Apple Will Seal Up Law Enforcement’s Favorite iPhone Cracking Method

[westrock2000]

Apple is one of the few tech giants that doesn’t sell user data. They collect non identifiable usage and diagnostic data but they do not share or sell it with 3’rd parties.

Yep, would like to see some proof from people who say Apple is just as bad (or worse) than Google.

 

[Mike89]

Rights to privacy? Sooooo,...it's okay for all these major corporations to gather and sell our personal data, but gawd forbid the police get their hands on it. Got to scratch my head on that one.

Wait,..so what is being said is you want the police to pay for the data, just like all the rest of the coporations do? Is that a fair summation?

Just trying to get a handle on why Apple, Microsoft, Google, and social site of your choice, and even VPN companies it is okay for them to take our data and do what they want with it, but if the police want access to that very same data,...then everyone gets up in arms. Just good old fashion double standards at play or pure simple hypocrisy?

Pretty sure you do not have a leg to stand on if you are screaming "my right to privacy is being violated" as it pertains to the police, while waving a smart phone in the air. The again, it makes for good memes.

My thoughts exactly. To some, the police are the bad guys, not Apple, big corp or anyone else who wants your data. Data is money which rules everything else or can be used by the nefarious to commit crimes. But if the cops need it in the commission of a crime, everyone shouts foul. We all know that the first thing a police officer does when writing you a ticket is ask for your cellphone so he can check out your private stuff. I guess some think in those situations where the police need your data for something, the first thing they do is broadcast the info over the radio or sell it back to Google (that's funny cause Google already had it to begin with). My data on my cellphone is private. I have no problems with the police having access to it in the investigation of a crime (of course if I was a criminal, I sure wouldn't feel that way). I do have problems with big corp collecting and making money off my data. I guess it's just where your head happens to be. Terrorists will insist their data should be private too. I don't agree. Those terrorists better hope that their crimes don't involve copyright infringement cause then all gloves are off and big corp and the police will gang up on your ass quick. See how private your data is if you get caught selling bootleg CDs at the fleamart. I'll wager not as safe as someone blowing up a building downtown. Anyone owns a cellphone, any interested party knows where you are, where you are going, when you will be there and who you are doing it with. Yet these same people scream when anyone wants to know what dirty words you are saying to your girlfriend on your cellphone or any other useless and worthless data you have stored on it. Just because you have your principles right? Keep on keeping on privacy dudes, your head is in the clouds along with your data.

 

[aaronspink]

And as I argued previously, an engineered solution. Thank You.

I can't say that this is the best solution, I just refuse to believe that we can't find one that satisfies our needs and our rights.

No it isn't an engineered solution, it is a massive security flaw big enough to drive a nation through. There is nothing new in that piece. It has every problem that every key escrow idea has ever had going all the way back to clipper. It is a horrible idea for anyone at all concerned with security.

 

[aaronspink]

I know this is what some people believe, that they want perfect security and privacy. And as this man said in his article, the government isn't going to allow it, and frankly, I don't think most people even want that even though you might, and you might even think represent a majority. We all know that security is a balancing act, that we have to balance our needs with our privacy and security.

As I have said in the past, this debate will only go one way. That this guy in Jim Kim's article recognizes this is true should have some of you reconsider. If industry doesn't provide a good solution the government is going to come up with their own. I work with the government and I know how well they do things, I'd rather have guys like this dude help work it out instead of hoping that the government will get lucky and get it right.

We need something better than what we have now.

But that isn't a good solution. It isn't even a new solution. In fact, it is a super shitty single point of failure crappy ass key escrow system that isn't even at the 2 year old level. That solution was looked at over 20+ years ago and soundly rejected by everyone.

Hell, calling it key escrow is being nice because it completely lacks any development of key escrow over the past 20+ years. Ray Ozzie knows jack all about crypto OR historical issues with key escrow, he has proposed a somewhat amorphous plan that doesn't actually solve any problems.

 

[Usual_suspect]

Tell me, exactly what data did we give consent to, for those corporations to benefit from? How can anyone yell about "rights to privacy" when the police want access to data, yet we grant access to everything in our lives to corporations?


If the police need something off my phone in order to aid in an investigation, I will be happy to give it to them. At least I will be able to get a clue as to what data they are looking for. Try that with any number of corporations.

As soon as you create a Google account, or decide to install Windows 10 you’re giving your consent. Google openly admits to data collection, same as Microsoft. That’s an action you willingly do to use a service, it’s different if the authorities start accusing you of something without proof and need access to your stuff which no intelligent person would willingly do regardless of if they think their innocent or not.

If you think everyone in a law enforcement position can be trusted then I don’t know what to tell you but there’s a reason people complain about the government having easy access to their data while they don’t mind Google doing it; one uses it for money the other uses it to incriminate you.

I’m also willing to help out local law enforcement, but would I willingly hand over my property to do so? No.

 

[BSmith]

As soon as you create a Google account, or decide to install Windows 10 you’re giving your consent. Google openly admits to data collection, same as Microsoft. That’s an action you willingly do to use a service, it’s different if the authorities start accusing you of something without proof and need access to your stuff which no intelligent person would willingly do regardless of if they think their innocent or not.

If you think everyone in a law enforcement position can be trusted then I don’t know what to tell you but there’s a reason people complain about the government having easy access to their data while they don’t mind Google doing it; one uses it for money the other uses it to incriminate you.

I’m also willing to help out local law enforcement, but would I willingly hand over my property to do so? No.

Now, specifically what data does Microsoft or Google take? Do you know, for certain, how all that data is used?

You really trust Google or Microsoft?

If I had a smart phone, nothing I would have on it would incriminate me. No way of knowing how many fingers are in that data pie. I certainly trust police more than Google or Microsoft, or any of the other companies who gleefully steal from me and never tell me what they are stealing.

It is akin to trusting a pick pocket to only take the pennies and not the quarters from your pocket and not telling you exactly what was taken. How can you trust any company that does that?

 

[lcpiper]

But that isn't a good solution. It isn't even a new solution. In fact, it is a super shitty single point of failure crappy ass key escrow system that isn't even at the 2 year old level. That solution was looked at over 20+ years ago and soundly rejected by everyone.

Hell, calling it key escrow is being nice because it completely lacks any development of key escrow over the past 20+ years. Ray Ozzie knows jack all about crypto OR historical issues with key escrow, he has proposed a somewhat amorphous plan that doesn't actually solve any problems.

I'm not a cybersecurity expert who get's called to big meetings of professionals in the field so if you say this is a crappy solution I'll just take your word for it

The way I see it, if Ray Ozzie's proposal has merit and can work, other people will give it the time it deserves. My entire point is that at least someone is trying to come up with a real solution to a real problem.

Now if you don't agree with me that it's a problem, if you think my crystal ball is fucked up and the wind isn't blowing the way I say it is, fine with me. You are free to have your own views and opinions as well. I'm content to let events happen and we'll all see for ourselves and maybe I'll be eating crow and maybe some people will say "Damn that dude was right".

Time will tell.

 

[pcgeekesq]

I worked enough with the guys in Intel's failure analysis team to know that no information stored on a typical electronic device is secure. These guys were experts at de-packaging and stripping layers off of IC's and reading out the data stored in non-volatile memory using (if I remember right) electron beams. For real security, you need tamper-resistant devices that destroy themselves if they are accessed, and yes, they do exist outside the movies.

Consumer electronics are generally too inexpensive to incorporate any real security. Paper is better, if nothing else because you can shred it and throw it in the blender with some water and be sure that the information on it is really irrecoverably gone ... just don't have it out around a web, cellphone, or security camera of any kind, unless you've taped over the lens.