[Cryptography] Hope Apple Fights This!

Henry Baker hbaker1 at pipeline.com
Thu Feb 25 16:14:53 EST 2016


At 06:58 AM 2/25/2016, Jerry Leichter wrote:
>>from https://www.washingtonpost.com/news/the-switch/wp/2016/02/24/apple-is-working-to-make-iphones-even-tougher-to-hack-into/
>>
>>"Fearing that the government may be able to order it to bypass security features in newer-model phones, Apple engineers have quietly begun working on fixes to flaws in their phones that allow the firm to update software without knowing a user's password..."
>
>Let's step back and look at the general picture here.
>
>Defenses - cryptographic an otherwise - are built in response to a threat model.  (Well, the competent ones anyway.)  Up until a couple of years ago, "the USA government is listening in" was not part of the threat model of American corporations or individuals.  It really wasn't really in the threat model of most corporations and individuals in the world.  (Sure, those involved in illegal transactions, or the governments of those on the outs with the US - and to a limited degree even US allies - worried about this; but the former do not represent a large commercial market, and the latter don't rely on commercial software.) ...
>
>It'll be interesting to see whether Apple and others offering cloud services move in this direction.  It would well and truly piss off the LE people who've gotten used to getting this information easily.

I'd like to see cloud services that are located in multiple countries, but which never store more than a small % *of any one cust's data* in that particular country.  Think RAID (or in this case, Redundant Array of Independent Countries).  Now *that* would be a TPP/TTIP "partnership" I could support!

After the chaos in the Middle East following the Arab Spring uprisings, I suspect that there would be a lot of takers there for solid business continuity reasons.



More information about the cryptography mailing list