retrieval and a means of data analysis. I can tell you for a fact that with a tiny fraction of what the NSA gets, I and many of my co-workers continuously store, access and analyze on the order of 10 PB of data (from a scientific experiment, not about people). I am sure that with the resources of the NSA, meaningful handling of an exabyte should be feasible.

How long does it take to analyze 10PB of data, and how complex is the data in question? I might be wrong, but if it's a scientific experiment, I'm guessing the data follows some sort of a pattern - readings from different sensors and whatnot with values within some predefined ranges.

What we're talking about here are much larger chunks of data that are being analyzed in real-time and raising warning flags when appropriate. Plus there is no pattern the data follows - it's in different languages, it's from all kinds of different apps, with different slangs used in communications, images of food, landscapes, selfies and who knows what. Filtering important stuff from all the other junk would be quite different from what I imagine analyzing experimental data to be. Of course, I could be wrong and it could be the same thing, so if that's the case please correct me.

[Fez]

47 minutes ago, Spockydog said:

Thieves, blackmailers, terrorists.

So you think the government is planning on selling this tool? Or that it would be stolen? For the former, the government likes its top-level toys way too much for that, plus it would be so incredibly illegal and the type of illegal that people do go to the jail for. And for the second, the government is really bad at protecting personnel data it has and of all sorts of documents. But its really good at protecting actual equipment and software.

44 minutes ago, Ser Scot A Ellison said:

Fez,

They could ask for this iPhone to be decrypted instead they've demanded software that will decrypt any and all iPhones.  Way too broad.  Why not have Apple decrypt this iPhone without giving up the mechanism to do it to the Feds.

This is exactly what the Bush Administration wanted.

But its still something that would need to be applied to the phone question, whichever phone it is. Which would still require a warrant to be legally applied.

14 minutes ago, baxus said:

As was previously pointed out, this is not something that's there, it's something that would need to be built, at a cost that I'm quite certain US government wouldn't want to cover, and possibly costing Apple a fair chunk of its business which I'm absolutely certain US government wouldn't want to cover.

Let me put it this way, if US Army representatives just strolled into any store in the US and said: "We need half your supplies and we're not going to pay for any of it", would we even have a debate whether the owner was right in refusing to comply like we do now?

I don't see the two situations as remotely comparable. There's a world of difference between a company losing value because they decided to stake their reputation on refusing to obey the law and a company losing value because the government seized assets of theirs.

 

Anyway, I'm done debating this since its just going to be endless cycle of no one changing their positions one iota. Bottom line is, I simply don't see this as any different from the way any other warrants have been conducted under the All Writs Act, which has existed in one form or another since 1789.

I'll also leave this article, which has all sorts of interesting information. http://www.thedailybeast.com/articles/2016/02/17/apple-unlocked-iphones-for-the-feds-70-times-before.html

[Ser Scot A Ellison]

Fez,

But its still something that would need to be applied to the phone question, whichever phone it is. Which would still require a warrant to be legally applied

 

If they have the software they can use it without telling anyone.  Illegal, sure, but if no one finds out they can abuse the method to their heart's content.  If the warrant orders Apple to unlock this particular iPhone without revealing the methodology for how it was unlocked there is no new method to abuse.  The order is too broad as there is another method a available to get the information necessary without creating broader problems.

Because we know the Federal Government would never ever abuse its authority or engage illegal information gathering.

[Mlle. Zabzie]

9 minutes ago, Fez said:

I don't think Apple has a leg to stand on. A warrant is a warrant, and if the FBI has a legitimately received one than they have the right to obtain the data on that phone. Apple created a system to prevent that from happening, and so a judge ordered them to disable the system on that phone. That should be the end of the story.

No different than if they had a warrant to search an apartment and the door was locked so they got the landlord to unlock the door. Except that in this analogy the door has explosives on it in case it is broken open instead of unlocked.

No, it's different.  I don't think that's a good analogy at all.  The analogy is reductionist, simplistic and as absurd as the rightly ridiculed "man strapped on a coach" analogy in the surveillance realm.  

Separately, there is a takings or something smack to me of requiring a private company to use its resources to create something at the government's behest.

[Ser Scot A Ellison]

9 minutes ago, Mlle. Zabzie said:

No, it's different.  I don't think that's a good analogy at all.  The analogy is reductionist, simplistic and as absurd as the rightly ridiculed "man strapped on a coach" analogy in the surveillance realm.  

Separately, there is a takings or something smack to me of requiring a private company to use its resources to create something at the government's behest.

Zabzie,

Just to play devil's advocate, we are all required to buy insurance or face fines under the ACA.  How is requiring a company to create a product for the government different?  They could argue the benefit is improved security for all the way insurance reduces medical costs to everyone, can't they?  

That doesn't address the privacy problems but remove that from the equation and I do think the government has this power... now.

 

[Fez]

33 minutes ago, Mlle. Zabzie said:

No, it's different.  I don't think that's a good analogy at all.  The analogy is reductionist, simplistic and as absurd as the rightly ridiculed "man strapped on a coach" analogy in the surveillance realm.  

Separately, there is a takings or something smack to me of requiring a private company to use its resources to create something at the government's behest.

How is it different? What makes unlocking electronic property different from unlocking physical property? Looking at emails different from looking at manilla files? A way to break encryption from a skeleton key?

Because I truly don't see how the former in all of those aren't logical extensions of the later.

[Maltaran]

io9 has an article about this which mentions the All Writs Act, and the way Apple can argue against it

 

http://gizmodo.com/why-you-should-care-about-apple-s-fight-with-the-fbi-1759639200?utm_campaign=socialflow_io9_facebook&utm_source=io9_facebook&utm_medium=socialflow

 

Quote

The All Writs Act can only force a company to do something if it’s not an “undue burden.” Seems like making Apple create malware that will fundamentally undermine its core security features is an enormous burden. And if it’s not deemed “undue” in this case, that sets a horrible precedent. After all, if compelling Apple to maim itself is allowed, compelling Google and Facebook and Microsoft to write security backdoors would also be allowed.

 

[Mlle. Zabzie]

1 hour ago, Ser Scot A Ellison said:

Zabzie,

Just to play devil's advocate, we are all required to buy insurance or face fines under the ACA.  How is requiring a company to create a product for the government different?  They could argue the benefit is improved security for all the way insurance reduces medical costs to everyone, can't they?  

That doesn't address the privacy problems but remove that from the equation and I do think the government has this power... now.

 

Well, you can probably guess how I feel about that piece of the ACA, but the justification there was that it was in the nature of a tax. This is not in the nature of a tax.

Fez - still think the analogy doesn't hold.  Maybe you could call it a man-sized cat flap in a front door of an apartment building and handing the government a master key that the government can use to open a particular door if it has a warrant, but now the security of the whole building has been compromised.

[Ser Scot A Ellison]

Zabzie,

Are you part of the "I hate Wikard v Filburn" club?

[Mlle. Zabzie]

21 minutes ago, Ser Scot A Ellison said:

Zabzie,

Are you part of the "I hate Wikard v Filburn" club?

Yes.  I think it was wrongly decided. (And the fact that they started walking back from it in a 2nd amendment case is so amazingly comical).  That said, it's been the law, basically, for over half a century.  (And this isn't Congress acting, btw.)

[OnionAhaiReborn]

21 minutes ago, Ser Scot A Ellison said:

Zabzie,

Are you part of the "I hate Wikard v Filburn" club?

I'm imagining a room filled with a dozen Ser Scots that sit around asking each other questions for a couple hours every two weeks.

[Ser Scot A Ellison]

OAR,

You think I don't question myself?  

[Swordfish]

4 hours ago, Fez said:

 

 

3 hours ago, Inigima said:

Yeah. That'll stop 'em.

You cannot possibly be this naïve.

From a technical standpoint, Apple is 100% correct. This would be absolutely disastrous. I understand why the government is concerned about encryption, but they lack the basic competence to understand why this would be bad.

From a legal perspective, I don't know. This isn't just the government requesting information. It's the government demanding that the company's software engineers affirmatively design and create a piece of software. Can they actually do that? That would be horrifying.

 

yep.

it may be legal, but it's also terrible for consumers.