Tag Archives: Encryption

The Empire Will Strike Back, by Robert Gore

SLL WILL BE ON A BUSINESS TRIP FROM 3/2 TO 3/6 AND WILL BE UNABLE TO POST. POSTING WILL RESUME 3/7.

The populist revolt fueling non-mainstream political movements in both Europe and the US flows from a single source: you can not fool all the people all the time. The central lie of our time is that governments can and should forcibly assume control of individuals’ lives, in the name of vague and always shifting greater goods. The Command and Control Futility Principle holds that governments and central banks can control one, but not all variables in a multi-variable system. The number of variables global governments and central banks have arrogated to their purported control has grown beyond measure. Breakdowns are visible everywhere, and as those failures exact their ever-increasing toll on the masses, the masses are pushing back.

The last financial crisis was a watershed. Capitalism’s rough justice was obviously, and gallingly, not allowed to play out. Favored financial institutions didn’t face the consequences—insolvency and bankruptcy—of their promotion of various bubbles and their leveraged business models. They were bailed out with taxpayer funds. Especially galling was that they knew they were going to be bailed out. More salt on the wound: improvident homeowners and housing speculators who took on too much mortgage debt were, other than a few spotty government programs, not bailed out or even offered appreciable relief. Since the crisis passed, banks have operated on the assumption they will be bailed out again during the next crisis. Despite all the hype about improved capital ratios and cleaned up loan books, fractional reserve banking is still fractional reserve banking; a leveraged business model that is wiped out if enough loans and speculations go bad.

Still more salt: despite unprecedented government debt and spending, new programs, particularly Obamacare, central bank debt monetization, and ultra-low interest rates, the purported recovery is the weakest on record, with the labor force participation rate at a multi-decade low, the number of people on food stamps recently reaching a record high, and real incomes back where they were in the 1970s. Those ultra-low interest rates have destroyed the incentive to save and forced retirees back into the workforce (the one group whose labor force participation rate has increased), but provided cheap funding to the carry-trade set, stock options-laden corporate executives, and Silicon Valley moguls. Their trophy art, cars, mansions, and spouses grace the media. That’s beyond salt, it’s rubbing people’s noses in it.

The messes the globalist powers that be have made outside their jurisdictions are even larger than the ones inside. Led by the US, the Western powers have bestowed unending chaos on the Middle East and Northern Africa. They have achieved none of their goals, (see “How To Defeat Your Enemies”) but have created massive blowback with the spread of terrorism and the refugee inundation of Europe. Not only have the war-torn lands not been reordered along liberal democratic lines, but mountains of money and barrels of blood continue to be spent in perpetual war. Meanwhile, ordinary citizens in Western homelands, not the elites, are left to contend with terrorist attacks, refugees burdening already strained social welfare systems, and obnoxious and illegal behavior by some of the new entrants. The elites shun even acknowledging these problems.

It comes as a surprise only to the elites and their media mouthpieces that the peasants are revolting, tired of their prevarication, arrogance, and ineptitude. Don’t, however, expect them to pay attention to anything so insignificant as the popular will; they won’t go gentle into that good night. In the US, the establishment can live with Hillary, and if either Trump or Sanders—the revolution’s candidates—wins, the new president will soon learn who actually runs the government. Or he will have an unfortunate accident or heart attack. However, the Empire is leaving nothing to chance; it has already initiated a preemptive counterattack.

The counterattack has three overlapping fronts: war, the economy, and civil liberties. “The Quagmire to End All Quagmires” stated that “the US faces the danger of being dragged into World War III.” That phrasing may have been an error (SLL reserves the right, in perpetuity, to make mistakes, see “On Failure”). The US government most likely won’t get “dragged” into World War III; it will probably initiate it. If Turkey and Saudi Arabia invade Syria, assume they’ve been green-lighted by the US government, which will join them in the carnage.

As the economy goes down in flames, central bankers and the usual totalitarian creeps are embracing negative interest rates and bans on cash. Negative interest rates self-evidently destroy the incentive to save, the foundation of honest capitalism and progress. Many commentators have pointed out that negative rates lead to an increased demand for zero return cash, so the monetary Dr. Strangeloves have to ban it to drive money into the banking system. Although negative interest rates are patently absurd and counterproductive, always strong selling points for the Strangeloves, the real reason for locking money in the banking system is to prevent a systemic run. As in the last crisis, on a mark-to-market basis the leveraged banking system—with the largest US and European banks still massively exposed to derivatives—will be recognized as insolvent and subject to a run unless money is kept locked in the banks and expropriated.

This assault on financial freedom goes hand in hand with the war against civil liberties, a specious battleground in the concocted “War on Terrorism.” The mainstream media and even some of the non-mainstream blogosphere have been filled with articles about the “complexity” of the Apple-FBI standoff on encryption. The word “complexity” is often a tip-off that someone’s about to pull an intellectual fast one.

Encryption is simple. It’s one of those issues most people dread: an either-or. Either one’s computer communications are encrypted and safe from prying eyes, or they are not. There is no middle ground, and Apple is ostensibly cutting its throat asking Congress, of all people, to come up with one. Encryption that has been compromised, for any reason, is useless. At Apple and the rest of Big Tech’s behest an encryption “compromise” will emerge that fatally compromises encryption, cementing Big Tech’s partnership with government. Lovers of liberty and privacy will be left searching for quite possibly illegal encryption developed by smaller, guerrilla software outfits.

Many will say that deliberate war, economic destruction, and technological repression are inconceivable; such a strategy is contradictory, counterproductive, depraved, deranged, diabolic, deadly, pathologic, sociopathic, psychotic, and out-and-out evil. All of the above, but if that’s your reaction, read, or reread, “Life, Or Death?” SLL recently posted Matt Bracken’s “Burning Down the House in 2016.” Bracken shares SLL’s forebodings of impending disaster, and it’s an excellent article, but he makes a mistake: granting the destroyers their stated intentions.

The proto-Marxist Jacobins of the French Revolution put it this way: “Out of order, chaos.” But first the Jacobins had to create the chaos, with an artificially engineered grain shortage leading to food riots, which they exploited for their revolutionary ends. Vladimir Lenin put it this way, when told that bread riots were breaking out in Russia: “The worse, the better.” The better for creating the optimal revolutionary conditions. The Black Panthers, revolutionary Marxists of the 1960s, said, “Burn, baby, burn.”

The currently existing social compact has to be burnt to the ground before the new world economic order can be built up from the ashes. This will be as true in 2017 as it was in 1917.

Regardless of the rhetoric—Liberté, égalité, fraternité; Dictatorship of the Proletariat; The Thousand Year Reich; The New World Order—the truth is that the means—destruction and death—are the ends. Psychopaths kill millions of people because…they enjoy killing millions of people. As SLL posited in “Life, Or Death?”, citing Ayn Rand, a malevolent desire to kill others is, at root, a desire to kill one’s self. The slogans, the supposed omelets that justify cracking all those skulls eggs, are dross.

That imparts analytic clarity to the future. When one understands that one’s life is on the line, one must fight with everything one has. Or else.

PINNACLES AREN’T FOUND, THEY’RE BUILT

TGP_photo 2 FB

AMAZON

KINDLE

NOOK

Advertisements

JOHN MCAFEE: I’ll decrypt the San Bernardino phone free of charge so Apple doesn’t need to place a back door on its product

From John McAfee at businessinsider.com:

Cybersecurity expert John McAfee is running for president in the US as a member of the Libertarian Party. This is an op-ed article he wrote and gave us permission to run.

Using an obscure law, written in 1789 — the All Writs Act — the US government has ordered Apple to place a back door into its iOS software so the FBI can decrypt information on an iPhone used by one of the San Bernardino shooters.

It has finally come to this. After years of arguments by virtually every industry specialist that back doors will be a bigger boon to hackers and to our nation’s enemies than publishing our nuclear codes and giving the keys to all of our military weapons to the Russians and the Chinese, our government has chosen, once again, not to listen to the minds that have created the glue that holds this world together.

This is a black day and the beginning of the end of the US as a world power. The government has ordered a disarmament of our already ancient cybersecurity and cyberdefense systems, and it is asking us to take a walk into that near horizon where cyberwar is unquestionably waiting, with nothing more than harsh words as a weapon and the hope that our enemies will take pity at our unarmed condition and treat us fairly.

Any student of world history will tell you that this is a dream. Would Hitler have stopped invading Poland if the Polish people had sweetly asked him not to do so? Those who think yes should stand strongly by Hillary Clinton’s side, whose cybersecurity platform includes negotiating with the Chinese so they will no longer launch cyberattacks against us.

The FBI, in a laughable and bizarre twist of logic, said the back door would be used only once and only in the San Bernardino case.

Tim Cook, CEO of Apple, replied:

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

No matter how you slice this pie, if the government succeeds in getting this back door, it will eventually get a back door into all encryption, and our world, as we know it, is over. In spite of the FBI’s claim that it would protect the back door, we all know that’s impossible. There are bad apples everywhere, and there only needs to be in the US government. Then a few million dollars, some beautiful women (or men), and a yacht trip to the Caribbean might be all it takes for our enemies to have full access to our secrets.

Cook said:

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

The fundamental question is this: Why can’t the FBI crack the encryption on its own? It has the full resources of the best the US government can provide.

To continue reading: JOHN MCAFEE: I’ll decrypt the San Bernardino phone free of charge so Apple doesn’t need to place a back door on its product

Upgrade Your iPhone Passcode to Defeat the FBI’s Backdoor Strategy, by Micah Lee

From Micah Lee, at theintercept.com:

YESTERDAY, APPLE CEO TIM COOK published an open letter opposing a court order to build the FBI a “backdoor” for the iPhone.

Cook wrote that the backdoor, which removes limitations on how often an attacker can incorrectly guess an iPhone passcode, would set a dangerous precedent and “would have the potential to unlock any iPhone in someone’s physical possession,” even though in this instance, the FBI is seeking to unlock a single iPhone belonging to one of the killers in a 14-victim mass shooting spree in San Bernardino, California, in December.

It’s true that ordering Apple to develop the backdoor will fundamentally undermine iPhone security, as Cook and other digital security advocates have argued. But it’s possible for individual iPhone users to protect themselves from government snooping by setting strong passcodes on their phones — passcodes the FBI would not be able to unlock even if it gets its iPhone backdoor.

The technical details of how the iPhone encrypts data, and how the FBI might circumvent this protection, are complex and convoluted, and are being thoroughly explored elsewhere on the internet. What I’m going to focus on here is how ordinary iPhone users can protect themselves.

The short version: If you’re worried about governments trying to access your phone, set your iPhone up with a random, 11-digit numeric passcode. What follows is an explanation of why that will protect you and how to actually do it.

If it sounds outlandish to worry about government agents trying to crack into your phone, consider that when you travel internationally, agents at the airport or other border crossings can seize, search, and temporarily retain your digital devices — even without any grounds for suspicion. And while a local police officer can’t search your iPhone without a warrant, cops have used their own digital devices to get search warrants within 15 minutes, as a Supreme Court opinion recently noted.

The most obvious way to try and crack into your iPhone, and what the FBI is trying to do in the San Bernardino case, is to simply run through every possible passcode until the correct one is discovered and the phone is unlocked. This is known as a “brute force” attack.

For example, let’s say you set a six-digit passcode on your iPhone. There are 10 possibilities for each digit in a numbers-based passcode, and so there are 106, or 1 million, possible combinations for a six-digit passcode as a whole. It is trivial for a computer to generate all of these possible codes. The difficulty comes in trying to test them.

One obstacle to testing all possible passcodes is that the iPhone intentionally slows down after you guess wrong a few times. An attacker can try four incorrect passcodes before she’s forced to wait one minute. If she continues to guess wrong, the time delay increases to five minutes, 15 minutes, and finally one hour. There’s even a setting to erase all data on the iPhone after 10 wrong guesses.

This is where the FBI’s requested backdoor comes into play. The FBI is demanding that Apple create a special version of the iPhone’s operating system, iOS, that removes the time delays and ignores the data erasure setting. The FBI could install this malicious software on the San Bernardino killer’s iPhone, brute force the passcode, unlock the phone, and access all of its data. And that process could hypothetically be repeated on anyone else’s iPhone.

(There’s also speculation that the government could make Apple alter the operation of a piece of iPhone hardware known as the Secure Enclave; for the purposes of this article, I assume the protections offered by this hardware, which would slow an attacker down even more, are not in place.)

Even if the FBI gets its way and can clear away iPhone safeguards against passcode guessing, it faces another obstacle, one that should help keep it from cracking passcodes of, say, 11 digits: It can only test potential passcodes for your iPhone using the iPhone itself; the FBI can’t use a supercomputer or a cluster of iPhones to speed up the guessing process. That’s because iPhone models, at least as far back as May 2012, have come with a Unique ID (UID) embedded in the device hardware. Each iPhone has a different UID fused to the phone, and, by design, no one can read it and copy it to another computer. The iPhone can only be unlocked when the owner’s passcode is combined with the the UID to derive an encryption key.

So the FBI is stuck using your iPhone to test passcodes. And it turns out that your iPhone is kind of slow at that: iPhones intentionally encrypt data in such a way that they must spend about 80 milliseconds doing the math needed to test a passcode, according to Apple. That limits them to testing 12.5 passcode guesses per second, which means that guessing a six-digit passcode would take, at most, just over 22 hours.

You can calculate the time for that task simply by dividing the 1 million possible six-digit passcodes by 12.5 per seconds. That’s 80,000 seconds, or 1,333 minutes, or 22 hours. But the attacker doesn’t have to try each passcode; she can stop when she finds one that successfully unlocks the device. On average, it will only take 11 hours for that to happen.

But the FBI would be happy to spend mere hours cracking your iPhone. What if you use a longer passcode? Here’s how long the FBI would need:

seven-digit passcodes will take up to 9.2 days, and on average 4.6 days, to crack
eight-digit passcodes will take up to three months, and on average 46 days, to crack
nine-digit passcodes will take up to 2.5 years, and on average 1.2 years, to crack
10-digit passcodes will take up to 25 years, and on average 12.6 years, to crack
11-digit passcodes will take up to 253 years, and on average 127 years, to crack
12-digit passcodes will take up to 2,536 years, and on average 1,268 years, to crack
13-digit passcodes will take up to 25,367 years, and on average 12,683 years, to crack

To continue reading: Upgrade Your iPhone Passcode to Defeat the FBI’s Backdoor Strategy

Secret Memo Details U.S.’s Broader Strategy to Crack Phones, by Michael Riley and Jordan Robertson

From Michael Riley and Jordan Robertson at bloomberg.com:

‘Decision memo’ directs agencies to find ways to access data

Officials met around Thanksgiving to discuss encryption plans

Silicon Valley celebrated last fall when the White House revealed it would not seek legislation forcing technology makers to install “backdoors” in their software — secret listening posts where investigators could pierce the veil of secrecy on users’ encrypted data, from text messages to video chats. But while the companies may have thought that was the final word, in fact the government was working on a Plan B.

In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.

The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement.

On Tuesday, the public got its first glimpse of what those efforts may look like when a federal judge ordered Apple to create a special tool for the FBI to bypass security protections on an iPhone 5c belonging to one of the shooters in the Dec. 2 terrorist attack in San Bernardino, California that killed 14 people. Apple Chief Executive Officer Tim Cook has vowed to fight the order, calling it a “chilling” demand that Apple “hack our own users and undermine decades of security advancements that protect our customers.” The order was not a direct outcome of the memo but is in line with the broader government strategy.

White House spokesman Josh Earnest said Wednesday that the Federal Bureau of Investigation and Department of Justice have the Obama administration’s “full” support in the matter. The government is “not asking Apple to redesign its product or to create a new backdoor to their products,” but rather are seeking entry “to this one device,” he said.

Security specialists say the case carries enormous consequences, for privacy and the competitiveness of U.S. businesses, and that the National Security Council directive, which has not been previously reported, shows that technology companies underestimated the resolve of the U.S. government to access encrypted data.

To continue reading: Secret Memo Details U.S.’s Broader Strategy to Crack Phones

Question of the Day, by Back in PA Mike

From Back in PA Mike at theburningplatform.com:

Should federal judges be in the business of forcing private companies to invent things to destroy the security of their product and help them with their investigations?

From AP, yes, they still exist.

NEW YORK (AP) — Faced with a federal judge’s order to help investigators break into an iPhone used by one of the San Bernardino, California, shooters, Apple may well argue that the request places an unreasonable burden on the company.

In fact, experts say that complying with the government’s request wouldn’t be particularly challenging for Apple. But doing so might set a dangerous precedent that could threaten the data security of the millions of iPhone users around the world.

The phone in question was used by Syed Farook, who along with his wife, Tashfeen Malik, killed 14 people in a December attack. Investigators don’t know if the phone contains important evidence about the attack or the couple’s communications — and because its contents are encrypted, they won’t unless they can get the passcode to unlock it. The phone was issued by Farook’s employer, the county of San Bernardino.

Investigators can’t just try random passcodes until they hit on the right one, either. The phone has apparently enabled an Apple security feature — a sort of self-destruct option that would render the phone’s data unreadable after 10 incorrect passcode attempts.

The judge’s order requires Apple to create a unique software package — one Apple CEO Tim Cook described as “a new version of the iPhone operating system” — that would allow investigators to bypass the self-destruct system. The same software would also let the government enter passcodes electronically, eliminating both the tedium of manual entry and the enforced delays the iPhone system imposes after a few wrong guesses.

Apple opposes the order, arguing that such software would amount to a security “backdoor” that would ultimately make iPhone users across the globe more vulnerable to information or identity theft. Both the ACLU and the Electronic Frontier Foundation have pledged to support Apple, saying that the government’s request endangers security and privacy.

From a technical perspective, making such software shouldn’t be difficult for Apple, experts say. But once created, it would be nearly impossible to contain, says Ajay Arora, CEO and co-founder of Vera, a startup that provides companies with encryption services.

“Imagine if that got into the wrong hands,” he says. “What they’re asking for is a God key — and once you get that, there’s no going back.”

The demands being made of Apple border on the bizarre, says Lee Tien, a staff attorney for the Electronic Frontier Foundation, a digital rights group. “Asking a technology company to make its security less secure is a crazy, stupid thing to do,” he says. “It’s like asking water not to be wet.”

The government’s best bet may be to argue that its request doesn’t actually create a backdoor, even if that’s how Apple characterizes the request, says Robert Cattanach, a former Justice Department attorney. But Apple is probably right to worry that a government win in this case will lead to broader requests down the road.

“If the court rules in favor of the government, then I think the stage has been set for the next step, which is, ‘Thanks for removing the auto-wipe. Now you need to help us defeat the code’,” Cattanach says. “If you’re the government, you’re going to ask for that.”

__

AP Technology Writers Brandon Bailey and Michael Liedtke in San Francisco contributed to this report.

http://www.theburningplatform.com/2016/02/18/question-of-the-day/

IMPORTANT, PLEASE REPOST: Apple Vows to Defend Its Customers as the FBI Launches a War on Privacy and Security, by Michael Krieger

In the interest of getting this important article as widely read as possible, it is posted in its entirety. There are numerous links to other Liberty Blitzkrieg articles in the original article. To access those links, clink the link at the end of the article and go directly to the original. From Michael Krieger at libertyblitzkrieg.com:

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

– From Apple CEO Tim Cook’s letter: A Message to Our Customers

I’ve spend most of the morning reading as much as possible about the explosive battle between the FBI and Apple over consumer rights to digital privacy and security. I came away with a refined sense of just how monumental this case is, as well as a tremendous amount of respect for Apple CEO Tim Cook for his public stance against the feds.

Before I get into the issue at hand, some background is necessary. The feds, and the FBI in particular, have been very vocal for a long time now about the desire to destroy strong encryption, i.e., the ability of citizens to communicate privately. A year ago, I wrote the following in the post, By Demanding Backdoors to Encryption, U.S. Government is Undermining Global Freedom and Security:

One of the biggest debates happening at the intersection of technology and privacy at the moment revolves around the U.S. government’s fear that the American peasantry may gain access to strong encryption in order to protect their private communications. Naturally, this isn’t something Big Brother wants to see, and the “solution” proposed by the status quo revolves around forcing technology companies to provide a way for the state to have access to all secure communications when they deem it necessary.

Many technology experts have come out strongly against this plan. Leaving aside the potential civil liberties implications of giving the lawless maniacs in political control such power, there’s the notion that if you create access for one group of entitled people, you weaken overall security. Not to mention the fact that if the U.S. claims the right to such privileged access, all other countries will demand the same in return, thus undermining global privacy rights and technology safeguards.

We are already seeing this play out in embarrassing fashion. Once again highlighting American hypocrisy and shortsightedness, as well as demonstrating that the U.S. government does’t actually stand for anything, other than the notion that “might means right.” Sad.

Here are a few other previously published articles on the topic:

The War on Encryption and Bitcoin – Nothing to Do with Terrorism, Everything to Do with State Control

Government is Lying – New Study Shows No Increase in Use of Encryption by Jihadists Since Snowden Revelations

War on Encryption: Highlighting Two Crucial Articles on the Latest NSA Revelations

With that out of the way, let’s turn our attention to the issue at hand. Specifically, how Tim Cook, CEO of Apple, threw down the gauntlet yesterday in a message to his customers. Here are a few critical excerpts:

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.

When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority. The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Indeed, as Edward Snowden noted on Twitter:

The @FBI is creating a world where citizens rely on #Apple to defend their rights, rather than the other way around. https://t.co/vdjB6CuB7k

— Edward Snowden (@Snowden) February 17, 2016

Tim Cook deserves tremendous credit for the courage to come out and so aggressively and publicly denounce what the FBI is trying to do. If he hadn’t decided to publicly challenge the court order and write a detailed treatise on precisely why, the American citizenry would be left completely in the dark. This would be an unethical and unacceptable position.

Second, this case could very well be headed up to higher courts. The greatest risk in these sorts of cases revolves around judicial ignorance when it comes to technology issues. The government knows all too well that most judges are clueless when it comes to tech, and that all they have to do is scaremonger with the word “terrorism” and judges will almost always default to the government position. Cook’s very public stance will at least shine some light on the issue and hopefully fuel robust, intelligent public debate which could inform judges ahead of being presented with technology related cases they don’t really understand.

I’d now like to share additional tidbits I discovered from various articles around the web on the topic. First, from Ars Technica:

“[The Department of Justice] went with the nuclear option,” Chris Soghoian, a technologist with the American Civil Liberties Union, told Ars.

Similarly, Ahmed Ghappour, a law professor at the University of California, Hastings, concurred.

“Here you have the government using a catch-all statute from the 18th century to compel a technology company to ‘assist’ law enforcement by designing custom software to backdoor an encrypted device,” he told Ars. “The ramifications of such a precedent could be tremendous. If the government can compel Apple to provide custom software, why can’t they compel Facebook to customize analytics that predicts the criminality of their user base?”

Now here’s what a member of Congress who actually understands technology had to say on the matter. From the Daily Dot:

A federal judge’s order directing Apple to help the FBI break into the San Bernardino shooter’s iPhone effectively “forces private-sector companies like Apple to be used as an arm of law enforcement,” one of the most prominent pro-encryption voices in Congress said Tuesday night.

Rep. Ted Lieu (D-Calif.), a Stanford University computer-science graduate, wondered where the use of the All Writs Act—on which the magistrate judge based her ruling—might lead.

Critics of the order argue that, based on its wording, all software companies could be forced to insert potentially harmful code into their products, because, as the government argued, “writing software code is not an unreasonable burden for a company that writes software code as part of its regular business.”

“Can courts compel Facebook to provide analytics of who might be a criminal?” Lieu said in an email to the Daily Dot. “Or Google to give a list of names of people who searched for the term ISIS? At what point does this stop?”

Recall, I’ve highlighted Rep. Lieu’s efforts in the past. See the post: This is What Happens When a Member of Congress Holds a Computer Science Degree (*Hint: Logic).

Moving along, the Obama administration is now coming out and claiming that it’s not looking for a backdoor. Reuters reports:

Feb 17 The court ruling ordering Apple Inc. to help unlock an iPhone belonging to one of the San Bernardino attackers represents just one case, the White House said on Wednesday, emphasizing that the U.S. Department of Justice is asking the tech giant for access to a single device.

In a briefing with reporters, White House spokesman Josh Earnest deferred to the Justice Department but said it’s important to recognize that the government is not asking Apple to redesign its product or “create a new backdoor to its products.”

But let’s revisit Tim Cook’s exact words. He wrote:

They have asked us to build a backdoor to the iPhone.

Given the fact the Obama administration is essentially calling Tim Cook a liar, I decided to initiate a Twitter poll (final results are not yet in, but it stands at 94% voting Tim Cook).

Poll Time: Tim Cook says the government is asking for a backdoor. Obama says it isn’t. Who’s telling the truth?

— Michael Krieger (@LibertyBlitz) February 17, 2016

Please share this post. It is monumentally important that as much of the public as possible (including judges) knows exactly what’s at stake here. Do we really want to sacrifice overall privacy and security in order to get information from one person’s phone?

Or what about the following question posed by cryptography professor Matthew Green:

If the US government dictating iPhone encryption design sounds ok to you, ask yourself how you’ll feel when China demands the same.

— Matthew Green (@matthew_d_green) February 17, 2016

These are enormous questions with tremendous implications. I just hope we as a society choose wisely.

In Liberty,
Michael Krieger

http://libertyblitzkrieg.com/2016/02/17/apple-vows-to-defend-its-customers-as-the-fbi-launches-a-war-on-privacy-and-security/

 

 

Technology Is a Mysterious Enemy to Politicians, by Lucy Steigerwald

From Lucy Steigerwald at antiwar.com:

The most recent Republican debate for the 2016 election was unsurprisingly dominated by the shadow of terrorism and war. The Paris attacks that killed more than 130 people, plus the 14 deaths in San Bernardino, California seem to have brought about a new-old sentiment among Republicans. The year is now somewhere between 2001 and 2005 again.

One thing that has changed since the height of Bush-and-Cheney paranoia? Technology. The Internet is our lives like it wasn’t in the pre-iPhone days. And with great dependence comes great(er) government-induced fear-mongering.

Encryption is often the big boogeyman, a sentiment which Ohio Gov. John Kasich expressed at the debate. As always, details of who used what to plan what terrorist attack never seem to matter so much as frightening hypotheticals. The NSA’s dragnet spying is vital. We are in danger every moment one legal justification for that program is down, and we must bring it back. So said Sen. Marco Rubio at the debate, a point that is generally echoed by every candidate on stage except for Sen. Rand Paul (and Sen. Ted Cruz on a good day).

These presidential candidates are pandering to the right, powerful people. Feds constantly say they cannot afford to “go dark.” Meaning, they need on-demand backdoor access to servers and mobile devices and cannot let technology leave them powerless to spy and snoop.

Apple and Google have responded to the question of how much they should oblige law enforcement by taking the decision out of their own hands altogether. Full device encryption is standard on all Apple and Android devices sold with the current operating systems. The keys for this encryption is stored locally and not held by Apple or Google. That’s one way to get around certain requests, and it is a way that ticks off many of the people who are dying to be the so-called leader of the free world.

Former Hewlett-Packer CEO Carly Fiorina spoke critically about tech at the debate as well. (She also he told the vaguest Tom Clancy novel plot summary of all time about the time she happily shared technology with the NSA, so they could more easily implement the STELLARWIND wiretapping.) She may be the most adamantly anti-technology, anti-Fourth Amendment of the Republican candidates, speaking about the PATRIOT Act not in terms of its horrible legacy, but in terms of something nice that needs a serious tune-up in 2015. In her mind, government’s job is to keep pace with each new method of communication, or new technological toy. The idea that anonymity has value has not occurred to her. Not when terrorists are out there. And companies shouldn’t need to be forced to comply, they should do it anyway.

Naturally, the idea that cyber-terrorists are a serious threat but also the government needs to be able to force backdoor access into devices is one that government officials can hold flawlessly in their compartmentalized minds. Even if the latter would make life much easier for any malevolent hacker. And even if law enforcement still has many other options when it comes to snooping out data and communications.

To continue reading: Technology Is a Mysterious Enemy to Politicians