Should Encryption Be Permanent?

[Big Guy]

It appears we are at another crossroads of privacy vs security. The folks killing people recently in San Bernardino used an encrypted Apple phone for messaging and the FBI want Apple to crack the password so that they can investigate and if possible, prevent more deaths:

http://abcnews.go.com/Technology/wireStory/judge-apple-us-hack-san-bernardino-killers-phone-36988850

Apple Inc. CEO Tim Cook says his company will fight a federal magistrate's order to help the FBI hack into an encrypted iPhone belonging to one of the San Bernardino, California shooters. The company said that could potentially undermine encryption for millions of other users.

Apparently, Apple has the ability to write software that will bypass the password, apply it to this phone only and reveal the contents. The FBI says "trust us", we will only use it this time. Apple counters with their reasoning that once it is used once then the genie is out of the bottle and millions of phones will now be vulnerable.

My first reaction is to agree with the FBI. I personally have nothing on any electronic device that would put me in jail so I say go for it. I can understand that this is precedent setting. Why bother with encryption if it can bypassed depending on the viewed importance of breaking it?

What do you think?

Edited February 17, 2016 by Big Guy

[Guest]

I'm with you, but if I was Apple and I didn't want to do it, I would just agree and then mess up.

"I just have to insert this tiny instrument between these two chips and ...uh oh, someone get a fire extinguisher."

[cybercoma]

Do you have anything in your house that will land you in jail? I assume you don't, but I also assume you wouldn't be okay with the government knocking on your door any time to randomly go through your belongings. Take it a step further, I assume you're not hiding anything in body cavities, so why not allow the government to stop you in random places and do a full cavity search on a whim?

The simple answer is that you have a reasonable expectation of privacy. You have a right to be able to live your life free from government intrusion into your affairs.

But here's the problem with the encryption decoding. It's not the FBI that is the concern. Cook makes this clear with the number of times he says he trusts them and that he believes heir intentions are pure. The problem is this decryption software getting into criminals' and hackers' hands. There is no way to guarantee that the FBI won't lose is software or get it stolen somehow. Once that master key is out there, there is no way to put that genie back in the bottle.

Cook also raises a good point when he says that those who are doing crimes will have other ways to encrypt their communications anyway. The only people who stand to lose here are law abiding citizens with a reasonable expectation of privacy. Once they build a master key anyone can have access to the plethora of data available on your phone from your location to where you've been to vacation photos to health data to web searches to emails to banking informations to personal notes to calendars and agendas. Imagine how easy it would,be to rob you knowing exactly when you're away from home and where you are. Imagine criminals getting access to any of your baking information. YOU might not use your phone for much, but these are all basic features of phones these days. They're literally a vault of your entire personal life.

And consider this. A friend of yours for many years has been involved in some criminal dealings unbeknownst to you. He's in your contact list and the government now has access to that knowledge. Suddenly you become flagged somewhere as having ties to criminals wi no regard to your right to freedom of association. The Kafkaesque ability of the government to investigate and build up a case to prosecute you without your knowledge and therefore without your ability to defend yourself becomes far easier.

But forget about fearing government intrusion. The takeaway from all this is not that the government would use it for nefarious means, as Cook said, he trusts them. The problem is that the government can't guarantee this software won't fall into the wrong hands. It just takes one disgruntled and underpaid employee to be offered millions by a crime organization for that software to land in the wrong hands. And that's the true threat here.

But even those threats aside, we all have a right to our privacy. You wouldn't post your login details for your banking information, even if there was a "read only" option where people couldn't move around your funds. You wouldn't publicly give out your credit card number or social security number. You wouldn't give public access to read your emails. And why? Because your personal affairs not public affairs. You have a reasonable expectation of privacy and you have a right to privacy. It's not because you're doing illegal this and you need to hide from the public. It's because you have a right to share with the public only those things YOU choose to share and others' don't have the right to take that from you.

Apple can't make this decryption available because it threatens all law abiding users of its products for these reasons. They have no interest in protecting terrorists and have said as much very clearly in that letter. We don't agree to random raids of our homes in the night in order to potentially catch some illegal activity. For the very same reasons Apple,will,fight to prevent random raids on the vaults of all of our personal information, our cellphones.

[cybercoma]

I'm with you, but if I was Apple and I didn't want to do it, I would just agree and then mess up.

"I just have to insert this tiny instrument between these two chips and ...uh oh, someone get a fire extinguisher."

It's entirely software based. The FBI wanted a custom version of iOS that decrypted the phone.

[Guest]

It's entirely software based. The FBI wanted a custom version of iOS that decrypted the phone.

I imagine that would be even easier to mess up. Seriously though, I think Apple should help out. Could save lives. Or at least cost the right lives.

I have to admit I haven't gone over Tim Cook's rationale that it could undermine the encryption for millions of others.

[cybercoma]

Read the letter.

[Guest]

I'm at work!

[Bonam]

Apple has already provided the FBI with all the data from the iPhone in question. That is all it should legally be required to do. Creating a backdoor on all iPhones is not necessary. If and when law enforcement agencies have a warrant to access a particular individual iPhone, then Apple should hand over the data, as it has in this case, but a method for the FBI to access all iPhones should not be implemented.

All that said, I'm sure all this is just keeping up appearances. As we know from Snowden, all the major tech companies have already built in backdoors, and this is probably the government colluding with companies to pretend that some things are still secure, when really they already have all the backdoors they want.

[Big Guy]

I fully understand and appreciate those views who support the privacy issue. I would probably agree with the theory. After this encryption has been compromised is there no way to create another algorithm for another kind of encryption? I do not understand the process.

But the privacy vs security issue supports change with the proximity of danger to the person being asked. If the life of your son or daughter or parent or spouse depended on using this process, would you still support privacy over the life of one of them?

Personally, I am against the death penalty - but - I am pretty sure what I would be prepared to do to a criminal who intentionally and painfully killed any member of my immediate family, if/when given the opportunity.

On the same track, how much application of physical force and/or interrogation techniques would you allow to find out where a loved one is being held and save their lives?

If you would react one way in theory and another in practice when it effects you directly, does that undermine or reinforce the privacy issue?

[Argus]

Apple built an encryption system specifically to help terrorists, pedophiles and organized crime figures evade detection and monitoring by authorities. As far as I'm concerned Apple should be required to open up the phone, and if not, fined out of existence and its CEO put in prison.

[eyeball]

Apple should tell the government to stop doing things that cause terrorism to flourish and account for the things its done to create so many already.

[dre]

This whole approach is incredibly naive and misguided. First of all you are telegraphing what your capabilities will be so you're never going to get good information from anyone that has half a brain.

Furthermore if modern encryption techniques are used apple, other providers, or any "man in the middle" wont be able to get the data anyways. They will only be able to get the encrypted stream of bytes that would take every computer on earth working together billions of years to crack.

This is why all this electronic surveillance has been done in secret... as soon as the "terrorists" know how you are watching them they will just change how they communicate.

[dre]

Apple built an encryption system specifically to help terrorists, pedophiles and organized crime figures evade detection and monitoring by authorities.

Actually the demand for secure communication is driven by businesses and corporations. If you really think that providers are rolling out secure communication platforms specifically to help terrorists and pedophiles then you live in a silly fantasy world.

[poochy]

So, people don't notice that we already curtail our freedoms with the net benefit to society in mind?

[poochy]

Apple should tell the government to stop doing things that cause terrorism to flourish and account for the things its done to create so many already.

Yes....that's what they should do, and while they are at it they should tell the government to allow silk road to thrive since if it wasn't for the government 12 year old's wouldn't be trying to by heroin on the internet, surely.

[dre]

I fully understand and appreciate those views who support the privacy issue. I would probably agree with the theory. After this encryption has been compromised is there no way to create another algorithm for another kind of encryption? I do not understand the process.

You don't necessarily need new algorithms or new types of encryption. Modern algorithms like the Rijndael block cipher are most likely not hackable in any practical way. Keep in mind that all stream and block ciphers are vulnerable to brute force attacks but those are not practical because it would take longer to decode a single message than the universe has existed. A successful "break" or "attack" against an encryption scheme is defined as any technique faster than brute force and there HAS been several successful academic attacks on Rijndael but they only reduce the time required to turn the encrypted data into plain text by a few factors - still need billions of years to crack a single message, never mind the millions of messages the government would love to read.

[cybercoma]

Apple built an encryption system specifically to help terrorists, pedophiles and organized crime figures evade detection and monitoring by authorities.

Yeah, that's the specific reason for encryption. If this kind of garbage was published in a newspaper they would be sued for libel. What hysterics.

[cybercoma]

So, people don't notice that we already curtail our freedoms with the net benefit to society in mind?

Reasonable limits. The authorities don't have carte Blanche to raid your home any time they would like. They need warrants and probable cause. Creating back doors on people's phones for the authorities to use without warrants is the same as allowing them to listen in on your phone calls without a warrant or walk into your house at any time. I'm sure you believe they only mean good, but there's enough assholes who would use that power to coerce and intimidate people who've done nothing wrong. And besides, that's not the issue. The issue is distributing a master key that opens all the locks in the world and not being able to guarantee that it won't fall into the wrong hands. Even if you believe the authorities can do no wrong, you should be apprehensive about the wrong people getting their hands on that tech.

[ReeferMadness]

You don't necessarily need new algorithms or new types of encryption. Modern algorithms like the Rijndael block cipher are most likely not hackable in any practical way. Keep in mind that all stream and block ciphers are vulnerable to brute force attacks but those are not practical because it would take longer to decode a single message than the universe has existed. A successful "break" or "attack" against an encryption scheme is defined as any technique faster than brute force and there HAS been several successful academic attacks on Rijndael but they only reduce the time required to turn the encrypted data into plain text by a few factors - still need billions of years to crack a single message, never mind the millions of messages the government would love to read.

That may be true today (or it may not, who knows, really) but it will last only until quantum computing comes into its own.

A working quantum computer would open the door to easily breaking the strongest encryption tools in use today, including a standard known as RSA, named for the initials of its creators.

[dre]

That may be true today (or it may not, who knows, really) but it will last only until quantum computing comes into its own.

Its still a losing game for breakers. Exponential advances in computing will also allow for exponentially harder to break ciphers with much longer keys.

[ReeferMadness]

Its still a losing game for breakers. Exponential advances in computing will also allow for exponentially harder to break ciphers with much longer keys.

That's true, assuming comparable technology. Code breakers have a huge edge over most code makers. And for all I know, the NSA might have working quantum computers today.

[GostHacked]

Do you have anything in your house that will land you in jail? I assume you don't, but I also assume you wouldn't be okay with the government knocking on your door any time to randomly go through your belongings. Take it a step further, I assume you're not hiding anything in body cavities, so why not allow the government to stop you in random places and do a full cavity search on a whim?

--

Apple can't make this decryption available because it threatens all law abiding users of its products for these reasons.

Either they can't or they won't. I believe it is a part of they won't. The controversy with Blackberry devices in some M.E. nations where the governments requested RIM give up the key codes for the devices, which RIM could not provide. Indicating it was unique to each device and the encryption was secure. However in retrospect, I think both simply don't want to give up the access. They don't need to de-crypt anything as they already have the back door via stuff like iTunes and Apple ID. To say that they cannot hand over the data, in my view is total bull.

If Apple is subpoenaed by the gov to give up the data then they should. Let's see who they were communicating with. I guess in National Security type situation everyone should be on board to prevent terrorism. Wonder why Apple would put up resistance here but yet give the authorities everything else they asked for.

[TimG]

Its still a losing game for breakers. Exponential advances in computing will also allow for exponentially harder to break ciphers with much longer keys.

The days of exponential advances in commuting power are nearly over. In the last 10 years clock speeds have been static and they have only moved the needle by putting more cores on a chip but once transistor sizes hit the 2nm range in the next few years those advances will stop as well. Quantum computing may end up like like fusion: always 30 years away from commercial reality. Edited February 18, 2016 by TimG

[cybercoma]

Either they can't or they won't. I believe it is a part of they won't. The controversy with Blackberry devices in some M.E. nations where the governments requested RIM give up the key codes for the devices, which RIM could not provide. Indicating it was unique to each device and the encryption was secure. However in retrospect, I think both simply don't want to give up the access. They don't need to de-crypt anything as they already have the back door via stuff like iTunes and Apple ID. To say that they cannot hand over the data, in my view is total bull.

If Apple is subpoenaed by the gov to give up the data then they should. Let's see who they were communicating with. I guess in National Security type situation everyone should be on board to prevent terrorism. Wonder why Apple would put up resistance here but yet give the authorities everything else they asked for.

The information from your Apple ID is not necessarily connected to the things on your phone and more to,the point it should be stored encrypted on their servers. They don't actually have access to it, just like a secure website should store users' pw encrypted as opposed to plain text. Some idiots were storing them as plain text which is why the password hacks a couple years ago were such a big deal. If it's encrypted, they can't decode it easily. If they build a method for accessing your data, said differently if ANYONE other than the end user has access to their decrypted data then it's no longer secure, even if that anyone is the company.

[Bonam]

The days of exponential advances in commuting power are nearly over. In the last 10 years clock speeds have been static and they have only moved the needle by putting more cores on a chip but once transistor sizes hit the 2nm range in the next few years those advances will stop as well. Quantum computing may end up like like fusion: always 30 years away from commercial reality.

Commercial 2nm is still at least 10 years away.

Quantum computing is a totally different regime and doesn't require shrinking transistor size to implement, it's a matter of setting up the right arrangements of entangled qubits and reducing decoherence. Also, the moment you have working quantum computers you can also use quantum encryption which is fundamentally unbreakable given our understanding of the laws of quantum mechanics (no cloning theorem and observer effect).