[Cryptography] Hope Apple Fights This!

Tom Mitchell mitch at niftyegg.com
Wed Feb 17 18:31:32 EST 2016


On Tue, Feb 16, 2016 at 8:28 PM, Aram Perez <aramperez at mac.com> wrote:

> "A federal judge has ordered Apple to help the government unlock the iPhone

.....

> does not ask Apple to break the phone’s encryption but rather to disable
> the feature that wipes the data on the phone after 10 incorrect tries at
> entering a password."
> <https://www.washingtonpost.com/world/national-security/us-wants-apple-to-help-unlock-iphone-used-by-san-bernardino-shooter/2016/02/16/69b903ee-d4d9-11e5-9823-02b905009f99_story.html>

......

> This will set a dangerous precedent along a very slippery rode.
>

This is a court order no different from other orders in many regards.

If Apple is able and complies with this one order then there is proof of
the capability
and any court order from any court domestic or international has proof
that the action is possible and can thus demand the service.

This is not one court order or one phone.  This is the first phone.
There is no way Apple can address this single court order as special
and contain the service to this one writ.

Divorce actions looking for proof of dalliance, any law enforcement agency
can demand the service.   A business will crop up for machines to automate
the input of the keys.

This is not a domestic issue.  Once demonstrated in this court any court
domestic or international can make such a demand.   France, Germany,
China, Iran, Cuba... the list is longer than the list of nations in the UN.
The requests would not be limited to national security (no law to this end)
thus divorce, health care provider snooping, companies worried about
corporate secrets.

Border crossings maned by the likes of the TSA can mandadate via regulation
a special software version at the gate.

Apple has a lot at stake.  Apple pay and iTunes transfer a lot of value
enough money that the Apple system is likely fully covered by
The Computer Fraud and Abuse Act (CFAA) to a degree that the Writ
may prove to be illegal.    The fact that phones authorize payments
is a big deal and done badly risks financial chaos.  As large as Apple
is the liability of a breach is larger.

This individual phone is a lot like a customer hosted at an ISP or Cloud
storage provider.
One defense for a computer system  is login code that protects from denial
of service attacks as well as brute force pass word attacks.   In the
US one cannot be compelled to divulge something you know but
the ISP in the same way this writ requires can be compelled to disable
the attack deflecting tools to allow a brute force attack of an account
that contains an encrypted home directory or virtual machine (effectively
all).

The reality that foreign nations will line up to avail themselves of this
service
should stop this public action with a national security letter by Monday.

One analogy is to ask a company to engineer a virus to kill a single pig or
cow.
A lethal virus that escapes into the wild could cause agricultural collapse.
Note the problem with bananas being infected and dying ...  happening now.
Worry about changes in the Ebola virus... only a fool would demand to have
Ebola
weaponized with a court order.   It could be done but legal... no.

To my mind this is so ill thought out that someone should consider if it is
being
promoted by an agent of a hostile nation or provocateur.  All those
involved in
asking need to have their financial, private paper and digital data public
and private gathered,
secured and  inspected.

This is a big deal.  Not just for apple but for global stability.









-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160217/e92d784b/attachment.html>


More information about the cryptography mailing list