The FBI slams smartphone encryption because there's no backdoor

A personal message to the FBI "let me in your files and I will let you in mine" and that goes for the NSA, CIA and the rest of the gooberment.

a reply to: Rosinitiate

Haha thank you for that, it was what i wanted to say but you sayd it so much more funnier and spot on!
I bought first smartphone last year and i done with it already, i guess just did not have nerves to learn how to destroy google sh1t from it and have my own control what programs are on, battery done within one day etc.

a reply to: andy06shake

Its about freaking time this happened.

I'd say this is the FBI's grab for some cash for their own data centre so they don't have to rely on the NSA doing their brute force decryption for them. A few billion for a nice setup full of cpu/gpu clusters crunching their way through stuff sounds pretty reasonable since its part of the fight against terror

Decrypting Apple communications has always been a challenge due to the multitude of alternate quantum entangled channels.
Perhaps the problem is the adoption of the 802.11ac wireless standard with Iphone 6?

"Shannon limit" and error correcting codes work both ways..

LOL.... this is complete and total propaganda being sold.

Security, on any electronic device, is a farce.

There is no such thing.

If someone wants access to your data, no amount of encryption will protect you. There are clever ways, without "breaking" encryption, that you can figure out patterns in the data that repeat and bit-by-bit, you can decompose the asymmetric key being used. The higher your encryption, the longer and more difficult it is to do, but it can always be done, and is only a matter of time and resources. If you have have the time and resources, you can break ANY digital security mechanism, whether digitally or even physically if need be.

Anyone who tells you differently is lying to you. That includes the Feds.

It might make it harder for them, but they'll just buy faster computers, smarter people, develop better machine learning algorithms and then rinse and repeat as black hats are pinned against white hats in a never-ending game of digital chess.

~Namaste

a reply to: Cauliflower

Apples communications take as much effort to decrypt as anyone elses for the spooks as they've turned up with a court order saying they have to give up access and show the source code, and as for quantum entanglement! the gear for that aint for us mortals to use yet given the costs, but i aint looked at the ac spec's but i'd assume they'll be as open as everything else and all its done is increase the number of machines the spooks need to crack it

I heard long ago in IT that all commercial encryption software in the US has to have a LEAK (Law Enforcement Access Key). It is a two part key and the agency trying to undo the encryption has to get the two halves from two government agencies. Back then it was individual programmers that were creating encryption algorithms to be used to circumvent the commercial requirement.

Anyway, I have long ago lost track of that with new tech coming out so fast. I started back with MS-DOS 2.1 and Basic language lol if that doesn't date me too obviously.

ETA: They used to put clipper chips on every board so the NSA could access the data. I am sure they are way more advanced than that.

What is probably the case is the new encrypted phones are probably easier to break for the FBI and by making the public statement it will drive up sales for Apple and make more people accessible. A win-win for the FBI and APPLE.

Im glad this guy doesnt like it, cause now I know about it and am going to get it... thanks Comey!

Full encryption requires keys to be used by two parties, end to end. Phone calls or texts outgoing from an encrypted iPhone are still succeptable to a monkey in the middle attack. Meaning the feds can still intercept all your calls and all your texts.

To establish a secure line iphone A (making a call) and iPhone B (recieving a call) both need to be using the same type of encryption and have shared the propper keys with each other. One sided encryption may as well be no encryption. Is it pgp? Is it RSA, DES, HASH, MD5, etc etc.

The FBI is pissed because now they cant hack into your phone and download all your stored data. Now they actually need to do it the legal way (SHOCKER) instead of using blackhat style exploits and no warrants.

Then they can freaking do the same thing the FBI did before phones were around and actually "investigate" rather than hack every other innocent persons phones, store their data for eternity, make files on them if they've done nothing wrong and stomp on our constitutional right for privacy. That guy can whine all he wants, but the FBI, cia, and any government in general has completely and utterly shown that they cannot be trusted with complete power. I applaud Apple for e decision and I've always been a fan of my android/Google incription.

a reply to: andy06shake

Yep, just a big PR stunt to help ameliorate the impact of Snowden revelations on Apple/Android sales.

You want me to believe Apple and Google are going to stand up to the NSA? Right, first convince me that AT&T and other wireless companies aren't giving the NSA office space to conduct their spying on we the people.

If we want to take our country back, it won't happen by working through big business. They're all corrupt, just like everyone in the government.

Joke of a reporter

Check out this whiney reporter. I love how any time the people in charge want to trample all over us, they start shouting "terrorism" and "think of the children". Of course, he MUST mention crimes against children, or else this whiney piece of "reporting" would not be complete.

I also find it hilarious how he places his full trust and faith in Congress to protect our rights ro privacy.

What a sham!

If you look at the comments it is a good indication of people waking up to this garbage.

Wolves and Sheeple

Encryption with a backdoor is useless as encryption. Basically they're asking for a purposely placed vulnerability. The first one to crack that would then break all the encryptiton. Seriously...

Anyhow I'd rather governments (not just the U.S.) just throw processing power at stuff they deem important enough, and try not to make modern device security as good as XP SP1 left unpatched with all ports open to the internet.

originally posted by: Snarl
Let me try and shplain to ya'll what's going on here. Believe me or not ... makes no difference.

1. The government can decrypt anything. I know ... I've seen it.
2. Law prohibits them from arbitrarily doing so, especially if you're a U.S. citizen.
3. No law prohibits the government from compelling a business to turn your info over to them.
4. If they turn your # over to the government, the rules change, and you get owned.
5. The government thrives on this resource.
6. Apple doesn't have access to the decryption resources the government has.
7. Since Apple is stepping away, Uncle Sug has to start playing by the letter of the law, and life's not so easy anymore.

One slight update to that. We've had an encryption technology that is unbreakable for nearly 100 years now. It was used extensively in the cold war called a one time pad or Vernham Cipher. You have to do things right with them but they are 100% unbreakable in theory and practice when used properly. Even a Quantum Computer can't break one as far as I can tell based on how they work. Of course even the slightest improper use of them renders them so vulnerable that a first week student at a cryptology school could decipher it in a few minutes. So that's an issue.

Anyways besides those, one trick I picked up from checking out the black market forums in TOR world for awhile was that double encryption is the way to go. The goal is to make your decrypted data look like just another garbled mess from using the wrong encryption key. Like everything crypto you're just hedging your bets on someone accepting the information or not. If they say they can't break it even when using a supposed decryption key then you win. If they see it's just another layer of encryption then you've got some problems.

Also, this is all for show. The founder of Lavabit is still sitting in jail on an indefinite contempt of court charges merely because he appealed a trial that found him guilty that he wasn't even given the right to attend because it was secret information. But he's in contempt rather than carrying out his sentence which is heavy fines/jail time.

Apple knows of this, I guarantee you. They realize they have no authority to make their devices actually secure.

originally posted by: spirit_horse

ETA: They used to put clipper chips on every board so the NSA could access the data. I am sure they are way more advanced than that.

Patently untrue. The Clipper chip was a proposed key-escrow telephony encryption part. Which, while it sort of relates to the OP, has nothing to do with "boards" in general. Clipper was found to have a lot of problems, and the NSA was going to re-do the thing when they suddenly decided they didn't care anymore. That is a story unto itself, though.

originally posted by: Aazadan
Also, this is all for show. The founder of Lavabit is still sitting in jail on an indefinite contempt of court charges merely because he appealed a trial that found him guilty that he wasn't even given the right to attend because it was secret information. But he's in contempt rather than carrying out his sentence which is heavy fines/jail time.

Apple knows of this, I guarantee you. They realize they have no authority to make their devices actually secure.

Well, Lavabit actually COULD reveal the information but chooses not to. Thus the contempt charge.

If Apple or whoever simply doesn't have the wherewithal to DO it, then they can't choose to do or not do, so no legal recourse by the Gubmint, unless they pass a law requiring computing devices themselves to have mandatory backdoors, which wouldn't go over with the public, yet.

In that case,the government can try several things, among them, stopping Apple from selling its devices overseas as they incorporate encryption, under US Code of Federal Regulations (CFR) Title 15 chapter VII, subchapter C.

Or Apple is just lying about it and the backdoors exist anyway, or, if I were in that branch of things I'd be pitching a temporary truce with Apple whilst we corrupted the hardware they're using and/or rigged a way to insert backdoors into their code.

Lavabit offered to hand over Snowdens data, the government said no deal we want everyones information.

If Apple or whoever simply doesn't have the wherewithal to DO it, then they can't choose to do or not do, so no legal recourse by the Gubmint, unless they pass a law requiring computing devices themselves to have mandatory backdoors, which wouldn't go over with the public, yet.

That law was already effectively passed. Maybe not on paper, but if you're a US company you're giving them a back door. I am 100% certain that despite Apples claims they also have a backdoor in the system. And if they didn't all the government needs to say at the next mass shooting is "we could have prevented this if Apple gave us a backdoor into that persons IPhone".

originally posted by: VirusGuard
I Would not trust Apple to encrypt my data any more than i trust Microsoft who has done all it can to stop TrueCrypt working on a windows base PCs.

???

I wouldn't trust Apple to do ANYTHING other than keep their legions of proles dependent upon them - their entire business model is built around co-dependency and sucking the life blood from the wallets of legions of people who are hooked on their products, but TrueCrypt not working on Windows based PC's? I regularly run TrueCrypt on both Windows and Linux machines (not Apple, however, as I refuse to do business with them), and have never, EVER, had a problem with it other than forgetting a passphrase, which means that data will never see the light of a PC screen again. Up to the point that the developers themselves crippled the last release, I've never encountered a problem with it in years of use across all environments other than Apple.


=====================================================================

originally posted by: Kandinsky
a reply to: Raxoxane

So it matters to the FBI that they might end up seizing someone's phone/device and being unable to access the files and data in there. In terrorist terms, a phone might have chemical weaponry pdfs on it or a spreadsheet listing contacts. In criminal terms, a money launderer might have similarly interesting evidence and be safe from exposure.

Funny you should mention that. I made a 1 GB file consisting entirely of random data, and named it "Bomb Plans.enc" and leave it laying around in random places just to see if it ever excites interest. I don't give even a little bit of a damn if they fall all over themselves about it. There's nothing there but random data, so the password has never been invented that will "open" it. Of course, I used to leave viruses and trojans laying around on MY OWN hard drive named things like "Pr0n" and the like as bait for hackers... see, I never infected their systems - if it were ever done, THEY infected themselves. I can't help what they might run into and snag from MY machine should they go poking around in it - they had no business there to begin with!

It's an imprisonable offence in the UK to withhold a passkey when asked by law enforcement and undoubtedly the same in the States. That alone will make most people compliant and have no impact at all on a serious criminal or committed extremist.

No, not in the US.

Here we have that 4th Amendment problem preventing illegal search and seizure, compounded with the 5th Amendment, preventing compulsion of testimony concerning your self. They can obtain a warrant to seize any papers and effects, but cannot obtain a warrant to force you to speak. If the passphrase is memorized and never written down anywhere, then it's in your head, and the only way to get it out is to force you to speak, which is constitutionally prohibited.

Oh, they can browbeat and promise all kinds of dire consequences if you don't, but where the rubber meets the road, they can't force you to speak at all. If you stand firm, they are bound, gagged, and stymied. If you open your mouth and lie to them, however...

originally posted by: intrptr

Ultimately, every new encryption is hackable.

While that is true in a sense, it's not the encryption itself that is hackable, but the weak links leading to it. Most commonly the passphrase. The passphrase, if weak enough, can be brute forced, and if that fails, they result to "social engineering" to get it.

"Back doors" are another method, but that's the easy one. If a back door is built in, then the encryption is worse than useless, as NOTHING has to be "hacked" or "socially engineered".