Notifications
Clear all

An unfair game

9 Posts
4 Users
0 Likes
339 Views
(@gorvq7222)
Posts: 229
Reputable Member
Topic starter
 

Lots of professionals and experts have been working on researches to do physical/logical extraction from iDevices. Unlock passcode/fingerprint is also a big challenge. It’s time consuming and lots of effort in it, but what’s all this about. Just because Apple’s strong and perfect security mechanism and it’s too difficult for forensic guys to overcome, so LE could not get the suspects.

That’s why I say it is an unfair game. Forensic guys are exhausted and Apple just sit there and laugh at those poor guys. Maybe that’s why UK needs Invetigator Power Bill to ask Apple to cooperate with LE.

Not that serious? Let’s go to the future in 2050/4/1, Apple produce a powerful robot Z which can do the dishes, the laundry, and make coffee. It looks not like a robot, and it looks just like human begins. And you could choose it is male or female, young or old, color, appearance, etc.

If you pay more money to buy Ultimate version robot Z, and there is a hidden feature called “Combat mode”. When entering Combat mode, robot Z could attack the target you specified until you tell robot Z to stop. You could remote control robot Z to execute the task and watch real time video at laptops/TV.

One day Susan is fired by her boss Nancy, and she is very angry about that. She recommends her robot Z to attack Nancy, and Nancy is seriously injured. Because robot Z is out of control and won’t accept any command from Susan.

The Police ask Apple to do something to prevent such things happen again. Apple reply that they don’t have the “key” to take control of those robot Z they produced. Actually they don’t want any maintenance cost like unlock or restore or decryption, etc. So they need a excuse such as privacy is very important…

Furthermore, ISIS may be interested in robot Z too and what will happen then? ISIS’s Robot Z may be a pretty girl or a cute child… Use your imagination and you know robot Z will destroy any targets they want. It will be very scaring and just like fiction movies.

 
Posted : 08/11/2015 1:27 pm
(@mark_adp)
Posts: 63
Trusted Member
 

Lots of professionals and experts have been working on researches to do physical/logical extraction from iDevices. Unlock passcode/fingerprint is also a big challenge. It’s time consuming and lots of effort in it, but what’s all this about. Just because Apple’s strong and perfect security mechanism and it’s too difficult for forensic guys to overcome, so LE could not get the suspects.

That’s why I say it is an unfair game. Forensic guys are exhausted and Apple just sit there and laugh at those poor guys. Maybe that’s why UK needs Invetigator Power Bill to ask Apple to cooperate with LE.

Not that serious? Let’s go to the future in 2050/4/1, Apple produce a powerful robot Z which can do the dishes, the laundry, and make coffee. It looks not like a robot, and it looks just like human begins. And you could choose it is male or female, young or old, color, appearance, etc.

If you pay more money to buy Ultimate version robot Z, and there is a hidden feature called “Combat mode”. When entering Combat mode, robot Z could attack the target you specified until you tell robot Z to stop. You could remote control robot Z to execute the task and watch real time video at laptops/TV.

One day Susan is fired by her boss Nancy, and she is very angry about that. She recommends her robot Z to attack Nancy, and Nancy is seriously injured. Because robot Z is out of control and won’t accept any command from Susan.

The Police ask Apple to do something to prevent such things happen again. Apple reply that they don’t have the “key” to take control of those robot Z they produced. Actually they don’t want any maintenance cost like unlock or restore or decryption, etc. So they need a excuse such as privacy is very important…

Furthermore, ISIS may be interested in robot Z too and what will happen then? ISIS’s Robot Z may be a pretty girl or a cute child… Use your imagination and you know robot Z will destroy any targets they want. It will be very scaring and just like fiction movies.

An interesting look into the future there, however there are significant differences between Apple iPhones and Robot Z. Apple iPhones is used in the facilitation of crime, and not as a semi-autonomous weapon.

I believe the debate regarding encrypted devices and the argument for and against manufacturers providing assistance is an important one, especially in the future when more manufacturers go down the same route as apple. However, I think comparing this to deadly robots from the future is a little off point….for now.

 
Posted : 08/11/2015 2:19 pm
(@trewmte)
Posts: 1877
Noble Member
 

That’s why I say it is an unfair game. Forensic guys are exhausted and Apple just sit there and laugh at those poor guys. Maybe that’s why UK needs Invetigator Power Bill to ask Apple to cooperate with LE.

The UK Investigator Powers Bill should have limited or no application in this particular case.

Apple are faced with conflicting legislation. They are damned if they do, they are damned of they don't. Perhaps read….

Case 115-mc-01902-JO Document 11 Filed 10/19/15 Page 1 of 7 PageID # 60

UNITED STATES DISTRICT COURT EASTERN DISTRICT OF NEW YORK

IN RE ORDER REQUIRING APPLE INC. TO ASSIST IN THE EXECUTION OF A SEARCH WARRANT ISSUED BY THIS COURT No. 15 MISC 1902 (JO)

APPLE INC.’S RESPONSE TO COURT’S OCTOBER 9, 2015 MEMORANDUM AND ORDER

http//online.wsj.com/public/resources/documents/Apple_Brief_10192015.pdf

….and then form a view or plan of action where you go forward.

Feel free to correct me if you think I am wrong.

 
Posted : 08/11/2015 5:37 pm
(@gorvq7222)
Posts: 229
Reputable Member
Topic starter
 

All the court could do is to ask Apple nicely "Do you have time to unlock those iDevices for us?" "Would you mind please doing physical/logical extraction for us? " I worry about that. If Law could not protect innocent people and punish bad guys just because technology improving and enhanced security, it will a disaster like I mentioned in the story of "Robot Z".

We should not spoilt manufacturers who's unwilling to assist/cooperate with LE. When someone takes advantage of improving technology to establish a huge barrier for LE and forensics, we should do something or it's too late.

 
Posted : 11/11/2015 5:21 am
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

I believe the underlying question is not new to forensics and I personally believe this is a non-issue for the following reasons

1) Can a safe manufacturer build and sell safes that only the owner of the safe has a key to?

If Apple and Google sell phones that allow full disk encryption with no "back-door" key, then it is the exact same scenario as a safe manufacturer selling safes with a key that only the safe owner possesses.

2) Full disk encryption can be applied to Laptop and Desktop computers

Consumers can apply full disk encryption to laptop and desktop computer hard drives and possess the only key.

So, the real question is, in my opinion, should consumers be able to lock up or put into "safes" their own private property without a requirement to provide a copy of their key to the government and/or the maker of the "safe"?

One could argue, 'well our government must be able to open all safes in the rare event that a criminal places a child into a safe and the government needs to break into that safe to save the child's life".

Personally I think the above argument is stupid and certainly citizen's of democracies should not lose their rights to privacy universally just because of a rare hypothetical case.

To quote Benjamin Franklin '“Those who surrender freedom for security will not have, nor do they deserve, either one.”

 
Posted : 11/11/2015 5:36 am
(@gorvq7222)
Posts: 229
Reputable Member
Topic starter
 

I can't agree more with UnallocatedClusters. But please take a look at what CryptoLocker has done and you will know what I'm trying to say. Originally encryption is for securing your data, but now it become a powerful ransomware weapon for hacking data.

Such kind of damage will be more than ever and far beyond your imagination in the very near future. Preventing in advance may be difficult but we still need to take it into consideration.

 
Posted : 11/11/2015 8:15 am
(@mark_adp)
Posts: 63
Trusted Member
 

I believe the underlying question is not new to forensics and I personally believe this is a non-issue for the following reasons

1) Can a safe manufacturer build and sell safes that only the owner of the safe has a key to?

If Apple and Google sell phones that allow full disk encryption with no "back-door" key, then it is the exact same scenario as a safe manufacturer selling safes with a key that only the safe owner possesses.

2) Full disk encryption can be applied to Laptop and Desktop computers

Consumers can apply full disk encryption to laptop and desktop computer hard drives and possess the only key.

So, the real question is, in my opinion, should consumers be able to lock up or put into "safes" their own private property without a requirement to provide a copy of their key to the government and/or the maker of the "safe"?

One could argue, 'well our government must be able to open all safes in the rare event that a criminal places a child into a safe and the government needs to break into that safe to save the child's life".

Personally I think the above argument is stupid and certainly citizen's of democracies should not lose their rights to privacy universally just because of a rare hypothetical case.

To quote Benjamin Franklin '“Those who surrender freedom for security will not have, nor do they deserve, either one.”

Even the most secure safes, with the right amount of time and force will open. The difference between the safe analogy and disk encryption is the amount of time, and whether it is reasonably practically possible.

I agree that privacy should not be sacrifices for security, but I feel my home is "private", although arguable using the dichotomy of private and public isn't always a good idea IMO. But if I did something wrong, the police could, within a legal framework search my "private" space.

A mobile phone, encrypted with a passcode may, as we all know contain some very pertinent information that may greatly assist an investigation, but is also a "private" space. All attempts will be made, using "off the shelf" tools to circumvent the security/encryption, as has been done many times by LEA across the world.

What's the difference between using tools and techniques to bypass a mobile phones security to gain access to the data held on that device, and requesting the assistance of the manufacturer?

The end result is the same, the only difference is, when approaching the manufacture, a legal process would have been followed which would have taken into account the necessity and proportionality requirements when authorising such a technique.

Perhaps where the concern lies is within the feeling of perceived vulnerability if we know the maker of the device we are using would/could assist LE to gain access to our data. This increases our perceived vulnerability which would impact on our privacy concerns.

If there was a trusted legal framework, as there is when police search a house, would we feel as concerned?
Are we more concerned about the data held on our devices that the contents of our homes?
Is there any such thing as absolutely private?

My MSc research is looking at identifying and measuring antecedents to privacy concerns. It's primarily focusing on internet communication technologies but the same methodologies could be applied to device data security/privacy.

 
Posted : 11/11/2015 10:54 am
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

mark_adp

Here are two U.S. cases I recommend researching

1) Katz v. United States, 389 U.S. 347 (1967)

Katz, a bookie for the mob, entered a public telephone booth and made calls with illegal content.

The FBI attached a listening device to the outside of the phone booth to record Katz's calls.

Katz appealed his conviction and won based upon the U.S. Supreme Court's opinion that Katz' reasonable expectations of privacy when making calls from within in a telephone booth matched the general public's general expectations of the time.

** This case is the first case I personally know of involving electronic surveillance.

2) Smith v. Maryland, 442 U.S. 735 (1979)

In this case, Smith challenged the police's use of a Pen Register to record his calls.

The U.S. Supreme court majority decided against Mr. Smith stating that the U.S. public at large knows that the phone company on occasion listens in to U.S. citizens' phone calls for quality control purposes and therefore Americans had no reasonable expectations of privacy in regards to their telephone call content.

My favorite quote regarding Privacy in general as a concept came from Justice Thurgood Marshall in his dissent "But even assuming, as I do not, that individuals "typically know" that a phone company monitors calls for internal reasons, ante at 442 U. S. 743, [Footnote 3/1] it does not follow that they expect this information to be made available to the public in general or the government in particular. Privacy is not a discrete commodity, possessed absolutely or not at all."

LARRY'S PERSONAL COMMENTARY

I do not believe that the framers of the U.S. Constitution could have anticipated the telephone, and certainly not Facebook.

The 4th Amendment "prohibits unreasonable searches and seizures (sic by the U.S. Government) and requires any warrant to be judicially sanctioned and supported by probable cause."

So, at some point, U.S. citizens may want to look at adding an amendment that addresses unreasonable searches and seizures by private parties.

 
Posted : 12/11/2015 12:58 am
(@mark_adp)
Posts: 63
Trusted Member
 

mark_adp

Here are two U.S. cases I recommend researching

1) Katz v. United States, 389 U.S. 347 (1967)

Katz, a bookie for the mob, entered a public telephone booth and made calls with illegal content.

The FBI attached a listening device to the outside of the phone booth to record Katz's calls.

Katz appealed his conviction and won based upon the U.S. Supreme Court's opinion that Katz' reasonable expectations of privacy when making calls from within in a telephone booth matched the general public's general expectations of the time.

** This case is the first case I personally know of involving electronic surveillance.

2) Smith v. Maryland, 442 U.S. 735 (1979)

In this case, Smith challenged the police's use of a Pen Register to record his calls.

The U.S. Supreme court majority decided against Mr. Smith stating that the U.S. public at large knows that the phone company on occasion listens in to U.S. citizens' phone calls for quality control purposes and therefore Americans had no reasonable expectations of privacy in regards to their telephone call content.

My favorite quote regarding Privacy in general as a concept came from Justice Thurgood Marshall in his dissent "But even assuming, as I do not, that individuals "typically know" that a phone company monitors calls for internal reasons, ante at 442 U. S. 743, [Footnote 3/1] it does not follow that they expect this information to be made available to the public in general or the government in particular. Privacy is not a discrete commodity, possessed absolutely or not at all."

LARRY'S PERSONAL COMMENTARY

I do not believe that the framers of the U.S. Constitution could have anticipated the telephone, and certainly not Facebook.

The 4th Amendment "prohibits unreasonable searches and seizures (sic by the U.S. Government) and requires any warrant to be judicially sanctioned and supported by probable cause."

So, at some point, U.S. citizens may want to look at adding an amendment that addresses unreasonable searches and seizures by private parties.

Thank you UnallocatedClusters!

Both interested cases. The second, Smith vs Maryland is particular interesting in that it raises the issue of defining information as either private or public. The judge states "we doubt that people in general entertain any actual expectation of privacy in the numbers they dial".

People, till this day are aware that when they dial a number that the operator must receive that number in order to connect the call, however there is an expectation that the information is still "private" in the sense that its appropriate handled according to social expectations What I mean is, if people dialled a number and it was broadcaster in the next mornings newspaper, this would feel like a violation, however knowing that the operator keeps this information in order to provide you with an itemised bill does not feel like a violation as the data was subjected to appropriate controls conforming to our expectations.

Arguable, social norms around electronic surveillance also play a big role. We do, I believe expect the police to be able to access certain information within a legal framework, but what if those norms start to widen/change over time? Perhaps this is why there is additional concern around mobile phone content being unencrypted by manufacturers?

 
Posted : 12/11/2015 10:34 am
Share: