John Oliver Explains Why You Should Side With Apple Over The FBI Better Than Most Journalists
from the and-better-than-apple dept
You had to know this was coming eventually, but the latest John Oliver main story was his take on the Apple v. FBI encryption fight. If you haven't seen it yet, here it is:But the biggest contribution to the debate -- which I hope that people pay most attention to -- is the point that Oliver made in the end with his faux Apple commercial. Earlier in the piece, Oliver noted that this belief among law enforcement that Apple engineers can somehow magically do what they want is at least partially Apple's own fault, with its somewhat overstated marketing. So, Oliver's team made a "more realistic" Apple commercial which noted that Apple is constantly fighting security cracks and vulnerabilities and is consistently just half a step ahead of hackers with malicious intent (and, in many cases, half a step behind them).
This is the key point: Building secure products is very, very difficult and even the most secure products have security vulnerabilities in them that need to be constantly watched and patched. And what the government is doing here is not only asking Apple to not patch a security vulnerability that it has found, but actively forcing Apple to make a new vulnerability and then effectively forcing Apple to keep it open. For all the talk of how Apple can just create the backdoor just this once and throw it away, this more like asking Apple to set off a bomb that blows the back off all houses in a city, and then saying, "okay, just throw away the bomb after you set it off."
Hopefully, as in cases like net neutrality, Oliver's piece does it's job in informing the public what's really going on.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, encryption, fbi, going dark, iphone, john oliver, matt blaze, security, vulnerabilities
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
The perfect counter to a stupid argument
[ link to this | view in thread ]
Re: The perfect counter to a stupid argument
[ link to this | view in thread ]
[ link to this | view in thread ]
Engineering reaction
[ link to this | view in thread ]
Wow
If only education and pop-sci journalism in general were this well done.
[ link to this | view in thread ]
Re: The perfect counter to a stupid argument
[ link to this | view in thread ]
Re: Re: The perfect counter to a stupid argument
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Wow
If only education and pop-sci journalism in general were this well done.
His staff reached out to a number of experts, including two people I know who are really, really good on encryption.
[ link to this | view in thread ]
Of course the car makers, tire makers, tire sellers, and tire shops are going to bitch, but hey automakers should be able to do anything they tell their engineers to come up with... /s
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
I don't know what's more scary...
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
The Media Not Realizing That They Are Clueless Concerning Encryption
Apparently Fox News was clueless to the fact that third party encryption software is different from the iPhone itself. Breaking the iPhone, will not magically give law enforcement access to the communications of terrorists using this third party software.
Moreover, the existence of this third party encryption software means that the attack on the iPhone by law enforcement could be considered moot. Should the iPhone encryption be broken, the terrorists will simply adapt by using another form of encryption.
What then security people? Essentially you have achieved nothing except create a security risk for law abiding people.
To reiterate, unbreakable encryption is needed for legitimate business and personal reasons. Breaking it will only mean that the law abiding will become susceptible to security breaches and malicious hacking.
[ link to this | view in thread ]
Re: The Media Not Realizing That They Are Clueless Concerning Encryption
The funny part of that is that they got in trouble for it in the UK. Probably because the government was jealous of their capability, or was incensed at their bringing the practice into the public's awareness.
[ link to this | view in thread ]
Re: The Media Not Realizing That They Are Clueless Concerning Encryption
Let me work on that..
"Essentially you have achieved nothing except further the cause of the endless war on terror, generate mega profits for the usual contractors, and keep many thousands of federal employees in plush pensions for ever and ever."
Taht looks much better.
"the law abiding will become susceptible to security breaches and malicious hacking"
Of course. One can't make omelettes without breaking a few eggs. It's a shame and all that, but one must have one's priorities straight.
[ link to this | view in thread ]
Re: Re: The Media Not Realizing That They Are Clueless Concerning Encryption
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
No, but the PWN YouTube bookmarklet can do it for you;
SD, MP4, 58MB
https://www.sendspace.com/file/lassh6
HD, MP4, 195MB
https://www.sendspace.com/file/1fpk9v
Download quickly, the file and/or this message may get deleted.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: The perfect counter to a stupid argument
wait wait wait
the USA, (one of) the most powerful nations on earth, with a sizable nuclear stockpile, is making bat-shit insane statements?
THAT should scare the *FUCK* out of any sane person.
[ link to this | view in thread ]
[ link to this | view in thread ]
The FBI didn't ask for encryption to be broken, or for a patch that breaks encryption to be applied to every phone Apple ever made. That's bullshit. That's Apple's scaremongering script being recited almost word for word.
Yes, Oliver got it right, the FBI wants unlimited shots at the passcode. But honestly, he brushed over it and made it a fast joke about remembering passcodes, and then went right back to ranting on about Apple being forced to destroy the encryption on every other phone in the world.
It's an artful pack of Apple propaganda, and not much more. Gotta bet he's a fanboi.
[ link to this | view in thread ]
Re:
Unfortunately, there is no magic that allows Apple to do exactly that. If they weaken the encryption for this one phone, it's weakened for all iPhones of that generation. No matter what Apple marketing would like you to think, iPhones are mass produced, not lovingly crafted by hand, each phone a unique work of art.
I know neither you nor FBI understand technology and think Apple can just command their flock of wizards to do your bidding, but please keep your fanfics to yourself. Out here in the real world you could do a lot of damage with that powerful imagination of yours.
Your post is an artful pack of government propaganda, and not much more. Gotta bet you're a fanboi.
[ link to this | view in thread ]
Re: Re:
Nonsense. Apple controls the update system, they would not and will not be forced to apply the same patch to every other phone out there. Moreover, their strict control on updates (go outside the box, you own an expensive brick) means that the patch ain't going out in the wild.
"Your post is an artful pack of government propaganda, and not much more."
You aren't even a very good troll. Gotta bet your a Mike Fanboi. ;)
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
Most importantly: The special OS patch (because it will be just a minor patch) won't get rolled out every Apple phone in the world. The small change (likely something to reset an attempt counter back to zero every couple of milliseconds) is just that, a small change to a single phone.
I understand the biggest issues, and that is a separate debate. Apple is trying to link the two in order to avoid dealing with simple issue that their short pincode system essentially defeats all of their encryption. If Apple could just fess up to that and deal with it, the rest of the debate might be easier to swallow.
[ link to this | view in thread ]
credit to his sizable team of writers :)
[ link to this | view in thread ]
Re: The Media Not Realizing That They Are Clueless Concerning Encryption
[ link to this | view in thread ]
Re: Re: Re:
The 'request' is for Apple to create custom code for the express purpose of removing security features. If Apple can be forced to do that here then it's not a stretch at all to expect that it's only a matter of time until they're presented with a 'request' to decrypt data or ensure that they can do so whenever presented with 'a lawfully given order', especially as the DOJ/FBI is already arguing that Apple specifically implemented their security features in order to avoid being able to do so.
When the government's legal filings already include a demonization of encryption by claiming that it's implemented primarily to avoid warrants it's a stretch not to think that an order to remove security in one case won't lead to the very thing happening more later on, especially when you've got other groups sending in support for the FBI/DOJ making it clear that if Apple can be forced in this case they will use the precedent in other cases.
Most importantly: The special OS patch (because it will be just a minor patch) won't get rolled out every Apple phone in the world.
Strawman argument, no-one's saying it would be. What people are saying is that with the multitude of 'requests' to undermine and/or remove security that Apple will be presented with if they are forced to do so here it's not a matter of 'if' those 'patches' will leak, but 'when', making things less secure for everyone. Not to mention the idea that a company should be allocating resources deliberately undermining security, when companies should be doing the absolutely opposite is just asking for trouble
The small change (likely something to reset an attempt counter back to zero every couple of milliseconds) is just that, a small change to a single phone.
That 'small change' is estimated by Apple to require half a dozen people working for a month to create, and that's just for this case. If the precedent is set that they can be compelled to do this then they are going to be very busy making 'small changes' for everyone that comes knocking, either starting from scratch each time and making patches that only work on one phone, or making a patch that works for a large number of phones and keeping it for future 'requests', which opens up hefty problems for when that patch is leaked.
Speaking of 'small change' however, if your argument is that it's not that difficult so they should just do it, wasn't that long ago that an article was posted here on TD talking about how the FBI almost certainly already has the capabilities to bypass the password restriction with just a little tinkering with the hardware. That sounds like a pretty easy process to me, and would likely take less time than waiting for Apple, so if there really is sensitive and valuable data on the phone they should have skipped the court case entirely and gone with that route.
Of course let's not forget that this could have been avoided entirely had the FBI not monumentally screwed up by letting the public root through the home of the perpetrators of an active case, followed by their bungling that resulted in the device password being reset in the first place. Not Apple's fault the FBI is so freakin' incompetent, so don't see why they should be forced to step in and clean up the FBI's mess.
Apple is trying to link the two in order to avoid dealing with simple issue that their short pincode system essentially defeats all of their encryption.
That 'simple' pincode system is apparently enough to stop the FBI/DOJ cold(helped along by the fact that both are so lazy).
Of course even if the password system were flawless what stops the DOJ, FBI or any other agency from going to Apple and demanding 'Remove the requirement to enter the password'? Right now the limit on attempts is what's stopping them, if something else like encryption is what keeps them from accessing the data in another case, and they've got a precedent that they can force a company to remove security features that keep them from otherwise 'protected' data, then the fight is already mostly won for them.
1) Companies can be compelled to remove security features that prohibits access to data.
2) Encryption is a security feature that prohibits access to data.
3) Therefore companies can be compelled to remove or bypass the encryption that they implemented to allow access to the data.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: The Media Not Realizing That They Are Clueless Concerning Encryption
My take on this is that the goal is to access the endpoints. The easiest way to defeat encryption is not to brute force decrypt (which is hard, if not outright impossible) but to access an endpoint, and thereby gain access to the plaintext. This case against Apple is a step in that direction.
[ link to this | view in thread ]
Re: Re: Re: Re:
Has the government already tested the particular technique to which you're referring?
Some of the other approaches that have been sketched out should not be characterized as “pretty easy”. The approaches that have the greatest probability of success —overwhelming odds— required advanced equipment, expertise, and a certain amount of care. In particular, one of the two techniques for running unsigned code on the A6 processor would require substantial reverse engineering effort. Even the second, less-invasive technique would require information about the off-processor bus architecture that I have not found in the open literature, and thus may need to be reverse engineered.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Oh they wouldn't necessarily have to lie directly, they could simply lie by omission. They could claim that they cannot do A without (forced) assistance from Apple, and just 'forget' to mention that they can try B, C and D completely on their own.
Has the government already tested the particular technique to which you're referring?
Here's the article that discusses the technique I'm referring to. Put simply they remove the chip that contains the file system key, copy the data to another device, install the chip back in the phone and make the attempts. If they don't get it in those attempts they remove the chip, copy the original data back into it, which resets the counter, and then try again.
Time consuming and a hassle to be sure, but assuming the idea is sound then it's simply a matter of how badly do they want the data and how much work are they willing to spend to get it. Unless the person who wrote about the technique was wildly off the FBI/DOJ does have a way to break into the phone, it would just take them a good deal of work to do it, and more importantly from their point of view wouldn't grant them the precedent they want so badly from this case.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
Has the government already tested that technique?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
On this particular device, not as far as I'm aware, though unless I misread it the technique was pretty simple(if time-consuming) as far as it goes, so they should have no problem doing so if they wanted to.
At this point however I'm firmly of the opinion that they're in it for the precedent, not the contents of the phone, and as such I wouldn't expect them to actually try to get the contents themselves, as that wouldn't give them the precedent they want.
[ link to this | view in thread ]
beware the ides of march
2. Apple isn't the only company making encryption software. We've been down this whack-a-mole road before. When metallica sued Napster, did file sharing stop?
3. Whoever expects Apple to decrypt at the command of the government, should also expect no privacy with anything that they do online (emails, medical records [thanks President Obama], online purchases...the whole 9)
4. Per usual, the terrorists win because we always attack each other after being attacked by the terrorists.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re:
It's been awhile since I've worked with FPGAs, but I'm reasonably confident that an FPGA and some DRAM (and might still want to to pass through to actual flash for non-volatile data) would emulate the NAND flash with sufficient speed that there wouldn't be any need to slow clocks down.
Of course, hacking together a NAND flash emulator would require some engineering effort. So, it'd be worth looking to see whether an off-the-shelf flash emulator would work in this application.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re:
Back on February 18, the New York Times reported: Do we believe this? Do we believe that Apple would have acceded to the government's request, had the application been made under seal?
Imo, the confidence placed in this anonymously-sourced intelligence goes towards an assessment of the government's motives.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Who says incription must be mass produced?
1. I understand the FBI can complete a work-around by isolating the chip and using brute force without any assistance from Apple.
2. Going out on a limb here and I'm not an encryption wiz. However, why does encryption need to be developed on a 1-size-fits-all basis? Why can't the underlying code be set so that it achieves a different result for each phone? sort of like a PGP approach. Admittedly difficult and expensive but that would remove Apple from the issue.
I'm sure many of you can let me know how silly that idea is?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re:
Then, FBI and friends —through a massive PR effort— —involving fraud on the courts— would have just convinced the great bulk of the public to believe that a 4 digit pin is sufficient to protect their secrets against the motivated assault of a major nation-state.
[ link to this | view in thread ]
Re: Who says incription must be mass produced?
[ link to this | view in thread ]
Re: Who says incription must be mass produced?
So yeah, isolating the “chip”.
[ link to this | view in thread ]
Re: Re: Re:
If they get a copy they WILL hack it and gain entry to all iPhones.
As a software developer that has done encryption software, Apple is 100% correct. You can't make encryption that just works for the good guys. It either works, or it doesn't.
[ link to this | view in thread ]
Accurate News
[ link to this | view in thread ]
Re: Re: Re: Re:
If people trust the strength of a 4-digit pin when the physical hardware in the hands of a determined, capable, resourceful adversary… well…
I mean, you don't even necessarily have to put a major nation-state as the adversary in your threat model. How about the resources and capabilities of a large multinational corporation? Say a Boeing-owned iPhone falls into Airbus hands.
Just saying.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
Possible, but unlikely I'd say, though a large part would depend on how far ahead Apple's lawyers were thinking. In the short term, folding and doing what the FBI/DOJ demanded is certainly cheaper than duking it out in court, but long-term they'd basically have been dousing themselves in blood and jumping into shark infested water by doing so, which would have made fighting the better choice. Once they'd done it once they would have known that refusing future requests would have been all the harder, which means they'd have been stuck doing so time and time again.
Given they can be stupid at times, but not that stupid I imagine they still would have fought the order in court, even under seal, it just wouldn't have turned into the circus it has since the matter went public.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:
Is the critical difference between the two cases iOS 7 (EDNY) as opposed to iOS 9 (CDCal) ?
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: The Media Not Realizing That They Are Clueless Concerning Encryption
??
Jealous of "people not changing the default pins on their voicemail"/"people being socially engineered into giving their pin out"/"journalists mimicking caller-id"
??
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
The FBI request is narrowly focused on bypassing an important security feature that makes the encryption effective. The encryption will be irrelevant if the passcode can be so easily hacked. Arguing that this in not backdooring the encryption is a lame semantic point. The effect is exactly the same.
"The special OS patch (because it will be just a minor patch) won't get rolled out every Apple phone in the world. The small change (likely something to reset an attempt counter back to zero every couple of milliseconds) is just that, a small change to a single phone."
Once again, you look very foolish sticking to this very early claim that most people, even those on the government's side, now realize is completely false. Hard to take you seriously when you keep repeating it with such conviction.
[ link to this | view in thread ]
Re: Re: Re:
You should know. After all, you speak from experience, master humorist.
[ link to this | view in thread ]