FBI Director Tries to Calm Down Everyone Freaking Out About Apple

Comments

1
scalia's rotting corpse should cast the deciding vote from hell.
2
I am wondering why the FBI cannot serve a search warrant upon Apple to get into the phone. It seems that there is probable cause to believe that the phone records contain evidence.
3
Fuck running dog Comey - - if he's so concerned with National Security he can get his ass into the US military - - a novel change for his ilk!

The last person with any credibility is James Comey, uber neocon appointment of Obama!
4
@1, oddly enough, I think he would side with Apple.
5
Not sure why, but I trust Apple more than I trust the FBI. And I don't really trust Apple, so, FBI… no.
6
let's just ignore that the FBI fucked this all up then blamed the locals:
http://gizmodo.com/san-bernardino-county…
7
Billions of dollars in cyber security later, I'm not sure why the FBI can't hack a phone.
8
Some brilliant marketing there Apple. While you're pushing the conscience angle, consider addressing your horrible labor practices as well.
9
It most definitely is about setting a precedent, and to those who have bothered to read the leaked portions of the Trans-Pacific Partnership will understand what I mean when I state that if this goes through, next multinationals will have the power to petition for the same exact bullcrap!

But --- could this have something to do with it as well?

Dispatcher: Reference that name, I believe one of the Xray guys was working that name up for something last week. I'll have to check.

https://www.youtube.com/watch?feature=pl…
10
Lavabit's mistake was in having the SSL keys in the first place. Startpage has already built the new encrypted email system without SSL keys, preventing any government from demanding they decrypt their data. Lavabit was never as example of governmental overreach. It was an example of poorly designed encryption. We had better back then, and we use that "better" now.
11
How many iPhones were fired at the victims?
12
Republicans are lining up to waterboard Tim Cook.
13
And would you trust anything about the present government?

http://www.buzzfeed.com/mikegiglio/ameri…
14
An interesting item to pay close attention to:

http://arstechnica.com/tech-policy/2016/…

In other words, if the FBI is planning to have Apple perform a physical extraction of this extra data, then they are forcing Apple to create this backdoor tool for a separate reason, as it is completely unnecessary if Apple will be forced to extract the contents of the device in the end. It would also mean that they’re hiding all of this extra work from both the courts and from Apple, possibly because the combination of the two [All Writs Act] orders would have constituted "unreasonable" assistance in the court’s view. It completely modifies the purpose of the first order as well; we’ve now gone from having a single tool with a very specific purpose to having two separate tools to create a modular platform for FBI to use (via the courts) as each piece becomes needed.
15
FBI intends to use a brute force password crack, which is easily defeated: https://theintercept.com/2016/02/18/pass…

Secure products won't be gone forever, but the companies that make them will move out of the USA.
16
@2 - They can't 'serve a warrant' because the type of encryption Apple set up on iPhones is literally impossible to reverse or crack by Apple. Apple does not hold the keys, so no warrant could obtain any keys.

The FBI is trying to get Apple to remotely install a new version of the operating system (iOS) that doesn't slow down repeated guess attempts on the 4-digit lock screen passcode. Currently, the iOS adds a chunk of time between each guess, so that by the time you are up to 100 guesses, you have to wait many minutes or hours until the next guess opportunity.

--

Let's not forget, people, that the FBI already has access to the NSA's "XKeyscore", their "widest reaching" collection system. They can review anything they want from the global data Hoovering that's going on. They don't *need* a backdoor/special access to this iPhone, not really, they just want the legal precedent to force US companies to do what they want.
17
@16 - since a 4-digit passcode represents 10,000 possible passcodes, manually trying each one will take awhile anyway, but with a gradually increasing wait time between each guess, it will take an intractable amount of time to go through all of them. The FBI wants special access to circumvent the "gradually increasing wait time."

Of course, once that it granted, then hackers or repressive regimes or others will eventually find it and take advantage of that themselves. Or they will just force Apple to bend to their will as well (eg. Blackberry compromising to Saudi Arabia).
18
@10 - If you are talking about StartMail, they use SSL for transport security as well so there is always a danger those keys could be given to authorities. They do offer a PGP encryption method on top of that but they store your key pair on their servers as well so it's no better. Sounds like they'd give up your keys to the Dutch government.
19
@18, the creators of StartMail publicly announced they don't keep the SSL keys. Only the sender and recipient have them. Katherine Austin Fitts loves talking about it in interviews. I'm sure you can find one or two online.
20
@19 - When you say SSL keys, that is generally interpreted as the RSA private key identify of the server. SmartMail MUST always hold those key for their servers and they'd be in the same position as Lavabit if the government came for those. The symmetric key material that results at the end of the SSL connection will be temporary, sure, but if the RSA private key is known, all that encrypted traffic between the server and web client could be decrypted.

SmartMail does offer to integrate a layer of PGP encryption underneath SSL but that isn't anything new. If I gave you my secret PGP key today, you'd be able to send me a message that only I could decrypt regardless of which email service we used.

I read their whitepaper because you piqued my interest but there is nothing special with their security that puts them out of reach of the government looking for private key material.

https://www.startmail.com/documents/whit…
21
Something is screwy with that white paper. While JS may not be ideal for encryption, Java is (which is why programs like Azureus use it to mask torrenting traffic). The claims about technology made in that paper were wrong for 2014, not to mention today.
22
They should get Fox to do it, then once he catches the Joker, Fox enters his name and the whole data center just blows up.