Encryption Showdown? FBI Can’t Get into Texas Church Shooter’s Phone

I'm sorry, but you're wrong. You want Apple to engineer a backdoor into the software. That is, at best, security through obscurity, because if Apple can unlock a random iPhone, then either anyone can unlock it or, if it requires some special key or S/w that only apple has, it's only a matter of time before the NSA gets someone inside of apple with access to said key and they steal it.

And if i"m wrong, fine, when you come up with a bullet proof way to do this that not only can't be stolen or ever be exploited by the government or criminals and we are certain that it's existence can't be abused by way of the courts (FISA or otherwise), then we can talk. But I don't believe you'll even be able to do the former, and I'm certain you can't ensure the against the latter, because FISA is just a machine with rubber stamp. Sure it didn't work a couple of times, but no machine has 100% up time.

You guys have heard my arguments on this and most are unswayed, if someone new wants to see them, the search tool is their friend.

You have also heard my predictions and seem unswayed so we will see. We will see.
 
I'm sure any person going around killing other people is a terrorist. They don't have to be brown.
In our eyes yes, but name one white person labeled a terrorist by the media in the US?
 
Last edited:
In our eyes yes, but name one white person labeled a terrorist by the media in the US?
White people aren't terrorists. They're lone gunmen of mentally disturbed, with one exception: if they're Muslim, then being loner, depressed/mentally disturbed is irrelevant, because they're a terrorist.
 
I'll distill it all down to a very simple statement.

The US Government will not allow a situation to stand where encryption is a golden bullet that prevents data access when warranted by law and the constitution.

I'll boil it down to this simple statement: Encryption is math, and math doesn't give a fuck about laws.

You can legislate that 2+2=5 all day long but quite frankly math just doesn't care. The algorithms for secure crypto are well published and out in public. The genie is out of the bottle. If I feel like doing elliptic curve mathematics then I will. If the govt. can't figure my mathematics out, well, tough cookies for them.

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 .... coming straight at ya!



I refuse to accept that it's impossible to engineer a secure means to access encrypted data. I just don't believe it and I won't ever accept it. It's like saying we are all too fucking stupid to figure it out. Furthermore, I think those that stand on this claim just don't want it. That alone is fine with me, but ffs have the balls to stand behind your decision instead of pawning it off as impossible.
Most computer scientists and cryptographers disagree. A backdoor is a weakness. Weaknesses get exploited. Period. Hell the NSA should know this from it's own Clipper chip: https://en.wikipedia.org/wiki/Clipper_chip

Here's the relevant parts:
The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency as an encryption device .... with a built-in backdoor....It was part of a Clinton Administration program to “allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions"....In 1994, Matt Blaze published the paper Protocol Failure in the Escrowed Encryption Standard....This would allow the Clipper chip to be used as an encryption device, while disabling the key escrow capability. In 1995 Yair Frankel and Moti Yung published another attack which is inherent to the design and which shows that the key escrow device tracking and authenticating capability (namely, the LEAF) of one device, can be attached to messages coming from another device and will nevertheless be received, thus bypassing the escrow in real time. In 1997, a group of leading cryptographers published a paper, "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption", analyzing the architectural vulnerabilities of implementing key escrow systems in general, including but not limited to the Clipper chip Skipjack protocol.​



I personally don't care since I have nothing to hide on my phone. Not the brightest to have stuff like that on your phone to begin with really.....

Cool, can I have your phone and post anything that I find on it to this forum and twitter?
 
Last edited:
I'll boil it down to this simple statement: Encryption is math, and math doesn't give a fuck about laws.

You can legislate that 2+2=5 all day long but quite frankly math just doesn't care. The algorithms for secure crypto are well published and out in public. The genie is out of the bottle. If I feel like doing elliptic curve mathematics then I will. If the govt. can't figure my mathematics out, well, tough cookies for them.

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 .... coming straight at ya!




Most computer scientists and cryptographers disagree. A backdoor is a weakness. Weaknesses get exploited. Period. Hell the NSA should know this from it's own Clipper chip: https://en.wikipedia.org/wiki/Clipper_chip

Here's the relevant parts:
The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency as an encryption device .... with a built-in backdoor....It was part of a Clinton Administration program to “allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions"....In 1994, Matt Blaze published the paper Protocol Failure in the Escrowed Encryption Standard....This would allow the Clipper chip to be used as an encryption device, while disabling the key escrow capability. In 1995 Yair Frankel and Moti Yung published another attack which is inherent to the design and which shows that the key escrow device tracking and authenticating capability (namely, the LEAF) of one device, can be attached to messages coming from another device and will nevertheless be received, thus bypassing the escrow in real time. In 1997, a group of leading cryptographers published a paper, "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption", analyzing the architectural vulnerabilities of implementing key escrow systems in general, including but not limited to the Clipper chip Skipjack protocol.​





Cool, can I have your phone and post anything that I find on it to this forum and twitter?
Like I said, I don't have really much on my phone.
Should the government be allowed to access it? If i have committed a crime that the phone could have more evidence? Then that becomes evidence.
If I am the usual casual citizen and have done nothing, then no.
 
What about a hummer with a .50 cal belt fed machine gun? The gov't has those. Can I have one? Or how about a Javelin rocket launcher, those are pretty cool, I could see that being handy during an oppressive gov't take over. I'm obtaining my pilots license right now, can I attach a 5 barrel gatling gun to it though? Those seem to work well on our oppressive gov't airplanes. What about nukes. The gov't as nukes. Can I have a nuke?

Assault rifles are fine. *But but what about nuclear bombs??!!!!!*

God I love the good faith arguments on the internet
 
Hmm, I wonder why the vegas shooter didnt make his own guns.... couldnt possibly be due to convenience. I wonder if he would have armed himself with .50 cals if it was convenient. I wonder what the body count would have been knowing each round fired would eviscerate anything it hits. Oh well, I suppose it could have been worse, just like the next one will be.
It's a lot more convenient to buy something already made and manufactured than it is to make it yourself in practically all cases.
Can you make your own car? Can you build your own house? Can you sow your own clothes? The answer is yes, with the skill, know-how and time you can do anything.
What i'm saying is that no matter what laws you make, someone with enough time and energy on their own can build weapons, that includes nukes.
With the advent of 3d printers, making your own gun has become as simple as downloading a design and printing. The genie is already out of the bottle on that one. https://3dprint.com/73842/download-3d-printed-gun/
This means no matter what, no amount of legislation will ever be useful in blocking people from getting a hold of guns. In addition, criminals won't give a crap about laws restricting them from getting weapons. This has been proven true in every country that makes guns illegal. Did you know in mexico guns are illegal to own? Guess who still has them? Cartels.
Widespread distribution of guns has been around for at least 150 years. Back in the 20s you could buy a machine gun. Do you think crime has gotten worse since then that more legislation is needed?

Guns has always been a red herring with no correlation with gun ownership to crime. The data from homicides, guns or otherwise, doesn't match the idea that it's getting worse.
 
While not directly related to this phone situation with the Texas shooter but related in a manner respecting security and stuff nobody is supposed to be able to access or be able to make use of aka only one type or authorized user has access.

Now, the reason I mention it is because as most of know from being around here and interested in tech there's been a big brouhaha the past few months about the Intel Management Engine which is an entire operating system environment (apparently it's MINIX as recently discovered) buried inside every Intel processor that's been made since the 1st generation Core processors (not the Core Duo, Core 2 Duo, or Core 2 Quad line from years ago but the very next processors in the lineup known simply as Core with designations like i3, i5, i7, etc).

The IME runs at a level that's well below anything else on the hardware (Ring -3 apparently) so it's been understood to not be accessible by any software running on the machine, untouchable by the end user in any way, shape, or form. It is a self-contained OS with complete and total hardware access to networking, USB, and everything else and as long as the machine has powered applied to it - it can be physically turned off but if there's power being supplied to the PSU and that feeds the motherboard (as most modern ATX power supplies do) then the IME will be functional and it can be accessed over a network connection without the end user ever being aware.

The idea was to be able to provide management (aka the people that own the computers) a way to be able to access it using the Intel Management software (System Admins, etc) to perform typical management duties for fleets of machines without the need to be directly at the machines themselves. It's been in use for many years now but only recently has it become targeted as a potential vector for hacking from the outside but also the privacy concerns it presents if someone was able to gain access and really fully understand how it works completely. Intel of course has been silent on it for the most part, they do NOT publish documentation about it, they don't talk about it, and basically do everything they can to deny it even exists in the manner in which it obviously does.

Having said all that, and because earlier in the thread the idea was brought up that a security technology is only as good as being secure to the end user or to the owner of the device or the hardware and only that owner, in any other situation where someone else has access to the same device or hardware means it's compromised, it's not secure in any manner whatsoever and therefore it's exploitable.

The idea is that if a smartphone manufacturer is forced to break into a device they manufactured to be secure and they legitimately have the ability to break into the device then it was never secure to begin with.

So why do I mention all this? Because Intel is probably having a massive shit-fit right now - someone cracked the IME wide open yesterday, gained complete total access to the MINIX subsystem that is the heart of the IME, and they did it over a USB connection so this means - at some point soon - we'll probably see a whole shitload of new exploits if these researchers that got into the IME decide to publish their methodology and it could theoretically be done with just a USB stick.

Here's the announcement:


To put this in somewhat easy to understand terms, the running joke for decades now is that if you have root access to a computer's OS you are "God in most respects, which in some small way is true but that only means you have "God-like" abilities with respect to the software on the storage media, the operating system itself, and that's about it.

This backdoor into the IME is truly "God" level access to everything, including the hardware itself where you could legitimately insert code of your own that would run at the same level, never be noticeable by the end user, never capable of being erased with just a format of the storage, tap into the network hardware on a level that can't be noticed, insert data into said network hardware as some form of beacon (sorta like a CompuTrace/LowJack circuit which operates at a level even CompuTrace/LowJack wouldn't be able to notice or remove that functionality entirely), and a whole huge long list of other things.

This is not a good thing, and it goes right along with what I and many others have been saying in direct relation to the smarpthone encryption issue: if an exploit exists, if there's a back door in the code or the hardware, if there's a way in period sooner or later someone is going to find it 'cause we Humans are a pretty creative bunch. :D
 
Timothy McVeigh? Terry Nichols? Ted Kachzinsky?
Not sure that any of them were labeled terrorists. Certainly don't recall the Unibomber being called a terrorist (but maybe I've just forgotten). That said, maybe they did call Tim a terrorist, since initial reports implied it may have been Muslim terrorists.
 
If the IME software and drivers are uninstalled, will the IME still work?
 
Not sure that any of them were labeled terrorists.

I did a search for "mcveigh terrorist" and the first 4 hits:

https://en.wikipedia.org/wiki/Timothy_McVeigh

http://www.businessinsider.com/20-y...ains-the-only-terrorist-executed-by-us-2015-4

https://www.biography.com/people/timothy-mcveigh-507562

http://www.history.com/topics/oklahoma-city-bombing

The Oklahoma incident has always been classified as a terrorist attack and since McVeigh was the primary architect it stands to reason he would be classified as such and called as such in pretty much every instance of discussing him.

Right? As for Nichols, he was a lackey of McVeigh without the same level of conviction to the task at hand but still he's labeled and classified as a terrorist as well to this day. Kaczynski on the other hand was also considered and classified as a domestic terrorist:

https://en.wikipedia.org/wiki/Ted_Kaczynski

https://www.biography.com/people/ted-kaczynski-578450

So yeah, terrorists by definition: they committed acts that were meant to destroy, kill, and disrupt the regular flow of life and society, to terrorize it to the highest degrees they were capable of.
 
If the IME software and drivers are uninstalled, will the IME still work?

I don't want to derail this thread (maybe I should have posted that info elsewhere but it seemed somewhat relevant considering), but the IME has nothing to do with drivers or software, it operates at a level so far below your ability to touch it that it's difficult to make most people understand it let alone how significantly bad this newly discovered way into it actually is. This link over at the EFF can provide more info:

https://www.eff.org/deeplinks/2017/...security-hazard-and-users-need-way-disable-it
 
What I dont understand is why their is all this cry for backdooring encryption when it can and has been broken in the past? The FBI was in this same situation a few years back and paid Celebrite to break into it. So, it can be done and we know it can be done. Its just law enforcement wanting to be lazy. Also, If you dont want to pay for it you know the talent is out their and you being FBI surely have the ability to hire people that can do it. And if you cant then you have to ask yourself why that is. Such stupidity and shortsightedness drives me insane
 
Why do you need to put a regulation on an AR-15?

I specifically mentioned the AR-15 because it is the "most popular rifle in America" with 8 million sold and also the weapon of choice for Sutherland Springs, Las Vegas, Orlando, San Bernadino, Aurora, and Newtown shootings. Because all of these shooters had the "copy cat" mentality of using these same weapons, why not examine them side by side. I feel if there was a more thorough background check when these rifles are purchased, you can build a data base of the purchasers traits and similarities. When another mass shooting happens using a AR-15 you can examine the similarities and profiles of the shooters new and old and maybe, just maybe, find something other than "mentally ill" that links the shooters.

Again, this is only specific to the people buying AR-15 rifles instead of allowing a backdoor into the entire population of the worlds cell phones.
 
What I dont understand is why their is all this cry for backdooring encryption when it can and has been broken in the past?

That was an incident involving an iPhone 5C which was literally (as fate would have it) the last iPhone model made with the older style of how Apple encrypted those devices - newer devices since then have been entirely different in scope with respect to how the encryption is handled on the device itself and there really is no backdoor into the device by design. If such a backdoor exists it's the most closely held secret Apple has ever had and it will more than likely never see the light of day.

At this moment the general public still has no idea which smartphone was used by the shooter in the Texas incident, the belief is that yes it's an iPhone of some kind since Apple has acknowledged the fact they contacted the FBI over the situation and offered to help if they could but, even they can't get into their own devices so it was an attempt to get ahead of the story before it could be used against them in the court of public opinion this time out more than anything else.
 
He wasn't a terrorist, he just had mental health issues, no need to get into his phone...

I have no doubt that you are right about the shooter's mental health. But just because he was nuts it doesn't mean someone else isn't complicit in his crimes.

The country is all pissed off at the Navy for not making sure he was properly reported and was allowed to pass a background check. So someone not doing their job has people angry and pointing fingers. I won't say this is wrong. But this shooter got geared up, he had all his guns and his tactical gear and he was on the war path ...... and nobody knew it until he shows up at the church. He was having family problems with relatives, in-laws right?

What I am saying is that it is entirely possible, maybe even probable, that someone knew how pissed the shooter was with these people. And they must have known he wasn't entirely stable mentally so is there someone who should have known or even straight up knew what the shooter was going to do? Was the shooter home pissed off yelling I'm going to kill all those fuckers!" while he was loading up for his war? Was he yelling at people on the the phone?

I don't think this guy just showed up and nobody had a clue something was going on. The phone might tell us, and he doesn't need his privacy anymore, no one is going to think any worse of him after what he has done.

Besides, as I pointed out, his phone is already evidence and the courts allow for it in the case of a homicide. Encryption isn't even a privacy issue in this case, it's just a mechanism that's in the way of putting this tragedy behind the people hurt by it.
 
I'll boil it down to this simple statement: Encryption is math, and math doesn't give a fuck about laws.

You can legislate that 2+2=5 all day long but quite frankly math just doesn't care. The algorithms for secure crypto are well published and out in public. The genie is out of the bottle. If I feel like doing elliptic curve mathematics then I will. If the govt. can't figure my mathematics out, well, tough cookies for them.

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 .... coming straight at ya!

I'm not, nor was I ever talking about an individual's ability and right to encryption usage. But businesses that store data, where it is business private data or personal data of others stored as a service, particularly if that service is provide to people who are not US Citizens or a Non-US Citizen is a party. Will not be allowed to say "Sorry, encrypted". They can for now, but when the laws change then things change and they will change because the government is going to only let this go so long. If the industry will not work with the government to find effective and reasonable solutions to this problem, the law will change.

You don't have to believe it and you don't have to like it. You might think that this is something I want to see happen but it's not. It's just the way I see things will go and I have no reason to flinch., so pitch some more if you want to.
 
I'm not, nor was I ever talking about an individual's ability and right to encryption usage. But businesses that store data, where it is business private data or personal data of others stored as a service, particularly if that service is provide to people who are not US Citizens or a Non-US Citizen is a party. Will not be allowed to say "Sorry, encrypted". They can for now, but when the laws change then things change and they will change because the government is going to only let this go so long. If the industry will not work with the government to find effective and reasonable solutions to this problem, the law will change.

You don't have to believe it and you don't have to like it. You might think that this is something I want to see happen but it's not. It's just the way I see things will go and I have no reason to flinch., so pitch some more if you want to.

Encryption is either strong, or weak and thus useless. There is no middle ground.

There is zero reason to pursue backdoored encryption because the moment US based companies start using a crippled encryption scheme like that is the moment hackers will find a way to exploit it, and criminals will switch to encryption systems made in a country that does not have such ignorant moronic people like those in the DOJ. Does anyone really think that criminals will go, "Oh hey, these chat apps have US weakened and backdoored encryption and we are committing crimes in the US, let's use it!". Fucking stupid.

Crimes were solved well before this age of constant mass surveillance and privacy invasion at dystopic scales. Law enforcement should be able to do their jobs without having to step on the privacy of everyone they can reach, and arguably sometimes they can do a better job when they are not focusing so much on how to better collect data without anyone knowing about it.
 
It's a lot more convenient to buy something already made and manufactured than it is to make it yourself in practically all cases.
Can you make your own car? Can you build your own house? Can you sow your own clothes? The answer is yes, with the skill, know-how and time you can do anything.
What i'm saying is that no matter what laws you make, someone with enough time and energy on their own can build weapons, that includes nukes.
With the advent of 3d printers, making your own gun has become as simple as downloading a design and printing. The genie is already out of the bottle on that one. https://3dprint.com/73842/download-3d-printed-gun/
This means no matter what, no amount of legislation will ever be useful in blocking people from getting a hold of guns. In addition, criminals won't give a crap about laws restricting them from getting weapons. This has been proven true in every country that makes guns illegal. Did you know in mexico guns are illegal to own? Guess who still has them? Cartels.
Widespread distribution of guns has been around for at least 150 years. Back in the 20s you could buy a machine gun. Do you think crime has gotten worse since then that more legislation is needed?

Guns has always been a red herring with no correlation with gun ownership to crime. The data from homicides, guns or otherwise, doesn't match the idea that it's getting worse.


So basically why have laws because people will always break them
 
Back
Top