Signaling Post-Snowden Era, New iPhone Locks Out N.S.A.
Source: NYT
WASHINGTON Devoted customers of Apple products these days worry about whether the new iPhone 6 will bend in their jean pockets. The National Security Agency and the nations law enforcement agencies have a different concern: that the smartphone is the first of a post-Snowden generation of equipment that will disrupt their investigative abilities.
The phone encrypts emails, photos and contacts based on a complex mathematical algorithm that uses a code created by, and unique to, the phones user and that Apple says it will not possess.
The result, the company is essentially saying, is that if Apple is sent a court order demanding that the contents of an iPhone 6 be provided to intelligence agencies or law enforcement, it will turn over gibberish, along with a note saying that to decode the phones emails, contacts and photos, investigators will have to break the code or get the code from the phones owner.
Breaking the code, according to an Apple technical guide, could take more than 5 1/2 years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers. (Computer security experts question that figure, because Apple does not fully realize how quickly the N.S.A. supercomputers can crack codes.)
Already the new phone has led to an eruption from the director of the F.B.I., James B. Comey. At a news conference on Thursday devoted largely to combating terror threats from the Islamic State, Mr. Comey said, What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law.
Read more: http://www.nytimes.com/2014/09/27/technology/iphone-locks-out-the-nsa-signaling-a-post-snowden-era-.html?hp&action=click&pgtype=Homepage&version=LedeSum&module=first-column-region®ion=top-news&WT.nav=top-news&_r=0
christx30
(6,241 posts)What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law.
When the law and law enforcement are corrupt and anti-Constitutional, holding oneself beyond the law is the only way of living your life without being snooped on 24 hours a day.
When I heard about this feature, I downloaded the iOS right away. I don't commit crimes, but nothing I do is anyone's business but my own.
billhicks76
(5,082 posts)Which is to stop terrorism. They are too busy being a traitorous tool waging war on the American people by spending all their time being chumps serving DEA interests to spying on our own politicians, judges and journalists to gain leverage for corporate greed or warmongering abroad and at home. I miss the days where there were real Americans in our government who stood up for freedom and whats right. They didn't always win but at least they were there.
christx30
(6,241 posts)billhicks76
(5,082 posts)True Detective anyone? Something is seriously wrong in America.
sendero
(28,552 posts).... what stupid ass motherfucker said that? It is the NSA who "held themselves beyond the law" and this is the consequence.
This country is drowning in STUPID.
Chemisse
(30,807 posts)Just the idea that NSA has some inherent right to your data is just wrong, and is the reason why this feature be popular.
whereisjustice
(2,941 posts)realize that it's the people who claim nothing in their life is worth protecting that are the most dangerous to stability and justice in the USA.
hueymahl
(2,470 posts)Needs to be repeated. A lot.
jwirr
(39,215 posts)Auggie
(31,156 posts)jwirr
(39,215 posts)Lurks Often
(5,455 posts)I think Apple is being honest in that they can't break the encryption, but I'm not buying the statements coming from the NSA. They've probably broken it already and can't wait for people to start using Apple products to plan crimes or terrorist attacks.
candelista
(1,986 posts)It might not take as long to crack the code as Apple thinks.
hueymahl
(2,470 posts)But it is not at a small cost to run those machines, and it still takes time, even if a few hours. That kind of delay forces them to act more law abiding, even if it is unintentional. They have to have a REALLY good reason to deploy those resources, vs. simply doing it to everyone whenever they want.
whereisjustice
(2,941 posts)But they will gather data on political figures in the US, monitor environmental groups, peace groups, etc. They can use this data to accumulate trends allowing those in power to protect their financial interests and investments in our political process. Ultimately this data will be fed downstream to FBI, TSA, state and local police departments. This data can be used to monitor whistle blowers, interfere with investigations into corruption, manipulate the stock market, etc.
Surveillance states are designed to protect the financial and political interests of a ruling class, in our case the oligarchy. Think of it as "net nanny" for the political elite.
For the most recent example of a ruling Oligarch - Koch
http://www.rollingstone.com/politics/news/inside-the-koch-brothers-toxic-empire-20140924
For the most recent example of a state declared enemy- Ray McGovern,
http://dissenter.firedoglake.com/2014/09/26/ray-mcgovern-triumphs-over-state-department/
AZ Progressive
(3,411 posts)would be able to crack current encryption methods. So it's just a matter of time...
marble falls
(57,063 posts)Mr. Comey said, What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law.
As opposed to an agency holding itself above the protections of the Bill of Rights?
drray23
(7,627 posts)Phone encryption has been available on androids for years already. The only thing apple did is make it the default option on their new phones. On the android you have to turn it on to encrypt the phone.
defacto7
(13,485 posts)Both Apple and Google have left themselves back doors into the phones to bypass lock codes and encryptions. Apple is the first to say that they have eliminated the back door and will not and cannot comply with requests to unlock the phones and disable the encryption.
seveneyes
(4,631 posts)No matter how fast you can run through the unique combinations of passwords, your input to the device is gated by the device you are hacking. If Apple says it would take 5.5 years to attack its gates, they could be correct.
candelista
(1,986 posts)blkmusclmachine
(16,149 posts)IDemo
(16,926 posts)I am quite impressed, Mr. Cook! That took courage, Zdziarski wrote in a blog post. But it does not mean that your data is beyond law enforcements reach.
Just after Apples announcement, Zdziarski confirmed with his own forensics software that he was still able to pull from a device running iOS 8 practically all of its third-party application datathat means sensitive content from Twitter, Facebook, Instagram, web browsers, and moreas well as photos and video. The attack he used impersonates a trusted computer to which a user has previously connected the phone; it takes advantage of the same mechanisms that allow users to siphon data off a device with programs like iTunes and iPhoto without entering the gadgets passcode.
http://www.wired.com/2014/09/apple-iphone-security/
candelista
(1,986 posts)Now the NSA has to do two things instead of one.
IDemo
(16,926 posts)And I'm guessing it is orders of magnitude easier for the Feds to locate a previously paired PC than to crack strong encryption, even with the NSA's hardware. It's false and misleading for Apple to push this as a driving point in their advertising and for the media to continue publishing it even after Zdziarski made his findings public.
candelista
(1,986 posts)They have computers that do a trillion calculations a second. Eventually they will crack any code.
Indydem
(2,642 posts)You can no longer perform updates or access sensitive data without first entering your passcode or using the Touch ID. I have personally experienced this over the last few days updating to ios8
IDemo
(16,926 posts)Oops...
Jonathan is also Sr. Forensic Scientist for viaForensics, a Chicago-based forensic consulting firm where, among other things, he performs penetration testing of iOS applications for corporate clients. Jonathan gets paid to hack things for a living.
http://www.oreilly.com/pub/au/1861
Indydem
(2,642 posts)"Zdziarski confirmed with his own forensics software"
Oh. Wait.
IDemo
(16,926 posts)And the legitimacy of his arguments goes straight to zero. You win. LOL.
billhicks76
(5,082 posts)The would have cameras and microphones installed in every room in your house and eventually put a chip in you and then claim its to protect you. I wish the worst for them all.
ahimsa
(426 posts).. under Settings/General/Siri, there is now an option to Allow "Hey Siri".
Anytime you feel the urge, you can just say "Hey Siri" and Siri will respond. Your phone is clearly constantly listening to everything going on around it - what I wonder is if it is ignoring everything until it hears "Hey Siri" and whether when you turn that setting off, it's still listening and just ignoring you when you say "Hey Siri" or if it no longer listens. It is a little disconcerting after trying this out for a while.
billhicks76
(5,082 posts)Idiot fools used to say we were paranoid conspiracy theorists when we pointed this out. At this point I want to smack all those people or worse. I remember reading in the paper about a drug case in Montreal regarding the Hell's Angels...they got busted because the DEA was activating the microphones on their cell phones and listening in 2002...and they can make the phone appear off if you turned it off when they activate it back on. This is called an ambient tap and the reason we gave immunity to the telecoms(which Obama not only didn't filibuster as promised but reversed himself in the most disgusting flip flop Ive ever seen and voted for it) was because they were charging a nominal fee for these ambient taps beginning in 2002 or perhaps earlier. It was $250 for an ambient tap, $100 for a wiretap, $50 for all your texts, $20 for your GPS locations mapped out and $10 for a pen register...this varied slightly between AT&T, Sprint, Verizon etc. All of this is now stored like Facebook admitted to as a company who does the same thing through their mobile App if you're dumb enough to download it. The ambient taps can be sent over the airwaves without direct possession of your phone by law enforcement which does nothing to stop terrorism (most of which they create anyway to justify their budgets) but, rather, is used to fleece average Americans in the DRUG WAR who have been criminalized for using marijuana mostly and in more liberal parts of the country those who sell it. These people are scum...anyone who sits their listening to your private conversations or opening up your mail for non-violent crimes is a bad person with no morals. This is EXACTLY what the first American Revolution was fought over and our Founding Fathers foresaw these type of human filth trying to seize power this way and created our hallowed Constitution to prevent it. A guy like Comey whining like a little baby not having these tools any longer just reinforces what piece of crap criminal he and his ilk are. It isn't about Democrat vs Republican on this so any Democrats who excuse this because OUR guy is President is not only a dimwit but actively working against a free society.
ahimsa
(426 posts).. with this article. It implies that only iPhone 6s have this level of security when I believe it is any iPhone that updates to iOS 8. Second, it uses this example of how hard it would be to crack the user's passcode:
I believe by default iPhones ask for a 4 digit passcode unless you change the settings to allow a longer one. I think every iPhone user should set that setting even if they still use a 4 digit passcode because then someone trying to break it won't know how many characters to guess. It does require an extra keystroke to log in though.
Ash_F
(5,861 posts)Too bad democrats don't have anybody high up in the executive that could clean house of these vermin.
Oh wait.
defacto7
(13,485 posts)is way over rated. The only algorithms that are truly exceptional are illegal. There are several good crypts but they're well known.
When they say a 6 character password, that is when the bull shit flag goes up. If you use AES256 with 4096 bit encryption which is quite a strong common routine and you have less than a 10 character pass-code made up of words it would take maybe a couple minutes to decode with an excellent device and the right software. If you use a 10 character pass with upper and lower case, numbers and one non-alphanumeric character and no words, it would probably take 2 to 5 years to decode. 11 characters - about 350 years..., 12 characters - thousands of years... 13 characters... probably longer than the age of the known universe with todays technology. These are pretty safe guesses, they are not actual. Technology changes too fast for accurate figures of this nature but the scenario is not getting harder than this, it's getting easier.
The thing to take from this is that passwords of less than 12 characters using the above character form are vulnerable. It would take considerably less time with a supercomputer....
but 6 characters? my ass.
candelista
(1,986 posts)They have machines that can do one trillion calculations per second.
defacto7
(13,485 posts)It was definitely part of the argument. My argument is with a 6 character passcode. The more characters and the more diverse the better the chances are of keeping out intrusion. But supercomputers and the NSA are kind of unnecessary for the argument. They just make my point even more pertinent. BTW, I can see the new NSA building from the roof of my house. My proximity to it makes the details, shall I say... clearer.
Indydem
(2,642 posts)This isn't an interface where you can try 1 million brute force attacks a minute. It is a hand-entered touch interface that has a cool off period after 5 failed attempts that then needs 1 minute to try again.
It doesn't matter how awesome your cracking software is, the data is sealed behind the passcode, which is not hack able.
defacto7
(13,485 posts)And I know how unrealistic it is to put that kind of faith in a 6 character passcode.
Cha
(297,029 posts)"Athletes and spectators attending the Winter Olympics in Sochi in February will face some of the most invasive and systematic spying and surveillance in the history of the Games, documents shared with the Guardian show.
Russia's powerful FSB security service plans to ensure that no communication by competitors or spectators goes unmonitored during the event, according to a dossier compiled by a team of Russian investigative journalists looking into preparations for the 2014 Games."
More..
http://www.theguardian.com/world/2013/oct/06/russia-monitor-communications-sochi-winter-olympics
Response to candelista (Original post)
Name removed Message auto-removed
father founding
(619 posts)James B. Comey knows that there is a nation of people who hold themselves beyond the law, because he takes his orders from them.
Calista241
(5,586 posts)could order your to unlock your phone. I would think there are ways to "fake" your thumbprint as well.
defacto7
(13,485 posts)I may at least begin to research their ability to identify. But so far... I have no reason to do so. Using the Internet is a chance we all take. It's good there is work being done to protect our anonymity but complete safety does not exist at the present. All we can do is be as vigilant as we want to be with what we have to work with. Unfortunately, most people are so wide open it just makes the getting easier. Company hype spreading misinformation about computer product safety just makes the Internet a place where people blithely skip along in ignorance and faith in a mythical product. That doesn't help.
hughee99
(16,113 posts)I'm doubtful that Apple believes it either, but what else are they supposed to say.