Comments

1
scalia's rotting corpse should cast the deciding vote from hell.
2
I am wondering why the FBI cannot serve a search warrant upon Apple to get into the phone. It seems that there is probable cause to believe that the phone records contain evidence.
4
@1, oddly enough, I think he would side with Apple.
5
Not sure why, but I trust Apple more than I trust the FBI. And I don't really trust Apple, so, FBI… no.
6
let's just ignore that the FBI fucked this all up then blamed the locals:
http://gizmodo.com/san-bernardino-county…
7
Billions of dollars in cyber security later, I'm not sure why the FBI can't hack a phone.
8
Some brilliant marketing there Apple. While you're pushing the conscience angle, consider addressing your horrible labor practices as well.
10
Lavabit's mistake was in having the SSL keys in the first place. Startpage has already built the new encrypted email system without SSL keys, preventing any government from demanding they decrypt their data. Lavabit was never as example of governmental overreach. It was an example of poorly designed encryption. We had better back then, and we use that "better" now.
11
How many iPhones were fired at the victims?
12
Republicans are lining up to waterboard Tim Cook.
15
FBI intends to use a brute force password crack, which is easily defeated: https://theintercept.com/2016/02/18/pass…

Secure products won't be gone forever, but the companies that make them will move out of the USA.
16
@2 - They can't 'serve a warrant' because the type of encryption Apple set up on iPhones is literally impossible to reverse or crack by Apple. Apple does not hold the keys, so no warrant could obtain any keys.

The FBI is trying to get Apple to remotely install a new version of the operating system (iOS) that doesn't slow down repeated guess attempts on the 4-digit lock screen passcode. Currently, the iOS adds a chunk of time between each guess, so that by the time you are up to 100 guesses, you have to wait many minutes or hours until the next guess opportunity.

--

Let's not forget, people, that the FBI already has access to the NSA's "XKeyscore", their "widest reaching" collection system. They can review anything they want from the global data Hoovering that's going on. They don't *need* a backdoor/special access to this iPhone, not really, they just want the legal precedent to force US companies to do what they want.
17
@16 - since a 4-digit passcode represents 10,000 possible passcodes, manually trying each one will take awhile anyway, but with a gradually increasing wait time between each guess, it will take an intractable amount of time to go through all of them. The FBI wants special access to circumvent the "gradually increasing wait time."

Of course, once that it granted, then hackers or repressive regimes or others will eventually find it and take advantage of that themselves. Or they will just force Apple to bend to their will as well (eg. Blackberry compromising to Saudi Arabia).
18
@10 - If you are talking about StartMail, they use SSL for transport security as well so there is always a danger those keys could be given to authorities. They do offer a PGP encryption method on top of that but they store your key pair on their servers as well so it's no better. Sounds like they'd give up your keys to the Dutch government.
19
@18, the creators of StartMail publicly announced they don't keep the SSL keys. Only the sender and recipient have them. Katherine Austin Fitts loves talking about it in interviews. I'm sure you can find one or two online.
20
@19 - When you say SSL keys, that is generally interpreted as the RSA private key identify of the server. SmartMail MUST always hold those key for their servers and they'd be in the same position as Lavabit if the government came for those. The symmetric key material that results at the end of the SSL connection will be temporary, sure, but if the RSA private key is known, all that encrypted traffic between the server and web client could be decrypted.

SmartMail does offer to integrate a layer of PGP encryption underneath SSL but that isn't anything new. If I gave you my secret PGP key today, you'd be able to send me a message that only I could decrypt regardless of which email service we used.

I read their whitepaper because you piqued my interest but there is nothing special with their security that puts them out of reach of the government looking for private key material.

https://www.startmail.com/documents/whit…
21
Something is screwy with that white paper. While JS may not be ideal for encryption, Java is (which is why programs like Azureus use it to mask torrenting traffic). The claims about technology made in that paper were wrong for 2014, not to mention today.
22
They should get Fox to do it, then once he catches the Joker, Fox enters his name and the whole data center just blows up.

Please wait...

Comments are closed.

Commenting on this item is available only to members of the site. You can sign in here or create an account here.


Add a comment
Preview

By posting this comment, you are agreeing to our Terms of Use.