
FBI Begins Secret Lobbying to Access Apple and Google Encrypted Customer Data - foolrush
http://www.nationaljournal.com/tech/the-fbi-s-secret-house-meeting-to-get-access-to-your-iphone-20141030
======
gaelian
_Earlier this month, FBI Director James Comey gave a speech arguing that the
"post-Snowden pendulum has swung too far,"_

There's a post-Snowden pendulum? And it's swung too far? In my country at
least, the pendulum's swing appears to be unchanged from the way it was going
pre-Snowden. If anything its swung further out - still in the same direction -
post-Snowden.

Has there been some significant news in other countries that I've missed?

~~~
Mikeb85
Lol. It's pretty obvious that they're just claiming such to expand their
powers even further.

The US already makes the USSR look like amateur hour...

~~~
rl3
>The US already makes the USSR look like amateur hour...

Kind of a hard comparison to make, considering the USSR dissolved in 1991.
That was well before internet access and mobile devices became a part of daily
life, let alone existed in non-primitive form.

~~~
thaumasiotes
Well, it's hard to make the comparison "the US today is even worse than the
USSR today". But it's pretty easy to make a comparison between the US today
and the USSR in 1985.

If the USSR was bad, and we're worse, who cares if the hypothetical USSR of
today would be even worse than we are today? It's still easy to see that we're
(1) worse than something that was (2) awful. The reason for our surpassing
awfulness being new technological developments isn't relevant to the idea that
we've gone bad.

(Obviously, the USSR of then was much worse than the US of today along a whole
host of vastly-more-important dimensions. I'm not talking about that.)

~~~
rl3
Worse than something that was, but only in a technological sense.

Surveillance today is more invasive, and pervasive. This is a direct result of
technological advancement. So, unless you're talking strictly in those terms,
then how the underlying surveillance capability is used must be taken into
account.

For example, the United States probably has the most advanced surveillance
capability of any nation on Earth. Certainly, this capability has the
potential for abuse. In fact, I'm sure it is abused, and that's bad. However,
the underlying use is more or less in line with other Western governments.

Contrast this with say, any hardcore authoritarian regime today using
comparable technology, and it's a completely different magnitude of bad.

So, I wouldn't say the U.S. is worse than the former Soviet Union in terms of
surveillance, at least not in any moral sense.

~~~
coldtea
> _For example, the United States probably has the most advanced surveillance
> capability of any nation on Earth. Certainly, this capability has the
> potential for abuse._

Why, does it have any other potential?

> _However, the underlying use is more or less in line with other Western
> governments._

Nothing of the above is comforting.

> _Contrast this with say, any hardcore authoritarian regime today using
> comparable technology, and it 's a completely different magnitude of bad._

I dunno, at least most "authoritarian regimes" only mess with their residents.
Whereas the US messes with its residents (somewhat for some groups, full on
assault if you are black, see for e.g. incarceration rates), with 4-5
countries directly (invasion, etc), with 10-20 countries indirectly (threats,
special "deals" from friendly lackeys put in power, etc), and all the world
diplomatically.

~~~
rl3
_> Why, does it have any other potential?_

Saving the civilized world from the clutches of terrorism, lining pockets,
maintaining a global hegemony.

The last item isn't necessarily a bad thing, depending on your point of view.

 _> I dunno, at least most "authoritarian regimes" only mess with their
residents. Whereas the US messes with its residents ..._

Fortunately, the U.S. has not yet made a habit of disappearing human rights
activists and dissidents on a whim.

~~~
coldtea
> _Fortunately, the U.S. has not yet made a habit of disappearing human rights
> activists and dissidents on a whim._

You'd be surprised. For one, of course the US (plus local lackeys) do that all
the time in foreign countries.

But there are people like:

[http://en.wikipedia.org/wiki/Rub%C3%A9n_Salazar](http://en.wikipedia.org/wiki/Rub%C3%A9n_Salazar)
[http://en.wikipedia.org/wiki/Oscar_Zeta_Acosta](http://en.wikipedia.org/wiki/Oscar_Zeta_Acosta)

Others, OTOH, are merely discredited, with some higher up pushing to get them
fired, etc:
[http://en.wikipedia.org/wiki/Gary_Webb](http://en.wikipedia.org/wiki/Gary_Webb)

------
JumpCrisscross
> _In the wake of the Edward Snowden leaks, most lawmakers seem more
> interested in reining in government surveillance than expanding it._

Is there evidence for this? Walking out of _Citizen Four_ tonight, my
immediate thoughts were on how seemingly underplayed the issue has been this
election cycle.

------
isomorphic
tl;dr: Comey: "The Bill of Rights is inconvenient. We'd like to wipe our
backside with it, and we need Congress to make that legal. Support such a law
because $BOGEYMAN. Thank you, citizen."

~~~
ggreer
It's easy to demonize and misconstrue people, but it's vastly more useful to
actually understand them. In all likelihood, James Comey is genuinely worried
about public safety.

Think about this from his point of view. As head of the FBI, his days are
inundated with threats. Most of them are bunk, but a few might be credible. He
worries his subordinates don't have the tools necessary to adequately follow-
up on everything. If only they could tap network devices like phones (and
really, there's no practical difference between the two these days), they'd be
so much more effective. "Yes," he thinks, "there are privacy concerns, but
we're the good guys. We could follow-up on so many more threats. We could keep
everyone safer."

Now think about what happens if there's a successful attack. Mr. Comey is from
Yonkers, so he almost certainly went to some funerals after September 11th.
Think of how a repeat of that haunts him. He'd feel personally responsible for
failing the American people. Lives lost, families broken, because of him. So
he asks Congress for help. Maybe he punches-up the rhetoric a little to make
his case more compelling.

That's a much more likely version of what's going through his head. He may be
mistaken, but he's not malicious.

~~~
sounds
While it is convenient to pull out the quote "never attribute to malice..."
the malice here has both _mens rea_ and solid evidence. This is not about
fighting criminals, judicial process, or even vague threats to national
security.

Malice, _n_ : the intention or desire to do evil. Ill will.

I will list a few, but I'm not going to debate the point or google the sources
on these. If you don't see the malice here or want to disagree on minutiae,
please do it briefly and then let's let it drop.

It seems like malice plain and simple when:

1\. Keith Alexander lies to Congress about whether the NSA routinely
intercepts totally domestic communications (bear in mind the NSA's stated
charter).

2\. The CIA deletes their records after it comes to light that they captured
surveillance of Congress when Congress started an inquiry into the CIA for
illegally putting surveillance on Congress.

3\. James Woolsey publicly declares Snowden should be hanged for treason.

4\. David Miranda is held inhumanely for 9 hours in Heathrow. He has never
been implicated in the Snowden investigation or charged with anything else,
for that matter.

5\. The Guardian chooses to physically destroy their copies of Snowden's files
when pressured by GCHQ. They can at least film the process.

6\. NSA programs deliberately weaken encryption, subvert standard committees,
infiltrate US businesses, sabotage hardware shipped through the US, and record
all traffic at major internet switching points around globe. The stated intent
is surveillance completely at odds with all major recognized statements of
inalienable human rights.

Malice.

~~~
ggreer
A note to those reading this exchange: sounds is using the tactic of replying
with a list of tangentially-related, denotationally true but connotationally
not-so-accurate points. If I don't spend an inordinate amount of time
responding to every one of them, he can say, "Ah-ha, but you didn't address
points 2, 4 and 5."

I don't like taking things meta, but it's impossible to engage in a debate
when confronted with such a mess. The sad thing is unless you've been on the
receiving end of this tactic before, it usually works.

Yes, all kinds of bad things have been done by the NSA, CIA, and GCHQ. But I
(and the article) was talking about one man: James Comey, and one
organization: the FBI. I don't see either mentioned in your reply.

~~~
xnull2guest
I think maybe you are both right. You can have individuals who think they are
doing good working within the confines of a body that is sometimes and in some
capacity malignant.

Law enforcement as a practice is ultimately the act of treating your own
citizens as enemies. I think for the most part we have extremely well
intentioned people in those roles. I don't think Hoover had outwardly
malicious intentions - for example - but I do think an agency with an agenda
to disrupt civilians that have political ideas that run contrary to policy
goals or administrative priorities, even if its composed of nuns, will
inevitably be malicious.

------
rsingel
Wait, this is a link to a blog that reposted, in full, a story from National
Journal that this guy didn't write.

Could someone please change the link to the original?

[http://www.nationaljournal.com/tech/the-fbi-s-secret-
house-m...](http://www.nationaljournal.com/tech/the-fbi-s-secret-house-
meeting-to-get-access-to-your-iphone-20141030)

~~~
dang
Yes. Url changed from [http://www.matthewaid.com/post/101483465701/fbi-begins-
secre...](http://www.matthewaid.com/post/101483465701/fbi-begins-secret-
lobbying-campaign-on-capitol-hill-to).

------
fiatmoney
This is where some well-phrased xenophobia would be really helpful. "Comey
wants to hand your texts over to the Chinese" or something like that.

It has the benefit of being more or less accurate; there is no way, if the
architecture technically supports it, that it won't be forced by any legal
jurisdiction that can bring sufficient pressure. This happened already with
Blackberry Messenger.

------
venomsnake
Can someone explain how can this - you must build surveillance in should be
supposed to work? It is trivial to build encrypted message platform on top of
current FB chat.

To me it seems that this kind of bills are pointed towards not the tech savy
people that intend to break the law but everyone else.

------
bobbles
Moral of the story: Use iMessage to text and use FaceTime Audio for your phone
conversations.

It really makes me wonder where Apple will end up in all of this.

With the Australian Government pushing through a bill to allow for 2 years
worth of metadata to be stored for every person in the country in a 30 minute
rushed meeting... I really hope Apple strives for a technological solution to
allow for the same type of user protection with all web browsing as well.

Is it technically a possibility that Apple could say, route ALL traffic from
Apple devices through a secure non-trackable network before going out to the
internet?

(by non-trackable, I really mean non-user-identifiable)

~~~
userbinator
_route ALL traffic from Apple devices through a secure non-trackable network
before going out to the internet_

I.e. make all connections through something like Tor by default? Apple
technically could do that, but given the performance of the Tor network, I
don't think it would be a good idea. (I think the similar idea of having every
one of their desktops be a Tor relay by default would also face some strong
opposition.)

And this lobbying is not so "secret" anymore now, is it...

~~~
derefr
Imagine if this was the meaning of the "Do Not Track" switch in OS preference
panes. (And that the OSes that had it enabled by default, continued to do so.)

------
aosmith
There's a very simple solution to this. Use strong encryption and obscure or
otherwise hide the private keys. We're trying to develop a future conscious
messaging client:

[http://emp.jar.st/](http://emp.jar.st/)

Is it NSA proof? Probably not, but it will thwart most prying eyes, including
LEOs. The idea isn't to make data impossible to get to (this in and of itself
is impossible). But rather to make it exceptionally expensive to get to, this
forces the people with prying eyes to be much more selective.

------
rtpg
>The critics also argue that police often have other ways of legally obtaining
information, such as getting warrants for data stored on company servers.

Isn't the whole issue that the data would not be readable on company servers
anymore?

~~~
xnull2guest
No, it is readable when it is on company servers.

[http://images.apple.com/privacy/docs/legal-process-
guideline...](http://images.apple.com/privacy/docs/legal-process-guidelines-
us.pdf)

"iCloud is Apple’s cloud service that allows users to access their music,
photos, documents, and more from all their devices. iCloud also enables
subscribers to back up their iOS devices to iCloud. With the iCloud service,
subscribers can set up an iCloud.com email account. iCloud email domains can
be @icloud.com, @me.com and @mac.com. iCloud data is encrypted 3wherever an
iCloud server is located. When third-party vendors are used to store data,
Apple never gives them the keys. Apple retains the encryption keys in its U.S.
data centers. The following information may be available from iCloud..."

"...i. Subscriber Information ... name, physical address, email address, and
telephone number ... iCloud subscriber information and connection logs with IP
addresses ... Mail Logs ... Email Content ... Other iCloud Content. Photo
Stream, Docs, Contacts, Calendars, Bookmarks, iOS Device Backups ... photos,
documents, contacts, calendars, bookmarks ... photos and videos in the users’
camera roll, device settings, app data, iMessage, SMS, and MMS messages and
voicemail.

iCloud content may be provided in response to a search warrant issued upon a
showing of probable cause."

It is only data stored directly on devices that Apple claims it can no longer
give access for. Note that a lot of data gets synced without user knowledge
including working drafts of documents:
[http://mjtsai.com/blog/2014/10/26/yosemite-uploads-
unsaved-d...](http://mjtsai.com/blog/2014/10/26/yosemite-uploads-unsaved-
documents-and-recent-addresses-to-icloud/)

------
xnull2guest
One of the things this missed is that there are other laws on the books
besides CALEA that do apply to electronic and digital communications. Some do
not apply specifically to Apple or Google, while others will.

The FBI will often subpoena information from Apple and Google using 18 U.S.C.
§ 2703:
[http://www.law.cornell.edu/uscode/text/18/2703](http://www.law.cornell.edu/uscode/text/18/2703)

* Contents of Wire or Electronic Communications in Electronic Storage.

* Contents of Wire or Electronic Communications in a Remote Computing Service.

* Records Concerning Electronic Communication Service or Remote Computing Service.

* Requirement To Preserve Evidence

For example, you can see Apple's handling of this in their legal process
guidelines, where they admit to being able to give "subscriber information ...
mail logs ... photos and videos in the users’ camera roll, device settings,
app data, iMessage, SMS, and MMS messages and voicemail" information from
iCloud synced iOS8 devices:

[http://images.apple.com/privacy/docs/legal-process-
guideline...](http://images.apple.com/privacy/docs/legal-process-guidelines-
us.pdf)

The Patriot Act:

* Section 202 - Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses

* Section 204 ("Clarification of intelligence exceptions from limitations on interception and disclosure of wire, oral, and electronic communication") both removed restrictions put in place on the Foreign Intelligence Surveillance Act and broadened the law to include electronic communications. The FISA concerns itself with communications that travel internationally as sometimes happens with domestic electronic communications. It is also complicated legal issue with regard to foreign datacenters and international geo-redundancy.

* Section 2703, applicable to a "provider of electronic communication services" forces the disclose the contents of stored communications and in addition allows this to be done with a search rather than a wiretap order.

* Section 210 - "Scope of subpoenas for records of electronic communications" sets some rules for electronic records including things like IP addresses and session records.

* Section 211 expands the ability of the US to get records from cable television.

* Section 215 - Access to records and other items under the Foreign Intelligence Surveillance Act expands the list of records to include 'tangible things' such as "books, records, papers, documents, and other items".

* Section 216 "Authority to issue pen registers and trap and trace devices" applies to electronic communications as much of Bush era legislation expanded 'pen registers' to the digital domain.

That's just the Patriot Act. Here's Wikipedia's first paragraph on the Stored
Communications Act:

`The Stored Communications Act (SCA, codified at 18 U.S.C. Chapter 121 §§
2701–2712) is a law that addresses voluntary and compelled disclosure of
"stored wire and electronic communications and transactional records" held by
third-party internet service providers (ISPs).`

The Stored Communications Act defines the legal framework used for digital pen
registers and wiretaps on an ISP level.

~~~
higherpurpose
So they can give iMessage messages? So much for iMessage end-to-end
encryption, then.

------
ps4fanboy
Probably make more sense for AT&T to encrypt phone calls at this point with
keys they dont have access too.

~~~
kenrikm
The Telcos have been documented to be in bed with the government for almost as
long as they have existed [1].

[1]
[http://content.time.com/time/magazine/article/0,9171,2022653...](http://content.time.com/time/magazine/article/0,9171,2022653,00.html)

~~~
Karunamon
Part of that is by diktat - the CALEA law means that they're obligated to have
backdoors for law enforcement. This is probably the angle that the feds are
trying for, to get things like iMessage covered under the same law.

~~~
xnull2guest
Note that 'electronic storage', 'electronic communications' and 'remote
computing services' are already required.

[http://www.law.cornell.edu/uscode/text/18/2703](http://www.law.cornell.edu/uscode/text/18/2703)

------
mediascreen
"[...] technology has become the tool of choice for some very dangerous
people"

As opposed to what? Carrier pigeons?

~~~
hnmcs
Ah yes, RFC 1149...

[http://tools.ietf.org/html/rfc1149](http://tools.ietf.org/html/rfc1149)

[https://en.wikipedia.org/wiki/IP_over_Avian_Carriers](https://en.wikipedia.org/wiki/IP_over_Avian_Carriers)

>On 28 April 2001, IPoAC was actually implemented by the Bergen Linux user
group. They sent nine packets over a distance of approximately five kilometers
(three miles), each carried by an individual pigeon and containing one ping
(ICMP Echo Request), and received four responses.

------
elastine
I think this is largely a hoax and they already have access to the said data.

~~~
xnull2guest
[https://datavibe.net/~sneak/20141023/wtf-
icloud/](https://datavibe.net/~sneak/20141023/wtf-icloud/)

They do store drafts of documents transparently in iCloud and confirm that
they will give content stored in iCloud to law enforcement.

[http://images.apple.com/privacy/docs/legal-process-
guideline...](http://images.apple.com/privacy/docs/legal-process-guidelines-
us.pdf)

If you look at the design of the Secure Enclave's Key Derivation Function it
pulls in data from a unique ID burned in by the manufacturer and a small pin
code provided by the customer. Apple claims it can not get the data because it
knows neither the UID or the code.

However, the manufacturer of the Secure Enclave does/will know the UID and a
user passcode can easily be brute forced. If law enforcement have enough
leverage to get UIDs then the system is moot.

~~~
kyboren
My impression of Apple's UID is that it's a physical unclonable function[1]
whose output is directly connected to the key derivation circuitry. This means
that there is, absent physically destructive attacks or side-channel
vulnerabilities in the key derivation circuitry, no way to recover the UID/PUF
output. Since PUFs typically get their values from random process variation,
their values cannot be known before manufacturing. Since it can be _used_ , in
very well-defined operations with inherent rate limiting, but cannot be read
out directly, there is no economically-feasible way to recover their values
after manufacturing, either.

Of course, this is mostly speculation and would need some serious ChipWorks-
style reverse engineering to determine if it's true, but that's my impression
given what I've read from Apple's security documentation.

[1]:
[http://www.nxp.com/documents/other/75017366.pdf](http://www.nxp.com/documents/other/75017366.pdf)

~~~
xnull
> Since PUFs typically get their values from random process variation

How sure are we that this is the case, and how can we verify it? You can burn
in whatever bits you want to the PUF. If there is a list, a product to UID
mapping, a deterministic UID generation process or even PRNG that isn't strong
enough the Secure Enclave falls.

~~~
kyboren
Well, again, I can't be sure, and you can't verify without reverse engineering
the chip.

But that's not how PUFs work. The whole point of a "physical _unclonable_
function" is that it's not just a set of bits that can be programmed to an
arbitrary value; it's a part of a circuit which, based on physical
characteristics of the apparatus, deterministically generates a response to a
given challenge. The idea is that there is no such list for the PUF internal
values--they're _not controllable_ , and it would be extremely difficult to
read their internal state without destroying the chip. Making lists would be
very awkward: according to the Apple iOS Security Guide[1], the KDF takes 80ms
per passcode attempt. So, generating a list of PUF outputs for all 10,000
4-digit numeric passcode would take Apple ~14 minutes--and it must be done on
_each device_.

So, it's theoretically possible that Apple spends 14 minutes per device making
a list of PUF outputs given all 4-digit numeric passcodes. However, a user who
uses any other passcode would be completely unaffected (except having the
search space reduced by 10,000), and I consider it highly unlikely that Apple
can afford 14 minutes per device just for potential nefarious use given the
volumes they produce.

Also, note that almost all other keys are 'tangled' with the output of the
PUF, so a PRNG failure is not likely to cause predictable keys, depending on
the failure mode and what PUF stimuli Apple records.

Of course, this is all a moot point, as none of this is verifiable (at least,
to me and you).

[1]:
[https://www.apple.com/ipad/business/docs/iOS_Security_Feb14....](https://www.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf)

~~~
kyboren
@xnull: interesting, my download of that file has slightly different text:

    
    
        The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys *fused* into the application processor during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption operations performed using them. The UID is unique to each device and is not recorded by Apple or any of its suppliers.
    

(emphasis added)

That language, along with this gem later:

    
    
        The passcode is “tangled” with the device’s UID, so brute-force attempts must be performed on the device under attack
    

lead me to believe they're describing a PUF. By the way, can you save a local
copy of that file? My SHA256 is
b9d1f5290ebe56780af692e2b12037d6b7e085ef1f6050c1e27ea8426f94bfcc, what's
yours?

>The threat model here is not Apple, but the manufacturer. In this case the
options I mentioned earlier would allow very fast attacks that could be
launched selectively at target devices later on.

Right, I understand. No matter what Apple says, you can't verify, so you can't
trust.

>Definitely not verifiable of falsifiable by you or by me. I would suggest
however that the claims and reputation of the Secure Enclave is not deserved.
Finally, in crypto, skepticism is a feature.

Well, who am I to say whether Secure Enclave lives up to its hype? But
definitely agreed about skepticism...

~~~
xnull
My digest agrees.

B9D1F5290EBE56780AF692E2B12037D6B7E085EF1F6050C1E27EA8426F94BFCC

I found the quote you've posted in my copy as well. The definition I selected
was from the glossary at the bottom.

> "Tangled"

Seems to me to be referring to PBKDF2.

------
source99
Is it accurate to call this "lobbying"?

~~~
Anonymous094374
I think the proper term is 'checks and balances'

