[Cryptography] what about the metadata from Farook's phone(s)?

Tom Mitchell mitch at niftyegg.com
Sat Feb 20 23:26:27 EST 2016 

On Sat, Feb 20, 2016 at 3:53 PM, Mark Seiden <mis at seiden.com> wrote:

> If the government wants so badly to know whether Farook used his work
> iphone to communicate with anyone, why don't they just look at the
> Verizon phone bill for then?

 ....

> (If I were a betting man, I'm betting they already know that
> a. he made no calls on that phone and
> b. sent no texts from that phone on that day.
>

I might take that bet at a bar within walking distance.


> I am surprised that Apple has seemingly not pointed out that the
> government could easily establish their bona fides for the need to
> unlock the phone based on the metadata already known to them, which
> is unstated in the application for the court order.
>

Metadata is not all.
It is downplayed because it has reach and its value is not obvious.

Metadata need not  contain web site connections made while WiFi
connected at a coffee shop.

The phone might have a chrome browser installed and linked to
a gmail account with Google encrypted passwords and another
account linked to a MS account with additional gates via another
browser to an AOL account to a Yahoo account...

Twitter follows and searches,  Instagram follows and searches.
Slack accounts..  podcast feeds.  Word documents, Excel (sanz macros),
Protected pdf files.  Images of text.

It might contain (E-wallet) payments made or payment services used
to enumerate all the coffee shops and WiFi hot spots visited if any.

Access to the phone eliminates the need to disclose other methods
and capabilities in court.  The absence of methods and capabilities
may be a be a bigger secret than the presence. Some might be valuable,
some might be of  questionable legality but productive, some may be tightly
held by other agencies domestic and international.

Apple needs to proactively prepare and submit(?)  an invoice for services:
losses  and expenses incurred as a direct result of this writ, should it be
upheld.
As a minimum a 100% proactive ruling as an extraordinary expense by the IRS
;-)
an expense fully recoverable to include tax free repatriation of the $$
from other nations.  To include this and all _future_ demands for this
service.

Any software product running on any device could be next.
Any hardware design or trade secret could be compelled...

Any open source crypto software delivered via an update process could be
compelled to contain the following diff without disclosure to the target.
The FBI could vector only update requests from the target to a mirror/ man
in the middle.
By compelling ISPS to insert host routes diverting traffic into a tunnel.

How does it go:
Q: would you service... for free?   A: No.
Q  would you service... for a billion $  A: Yes.
Cool, now that we have established that you are in the business
we need to negotiate a better price.
This may be the only opportunity to say no.

The difference between rape and not rape boils down to asking and the
words: Yes or no No.
This smells too much like an assault.

In other courts, businesses and corporations have rights under the
constitution as seen
by political election PAC financing ($$=freedom of speech) .   Apple should
have the same rights as
a citizen or we should revisit the supreme court on those rulings.   i.e.
to what
extent could a court compel an individual to develop a product and deliver
a service?   Could a court compel a working girl in Vegas to ...?  "Your"
business
is known, this a modest inconvenience and it is necessary for the legal
action
in front of the court and none in the agency have your qualifications. At
one time
the FBI  did own and operate the Ranch outside of Reno... hmmm ;-)

I would have been happier to have a secret FISA order issued
and the resulting information submitted to the judge in secret.   To
eliminate the
poisoned tree they may have already done this and now want to have a way to
disclose what they know.

OK this angers me... but so does the murders these criminals committed.

Is there a technology (not to fragile) that it might protect
the population from overreach and abuse.  We have safecracking
laws.  We clearly need data cracking laws to match.

http://www.npr.org/sections/thetwo-way/2016/02/17/467096705/apple-the-fbi-and-iphone-encryption-a-look-at-whats-at-stake


I promise to rot13 twice... to keep this on topic.









-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160220/bcf05ffe/attachment.html>

More information about the cryptography mailing list